From 13be52ee8c0b97b531d9637a97d7b146996981b1 Mon Sep 17 00:00:00 2001 From: SDKAuto Date: Tue, 14 Nov 2023 18:45:52 +0000 Subject: [PATCH] CodeGen from PR 26493 in Azure/azure-rest-api-specs Merge 731fecd09c6982dc24353dc4e2473fab17e761bd into d6d9527c628f09bc81fb1b01d938872e1a681a2d --- .../azure-mgmt-securityinsight/_meta.json | 10 +- .../mgmt/securityinsight/_configuration.py | 10 +- .../securityinsight/_security_insights.py | 134 +- .../mgmt/securityinsight/_serialization.py | 119 +- .../azure/mgmt/securityinsight/_vendor.py | 11 - .../azure/mgmt/securityinsight/_version.py | 2 +- .../securityinsight/aio/_configuration.py | 10 +- .../securityinsight/aio/_security_insights.py | 137 +- .../aio/operations/__init__.py | 46 +- .../aio/operations/_actions_operations.py | 38 +- .../aio/operations/_alert_rule_operations.py | 287 + .../_alert_rule_templates_operations.py | 19 +- .../aio/operations/_alert_rules_operations.py | 38 +- .../_automation_rules_operations.py | 39 +- .../_billing_statistics_operations.py | 215 + .../aio/operations/_bookmark_operations.py | 17 +- .../_bookmark_relations_operations.py | 38 +- .../aio/operations/_bookmarks_operations.py | 38 +- .../operations/_content_package_operations.py | 271 + .../_content_packages_operations.py | 250 + .../_content_template_operations.py | 343 + .../_content_templates_operations.py | 192 + .../_data_connector_definitions_operations.py | 440 + ...onnectors_check_requirements_operations.py | 17 +- .../operations/_data_connectors_operations.py | 58 +- .../operations/_domain_whois_operations.py | 12 +- .../_entities_get_timeline_operations.py | 17 +- .../aio/operations/_entities_operations.py | 203 +- .../_entities_relations_operations.py | 12 +- .../operations/_entity_queries_operations.py | 44 +- .../_entity_query_templates_operations.py | 23 +- .../_entity_relations_operations.py | 12 +- .../operations/_file_imports_operations.py | 42 +- .../aio/operations/_get_operations.py | 12 +- .../_get_recommendations_operations.py | 12 +- ...riggered_analytics_rule_runs_operations.py | 146 + .../operations/_hunt_comments_operations.py | 479 + .../operations/_hunt_relations_operations.py | 480 + .../aio/operations/_hunts_operations.py | 452 + .../_incident_comments_operations.py | 39 +- .../_incident_relations_operations.py | 38 +- .../operations/_incident_tasks_operations.py | 38 +- .../aio/operations/_incidents_operations.py | 82 +- .../aio/operations/_ip_geodata_operations.py | 12 +- .../aio/operations/_metadata_operations.py | 50 +- .../operations/_office_consents_operations.py | 26 +- .../aio/operations/_operations.py | 12 +- .../operations/_product_package_operations.py | 118 + .../_product_packages_operations.py | 173 + .../_product_settings_operations.py | 38 +- .../_product_template_operations.py | 118 + .../_product_templates_operations.py | 183 + ...curity_ml_analytics_settings_operations.py | 40 +- .../_sentinel_onboarding_states_operations.py | 38 +- .../operations/_source_control_operations.py | 96 +- .../operations/_source_controls_operations.py | 230 +- ...telligence_indicator_metrics_operations.py | 12 +- ...hreat_intelligence_indicator_operations.py | 76 +- ...reat_intelligence_indicators_operations.py | 12 +- ...triggered_analytics_rule_run_operations.py | 118 + .../aio/operations/_update_operations.py | 23 +- .../operations/_watchlist_items_operations.py | 39 +- .../aio/operations/_watchlists_operations.py | 38 +- ...pace_manager_assignment_jobs_operations.py | 393 + ...orkspace_manager_assignments_operations.py | 468 + ...space_manager_configurations_operations.py | 468 + .../_workspace_manager_groups_operations.py | 461 + .../_workspace_manager_members_operations.py | 461 + .../mgmt/securityinsight/models/__init__.py | 212 +- .../securityinsight/models/_models_py3.py | 25707 ++++++++++------ .../models/_security_insights_enums.py | 839 +- .../securityinsight/operations/__init__.py | 46 +- .../operations/_actions_operations.py | 64 +- .../operations/_alert_rule_operations.py | 334 + .../_alert_rule_templates_operations.py | 33 +- .../operations/_alert_rules_operations.py | 64 +- .../_automation_rules_operations.py | 65 +- .../_billing_statistics_operations.py | 299 + .../operations/_bookmark_operations.py | 25 +- .../_bookmark_relations_operations.py | 64 +- .../operations/_bookmarks_operations.py | 64 +- .../operations/_content_package_operations.py | 359 + .../_content_packages_operations.py | 357 + .../_content_template_operations.py | 472 + .../_content_templates_operations.py | 262 + .../_data_connector_definitions_operations.py | 621 + ...onnectors_check_requirements_operations.py | 25 +- .../operations/_data_connectors_operations.py | 96 +- .../operations/_domain_whois_operations.py | 20 +- .../_entities_get_timeline_operations.py | 25 +- .../operations/_entities_operations.py | 278 +- .../_entities_relations_operations.py | 20 +- .../operations/_entity_queries_operations.py | 72 +- .../_entity_query_templates_operations.py | 39 +- .../_entity_relations_operations.py | 20 +- .../operations/_file_imports_operations.py | 68 +- .../operations/_get_operations.py | 20 +- .../_get_recommendations_operations.py | 20 +- ...riggered_analytics_rule_runs_operations.py | 189 + .../operations/_hunt_comments_operations.py | 678 + .../operations/_hunt_relations_operations.py | 678 + .../operations/_hunts_operations.py | 631 + .../_incident_comments_operations.py | 65 +- .../_incident_relations_operations.py | 64 +- .../operations/_incident_tasks_operations.py | 64 +- .../operations/_incidents_operations.py | 138 +- .../operations/_ip_geodata_operations.py | 20 +- .../operations/_metadata_operations.py | 90 +- .../operations/_office_consents_operations.py | 46 +- .../securityinsight/operations/_operations.py | 16 +- .../operations/_product_package_operations.py | 162 + .../_product_packages_operations.py | 231 + .../_product_settings_operations.py | 64 +- .../_product_template_operations.py | 162 + .../_product_templates_operations.py | 250 + ...curity_ml_analytics_settings_operations.py | 66 +- .../_sentinel_onboarding_states_operations.py | 64 +- .../operations/_source_control_operations.py | 113 +- .../operations/_source_controls_operations.py | 269 +- ...telligence_indicator_metrics_operations.py | 20 +- ...hreat_intelligence_indicator_operations.py | 120 +- ...reat_intelligence_indicators_operations.py | 20 +- ...triggered_analytics_rule_run_operations.py | 162 + .../operations/_update_operations.py | 31 +- .../operations/_watchlist_items_operations.py | 65 +- .../operations/_watchlists_operations.py | 64 +- ...pace_manager_assignment_jobs_operations.py | 604 + ...orkspace_manager_assignments_operations.py | 671 + ...space_manager_configurations_operations.py | 671 + .../_workspace_manager_groups_operations.py | 663 + .../_workspace_manager_members_operations.py | 663 + .../create_action_of_alert_rule.py | 2 +- .../delete_action_of_alert_rule.py | 5 +- .../get_action_of_alert_rule_by_id.py | 2 +- .../get_all_actions_by_alert_rule.py | 2 +- .../get_alert_rule_template_by_id.py | 2 +- .../get_alert_rule_templates.py | 2 +- .../create_fusion_alert_rule.py | 2 +- ...ert_rule_with_fusion_scenario_exclusion.py | 2 +- ...t_security_incident_creation_alert_rule.py | 2 +- .../create_nrt_alert_rule.py | 2 +- .../create_scheduled_alert_rule.py | 2 +- .../{ => alert_rules}/delete_alert_rule.py | 5 +- .../{ => alert_rules}/get_all_alert_rules.py | 2 +- .../get_fusion_alert_rule.py | 2 +- ...t_security_incident_creation_alert_rule.py | 2 +- .../{ => alert_rules}/get_nrt_alert_rule.py | 2 +- .../get_scheduled_alert_rule.py | 2 +- .../automation_rules_create_or_update.py | 2 +- .../automation_rules_delete.py | 2 +- .../automation_rules_get.py | 2 +- .../automation_rules_list.py | 2 +- .../get_all_billing_statistics.py | 42 + .../get_billing_statistic.py | 42 + .../{ => bookmarks}/create_bookmark.py | 2 +- .../{ => bookmarks}/delete_bookmark.py | 5 +- .../expand}/post_expand_bookmark.py | 2 +- .../{ => bookmarks}/get_bookmark_by_id.py | 2 +- .../{ => bookmarks}/get_bookmarks.py | 2 +- .../relations}/create_bookmark_relation.py | 2 +- .../relations}/delete_bookmark_relation.py | 5 +- .../relations}/get_all_bookmark_relations.py | 2 +- .../get_bookmark_relation_by_name.py | 2 +- .../content_packages/get_package_by_id.py | 42 + .../content_packages/get_packages.py | 42 + .../get_product_package_by_id.py | 42 + .../content_packages/get_product_packages.py | 42 + .../content_packages/install_package.py | 52 + .../content_packages/uninstall_package.py | 41 + .../content_templates/delete_template.py | 41 + .../get_product_template_by_id.py | 42 + .../get_product_templates.py | 42 + .../content_templates/get_template_by_id.py | 42 + .../content_templates/get_templates.py | 42 + .../content_templates/install_template.py | 115 + ..._customizable_data_connector_definition.py | 110 + .../delete_data_connector_definition_by_id.py | 41 + ...mizable_data_connectoe_definition_by_id.py | 42 + .../get_data_connector_definitions.py | 42 + ...eck_requirements_azure_active_directory.py | 45 + ...azure_active_directory_no_authorization.py | 45 + ...ments_azure_active_directory_no_license.py | 45 + ...heck_requirements_azure_security_center.py | 45 + .../check_requirements_dynamics365.py | 45 + .../check_requirements_io_t.py | 45 + .../check_requirements_mdatp.py | 45 + ...quirements_microsoft_cloud_app_security.py | 45 + ...icrosoft_purview_information_protection.py | 45 + ...uirements_microsoft_threat_intelligence.py | 45 + ...equirements_microsoft_threat_protection.py | 45 + .../check_requirements_office365_project.py | 45 + .../check_requirements_office_atp.py | 45 + .../check_requirements_office_irm.py | 45 + .../check_requirements_office_power_bi.py | 45 + .../check_requirements_threat_intelligence.py | 45 + ..._requirements_threat_intelligence_taxii.py | 45 + .../connect_api_polling.py | 5 +- .../connect_api_polling_v2_logs.py | 5 +- .../create_api_polling.py | 2 +- .../create_dynamics365_data_connetor.py | 2 +- .../create_generic_ui.py | 2 +- .../create_google_cloud_platform.py | 60 + ...ew_information_protection_data_connetor.py | 50 + ...soft_threat_intelligence_data_connector.py | 51 + ...crosoft_threat_protection_data_connetor.py | 51 + .../create_office365_project_data_connetor.py | 2 +- .../create_office_data_connetor.py | 2 +- .../create_office_power_bi_data_connector.py | 2 +- ...eate_threat_intelligence_data_connector.py | 2 +- ...hreat_intelligence_taxii_data_connector.py | 2 +- .../delete_api_polling.py | 5 +- .../delete_generic_ui.py | 5 +- .../delete_google_cloud_platform.py | 41 + ...ew_information_protection_data_connetor.py | 41 + ...soft_threat_intelligence_data_connector.py | 41 + .../delete_office365_project_data_connetor.py | 5 +- .../delete_office_data_connetor.py | 5 +- .../delete_office_power_bi_data_connetor.py | 5 +- .../disconnect_api_polling.py | 5 +- ...t_amazon_web_services_cloud_trail_by_id.py | 2 +- .../get_amazon_web_services_s3_by_id.py | 2 +- .../{ => data_connectors}/get_api_polling.py | 2 +- .../get_azure_active_directory_by_id.py | 2 +- ..._azure_advanced_threat_protection_by_id.py | 2 +- .../get_azure_security_center_by_id.py | 2 +- .../get_data_connectors.py | 2 +- .../get_dynamics365_data_connector_by_id.py | 2 +- .../{ => data_connectors}/get_generic_ui.py | 2 +- .../get_google_cloud_platform_by_id.py | 42 + .../{ => data_connectors}/get_io_tby_id.py | 2 +- .../get_microsoft_cloud_app_security_by_id.py | 2 +- ...fender_advanced_threat_protection_by_id.py | 2 +- ...microsoft_insider_risk_management_by_id.py | 2 +- ...ormation_protection_data_connetor_by_id.py | 42 + ...get_microsoft_threat_intelligence_by_id.py | 2 +- .../get_microsoft_threat_protection_by_id.py | 2 +- ...ice365_advanced_threat_protection_by_id.py | 2 +- ...t_office365_project_data_connetor_by_id.py | 2 +- .../get_office_data_connetor_by_id.py | 2 +- ...get_office_power_bi_data_connetor_by_id.py | 2 +- .../get_threat_intelligence_by_id.py | 42 + .../get_threat_intelligence_taxii_by_id.py | 2 +- .../{ => enrichment}/get_geodata_by_ip.py | 2 +- .../get_whois_by_domain_name.py | 2 +- .../expand}/post_expand_entity.py | 2 +- .../get_account_entity_by_id.py | 2 +- .../get_azure_resource_entity_by_id.py | 2 +- .../get_cloud_application_entity_by_id.py | 2 +- .../{ => entities}/get_dns_entity_by_id.py | 2 +- .../{ => entities}/get_entities.py | 2 +- .../{ => entities}/get_file_entity_by_id.py | 2 +- .../get_file_hash_entity_by_id.py | 2 +- .../{ => entities}/get_host_entity_by_id.py | 2 +- .../get_io_tdevice_entity_by_id.py | 2 +- .../{ => entities}/get_ip_entity_by_id.py | 2 +- .../get_mail_cluster_entity_by_id.py | 2 +- .../get_mail_message_entity_by_id.py | 2 +- .../get_mailbox_entity_by_id.py | 2 +- .../get_malware_entity_by_id.py | 2 +- .../get_process_entity_by_id.py | 2 +- .../{ => entities}/get_queries.py | 2 +- .../get_registry_key_entity_by_id.py | 2 +- .../get_registry_value_entity_by_id.py | 2 +- .../get_security_alert_entity_by_id.py | 2 +- .../get_security_group_entity_by_id.py | 2 +- .../get_submission_mail_entity_by_id.py | 2 +- .../{ => entities}/get_url_entity_by_id.py | 2 +- .../insights}/post_get_insights.py | 2 +- .../relations}/get_all_entity_relations.py | 2 +- .../relations}/get_entity_relation_by_name.py | 2 +- .../timeline}/post_timeline_entity.py | 2 +- .../create_entity_query_activity.py | 2 +- .../delete_entity_query.py | 5 +- .../get_activity_entity_query_by_id.py | 2 +- .../get_entity_queries.py | 2 +- .../get_expansion_entity_query_by_id.py | 2 +- ...et_activity_entity_query_template_by_id.py | 2 +- .../get_entity_query_templates.py | 2 +- .../{ => file_imports}/create_file_import.py | 2 +- .../{ => file_imports}/delete_file_import.py | 2 +- .../get_file_import_by_id.py | 2 +- .../{ => file_imports}/get_file_imports.py | 2 +- .../generated_samples/hunts/create_hunt.py | 54 + .../hunts/create_hunt_comment.py | 44 + .../hunts/create_hunt_relation.py | 49 + .../generated_samples/hunts/delete_hunt.py | 41 + .../hunts/delete_hunt_comment.py | 42 + .../hunts/delete_hunt_relation.py | 42 + .../generated_samples/hunts/get_hunt_by_id.py | 42 + .../hunts/get_hunt_comment_by_id.py | 43 + .../hunts/get_hunt_comments.py | 43 + .../hunts/get_hunt_relation_by_id.py | 43 + .../hunts/get_hunt_relations.py | 43 + .../generated_samples/hunts/get_hunts.py | 42 + .../incident_alerts}/incidents_list_alerts.py | 2 +- .../incidents_list_bookmarks.py | 2 +- .../incident_comments_create_or_update.py | 2 +- .../incident_comments_delete.py | 5 +- .../incident_comments_get.py | 2 +- .../incident_comments_list.py | 2 +- .../incidents_list_entities.py | 2 +- .../incident_tasks_create_or_update.py | 2 +- .../incident_tasks}/incident_tasks_delete.py | 5 +- .../incident_tasks}/incident_tasks_get.py | 2 +- .../incident_tasks}/incident_tasks_list.py | 2 +- .../incident_team}/incidents_create_team.py | 2 +- .../incidents_create_or_update.py | 2 +- .../{ => incidents}/incidents_delete.py | 5 +- .../{ => incidents}/incidents_get.py | 2 +- .../{ => incidents}/incidents_list.py | 2 +- .../relations}/create_incident_relation.py | 2 +- .../relations}/delete_incident_relation.py | 5 +- .../relations}/get_all_incident_relations.py | 2 +- .../get_incident_relation_by_name.py | 2 +- .../manual_trigger/entities_run_playbook.py | 41 + .../incidents_run_playbook.py | 2 +- .../{ => metadata}/delete_metadata.py | 5 +- .../{ => metadata}/get_all_metadata.py | 2 +- .../{ => metadata}/get_all_metadata_odata.py | 2 +- .../{ => metadata}/get_metadata.py | 2 +- .../{ => metadata}/patch_metadata.py | 2 +- .../{ => metadata}/put_metadata.py | 2 +- .../{ => metadata}/put_metadata_minimal.py | 2 +- .../delete_office_consents.py | 5 +- .../get_office_consents.py | 2 +- .../get_office_consents_by_id.py | 2 +- .../create_sentinel_onboarding_state.py | 2 +- .../delete_sentinel_onboarding_state.py | 5 +- .../get_all_sentinel_onboarding_states.py | 2 +- .../get_sentinel_onboarding_state.py | 2 +- .../{ => operations}/list_operations.py | 2 +- .../get_recommendation.py | 2 +- .../get_recommendations.py | 2 +- .../patch_recommendation.py | 2 +- .../{ => repositories}/get_repositories.py | 14 +- ...e_anomaly_security_ml_analytics_setting.py | 97 + .../delete_security_ml_analytics_setting.py | 5 +- .../get_all_security_ml_analytics_settings.py | 2 +- ...t_anomaly_security_ml_analytics_setting.py | 2 +- .../{ => settings}/delete_eyes_on_setting.py | 5 +- .../{ => settings}/get_all_settings.py | 2 +- .../{ => settings}/get_eyes_on_setting.py | 2 +- .../{ => settings}/update_eyes_on_setting.py | 2 +- .../create_source_control.py | 12 +- .../delete_source_control.py | 12 +- .../get_source_control_by_id.py | 2 +- .../get_source_controls.py | 2 +- .../append_tags_threat_intelligence.py | 42 + .../collect_threat_intelligence_metrics.py | 2 +- .../create_threat_intelligence.py | 63 + .../delete_threat_intelligence.py | 5 +- .../get_threat_intelligence.py | 2 +- .../get_threat_intelligence_by_id.py | 2 +- .../query_threat_intelligence.py | 51 + .../replace_tags_threat_intelligence.py | 47 + .../update_threat_intelligence.py | 64 + .../trigger_rule_run_post.py | 42 + .../triggered_analytics_rule_run_get.py | 42 + .../triggered_analytics_rule_runs_get.py | 42 + .../{ => watchlists}/create_watchlist.py | 2 +- .../create_watchlist_and_watchlist_items.py | 2 +- .../{ => watchlists}/create_watchlist_item.py | 2 +- .../{ => watchlists}/delete_watchlist.py | 5 +- .../{ => watchlists}/delete_watchlist_item.py | 5 +- .../get_watchlist_by_alias.py | 2 +- .../get_watchlist_item_by_id.py | 2 +- .../{ => watchlists}/get_watchlist_items.py | 2 +- .../{ => watchlists}/get_watchlists.py | 2 +- .../create_job.py | 42 + ..._or_update_workspace_manager_assignment.py | 55 + .../delete_job.py | 42 + .../delete_workspace_manager_assignment.py | 41 + .../get_all_jobs.py | 43 + .../get_all_workspace_manager_assignments.py | 42 + .../workspace_manager_assignments/get_job.py | 43 + .../get_workspace_manager_assignment.py | 42 + ..._update_workspace_manager_configuration.py | 43 + .../delete_workspace_manager_configuration.py | 41 + ...et_all_workspace_manager_configurations.py | 42 + .../get_workspace_manager_configuration.py | 42 + ...reate_or_update_workspace_manager_group.py | 49 + .../delete_workspace_manager_group.py | 41 + .../get_all_workspace_manager_groups.py | 42 + .../get_workspace_manager_group.py | 42 + ...eate_or_update_workspace_manager_member.py | 48 + .../delete_workspace_manager_member.py | 41 + .../get_all_workspace_manager_members.py | 42 + .../get_workspace_manager_member.py | 42 + 388 files changed, 38732 insertions(+), 12798 deletions(-) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_billing_statistics_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_package_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_packages_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_template_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_templates_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connector_definitions_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_triggered_analytics_rule_runs_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunt_comments_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunt_relations_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunts_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_package_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_packages_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_template_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_templates_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_triggered_analytics_rule_run_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_assignment_jobs_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_assignments_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_configurations_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_groups_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_members_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_billing_statistics_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_package_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_packages_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_template_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_templates_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connector_definitions_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_triggered_analytics_rule_runs_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunt_comments_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunt_relations_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunts_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_package_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_packages_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_template_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_templates_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_triggered_analytics_rule_run_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_assignment_jobs_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_assignments_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_configurations_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_groups_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_members_operations.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => actions}/create_action_of_alert_rule.py (97%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => actions}/delete_action_of_alert_rule.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => actions}/get_action_of_alert_rule_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => actions}/get_all_actions_by_alert_rule.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rule_templates}/get_alert_rule_template_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rule_templates}/get_alert_rule_templates.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/create_fusion_alert_rule.py (99%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/create_fusion_alert_rule_with_fusion_scenario_exclusion.py (99%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/create_microsoft_security_incident_creation_alert_rule.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/create_nrt_alert_rule.py (97%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/create_scheduled_alert_rule.py (98%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/delete_alert_rule.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/get_all_alert_rules.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/get_fusion_alert_rule.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/get_microsoft_security_incident_creation_alert_rule.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/get_nrt_alert_rule.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/get_scheduled_alert_rule.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => automation_rules}/automation_rules_create_or_update.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => automation_rules}/automation_rules_delete.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => automation_rules}/automation_rules_get.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => automation_rules}/automation_rules_list.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/billing_statistics/get_all_billing_statistics.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/billing_statistics/get_billing_statistic.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => bookmarks}/create_bookmark.py (97%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => bookmarks}/delete_bookmark.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => bookmarks/expand}/post_expand_bookmark.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => bookmarks}/get_bookmark_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => bookmarks}/get_bookmarks.py (95%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => bookmarks/relations}/create_bookmark_relation.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => bookmarks/relations}/delete_bookmark_relation.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => bookmarks/relations}/get_all_bookmark_relations.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => bookmarks/relations}/get_bookmark_relation_by_name.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_package_by_id.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_packages.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_product_package_by_id.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_product_packages.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/install_package.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/uninstall_package.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/delete_template.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_product_template_by_id.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_product_templates.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_template_by_id.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_templates.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/install_template.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/create_customizable_data_connector_definition.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/delete_data_connector_definition_by_id.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/get_customizable_data_connectoe_definition_by_id.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/get_data_connector_definitions.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory_no_authorization.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory_no_license.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_security_center.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_dynamics365.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_io_t.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_mdatp.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_cloud_app_security.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_purview_information_protection.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_threat_intelligence.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_threat_protection.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office365_project.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_atp.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_irm.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_power_bi.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_threat_intelligence.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_threat_intelligence_taxii.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/connect_api_polling.py (93%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/connect_api_polling_v2_logs.py (94%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/create_api_polling.py (99%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/create_dynamics365_data_connetor.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/create_generic_ui.py (99%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_google_cloud_platform.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_purview_information_protection_data_connetor.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_threat_intelligence_data_connector.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_threat_protection_data_connetor.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/create_office365_project_data_connetor.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/create_office_data_connetor.py (97%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/create_office_power_bi_data_connector.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/create_threat_intelligence_data_connector.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/create_threat_intelligence_taxii_data_connector.py (97%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/delete_api_polling.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/delete_generic_ui.py (92%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_google_cloud_platform.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_microsoft_purview_information_protection_data_connetor.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_microsoft_threat_intelligence_data_connector.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/delete_office365_project_data_connetor.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/delete_office_data_connetor.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/delete_office_power_bi_data_connetor.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/disconnect_api_polling.py (91%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_amazon_web_services_cloud_trail_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_amazon_web_services_s3_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_api_polling.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_azure_active_directory_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_azure_advanced_threat_protection_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_azure_security_center_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_data_connectors.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_dynamics365_data_connector_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_generic_ui.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_google_cloud_platform_by_id.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_io_tby_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_microsoft_cloud_app_security_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_microsoft_defender_advanced_threat_protection_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_microsoft_insider_risk_management_by_id.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_purview_information_protection_data_connetor_by_id.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_microsoft_threat_intelligence_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_microsoft_threat_protection_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_office365_advanced_threat_protection_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_office365_project_data_connetor_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_office_data_connetor_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_office_power_bi_data_connetor_by_id.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_threat_intelligence_by_id.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_threat_intelligence_taxii_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => enrichment}/get_geodata_by_ip.py (95%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => enrichment}/get_whois_by_domain_name.py (95%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities/expand}/post_expand_entity.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_account_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_azure_resource_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_cloud_application_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_dns_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_entities.py (95%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_file_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_file_hash_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_host_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_io_tdevice_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_ip_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_mail_cluster_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_mail_message_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_mailbox_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_malware_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_process_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_queries.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_registry_key_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_registry_value_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_security_alert_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_security_group_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_submission_mail_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_url_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities/insights}/post_get_insights.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities/relations}/get_all_entity_relations.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities/relations}/get_entity_relation_by_name.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities/timeline}/post_timeline_entity.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entity_queries}/create_entity_query_activity.py (98%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entity_queries}/delete_entity_query.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entity_queries}/get_activity_entity_query_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entity_queries}/get_entity_queries.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entity_queries}/get_expansion_entity_query_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entity_query_templates}/get_activity_entity_query_template_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entity_query_templates}/get_entity_query_templates.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => file_imports}/create_file_import.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => file_imports}/delete_file_import.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => file_imports}/get_file_import_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => file_imports}/get_file_imports.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt_comment.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt_relation.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt_comment.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt_relation.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_by_id.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_comment_by_id.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_comments.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_relation_by_id.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_relations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunts.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_alerts}/incidents_list_alerts.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_bookmarks}/incidents_list_bookmarks.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_comments}/incident_comments_create_or_update.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_comments}/incident_comments_delete.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_comments}/incident_comments_get.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_comments}/incident_comments_list.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_entities}/incidents_list_entities.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_tasks}/incident_tasks_create_or_update.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_tasks}/incident_tasks_delete.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_tasks}/incident_tasks_get.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_tasks}/incident_tasks_list.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_team}/incidents_create_team.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents}/incidents_create_or_update.py (97%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents}/incidents_delete.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents}/incidents_get.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents}/incidents_list.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/relations}/create_incident_relation.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/relations}/delete_incident_relation.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/relations}/get_all_incident_relations.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/relations}/get_incident_relation_by_name.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/manual_trigger/entities_run_playbook.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => manual_trigger}/incidents_run_playbook.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => metadata}/delete_metadata.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => metadata}/get_all_metadata.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => metadata}/get_all_metadata_odata.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => metadata}/get_metadata.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => metadata}/patch_metadata.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => metadata}/put_metadata.py (98%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => metadata}/put_metadata_minimal.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => office_consents}/delete_office_consents.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => office_consents}/get_office_consents.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => office_consents}/get_office_consents_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => onboarding_states}/create_sentinel_onboarding_state.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => onboarding_states}/delete_sentinel_onboarding_state.py (91%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => onboarding_states}/get_all_sentinel_onboarding_states.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => onboarding_states}/get_sentinel_onboarding_state.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => operations}/list_operations.py (95%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => recommendations}/get_recommendation.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => recommendations}/get_recommendations.py (95%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => recommendations}/patch_recommendation.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => repositories}/get_repositories.py (77%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/create_anomaly_security_ml_analytics_setting.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => security_ml_analytics_settings}/delete_security_ml_analytics_setting.py (91%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => security_ml_analytics_settings}/get_all_security_ml_analytics_settings.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => security_ml_analytics_settings}/get_anomaly_security_ml_analytics_setting.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => settings}/delete_eyes_on_setting.py (91%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => settings}/get_all_settings.py (95%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => settings}/get_eyes_on_setting.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => settings}/update_eyes_on_setting.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => sourcecontrols}/create_source_control.py (87%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => sourcecontrols}/delete_source_control.py (80%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => sourcecontrols}/get_source_control_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => sourcecontrols}/get_source_controls.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/append_tags_threat_intelligence.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => threatintelligence}/collect_threat_intelligence_metrics.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/create_threat_intelligence.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => threatintelligence}/delete_threat_intelligence.py (91%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => threatintelligence}/get_threat_intelligence.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => threatintelligence}/get_threat_intelligence_by_id.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/query_threat_intelligence.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/replace_tags_threat_intelligence.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/update_threat_intelligence.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/trigger_rule_run_post.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/triggered_analytics_rule_run_get.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/triggered_analytics_rule_runs_get.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => watchlists}/create_watchlist.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => watchlists}/create_watchlist_and_watchlist_items.py (97%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => watchlists}/create_watchlist_item.py (97%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => watchlists}/delete_watchlist.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => watchlists}/delete_watchlist_item.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => watchlists}/get_watchlist_by_alias.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => watchlists}/get_watchlist_item_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => watchlists}/get_watchlist_items.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => watchlists}/get_watchlists.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/create_job.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/create_or_update_workspace_manager_assignment.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/delete_job.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/delete_workspace_manager_assignment.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_all_jobs.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_all_workspace_manager_assignments.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_job.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_workspace_manager_assignment.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/create_or_update_workspace_manager_configuration.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/delete_workspace_manager_configuration.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/get_all_workspace_manager_configurations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/get_workspace_manager_configuration.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/create_or_update_workspace_manager_group.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/delete_workspace_manager_group.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/get_all_workspace_manager_groups.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/get_workspace_manager_group.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/create_or_update_workspace_manager_member.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/delete_workspace_manager_member.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/get_all_workspace_manager_members.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/get_workspace_manager_member.py diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/_meta.json b/sdk/securityinsight/azure-mgmt-securityinsight/_meta.json index fa7204443a7e..464d793356c1 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/_meta.json +++ b/sdk/securityinsight/azure-mgmt-securityinsight/_meta.json @@ -1,11 +1,11 @@ { - "commit": "89a9bf17524904e7670f0fd2d62ac882ca00d85c", + "commit": "3647bfb536a23cb9eaef0dfaa943fe29a1f6c03e", "repository_url": "https://github.com/Azure/azure-rest-api-specs", - "autorest": "3.9.2", + "autorest": "3.9.7", "use": [ - "@autorest/python@6.2.7", - "@autorest/modelerfour@4.24.3" + "@autorest/python@6.7.1", + "@autorest/modelerfour@4.26.2" ], - "autorest_command": "autorest specification/securityinsights/resource-manager/readme.md --generate-sample=True --include-x-ms-examples-original-file=True --python --python-sdks-folder=/home/vsts/work/1/azure-sdk-for-python/sdk --use=@autorest/python@6.2.7 --use=@autorest/modelerfour@4.24.3 --version=3.9.2 --version-tolerant=False", + "autorest_command": "autorest specification/securityinsights/resource-manager/readme.md --generate-sample=True --include-x-ms-examples-original-file=True --python --python-sdks-folder=/mnt/vss/_work/1/s/azure-sdk-for-python/sdk --use=@autorest/python@6.7.1 --use=@autorest/modelerfour@4.26.2 --version=3.9.7 --version-tolerant=False", "readme": "specification/securityinsights/resource-manager/readme.md" } \ No newline at end of file diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_configuration.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_configuration.py index 9b68f6af78ea..9bb56cd098c0 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_configuration.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_configuration.py @@ -6,7 +6,6 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, TYPE_CHECKING from azure.core.configuration import Configuration @@ -15,11 +14,6 @@ from ._version import VERSION -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports - if TYPE_CHECKING: # pylint: disable=unused-import,ungrouped-imports from azure.core.credentials import TokenCredential @@ -35,14 +29,14 @@ class SecurityInsightsConfiguration(Configuration): # pylint: disable=too-many- :type credential: ~azure.core.credentials.TokenCredential :param subscription_id: The ID of the target subscription. Required. :type subscription_id: str - :keyword api_version: Api Version. Default value is "2022-12-01-preview". Note that overriding + :keyword api_version: Api Version. Default value is "2023-10-01-preview". Note that overriding this default value may result in unsupported behavior. :paramtype api_version: str """ def __init__(self, credential: "TokenCredential", subscription_id: str, **kwargs: Any) -> None: super(SecurityInsightsConfiguration, self).__init__(**kwargs) - api_version: Literal["2022-12-01-preview"] = kwargs.pop("api_version", "2022-12-01-preview") + api_version: str = kwargs.pop("api_version", "2023-10-01-preview") if credential is None: raise ValueError("Parameter 'credential' must not be None.") diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_security_insights.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_security_insights.py index 3cde4c860447..d1256669d3a4 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_security_insights.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_security_insights.py @@ -17,12 +17,19 @@ from ._serialization import Deserializer, Serializer from .operations import ( ActionsOperations, + AlertRuleOperations, AlertRuleTemplatesOperations, AlertRulesOperations, AutomationRulesOperations, + BillingStatisticsOperations, BookmarkOperations, BookmarkRelationsOperations, BookmarksOperations, + ContentPackageOperations, + ContentPackagesOperations, + ContentTemplateOperations, + ContentTemplatesOperations, + DataConnectorDefinitionsOperations, DataConnectorsCheckRequirementsOperations, DataConnectorsOperations, DomainWhoisOperations, @@ -35,6 +42,10 @@ FileImportsOperations, GetOperations, GetRecommendationsOperations, + GetTriggeredAnalyticsRuleRunsOperations, + HuntCommentsOperations, + HuntRelationsOperations, + HuntsOperations, IPGeodataOperations, IncidentCommentsOperations, IncidentRelationsOperations, @@ -43,7 +54,11 @@ MetadataOperations, OfficeConsentsOperations, Operations, + ProductPackageOperations, + ProductPackagesOperations, ProductSettingsOperations, + ProductTemplateOperations, + ProductTemplatesOperations, SecurityMLAnalyticsSettingsOperations, SentinelOnboardingStatesOperations, SourceControlOperations, @@ -51,9 +66,15 @@ ThreatIntelligenceIndicatorMetricsOperations, ThreatIntelligenceIndicatorOperations, ThreatIntelligenceIndicatorsOperations, + TriggeredAnalyticsRuleRunOperations, UpdateOperations, WatchlistItemsOperations, WatchlistsOperations, + WorkspaceManagerAssignmentJobsOperations, + WorkspaceManagerAssignmentsOperations, + WorkspaceManagerConfigurationsOperations, + WorkspaceManagerGroupsOperations, + WorkspaceManagerMembersOperations, ) if TYPE_CHECKING: @@ -73,20 +94,38 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to azure.mgmt.securityinsight.operations.AlertRuleTemplatesOperations :ivar automation_rules: AutomationRulesOperations operations :vartype automation_rules: azure.mgmt.securityinsight.operations.AutomationRulesOperations + :ivar entities: EntitiesOperations operations + :vartype entities: azure.mgmt.securityinsight.operations.EntitiesOperations :ivar incidents: IncidentsOperations operations :vartype incidents: azure.mgmt.securityinsight.operations.IncidentsOperations + :ivar billing_statistics: BillingStatisticsOperations operations + :vartype billing_statistics: azure.mgmt.securityinsight.operations.BillingStatisticsOperations :ivar bookmarks: BookmarksOperations operations :vartype bookmarks: azure.mgmt.securityinsight.operations.BookmarksOperations :ivar bookmark_relations: BookmarkRelationsOperations operations :vartype bookmark_relations: azure.mgmt.securityinsight.operations.BookmarkRelationsOperations :ivar bookmark: BookmarkOperations operations :vartype bookmark: azure.mgmt.securityinsight.operations.BookmarkOperations + :ivar content_packages: ContentPackagesOperations operations + :vartype content_packages: azure.mgmt.securityinsight.operations.ContentPackagesOperations + :ivar content_package: ContentPackageOperations operations + :vartype content_package: azure.mgmt.securityinsight.operations.ContentPackageOperations + :ivar product_packages: ProductPackagesOperations operations + :vartype product_packages: azure.mgmt.securityinsight.operations.ProductPackagesOperations + :ivar product_package: ProductPackageOperations operations + :vartype product_package: azure.mgmt.securityinsight.operations.ProductPackageOperations + :ivar product_templates: ProductTemplatesOperations operations + :vartype product_templates: azure.mgmt.securityinsight.operations.ProductTemplatesOperations + :ivar product_template: ProductTemplateOperations operations + :vartype product_template: azure.mgmt.securityinsight.operations.ProductTemplateOperations + :ivar content_templates: ContentTemplatesOperations operations + :vartype content_templates: azure.mgmt.securityinsight.operations.ContentTemplatesOperations + :ivar content_template: ContentTemplateOperations operations + :vartype content_template: azure.mgmt.securityinsight.operations.ContentTemplateOperations :ivar ip_geodata: IPGeodataOperations operations :vartype ip_geodata: azure.mgmt.securityinsight.operations.IPGeodataOperations :ivar domain_whois: DomainWhoisOperations operations :vartype domain_whois: azure.mgmt.securityinsight.operations.DomainWhoisOperations - :ivar entities: EntitiesOperations operations - :vartype entities: azure.mgmt.securityinsight.operations.EntitiesOperations :ivar entities_get_timeline: EntitiesGetTimelineOperations operations :vartype entities_get_timeline: azure.mgmt.securityinsight.operations.EntitiesGetTimelineOperations @@ -101,6 +140,12 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to azure.mgmt.securityinsight.operations.EntityQueryTemplatesOperations :ivar file_imports: FileImportsOperations operations :vartype file_imports: azure.mgmt.securityinsight.operations.FileImportsOperations + :ivar hunts: HuntsOperations operations + :vartype hunts: azure.mgmt.securityinsight.operations.HuntsOperations + :ivar hunt_relations: HuntRelationsOperations operations + :vartype hunt_relations: azure.mgmt.securityinsight.operations.HuntRelationsOperations + :ivar hunt_comments: HuntCommentsOperations operations + :vartype hunt_comments: azure.mgmt.securityinsight.operations.HuntCommentsOperations :ivar incident_comments: IncidentCommentsOperations operations :vartype incident_comments: azure.mgmt.securityinsight.operations.IncidentCommentsOperations :ivar incident_relations: IncidentRelationsOperations operations @@ -140,10 +185,36 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to operations :vartype threat_intelligence_indicator_metrics: azure.mgmt.securityinsight.operations.ThreatIntelligenceIndicatorMetricsOperations + :ivar triggered_analytics_rule_run: TriggeredAnalyticsRuleRunOperations operations + :vartype triggered_analytics_rule_run: + azure.mgmt.securityinsight.operations.TriggeredAnalyticsRuleRunOperations + :ivar get_triggered_analytics_rule_runs: GetTriggeredAnalyticsRuleRunsOperations operations + :vartype get_triggered_analytics_rule_runs: + azure.mgmt.securityinsight.operations.GetTriggeredAnalyticsRuleRunsOperations + :ivar alert_rule: AlertRuleOperations operations + :vartype alert_rule: azure.mgmt.securityinsight.operations.AlertRuleOperations :ivar watchlists: WatchlistsOperations operations :vartype watchlists: azure.mgmt.securityinsight.operations.WatchlistsOperations :ivar watchlist_items: WatchlistItemsOperations operations :vartype watchlist_items: azure.mgmt.securityinsight.operations.WatchlistItemsOperations + :ivar workspace_manager_assignments: WorkspaceManagerAssignmentsOperations operations + :vartype workspace_manager_assignments: + azure.mgmt.securityinsight.operations.WorkspaceManagerAssignmentsOperations + :ivar workspace_manager_assignment_jobs: WorkspaceManagerAssignmentJobsOperations operations + :vartype workspace_manager_assignment_jobs: + azure.mgmt.securityinsight.operations.WorkspaceManagerAssignmentJobsOperations + :ivar workspace_manager_configurations: WorkspaceManagerConfigurationsOperations operations + :vartype workspace_manager_configurations: + azure.mgmt.securityinsight.operations.WorkspaceManagerConfigurationsOperations + :ivar workspace_manager_groups: WorkspaceManagerGroupsOperations operations + :vartype workspace_manager_groups: + azure.mgmt.securityinsight.operations.WorkspaceManagerGroupsOperations + :ivar workspace_manager_members: WorkspaceManagerMembersOperations operations + :vartype workspace_manager_members: + azure.mgmt.securityinsight.operations.WorkspaceManagerMembersOperations + :ivar data_connector_definitions: DataConnectorDefinitionsOperations operations + :vartype data_connector_definitions: + azure.mgmt.securityinsight.operations.DataConnectorDefinitionsOperations :ivar data_connectors: DataConnectorsOperations operations :vartype data_connectors: azure.mgmt.securityinsight.operations.DataConnectorsOperations :ivar data_connectors_check_requirements: DataConnectorsCheckRequirementsOperations operations @@ -157,7 +228,7 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to :type subscription_id: str :param base_url: Service URL. Default value is "https://management.azure.com". :type base_url: str - :keyword api_version: Api Version. Default value is "2022-12-01-preview". Note that overriding + :keyword api_version: Api Version. Default value is "2023-10-01-preview". Note that overriding this default value may result in unsupported behavior. :paramtype api_version: str :keyword int polling_interval: Default waiting time between two polls for LRO operations if no @@ -172,7 +243,7 @@ def __init__( **kwargs: Any ) -> None: self._config = SecurityInsightsConfiguration(credential=credential, subscription_id=subscription_id, **kwargs) - self._client = ARMPipelineClient(base_url=base_url, config=self._config, **kwargs) + self._client: ARMPipelineClient = ARMPipelineClient(base_url=base_url, config=self._config, **kwargs) client_models = {k: v for k, v in _models.__dict__.items() if isinstance(v, type)} self._serialize = Serializer(client_models) @@ -186,15 +257,38 @@ def __init__( self.automation_rules = AutomationRulesOperations( self._client, self._config, self._serialize, self._deserialize ) + self.entities = EntitiesOperations(self._client, self._config, self._serialize, self._deserialize) self.incidents = IncidentsOperations(self._client, self._config, self._serialize, self._deserialize) + self.billing_statistics = BillingStatisticsOperations( + self._client, self._config, self._serialize, self._deserialize + ) self.bookmarks = BookmarksOperations(self._client, self._config, self._serialize, self._deserialize) self.bookmark_relations = BookmarkRelationsOperations( self._client, self._config, self._serialize, self._deserialize ) self.bookmark = BookmarkOperations(self._client, self._config, self._serialize, self._deserialize) + self.content_packages = ContentPackagesOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.content_package = ContentPackageOperations(self._client, self._config, self._serialize, self._deserialize) + self.product_packages = ProductPackagesOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.product_package = ProductPackageOperations(self._client, self._config, self._serialize, self._deserialize) + self.product_templates = ProductTemplatesOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.product_template = ProductTemplateOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.content_templates = ContentTemplatesOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.content_template = ContentTemplateOperations( + self._client, self._config, self._serialize, self._deserialize + ) self.ip_geodata = IPGeodataOperations(self._client, self._config, self._serialize, self._deserialize) self.domain_whois = DomainWhoisOperations(self._client, self._config, self._serialize, self._deserialize) - self.entities = EntitiesOperations(self._client, self._config, self._serialize, self._deserialize) self.entities_get_timeline = EntitiesGetTimelineOperations( self._client, self._config, self._serialize, self._deserialize ) @@ -209,6 +303,9 @@ def __init__( self._client, self._config, self._serialize, self._deserialize ) self.file_imports = FileImportsOperations(self._client, self._config, self._serialize, self._deserialize) + self.hunts = HuntsOperations(self._client, self._config, self._serialize, self._deserialize) + self.hunt_relations = HuntRelationsOperations(self._client, self._config, self._serialize, self._deserialize) + self.hunt_comments = HuntCommentsOperations(self._client, self._config, self._serialize, self._deserialize) self.incident_comments = IncidentCommentsOperations( self._client, self._config, self._serialize, self._deserialize ) @@ -243,8 +340,33 @@ def __init__( self.threat_intelligence_indicator_metrics = ThreatIntelligenceIndicatorMetricsOperations( self._client, self._config, self._serialize, self._deserialize ) + self.triggered_analytics_rule_run = TriggeredAnalyticsRuleRunOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.get_triggered_analytics_rule_runs = GetTriggeredAnalyticsRuleRunsOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.alert_rule = AlertRuleOperations(self._client, self._config, self._serialize, self._deserialize) self.watchlists = WatchlistsOperations(self._client, self._config, self._serialize, self._deserialize) self.watchlist_items = WatchlistItemsOperations(self._client, self._config, self._serialize, self._deserialize) + self.workspace_manager_assignments = WorkspaceManagerAssignmentsOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.workspace_manager_assignment_jobs = WorkspaceManagerAssignmentJobsOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.workspace_manager_configurations = WorkspaceManagerConfigurationsOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.workspace_manager_groups = WorkspaceManagerGroupsOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.workspace_manager_members = WorkspaceManagerMembersOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.data_connector_definitions = DataConnectorDefinitionsOperations( + self._client, self._config, self._serialize, self._deserialize + ) self.data_connectors = DataConnectorsOperations(self._client, self._config, self._serialize, self._deserialize) self.data_connectors_check_requirements = DataConnectorsCheckRequirementsOperations( self._client, self._config, self._serialize, self._deserialize @@ -280,5 +402,5 @@ def __enter__(self) -> "SecurityInsights": self._client.__enter__() return self - def __exit__(self, *exc_details) -> None: + def __exit__(self, *exc_details: Any) -> None: self._client.__exit__(*exc_details) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_serialization.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_serialization.py index 2c170e28dbca..4bae2292227b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_serialization.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_serialization.py @@ -38,7 +38,22 @@ import re import sys import codecs -from typing import Optional, Union, AnyStr, IO, Mapping +from typing import ( + Dict, + Any, + cast, + Optional, + Union, + AnyStr, + IO, + Mapping, + Callable, + TypeVar, + MutableMapping, + Type, + List, + Mapping, +) try: from urllib import quote # type: ignore @@ -48,12 +63,14 @@ import isodate # type: ignore -from typing import Dict, Any, cast - from azure.core.exceptions import DeserializationError, SerializationError, raise_with_traceback +from azure.core.serialization import NULL as AzureCoreNull _BOM = codecs.BOM_UTF8.decode(encoding="utf-8") +ModelType = TypeVar("ModelType", bound="Model") +JSON = MutableMapping[str, Any] + class RawDeserializer: @@ -277,8 +294,8 @@ class Model(object): _attribute_map: Dict[str, Dict[str, Any]] = {} _validation: Dict[str, Dict[str, Any]] = {} - def __init__(self, **kwargs): - self.additional_properties = {} + def __init__(self, **kwargs: Any) -> None: + self.additional_properties: Dict[str, Any] = {} for k in kwargs: if k not in self._attribute_map: _LOGGER.warning("%s is not a known attribute of class %s and will be ignored", k, self.__class__) @@ -287,25 +304,25 @@ def __init__(self, **kwargs): else: setattr(self, k, kwargs[k]) - def __eq__(self, other): + def __eq__(self, other: Any) -> bool: """Compare objects by comparing all attributes.""" if isinstance(other, self.__class__): return self.__dict__ == other.__dict__ return False - def __ne__(self, other): + def __ne__(self, other: Any) -> bool: """Compare objects by comparing all attributes.""" return not self.__eq__(other) - def __str__(self): + def __str__(self) -> str: return str(self.__dict__) @classmethod - def enable_additional_properties_sending(cls): + def enable_additional_properties_sending(cls) -> None: cls._attribute_map["additional_properties"] = {"key": "", "type": "{object}"} @classmethod - def is_xml_model(cls): + def is_xml_model(cls) -> bool: try: cls._xml_map # type: ignore except AttributeError: @@ -322,7 +339,7 @@ def _create_xml_node(cls): return _create_xml_node(xml_map.get("name", cls.__name__), xml_map.get("prefix", None), xml_map.get("ns", None)) - def serialize(self, keep_readonly=False, **kwargs): + def serialize(self, keep_readonly: bool = False, **kwargs: Any) -> JSON: """Return the JSON that would be sent to azure from this model. This is an alias to `as_dict(full_restapi_key_transformer, keep_readonly=False)`. @@ -336,8 +353,13 @@ def serialize(self, keep_readonly=False, **kwargs): serializer = Serializer(self._infer_class_models()) return serializer._serialize(self, keep_readonly=keep_readonly, **kwargs) - def as_dict(self, keep_readonly=True, key_transformer=attribute_transformer, **kwargs): - """Return a dict that can be JSONify using json.dump. + def as_dict( + self, + keep_readonly: bool = True, + key_transformer: Callable[[str, Dict[str, Any], Any], Any] = attribute_transformer, + **kwargs: Any + ) -> JSON: + """Return a dict that can be serialized using json.dump. Advanced usage might optionally use a callback as parameter: @@ -384,7 +406,7 @@ def _infer_class_models(cls): return client_models @classmethod - def deserialize(cls, data, content_type=None): + def deserialize(cls: Type[ModelType], data: Any, content_type: Optional[str] = None) -> ModelType: """Parse a str using the RestAPI syntax and return a model. :param str data: A str using RestAPI structure. JSON by default. @@ -396,7 +418,12 @@ def deserialize(cls, data, content_type=None): return deserializer(cls.__name__, data, content_type=content_type) @classmethod - def from_dict(cls, data, key_extractors=None, content_type=None): + def from_dict( + cls: Type[ModelType], + data: Any, + key_extractors: Optional[Callable[[str, Dict[str, Any], Any], Any]] = None, + content_type: Optional[str] = None, + ) -> ModelType: """Parse a dict using given key extractor return a model. By default consider key @@ -409,8 +436,8 @@ def from_dict(cls, data, key_extractors=None, content_type=None): :raises: DeserializationError if something went wrong """ deserializer = Deserializer(cls._infer_class_models()) - deserializer.key_extractors = ( - [ + deserializer.key_extractors = ( # type: ignore + [ # type: ignore attribute_key_case_insensitive_extractor, rest_key_case_insensitive_extractor, last_rest_key_case_insensitive_extractor, @@ -518,7 +545,7 @@ class Serializer(object): "multiple": lambda x, y: x % y != 0, } - def __init__(self, classes=None): + def __init__(self, classes: Optional[Mapping[str, Type[ModelType]]] = None): self.serialize_type = { "iso-8601": Serializer.serialize_iso, "rfc-1123": Serializer.serialize_rfc, @@ -534,7 +561,7 @@ def __init__(self, classes=None): "[]": self.serialize_iter, "{}": self.serialize_dict, } - self.dependencies = dict(classes) if classes else {} + self.dependencies: Dict[str, Type[ModelType]] = dict(classes) if classes else {} self.key_transformer = full_restapi_key_transformer self.client_side_validation = True @@ -602,7 +629,7 @@ def _serialize(self, target_obj, data_type=None, **kwargs): if xml_desc.get("attr", False): if xml_ns: ET.register_namespace(xml_prefix, xml_ns) - xml_name = "{}{}".format(xml_ns, xml_name) + xml_name = "{{{}}}{}".format(xml_ns, xml_name) serialized.set(xml_name, new_attr) # type: ignore continue if xml_desc.get("text", False): @@ -626,8 +653,7 @@ def _serialize(self, target_obj, data_type=None, **kwargs): serialized.append(local_node) # type: ignore else: # JSON for k in reversed(keys): # type: ignore - unflattened = {k: new_attr} - new_attr = unflattened + new_attr = {k: new_attr} _new_attr = new_attr _serialized = serialized @@ -636,8 +662,9 @@ def _serialize(self, target_obj, data_type=None, **kwargs): _serialized.update(_new_attr) # type: ignore _new_attr = _new_attr[k] # type: ignore _serialized = _serialized[k] - except ValueError: - continue + except ValueError as err: + if isinstance(err, SerializationError): + raise except (AttributeError, KeyError, TypeError) as err: msg = "Attribute {} in object {} cannot be serialized.\n{}".format(attr_name, class_name, str(target_obj)) @@ -656,8 +683,8 @@ def body(self, data, data_type, **kwargs): """ # Just in case this is a dict - internal_data_type = data_type.strip("[]{}") - internal_data_type = self.dependencies.get(internal_data_type, None) + internal_data_type_str = data_type.strip("[]{}") + internal_data_type = self.dependencies.get(internal_data_type_str, None) try: is_xml_model_serialization = kwargs["is_xml"] except KeyError: @@ -715,6 +742,8 @@ def query(self, name, data, data_type, **kwargs): :param data: The data to be serialized. :param str data_type: The type to be serialized from. + :keyword bool skip_quote: Whether to skip quote the serialized result. + Defaults to False. :rtype: str :raises: TypeError if serialization fails. :raises: ValueError if data is None @@ -723,10 +752,8 @@ def query(self, name, data, data_type, **kwargs): # Treat the list aside, since we don't want to encode the div separator if data_type.startswith("["): internal_data_type = data_type[1:-1] - data = [self.serialize_data(d, internal_data_type, **kwargs) if d is not None else "" for d in data] - if not kwargs.get("skip_quote", False): - data = [quote(str(d), safe="") for d in data] - return str(self.serialize_iter(data, internal_data_type, **kwargs)) + do_quote = not kwargs.get("skip_quote", False) + return str(self.serialize_iter(data, internal_data_type, do_quote=do_quote, **kwargs)) # Not a list, regular serialization output = self.serialize_data(data, data_type, **kwargs) @@ -777,6 +804,8 @@ def serialize_data(self, data, data_type, **kwargs): raise ValueError("No value for given attribute") try: + if data is AzureCoreNull: + return None if data_type in self.basic_types.values(): return self.serialize_basic(data, data_type, **kwargs) @@ -863,6 +892,8 @@ def serialize_iter(self, data, iter_type, div=None, **kwargs): not be None or empty. :param str div: If set, this str will be used to combine the elements in the iterable into a combined string. Default is 'None'. + :keyword bool do_quote: Whether to quote the serialized result of each iterable element. + Defaults to False. :rtype: list, str """ if isinstance(data, str): @@ -875,9 +906,14 @@ def serialize_iter(self, data, iter_type, div=None, **kwargs): for d in data: try: serialized.append(self.serialize_data(d, iter_type, **kwargs)) - except ValueError: + except ValueError as err: + if isinstance(err, SerializationError): + raise serialized.append(None) + if kwargs.get("do_quote", False): + serialized = ["" if s is None else quote(str(s), safe="") for s in serialized] + if div: serialized = ["" if s is None else str(s) for s in serialized] serialized = div.join(serialized) @@ -922,7 +958,9 @@ def serialize_dict(self, attr, dict_type, **kwargs): for key, value in attr.items(): try: serialized[self.serialize_unicode(key)] = self.serialize_data(value, dict_type, **kwargs) - except ValueError: + except ValueError as err: + if isinstance(err, SerializationError): + raise serialized[self.serialize_unicode(key)] = None if "xml" in serialization_ctxt: @@ -1161,7 +1199,8 @@ def rest_key_extractor(attr, attr_desc, data): working_data = data while "." in key: - dict_keys = _FLATTEN.split(key) + # Need the cast, as for some reasons "split" is typed as list[str | Any] + dict_keys = cast(List[str], _FLATTEN.split(key)) if len(dict_keys) == 1: key = _decode_attribute_map_key(dict_keys[0]) break @@ -1242,7 +1281,7 @@ def _extract_name_from_internal_type(internal_type): xml_name = internal_type_xml_map.get("name", internal_type.__name__) xml_ns = internal_type_xml_map.get("ns", None) if xml_ns: - xml_name = "{}{}".format(xml_ns, xml_name) + xml_name = "{{{}}}{}".format(xml_ns, xml_name) return xml_name @@ -1266,7 +1305,7 @@ def xml_key_extractor(attr, attr_desc, data): # Integrate namespace if necessary xml_ns = xml_desc.get("ns", internal_type_xml_map.get("ns", None)) if xml_ns: - xml_name = "{}{}".format(xml_ns, xml_name) + xml_name = "{{{}}}{}".format(xml_ns, xml_name) # If it's an attribute, that's simple if xml_desc.get("attr", False): @@ -1332,7 +1371,7 @@ class Deserializer(object): valid_date = re.compile(r"\d{4}[-]\d{2}[-]\d{2}T\d{2}:\d{2}:\d{2}" r"\.?\d*Z?[-+]?[\d{2}]?:?[\d{2}]?") - def __init__(self, classes=None): + def __init__(self, classes: Optional[Mapping[str, Type[ModelType]]] = None): self.deserialize_type = { "iso-8601": Deserializer.deserialize_iso, "rfc-1123": Deserializer.deserialize_rfc, @@ -1352,7 +1391,7 @@ def __init__(self, classes=None): "duration": (isodate.Duration, datetime.timedelta), "iso-8601": (datetime.datetime), } - self.dependencies = dict(classes) if classes else {} + self.dependencies: Dict[str, Type[ModelType]] = dict(classes) if classes else {} self.key_extractors = [rest_key_extractor, xml_key_extractor] # Additional properties only works if the "rest_key_extractor" is used to # extract the keys. Making it to work whatever the key extractor is too much @@ -1471,7 +1510,7 @@ def _classify_target(self, target, data): Once classification has been determined, initialize object. :param str target: The target object type to deserialize to. - :param str/dict data: The response data to deseralize. + :param str/dict data: The response data to deserialize. """ if target is None: return None, None @@ -1486,7 +1525,7 @@ def _classify_target(self, target, data): target = target._classify(data, self.dependencies) except AttributeError: pass # Target is not a Model, no classify - return target, target.__class__.__name__ + return target, target.__class__.__name__ # type: ignore def failsafe_deserialize(self, target_obj, data, content_type=None): """Ignores any errors encountered in deserialization, @@ -1496,7 +1535,7 @@ def failsafe_deserialize(self, target_obj, data, content_type=None): a deserialization error. :param str target_obj: The target object type to deserialize to. - :param str/dict data: The response data to deseralize. + :param str/dict data: The response data to deserialize. :param str content_type: Swagger "produces" if available. """ try: diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_vendor.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_vendor.py index 9aad73fc743e..0dafe0e287ff 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_vendor.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_vendor.py @@ -14,14 +14,3 @@ def _convert_request(request, files=None): if files: request.set_formdata_body(files) return request - - -def _format_url_section(template, **kwargs): - components = template.split("/") - while components: - try: - return template.format(**kwargs) - except KeyError as key: - formatted_components = template.split("/") - components = [c for c in formatted_components if "{}".format(key.args[0]) not in c] - template = "/".join(components) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_version.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_version.py index 2eda20789583..e5754a47ce68 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_version.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_version.py @@ -6,4 +6,4 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -VERSION = "2.0.0b2" +VERSION = "1.0.0b1" diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_configuration.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_configuration.py index e334994b3258..10dd80bc6eca 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_configuration.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_configuration.py @@ -6,7 +6,6 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, TYPE_CHECKING from azure.core.configuration import Configuration @@ -15,11 +14,6 @@ from .._version import VERSION -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports - if TYPE_CHECKING: # pylint: disable=unused-import,ungrouped-imports from azure.core.credentials_async import AsyncTokenCredential @@ -35,14 +29,14 @@ class SecurityInsightsConfiguration(Configuration): # pylint: disable=too-many- :type credential: ~azure.core.credentials_async.AsyncTokenCredential :param subscription_id: The ID of the target subscription. Required. :type subscription_id: str - :keyword api_version: Api Version. Default value is "2022-12-01-preview". Note that overriding + :keyword api_version: Api Version. Default value is "2023-10-01-preview". Note that overriding this default value may result in unsupported behavior. :paramtype api_version: str """ def __init__(self, credential: "AsyncTokenCredential", subscription_id: str, **kwargs: Any) -> None: super(SecurityInsightsConfiguration, self).__init__(**kwargs) - api_version: Literal["2022-12-01-preview"] = kwargs.pop("api_version", "2022-12-01-preview") + api_version: str = kwargs.pop("api_version", "2023-10-01-preview") if credential is None: raise ValueError("Parameter 'credential' must not be None.") diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_security_insights.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_security_insights.py index 6a0f5faa2f24..149a381090c2 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_security_insights.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_security_insights.py @@ -17,12 +17,19 @@ from ._configuration import SecurityInsightsConfiguration from .operations import ( ActionsOperations, + AlertRuleOperations, AlertRuleTemplatesOperations, AlertRulesOperations, AutomationRulesOperations, + BillingStatisticsOperations, BookmarkOperations, BookmarkRelationsOperations, BookmarksOperations, + ContentPackageOperations, + ContentPackagesOperations, + ContentTemplateOperations, + ContentTemplatesOperations, + DataConnectorDefinitionsOperations, DataConnectorsCheckRequirementsOperations, DataConnectorsOperations, DomainWhoisOperations, @@ -35,6 +42,10 @@ FileImportsOperations, GetOperations, GetRecommendationsOperations, + GetTriggeredAnalyticsRuleRunsOperations, + HuntCommentsOperations, + HuntRelationsOperations, + HuntsOperations, IPGeodataOperations, IncidentCommentsOperations, IncidentRelationsOperations, @@ -43,7 +54,11 @@ MetadataOperations, OfficeConsentsOperations, Operations, + ProductPackageOperations, + ProductPackagesOperations, ProductSettingsOperations, + ProductTemplateOperations, + ProductTemplatesOperations, SecurityMLAnalyticsSettingsOperations, SentinelOnboardingStatesOperations, SourceControlOperations, @@ -51,9 +66,15 @@ ThreatIntelligenceIndicatorMetricsOperations, ThreatIntelligenceIndicatorOperations, ThreatIntelligenceIndicatorsOperations, + TriggeredAnalyticsRuleRunOperations, UpdateOperations, WatchlistItemsOperations, WatchlistsOperations, + WorkspaceManagerAssignmentJobsOperations, + WorkspaceManagerAssignmentsOperations, + WorkspaceManagerConfigurationsOperations, + WorkspaceManagerGroupsOperations, + WorkspaceManagerMembersOperations, ) if TYPE_CHECKING: @@ -73,8 +94,13 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to azure.mgmt.securityinsight.aio.operations.AlertRuleTemplatesOperations :ivar automation_rules: AutomationRulesOperations operations :vartype automation_rules: azure.mgmt.securityinsight.aio.operations.AutomationRulesOperations + :ivar entities: EntitiesOperations operations + :vartype entities: azure.mgmt.securityinsight.aio.operations.EntitiesOperations :ivar incidents: IncidentsOperations operations :vartype incidents: azure.mgmt.securityinsight.aio.operations.IncidentsOperations + :ivar billing_statistics: BillingStatisticsOperations operations + :vartype billing_statistics: + azure.mgmt.securityinsight.aio.operations.BillingStatisticsOperations :ivar bookmarks: BookmarksOperations operations :vartype bookmarks: azure.mgmt.securityinsight.aio.operations.BookmarksOperations :ivar bookmark_relations: BookmarkRelationsOperations operations @@ -82,12 +108,28 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to azure.mgmt.securityinsight.aio.operations.BookmarkRelationsOperations :ivar bookmark: BookmarkOperations operations :vartype bookmark: azure.mgmt.securityinsight.aio.operations.BookmarkOperations + :ivar content_packages: ContentPackagesOperations operations + :vartype content_packages: azure.mgmt.securityinsight.aio.operations.ContentPackagesOperations + :ivar content_package: ContentPackageOperations operations + :vartype content_package: azure.mgmt.securityinsight.aio.operations.ContentPackageOperations + :ivar product_packages: ProductPackagesOperations operations + :vartype product_packages: azure.mgmt.securityinsight.aio.operations.ProductPackagesOperations + :ivar product_package: ProductPackageOperations operations + :vartype product_package: azure.mgmt.securityinsight.aio.operations.ProductPackageOperations + :ivar product_templates: ProductTemplatesOperations operations + :vartype product_templates: + azure.mgmt.securityinsight.aio.operations.ProductTemplatesOperations + :ivar product_template: ProductTemplateOperations operations + :vartype product_template: azure.mgmt.securityinsight.aio.operations.ProductTemplateOperations + :ivar content_templates: ContentTemplatesOperations operations + :vartype content_templates: + azure.mgmt.securityinsight.aio.operations.ContentTemplatesOperations + :ivar content_template: ContentTemplateOperations operations + :vartype content_template: azure.mgmt.securityinsight.aio.operations.ContentTemplateOperations :ivar ip_geodata: IPGeodataOperations operations :vartype ip_geodata: azure.mgmt.securityinsight.aio.operations.IPGeodataOperations :ivar domain_whois: DomainWhoisOperations operations :vartype domain_whois: azure.mgmt.securityinsight.aio.operations.DomainWhoisOperations - :ivar entities: EntitiesOperations operations - :vartype entities: azure.mgmt.securityinsight.aio.operations.EntitiesOperations :ivar entities_get_timeline: EntitiesGetTimelineOperations operations :vartype entities_get_timeline: azure.mgmt.securityinsight.aio.operations.EntitiesGetTimelineOperations @@ -103,6 +145,12 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to azure.mgmt.securityinsight.aio.operations.EntityQueryTemplatesOperations :ivar file_imports: FileImportsOperations operations :vartype file_imports: azure.mgmt.securityinsight.aio.operations.FileImportsOperations + :ivar hunts: HuntsOperations operations + :vartype hunts: azure.mgmt.securityinsight.aio.operations.HuntsOperations + :ivar hunt_relations: HuntRelationsOperations operations + :vartype hunt_relations: azure.mgmt.securityinsight.aio.operations.HuntRelationsOperations + :ivar hunt_comments: HuntCommentsOperations operations + :vartype hunt_comments: azure.mgmt.securityinsight.aio.operations.HuntCommentsOperations :ivar incident_comments: IncidentCommentsOperations operations :vartype incident_comments: azure.mgmt.securityinsight.aio.operations.IncidentCommentsOperations @@ -144,10 +192,36 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to operations :vartype threat_intelligence_indicator_metrics: azure.mgmt.securityinsight.aio.operations.ThreatIntelligenceIndicatorMetricsOperations + :ivar triggered_analytics_rule_run: TriggeredAnalyticsRuleRunOperations operations + :vartype triggered_analytics_rule_run: + azure.mgmt.securityinsight.aio.operations.TriggeredAnalyticsRuleRunOperations + :ivar get_triggered_analytics_rule_runs: GetTriggeredAnalyticsRuleRunsOperations operations + :vartype get_triggered_analytics_rule_runs: + azure.mgmt.securityinsight.aio.operations.GetTriggeredAnalyticsRuleRunsOperations + :ivar alert_rule: AlertRuleOperations operations + :vartype alert_rule: azure.mgmt.securityinsight.aio.operations.AlertRuleOperations :ivar watchlists: WatchlistsOperations operations :vartype watchlists: azure.mgmt.securityinsight.aio.operations.WatchlistsOperations :ivar watchlist_items: WatchlistItemsOperations operations :vartype watchlist_items: azure.mgmt.securityinsight.aio.operations.WatchlistItemsOperations + :ivar workspace_manager_assignments: WorkspaceManagerAssignmentsOperations operations + :vartype workspace_manager_assignments: + azure.mgmt.securityinsight.aio.operations.WorkspaceManagerAssignmentsOperations + :ivar workspace_manager_assignment_jobs: WorkspaceManagerAssignmentJobsOperations operations + :vartype workspace_manager_assignment_jobs: + azure.mgmt.securityinsight.aio.operations.WorkspaceManagerAssignmentJobsOperations + :ivar workspace_manager_configurations: WorkspaceManagerConfigurationsOperations operations + :vartype workspace_manager_configurations: + azure.mgmt.securityinsight.aio.operations.WorkspaceManagerConfigurationsOperations + :ivar workspace_manager_groups: WorkspaceManagerGroupsOperations operations + :vartype workspace_manager_groups: + azure.mgmt.securityinsight.aio.operations.WorkspaceManagerGroupsOperations + :ivar workspace_manager_members: WorkspaceManagerMembersOperations operations + :vartype workspace_manager_members: + azure.mgmt.securityinsight.aio.operations.WorkspaceManagerMembersOperations + :ivar data_connector_definitions: DataConnectorDefinitionsOperations operations + :vartype data_connector_definitions: + azure.mgmt.securityinsight.aio.operations.DataConnectorDefinitionsOperations :ivar data_connectors: DataConnectorsOperations operations :vartype data_connectors: azure.mgmt.securityinsight.aio.operations.DataConnectorsOperations :ivar data_connectors_check_requirements: DataConnectorsCheckRequirementsOperations operations @@ -161,7 +235,7 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to :type subscription_id: str :param base_url: Service URL. Default value is "https://management.azure.com". :type base_url: str - :keyword api_version: Api Version. Default value is "2022-12-01-preview". Note that overriding + :keyword api_version: Api Version. Default value is "2023-10-01-preview". Note that overriding this default value may result in unsupported behavior. :paramtype api_version: str :keyword int polling_interval: Default waiting time between two polls for LRO operations if no @@ -176,7 +250,7 @@ def __init__( **kwargs: Any ) -> None: self._config = SecurityInsightsConfiguration(credential=credential, subscription_id=subscription_id, **kwargs) - self._client = AsyncARMPipelineClient(base_url=base_url, config=self._config, **kwargs) + self._client: AsyncARMPipelineClient = AsyncARMPipelineClient(base_url=base_url, config=self._config, **kwargs) client_models = {k: v for k, v in _models.__dict__.items() if isinstance(v, type)} self._serialize = Serializer(client_models) @@ -190,15 +264,38 @@ def __init__( self.automation_rules = AutomationRulesOperations( self._client, self._config, self._serialize, self._deserialize ) + self.entities = EntitiesOperations(self._client, self._config, self._serialize, self._deserialize) self.incidents = IncidentsOperations(self._client, self._config, self._serialize, self._deserialize) + self.billing_statistics = BillingStatisticsOperations( + self._client, self._config, self._serialize, self._deserialize + ) self.bookmarks = BookmarksOperations(self._client, self._config, self._serialize, self._deserialize) self.bookmark_relations = BookmarkRelationsOperations( self._client, self._config, self._serialize, self._deserialize ) self.bookmark = BookmarkOperations(self._client, self._config, self._serialize, self._deserialize) + self.content_packages = ContentPackagesOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.content_package = ContentPackageOperations(self._client, self._config, self._serialize, self._deserialize) + self.product_packages = ProductPackagesOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.product_package = ProductPackageOperations(self._client, self._config, self._serialize, self._deserialize) + self.product_templates = ProductTemplatesOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.product_template = ProductTemplateOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.content_templates = ContentTemplatesOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.content_template = ContentTemplateOperations( + self._client, self._config, self._serialize, self._deserialize + ) self.ip_geodata = IPGeodataOperations(self._client, self._config, self._serialize, self._deserialize) self.domain_whois = DomainWhoisOperations(self._client, self._config, self._serialize, self._deserialize) - self.entities = EntitiesOperations(self._client, self._config, self._serialize, self._deserialize) self.entities_get_timeline = EntitiesGetTimelineOperations( self._client, self._config, self._serialize, self._deserialize ) @@ -213,6 +310,9 @@ def __init__( self._client, self._config, self._serialize, self._deserialize ) self.file_imports = FileImportsOperations(self._client, self._config, self._serialize, self._deserialize) + self.hunts = HuntsOperations(self._client, self._config, self._serialize, self._deserialize) + self.hunt_relations = HuntRelationsOperations(self._client, self._config, self._serialize, self._deserialize) + self.hunt_comments = HuntCommentsOperations(self._client, self._config, self._serialize, self._deserialize) self.incident_comments = IncidentCommentsOperations( self._client, self._config, self._serialize, self._deserialize ) @@ -247,8 +347,33 @@ def __init__( self.threat_intelligence_indicator_metrics = ThreatIntelligenceIndicatorMetricsOperations( self._client, self._config, self._serialize, self._deserialize ) + self.triggered_analytics_rule_run = TriggeredAnalyticsRuleRunOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.get_triggered_analytics_rule_runs = GetTriggeredAnalyticsRuleRunsOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.alert_rule = AlertRuleOperations(self._client, self._config, self._serialize, self._deserialize) self.watchlists = WatchlistsOperations(self._client, self._config, self._serialize, self._deserialize) self.watchlist_items = WatchlistItemsOperations(self._client, self._config, self._serialize, self._deserialize) + self.workspace_manager_assignments = WorkspaceManagerAssignmentsOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.workspace_manager_assignment_jobs = WorkspaceManagerAssignmentJobsOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.workspace_manager_configurations = WorkspaceManagerConfigurationsOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.workspace_manager_groups = WorkspaceManagerGroupsOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.workspace_manager_members = WorkspaceManagerMembersOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.data_connector_definitions = DataConnectorDefinitionsOperations( + self._client, self._config, self._serialize, self._deserialize + ) self.data_connectors = DataConnectorsOperations(self._client, self._config, self._serialize, self._deserialize) self.data_connectors_check_requirements = DataConnectorsCheckRequirementsOperations( self._client, self._config, self._serialize, self._deserialize @@ -284,5 +409,5 @@ async def __aenter__(self) -> "SecurityInsights": await self._client.__aenter__() return self - async def __aexit__(self, *exc_details) -> None: + async def __aexit__(self, *exc_details: Any) -> None: await self._client.__aexit__(*exc_details) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/__init__.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/__init__.py index 802d895ef601..3cef9c159131 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/__init__.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/__init__.py @@ -10,19 +10,31 @@ from ._actions_operations import ActionsOperations from ._alert_rule_templates_operations import AlertRuleTemplatesOperations from ._automation_rules_operations import AutomationRulesOperations +from ._entities_operations import EntitiesOperations from ._incidents_operations import IncidentsOperations +from ._billing_statistics_operations import BillingStatisticsOperations from ._bookmarks_operations import BookmarksOperations from ._bookmark_relations_operations import BookmarkRelationsOperations from ._bookmark_operations import BookmarkOperations +from ._content_packages_operations import ContentPackagesOperations +from ._content_package_operations import ContentPackageOperations +from ._product_packages_operations import ProductPackagesOperations +from ._product_package_operations import ProductPackageOperations +from ._product_templates_operations import ProductTemplatesOperations +from ._product_template_operations import ProductTemplateOperations +from ._content_templates_operations import ContentTemplatesOperations +from ._content_template_operations import ContentTemplateOperations from ._ip_geodata_operations import IPGeodataOperations from ._domain_whois_operations import DomainWhoisOperations -from ._entities_operations import EntitiesOperations from ._entities_get_timeline_operations import EntitiesGetTimelineOperations from ._entities_relations_operations import EntitiesRelationsOperations from ._entity_relations_operations import EntityRelationsOperations from ._entity_queries_operations import EntityQueriesOperations from ._entity_query_templates_operations import EntityQueryTemplatesOperations from ._file_imports_operations import FileImportsOperations +from ._hunts_operations import HuntsOperations +from ._hunt_relations_operations import HuntRelationsOperations +from ._hunt_comments_operations import HuntCommentsOperations from ._incident_comments_operations import IncidentCommentsOperations from ._incident_relations_operations import IncidentRelationsOperations from ._incident_tasks_operations import IncidentTasksOperations @@ -39,8 +51,17 @@ from ._threat_intelligence_indicator_operations import ThreatIntelligenceIndicatorOperations from ._threat_intelligence_indicators_operations import ThreatIntelligenceIndicatorsOperations from ._threat_intelligence_indicator_metrics_operations import ThreatIntelligenceIndicatorMetricsOperations +from ._triggered_analytics_rule_run_operations import TriggeredAnalyticsRuleRunOperations +from ._get_triggered_analytics_rule_runs_operations import GetTriggeredAnalyticsRuleRunsOperations +from ._alert_rule_operations import AlertRuleOperations from ._watchlists_operations import WatchlistsOperations from ._watchlist_items_operations import WatchlistItemsOperations +from ._workspace_manager_assignments_operations import WorkspaceManagerAssignmentsOperations +from ._workspace_manager_assignment_jobs_operations import WorkspaceManagerAssignmentJobsOperations +from ._workspace_manager_configurations_operations import WorkspaceManagerConfigurationsOperations +from ._workspace_manager_groups_operations import WorkspaceManagerGroupsOperations +from ._workspace_manager_members_operations import WorkspaceManagerMembersOperations +from ._data_connector_definitions_operations import DataConnectorDefinitionsOperations from ._data_connectors_operations import DataConnectorsOperations from ._data_connectors_check_requirements_operations import DataConnectorsCheckRequirementsOperations from ._operations import Operations @@ -54,19 +75,31 @@ "ActionsOperations", "AlertRuleTemplatesOperations", "AutomationRulesOperations", + "EntitiesOperations", "IncidentsOperations", + "BillingStatisticsOperations", "BookmarksOperations", "BookmarkRelationsOperations", "BookmarkOperations", + "ContentPackagesOperations", + "ContentPackageOperations", + "ProductPackagesOperations", + "ProductPackageOperations", + "ProductTemplatesOperations", + "ProductTemplateOperations", + "ContentTemplatesOperations", + "ContentTemplateOperations", "IPGeodataOperations", "DomainWhoisOperations", - "EntitiesOperations", "EntitiesGetTimelineOperations", "EntitiesRelationsOperations", "EntityRelationsOperations", "EntityQueriesOperations", "EntityQueryTemplatesOperations", "FileImportsOperations", + "HuntsOperations", + "HuntRelationsOperations", + "HuntCommentsOperations", "IncidentCommentsOperations", "IncidentRelationsOperations", "IncidentTasksOperations", @@ -83,8 +116,17 @@ "ThreatIntelligenceIndicatorOperations", "ThreatIntelligenceIndicatorsOperations", "ThreatIntelligenceIndicatorMetricsOperations", + "TriggeredAnalyticsRuleRunOperations", + "GetTriggeredAnalyticsRuleRunsOperations", + "AlertRuleOperations", "WatchlistsOperations", "WatchlistItemsOperations", + "WorkspaceManagerAssignmentsOperations", + "WorkspaceManagerAssignmentJobsOperations", + "WorkspaceManagerConfigurationsOperations", + "WorkspaceManagerGroupsOperations", + "WorkspaceManagerMembersOperations", + "DataConnectorDefinitionsOperations", "DataConnectorsOperations", "DataConnectorsCheckRequirementsOperations", "Operations", diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_actions_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_actions_operations.py index 9e3b782688be..b0a1ad37203f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_actions_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_actions_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_by_alert_rule_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -85,9 +81,7 @@ def list_by_alert_rule( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.ActionsList] = kwargs.pop("cls", None) error_map = { @@ -142,8 +136,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -190,9 +185,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.ActionResponse] = kwargs.pop("cls", None) request = build_get_request( @@ -209,8 +202,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -319,7 +313,7 @@ async def create_or_update( :type rule_id: str :param action_id: Action ID. Required. :type action_id: str - :param action: The action. Is either a model type or a IO type. Required. + :param action: The action. Is either a ActionRequest type or a IO type. Required. :type action: ~azure.mgmt.securityinsight.models.ActionRequest or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -340,16 +334,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.ActionResponse] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(action, (IO, bytes)): + if isinstance(action, (IOBase, bytes)): _content = action else: _json = self._serialize.body(action, "ActionRequest") @@ -371,8 +363,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -427,9 +420,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -446,8 +437,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_operations.py new file mode 100644 index 000000000000..12aff61ad0db --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_operations.py @@ -0,0 +1,287 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, cast, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.polling import AsyncLROPoller, AsyncNoPolling, AsyncPollingMethod +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat +from azure.mgmt.core.polling.async_arm_polling import AsyncARMPolling + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._alert_rule_operations import build_trigger_rule_run_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class AlertRuleOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`alert_rule` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + async def _trigger_rule_run_initial( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + analytics_rule_run_trigger_parameter: Union[_models.AnalyticsRuleRunTrigger, IO], + **kwargs: Any + ) -> None: + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[None] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(analytics_rule_run_trigger_parameter, (IOBase, bytes)): + _content = analytics_rule_run_trigger_parameter + else: + _json = self._serialize.body(analytics_rule_run_trigger_parameter, "AnalyticsRuleRunTrigger") + + request = build_trigger_rule_run_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self._trigger_rule_run_initial.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [202]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + response_headers = {} + response_headers["Location"] = self._deserialize("str", response.headers.get("Location")) + + if cls: + return cls(pipeline_response, None, response_headers) + + _trigger_rule_run_initial.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/triggerRuleRun" + } + + @overload + async def begin_trigger_rule_run( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + analytics_rule_run_trigger_parameter: _models.AnalyticsRuleRunTrigger, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> AsyncLROPoller[None]: + """triggers analytics rule run. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_id: Alert rule ID. Required. + :type rule_id: str + :param analytics_rule_run_trigger_parameter: The Analytics Rule Run Trigger parameter. + Required. + :type analytics_rule_run_trigger_parameter: + ~azure.mgmt.securityinsight.models.AnalyticsRuleRunTrigger + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :keyword str continuation_token: A continuation token to restart a poller from a saved state. + :keyword polling: By default, your polling method will be AsyncARMPolling. Pass in False for + this operation to not poll, or pass in your own initialized polling object for a personal + polling strategy. + :paramtype polling: bool or ~azure.core.polling.AsyncPollingMethod + :keyword int polling_interval: Default waiting time between two polls for LRO operations if no + Retry-After header is present. + :return: An instance of AsyncLROPoller that returns either None or the result of cls(response) + :rtype: ~azure.core.polling.AsyncLROPoller[None] + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def begin_trigger_rule_run( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + analytics_rule_run_trigger_parameter: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> AsyncLROPoller[None]: + """triggers analytics rule run. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_id: Alert rule ID. Required. + :type rule_id: str + :param analytics_rule_run_trigger_parameter: The Analytics Rule Run Trigger parameter. + Required. + :type analytics_rule_run_trigger_parameter: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :keyword str continuation_token: A continuation token to restart a poller from a saved state. + :keyword polling: By default, your polling method will be AsyncARMPolling. Pass in False for + this operation to not poll, or pass in your own initialized polling object for a personal + polling strategy. + :paramtype polling: bool or ~azure.core.polling.AsyncPollingMethod + :keyword int polling_interval: Default waiting time between two polls for LRO operations if no + Retry-After header is present. + :return: An instance of AsyncLROPoller that returns either None or the result of cls(response) + :rtype: ~azure.core.polling.AsyncLROPoller[None] + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def begin_trigger_rule_run( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + analytics_rule_run_trigger_parameter: Union[_models.AnalyticsRuleRunTrigger, IO], + **kwargs: Any + ) -> AsyncLROPoller[None]: + """triggers analytics rule run. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_id: Alert rule ID. Required. + :type rule_id: str + :param analytics_rule_run_trigger_parameter: The Analytics Rule Run Trigger parameter. Is + either a AnalyticsRuleRunTrigger type or a IO type. Required. + :type analytics_rule_run_trigger_parameter: + ~azure.mgmt.securityinsight.models.AnalyticsRuleRunTrigger or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :keyword str continuation_token: A continuation token to restart a poller from a saved state. + :keyword polling: By default, your polling method will be AsyncARMPolling. Pass in False for + this operation to not poll, or pass in your own initialized polling object for a personal + polling strategy. + :paramtype polling: bool or ~azure.core.polling.AsyncPollingMethod + :keyword int polling_interval: Default waiting time between two polls for LRO operations if no + Retry-After header is present. + :return: An instance of AsyncLROPoller that returns either None or the result of cls(response) + :rtype: ~azure.core.polling.AsyncLROPoller[None] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[None] = kwargs.pop("cls", None) + polling: Union[bool, AsyncPollingMethod] = kwargs.pop("polling", True) + lro_delay = kwargs.pop("polling_interval", self._config.polling_interval) + cont_token: Optional[str] = kwargs.pop("continuation_token", None) + if cont_token is None: + raw_result = await self._trigger_rule_run_initial( # type: ignore + resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + analytics_rule_run_trigger_parameter=analytics_rule_run_trigger_parameter, + api_version=api_version, + content_type=content_type, + cls=lambda x, y, z: x, + headers=_headers, + params=_params, + **kwargs + ) + kwargs.pop("error_map", None) + + def get_long_running_output(pipeline_response): # pylint: disable=inconsistent-return-statements + if cls: + return cls(pipeline_response, None, {}) + + if polling is True: + polling_method: AsyncPollingMethod = cast( + AsyncPollingMethod, AsyncARMPolling(lro_delay, lro_options={"final-state-via": "location"}, **kwargs) + ) + elif polling is False: + polling_method = cast(AsyncPollingMethod, AsyncNoPolling()) + else: + polling_method = polling + if cont_token: + return AsyncLROPoller.from_continuation_token( + polling_method=polling_method, + continuation_token=cont_token, + client=self._client, + deserialization_callback=get_long_running_output, + ) + return AsyncLROPoller(self._client, raw_result, get_long_running_output, polling_method) # type: ignore + + begin_trigger_rule_run.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/triggerRuleRun" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_templates_operations.py index c4517e99abe7..a0bcf9d8d054 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_templates_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_templates_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar import urllib.parse @@ -31,10 +30,6 @@ from ..._vendor import _convert_request from ...operations._alert_rule_templates_operations import build_get_request, build_list_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -78,9 +73,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AlertRuleTemplatesList] = kwargs.pop("cls", None) error_map = { @@ -134,8 +127,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -180,9 +174,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AlertRuleTemplate] = kwargs.pop("cls", None) request = build_get_request( @@ -198,8 +190,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rules_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rules_operations.py index 856b3843f35a..6fa74b0a68ed 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rules_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rules_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -80,9 +76,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AlertRulesList] = kwargs.pop("cls", None) error_map = { @@ -136,8 +130,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -182,9 +177,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AlertRule] = kwargs.pop("cls", None) request = build_get_request( @@ -200,8 +193,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -301,7 +295,7 @@ async def create_or_update( :type workspace_name: str :param rule_id: Alert rule ID. Required. :type rule_id: str - :param alert_rule: The alert rule. Is either a model type or a IO type. Required. + :param alert_rule: The alert rule. Is either a AlertRule type or a IO type. Required. :type alert_rule: ~azure.mgmt.securityinsight.models.AlertRule or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -322,16 +316,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.AlertRule] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(alert_rule, (IO, bytes)): + if isinstance(alert_rule, (IOBase, bytes)): _content = alert_rule else: _json = self._serialize.body(alert_rule, "AlertRule") @@ -352,8 +344,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -406,9 +399,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -424,8 +415,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_automation_rules_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_automation_rules_operations.py index 9040a09fd9bf..1401e9728256 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_automation_rules_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_automation_rules_operations.py @@ -6,6 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- +from io import IOBase import sys from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -40,10 +41,6 @@ from collections.abc import MutableMapping else: from typing import MutableMapping # type: ignore # pylint: disable=ungrouped-imports -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports JSON = MutableMapping[str, Any] # pylint: disable=unsubscriptable-object T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -97,9 +94,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AutomationRule] = kwargs.pop("cls", None) request = build_get_request( @@ -115,8 +110,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -216,8 +212,8 @@ async def create_or_update( :type workspace_name: str :param automation_rule_id: Automation rule ID. Required. :type automation_rule_id: str - :param automation_rule_to_upsert: The automation rule. Is either a model type or a IO type. - Default value is None. + :param automation_rule_to_upsert: The automation rule. Is either a AutomationRule type or a IO + type. Default value is None. :type automation_rule_to_upsert: ~azure.mgmt.securityinsight.models.AutomationRule or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -238,16 +234,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.AutomationRule] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(automation_rule_to_upsert, (IO, bytes)): + if isinstance(automation_rule_to_upsert, (IOBase, bytes)): _content = automation_rule_to_upsert else: if automation_rule_to_upsert is not None: @@ -271,8 +265,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -325,9 +320,7 @@ async def delete( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[JSON] = kwargs.pop("cls", None) request = build_delete_request( @@ -343,8 +336,9 @@ async def delete( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -388,9 +382,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AutomationRulesList] = kwargs.pop("cls", None) error_map = { @@ -444,8 +436,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_billing_statistics_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_billing_statistics_operations.py new file mode 100644 index 000000000000..797f6490f5ce --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_billing_statistics_operations.py @@ -0,0 +1,215 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._billing_statistics_operations import build_get_request, build_list_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class BillingStatisticsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`billing_statistics` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, resource_group_name: str, workspace_name: str, **kwargs: Any + ) -> AsyncIterable["_models.BillingStatistic"]: + """Gets all Microsoft Sentinel billing statistics. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either BillingStatistic or the result of cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.BillingStatistic] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.BillingStatisticList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("BillingStatisticList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics" + } + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, billing_statistic_name: str, **kwargs: Any + ) -> _models.BillingStatistic: + """Gets a billing statistic. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param billing_statistic_name: The name of the billing statistic. Required. + :type billing_statistic_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: BillingStatistic or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.BillingStatistic + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.BillingStatistic] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + billing_statistic_name=billing_statistic_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("BillingStatistic", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics/{billingStatisticName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_operations.py index e87871dba5df..bf09c0d0a737 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload from azure.core.exceptions import ( @@ -28,10 +28,6 @@ from ..._vendor import _convert_request from ...operations._bookmark_operations import build_expand_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -138,7 +134,7 @@ async def expand( :param bookmark_id: Bookmark ID. Required. :type bookmark_id: str :param parameters: The parameters required to execute an expand operation on the given - bookmark. Is either a model type or a IO type. Required. + bookmark. Is either a BookmarkExpandParameters type or a IO type. Required. :type parameters: ~azure.mgmt.securityinsight.models.BookmarkExpandParameters or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -159,16 +155,14 @@ async def expand( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.BookmarkExpandResponse] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(parameters, (IO, bytes)): + if isinstance(parameters, (IOBase, bytes)): _content = parameters else: _json = self._serialize.body(parameters, "BookmarkExpandParameters") @@ -189,8 +183,9 @@ async def expand( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_relations_operations.py index 237aca3682c1..b440c1c6eaef 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_relations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_relations_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -104,9 +100,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.RelationList] = kwargs.pop("cls", None) error_map = { @@ -165,8 +159,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -213,9 +208,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) request = build_get_request( @@ -232,8 +225,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -342,7 +336,7 @@ async def create_or_update( :type bookmark_id: str :param relation_name: Relation Name. Required. :type relation_name: str - :param relation: The relation model. Is either a model type or a IO type. Required. + :param relation: The relation model. Is either a Relation type or a IO type. Required. :type relation: ~azure.mgmt.securityinsight.models.Relation or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -363,16 +357,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(relation, (IO, bytes)): + if isinstance(relation, (IOBase, bytes)): _content = relation else: _json = self._serialize.body(relation, "Relation") @@ -394,8 +386,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -450,9 +443,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -469,8 +460,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmarks_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmarks_operations.py index b9783e8fa1e7..8a4af9d80b9f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmarks_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmarks_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -80,9 +76,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.BookmarkList] = kwargs.pop("cls", None) error_map = { @@ -136,8 +130,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -182,9 +177,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Bookmark] = kwargs.pop("cls", None) request = build_get_request( @@ -200,8 +193,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -301,7 +295,7 @@ async def create_or_update( :type workspace_name: str :param bookmark_id: Bookmark ID. Required. :type bookmark_id: str - :param bookmark: The bookmark. Is either a model type or a IO type. Required. + :param bookmark: The bookmark. Is either a Bookmark type or a IO type. Required. :type bookmark: ~azure.mgmt.securityinsight.models.Bookmark or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -322,16 +316,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Bookmark] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(bookmark, (IO, bytes)): + if isinstance(bookmark, (IOBase, bytes)): _content = bookmark else: _json = self._serialize.body(bookmark, "Bookmark") @@ -352,8 +344,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -406,9 +399,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -424,8 +415,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_package_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_package_operations.py new file mode 100644 index 000000000000..07d65f75b889 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_package_operations.py @@ -0,0 +1,271 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._content_package_operations import build_install_request, build_uninstall_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class ContentPackageOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`content_package` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @overload + async def install( + self, + resource_group_name: str, + workspace_name: str, + package_id: str, + package_installation_properties: _models.PackageModel, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.PackageModel: + """Install a package to the workspace. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :param package_installation_properties: Package installation properties. Required. + :type package_installation_properties: ~azure.mgmt.securityinsight.models.PackageModel + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: PackageModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.PackageModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def install( + self, + resource_group_name: str, + workspace_name: str, + package_id: str, + package_installation_properties: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.PackageModel: + """Install a package to the workspace. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :param package_installation_properties: Package installation properties. Required. + :type package_installation_properties: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: PackageModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.PackageModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def install( + self, + resource_group_name: str, + workspace_name: str, + package_id: str, + package_installation_properties: Union[_models.PackageModel, IO], + **kwargs: Any + ) -> _models.PackageModel: + """Install a package to the workspace. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :param package_installation_properties: Package installation properties. Is either a + PackageModel type or a IO type. Required. + :type package_installation_properties: ~azure.mgmt.securityinsight.models.PackageModel or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: PackageModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.PackageModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.PackageModel] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(package_installation_properties, (IOBase, bytes)): + _content = package_installation_properties + else: + _json = self._serialize.body(package_installation_properties, "PackageModel") + + request = build_install_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + package_id=package_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.install.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("PackageModel", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("PackageModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + install.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}" + } + + @distributed_trace_async + async def uninstall( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, package_id: str, **kwargs: Any + ) -> None: + """Uninstall a package from the workspace. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_uninstall_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + package_id=package_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.uninstall.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + uninstall.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_packages_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_packages_operations.py new file mode 100644 index 000000000000..1e61cd3d4579 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_packages_operations.py @@ -0,0 +1,250 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._content_packages_operations import build_get_request, build_list_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class ContentPackagesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`content_packages` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + search: Optional[str] = None, + count: Optional[bool] = None, + top: Optional[int] = None, + skip: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.PackageModel"]: + """Gets all installed packages. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param search: Searches for a substring in the response. Optional. Default value is None. + :type search: str + :param count: Instructs the server to return only object count without actual body. Optional. + Default value is None. + :type count: bool + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip: Used to skip n elements in the OData query (offset). Returns a nextLink to the + next page of results if there are any left. Default value is None. + :type skip: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either PackageModel or the result of cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.PackageModel] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.PackageList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + search=search, + count=count, + top=top, + skip=skip, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("PackageList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages" + } + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, package_id: str, **kwargs: Any + ) -> _models.PackageModel: + """Gets an installed packages by its id. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: PackageModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.PackageModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.PackageModel] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + package_id=package_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("PackageModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_template_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_template_operations.py new file mode 100644 index 000000000000..dd55fa3aa012 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_template_operations.py @@ -0,0 +1,343 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._content_template_operations import build_delete_request, build_get_request, build_install_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class ContentTemplateOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`content_template` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @overload + async def install( + self, + resource_group_name: str, + workspace_name: str, + template_id: str, + template_installation_properties: _models.TemplateModel, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.TemplateModel: + """Install a template. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :param template_installation_properties: Template installation properties. Required. + :type template_installation_properties: ~azure.mgmt.securityinsight.models.TemplateModel + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TemplateModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TemplateModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def install( + self, + resource_group_name: str, + workspace_name: str, + template_id: str, + template_installation_properties: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.TemplateModel: + """Install a template. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :param template_installation_properties: Template installation properties. Required. + :type template_installation_properties: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TemplateModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TemplateModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def install( + self, + resource_group_name: str, + workspace_name: str, + template_id: str, + template_installation_properties: Union[_models.TemplateModel, IO], + **kwargs: Any + ) -> _models.TemplateModel: + """Install a template. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :param template_installation_properties: Template installation properties. Is either a + TemplateModel type or a IO type. Required. + :type template_installation_properties: ~azure.mgmt.securityinsight.models.TemplateModel or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TemplateModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TemplateModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.TemplateModel] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(template_installation_properties, (IOBase, bytes)): + _content = template_installation_properties + else: + _json = self._serialize.body(template_installation_properties, "TemplateModel") + + request = build_install_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + template_id=template_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.install.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("TemplateModel", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("TemplateModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + install.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}" + } + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, template_id: str, **kwargs: Any + ) -> _models.TemplateModel: + """Gets a template byt its identifier. + Expandable properties: + + + * properties/mainTemplate + * properties/dependantTemplates. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TemplateModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TemplateModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.TemplateModel] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + template_id=template_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("TemplateModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}" + } + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, template_id: str, **kwargs: Any + ) -> None: + """Delete an installed template. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + template_id=template_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_templates_operations.py new file mode 100644 index 000000000000..11746b8a3022 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_templates_operations.py @@ -0,0 +1,192 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._content_templates_operations import build_list_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class ContentTemplatesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`content_templates` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + expand: Optional[str] = None, + search: Optional[str] = None, + count: Optional[bool] = None, + top: Optional[int] = None, + skip: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.TemplateModel"]: + """Gets all installed templates. + Expandable properties: + + + * properties/mainTemplate + * properties/dependantTemplates. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param expand: Expands the object with optional fiends that are not included by default. + Optional. Default value is None. + :type expand: str + :param search: Searches for a substring in the response. Optional. Default value is None. + :type search: str + :param count: Instructs the server to return only object count without actual body. Optional. + Default value is None. + :type count: bool + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip: Used to skip n elements in the OData query (offset). Returns a nextLink to the + next page of results if there are any left. Default value is None. + :type skip: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either TemplateModel or the result of cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.TemplateModel] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.TemplateList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + expand=expand, + search=search, + count=count, + top=top, + skip=skip, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("TemplateList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connector_definitions_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connector_definitions_operations.py new file mode 100644 index 000000000000..fe5e39ff25ba --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connector_definitions_operations.py @@ -0,0 +1,440 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._data_connector_definitions_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class DataConnectorDefinitionsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`data_connector_definitions` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, resource_group_name: str, workspace_name: str, **kwargs: Any + ) -> AsyncIterable["_models.DataConnectorDefinition"]: + """Gets all data connector definitions. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either DataConnectorDefinition or the result of + cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.DataConnectorDefinition] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.DataConnectorDefinitionArmCollectionWrapper] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("DataConnectorDefinitionArmCollectionWrapper", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions" + } + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, data_connector_definition_name: str, **kwargs: Any + ) -> _models.DataConnectorDefinition: + """Gets a data connector definition. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_definition_name: The data connector definition name. Required. + :type data_connector_definition_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorDefinition or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorDefinition + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.DataConnectorDefinition] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_definition_name=data_connector_definition_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("DataConnectorDefinition", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}" + } + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + data_connector_definition_name: str, + connector_definition_input: _models.DataConnectorDefinition, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.DataConnectorDefinition: + """Creates or updates the data connector definition. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_definition_name: The data connector definition name. Required. + :type data_connector_definition_name: str + :param connector_definition_input: The data connector definition. Required. + :type connector_definition_input: ~azure.mgmt.securityinsight.models.DataConnectorDefinition + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorDefinition or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorDefinition + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + data_connector_definition_name: str, + connector_definition_input: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.DataConnectorDefinition: + """Creates or updates the data connector definition. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_definition_name: The data connector definition name. Required. + :type data_connector_definition_name: str + :param connector_definition_input: The data connector definition. Required. + :type connector_definition_input: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorDefinition or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorDefinition + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + data_connector_definition_name: str, + connector_definition_input: Union[_models.DataConnectorDefinition, IO], + **kwargs: Any + ) -> _models.DataConnectorDefinition: + """Creates or updates the data connector definition. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_definition_name: The data connector definition name. Required. + :type data_connector_definition_name: str + :param connector_definition_input: The data connector definition. Is either a + DataConnectorDefinition type or a IO type. Required. + :type connector_definition_input: ~azure.mgmt.securityinsight.models.DataConnectorDefinition or + IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorDefinition or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorDefinition + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.DataConnectorDefinition] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(connector_definition_input, (IOBase, bytes)): + _content = connector_definition_input + else: + _json = self._serialize.body(connector_definition_input, "DataConnectorDefinition") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_definition_name=data_connector_definition_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("DataConnectorDefinition", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("DataConnectorDefinition", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}" + } + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, data_connector_definition_name: str, **kwargs: Any + ) -> None: + """Delete the data connector definition. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_definition_name: The data connector definition name. Required. + :type data_connector_definition_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_definition_name=data_connector_definition_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_check_requirements_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_check_requirements_operations.py index ad27dbca1787..afd1aa6ef510 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_check_requirements_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_check_requirements_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload from azure.core.exceptions import ( @@ -28,10 +28,6 @@ from ..._vendor import _convert_request from ...operations._data_connectors_check_requirements_operations import build_post_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -130,7 +126,7 @@ async def post( :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param data_connectors_check_requirements: The parameters for requirements check message. Is - either a model type or a IO type. Required. + either a DataConnectorsCheckRequirements type or a IO type. Required. :type data_connectors_check_requirements: ~azure.mgmt.securityinsight.models.DataConnectorsCheckRequirements or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -152,16 +148,14 @@ async def post( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.DataConnectorRequirementsState] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(data_connectors_check_requirements, (IO, bytes)): + if isinstance(data_connectors_check_requirements, (IOBase, bytes)): _content = data_connectors_check_requirements else: _json = self._serialize.body(data_connectors_check_requirements, "DataConnectorsCheckRequirements") @@ -181,8 +175,9 @@ async def post( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_operations.py index 3e9a9ea01f82..4dbbffc3b02c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -38,10 +38,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -85,9 +81,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.DataConnectorList] = kwargs.pop("cls", None) error_map = { @@ -141,8 +135,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -187,9 +182,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.DataConnector] = kwargs.pop("cls", None) request = build_get_request( @@ -205,8 +198,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -306,7 +300,8 @@ async def create_or_update( :type workspace_name: str :param data_connector_id: Connector ID. Required. :type data_connector_id: str - :param data_connector: The data connector. Is either a model type or a IO type. Required. + :param data_connector: The data connector. Is either a DataConnector type or a IO type. + Required. :type data_connector: ~azure.mgmt.securityinsight.models.DataConnector or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -327,16 +322,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.DataConnector] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(data_connector, (IO, bytes)): + if isinstance(data_connector, (IOBase, bytes)): _content = data_connector else: _json = self._serialize.body(data_connector, "DataConnector") @@ -357,8 +350,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -411,9 +405,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -429,8 +421,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -526,7 +519,8 @@ async def connect( # pylint: disable=inconsistent-return-statements :type workspace_name: str :param data_connector_id: Connector ID. Required. :type data_connector_id: str - :param connect_body: The data connector. Is either a model type or a IO type. Required. + :param connect_body: The data connector. Is either a DataConnectorConnectBody type or a IO + type. Required. :type connect_body: ~azure.mgmt.securityinsight.models.DataConnectorConnectBody or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -547,16 +541,14 @@ async def connect( # pylint: disable=inconsistent-return-statements _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[None] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(connect_body, (IO, bytes)): + if isinstance(connect_body, (IOBase, bytes)): _content = connect_body else: _json = self._serialize.body(connect_body, "DataConnectorConnectBody") @@ -577,8 +569,9 @@ async def connect( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -623,9 +616,7 @@ async def disconnect( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_disconnect_request( @@ -641,8 +632,9 @@ async def disconnect( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_domain_whois_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_domain_whois_operations.py index 30b1d059703f..a2164cdfb3c7 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_domain_whois_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_domain_whois_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -28,10 +27,6 @@ from ..._vendor import _convert_request from ...operations._domain_whois_operations import build_get_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -80,9 +75,7 @@ async def get(self, resource_group_name: str, domain: str, **kwargs: Any) -> _mo _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EnrichmentDomainWhois] = kwargs.pop("cls", None) request = build_get_request( @@ -97,8 +90,9 @@ async def get(self, resource_group_name: str, domain: str, **kwargs: Any) -> _mo request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_get_timeline_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_get_timeline_operations.py index 62111c6a7259..8ecceaff5105 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_get_timeline_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_get_timeline_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload from azure.core.exceptions import ( @@ -28,10 +28,6 @@ from ..._vendor import _convert_request from ...operations._entities_get_timeline_operations import build_list_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -138,7 +134,7 @@ async def list( :param entity_id: entity ID. Required. :type entity_id: str :param parameters: The parameters required to execute an timeline operation on the given - entity. Is either a model type or a IO type. Required. + entity. Is either a EntityTimelineParameters type or a IO type. Required. :type parameters: ~azure.mgmt.securityinsight.models.EntityTimelineParameters or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -159,16 +155,14 @@ async def list( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.EntityTimelineResponse] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(parameters, (IO, bytes)): + if isinstance(parameters, (IOBase, bytes)): _content = parameters else: _json = self._serialize.body(parameters, "EntityTimelineParameters") @@ -189,8 +183,9 @@ async def list( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_operations.py index ddabc83cb09f..2c05241bcce4 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -35,12 +35,9 @@ build_get_request, build_list_request, build_queries_request, + build_run_playbook_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -64,6 +61,159 @@ def __init__(self, *args, **kwargs) -> None: self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + @overload + async def run_playbook( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + entity_identifier: str, + request_body: Optional[_models.EntityManualTriggerRequestBody] = None, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> None: + """Triggers playbook on a specific entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_identifier: Entity identifier. Required. + :type entity_identifier: str + :param request_body: Describes the request body for triggering a playbook on an entity. Default + value is None. + :type request_body: ~azure.mgmt.securityinsight.models.EntityManualTriggerRequestBody + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def run_playbook( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + entity_identifier: str, + request_body: Optional[IO] = None, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> None: + """Triggers playbook on a specific entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_identifier: Entity identifier. Required. + :type entity_identifier: str + :param request_body: Describes the request body for triggering a playbook on an entity. Default + value is None. + :type request_body: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def run_playbook( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + entity_identifier: str, + request_body: Optional[Union[_models.EntityManualTriggerRequestBody, IO]] = None, + **kwargs: Any + ) -> None: + """Triggers playbook on a specific entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_identifier: Entity identifier. Required. + :type entity_identifier: str + :param request_body: Describes the request body for triggering a playbook on an entity. Is + either a EntityManualTriggerRequestBody type or a IO type. Default value is None. + :type request_body: ~azure.mgmt.securityinsight.models.EntityManualTriggerRequestBody or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[None] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(request_body, (IOBase, bytes)): + _content = request_body + else: + if request_body is not None: + _json = self._serialize.body(request_body, "EntityManualTriggerRequestBody") + else: + _json = None + + request = build_run_playbook_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_identifier=entity_identifier, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.run_playbook.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + run_playbook.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityIdentifier}/runPlaybook" + } + @distributed_trace def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> AsyncIterable["_models.Entity"]: """Gets all entities. @@ -81,9 +231,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EntityList] = kwargs.pop("cls", None) error_map = { @@ -137,8 +285,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -181,9 +330,7 @@ async def get(self, resource_group_name: str, workspace_name: str, entity_id: st _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Entity] = kwargs.pop("cls", None) request = build_get_request( @@ -199,8 +346,9 @@ async def get(self, resource_group_name: str, workspace_name: str, entity_id: st request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -303,7 +451,7 @@ async def expand( :param entity_id: entity ID. Required. :type entity_id: str :param parameters: The parameters required to execute an expand operation on the given entity. - Is either a model type or a IO type. Required. + Is either a EntityExpandParameters type or a IO type. Required. :type parameters: ~azure.mgmt.securityinsight.models.EntityExpandParameters or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -324,16 +472,14 @@ async def expand( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.EntityExpandResponse] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(parameters, (IO, bytes)): + if isinstance(parameters, (IOBase, bytes)): _content = parameters else: _json = self._serialize.body(parameters, "EntityExpandParameters") @@ -354,8 +500,9 @@ async def expand( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -411,9 +558,7 @@ async def queries( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.GetQueriesResponse] = kwargs.pop("cls", None) request = build_queries_request( @@ -430,8 +575,9 @@ async def queries( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -532,7 +678,7 @@ async def get_insights( :param entity_id: entity ID. Required. :type entity_id: str :param parameters: The parameters required to execute insights on the given entity. Is either a - model type or a IO type. Required. + EntityGetInsightsParameters type or a IO type. Required. :type parameters: ~azure.mgmt.securityinsight.models.EntityGetInsightsParameters or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -553,16 +699,14 @@ async def get_insights( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.EntityGetInsightsResponse] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(parameters, (IO, bytes)): + if isinstance(parameters, (IOBase, bytes)): _content = parameters else: _json = self._serialize.body(parameters, "EntityGetInsightsParameters") @@ -583,8 +727,9 @@ async def get_insights( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_relations_operations.py index d232b818621f..49bc5d6ea8b9 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_relations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_relations_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar import urllib.parse @@ -30,10 +29,6 @@ from ..._vendor import _convert_request from ...operations._entities_relations_operations import build_list_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -98,9 +93,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.RelationList] = kwargs.pop("cls", None) error_map = { @@ -159,8 +152,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_queries_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_queries_operations.py index 2a53846738ea..7c02322b5cec 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_queries_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_queries_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -68,7 +64,7 @@ def list( self, resource_group_name: str, workspace_name: str, - kind: Optional[Union[str, _models.Enum13]] = None, + kind: Optional[Union[str, _models.Enum20]] = None, **kwargs: Any ) -> AsyncIterable["_models.EntityQuery"]: """Gets all entity queries. @@ -80,7 +76,7 @@ def list( :type workspace_name: str :param kind: The entity query kind we want to fetch. Known values are: "Expansion" and "Activity". Default value is None. - :type kind: str or ~azure.mgmt.securityinsight.models.Enum13 + :type kind: str or ~azure.mgmt.securityinsight.models.Enum20 :keyword callable cls: A custom type or function that will be passed the direct response :return: An iterator like instance of either EntityQuery or the result of cls(response) :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.EntityQuery] @@ -89,9 +85,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EntityQueryList] = kwargs.pop("cls", None) error_map = { @@ -146,8 +140,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -192,9 +187,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EntityQuery] = kwargs.pop("cls", None) request = build_get_request( @@ -210,8 +203,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -311,8 +305,8 @@ async def create_or_update( :type workspace_name: str :param entity_query_id: entity query ID. Required. :type entity_query_id: str - :param entity_query: The entity query we want to create or update. Is either a model type or a - IO type. Required. + :param entity_query: The entity query we want to create or update. Is either a + CustomEntityQuery type or a IO type. Required. :type entity_query: ~azure.mgmt.securityinsight.models.CustomEntityQuery or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -333,16 +327,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.EntityQuery] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(entity_query, (IO, bytes)): + if isinstance(entity_query, (IOBase, bytes)): _content = entity_query else: _json = self._serialize.body(entity_query, "CustomEntityQuery") @@ -363,8 +355,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -417,9 +410,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -435,8 +426,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_query_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_query_templates_operations.py index e2f34e18fc04..7c111a25b0bc 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_query_templates_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_query_templates_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar, Union import urllib.parse @@ -31,10 +30,6 @@ from ..._vendor import _convert_request from ...operations._entity_query_templates_operations import build_get_request, build_list_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -63,7 +58,7 @@ def list( self, resource_group_name: str, workspace_name: str, - kind: Optional[Union[str, _models.Enum15]] = None, + kind: Optional[Union[str, _models.Enum22]] = None, **kwargs: Any ) -> AsyncIterable["_models.EntityQueryTemplate"]: """Gets all entity query templates. @@ -74,7 +69,7 @@ def list( :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param kind: The entity template query kind we want to fetch. "Activity" Default value is None. - :type kind: str or ~azure.mgmt.securityinsight.models.Enum15 + :type kind: str or ~azure.mgmt.securityinsight.models.Enum22 :keyword callable cls: A custom type or function that will be passed the direct response :return: An iterator like instance of either EntityQueryTemplate or the result of cls(response) :rtype: @@ -84,9 +79,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EntityQueryTemplateList] = kwargs.pop("cls", None) error_map = { @@ -141,8 +134,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -187,9 +181,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EntityQueryTemplate] = kwargs.pop("cls", None) request = build_get_request( @@ -205,8 +197,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_relations_operations.py index 9cb8ac64c04b..1327848f537e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_relations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_relations_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -28,10 +27,6 @@ from ..._vendor import _convert_request from ...operations._entity_relations_operations import build_get_relation_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -86,9 +81,7 @@ async def get_relation( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) request = build_get_relation_request( @@ -105,8 +98,9 @@ async def get_relation( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_file_imports_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_file_imports_operations.py index 5636b9487428..ea78a0255ac8 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_file_imports_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_file_imports_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, cast, overload import urllib.parse @@ -38,10 +38,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -103,9 +99,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.FileImportList] = kwargs.pop("cls", None) error_map = { @@ -163,8 +157,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -209,9 +204,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.FileImport] = kwargs.pop("cls", None) request = build_get_request( @@ -227,8 +220,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -328,7 +322,7 @@ async def create( :type workspace_name: str :param file_import_id: File import ID. Required. :type file_import_id: str - :param file_import: The file import. Is either a model type or a IO type. Required. + :param file_import: The file import. Is either a FileImport type or a IO type. Required. :type file_import: ~azure.mgmt.securityinsight.models.FileImport or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -349,16 +343,14 @@ async def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.FileImport] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(file_import, (IO, bytes)): + if isinstance(file_import, (IOBase, bytes)): _content = file_import else: _json = self._serialize.body(file_import, "FileImport") @@ -379,8 +371,9 @@ async def create( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -414,9 +407,7 @@ async def _delete_initial( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[Optional[_models.FileImport]] = kwargs.pop("cls", None) request = build_delete_request( @@ -432,8 +423,9 @@ async def _delete_initial( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -484,9 +476,7 @@ async def begin_delete( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.FileImport] = kwargs.pop("cls", None) polling: Union[bool, AsyncPollingMethod] = kwargs.pop("polling", True) lro_delay = kwargs.pop("polling_interval", self._config.polling_interval) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_operations.py index 015f667e45a7..013a6ddb21ed 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -28,10 +27,6 @@ from ..._vendor import _convert_request from ...operations._get_operations import build_single_recommendation_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -84,9 +79,7 @@ async def single_recommendation( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Recommendation] = kwargs.pop("cls", None) request = build_single_recommendation_request( @@ -102,8 +95,9 @@ async def single_recommendation( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_recommendations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_recommendations_operations.py index e46e68a6f58a..6120eb8f0ad8 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_recommendations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_recommendations_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -28,10 +27,6 @@ from ..._vendor import _convert_request from ...operations._get_recommendations_operations import build_list_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -80,9 +75,7 @@ async def list(self, resource_group_name: str, workspace_name: str, **kwargs: An _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.RecommendationList] = kwargs.pop("cls", None) request = build_list_request( @@ -97,8 +90,9 @@ async def list(self, resource_group_name: str, workspace_name: str, **kwargs: An request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_triggered_analytics_rule_runs_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_triggered_analytics_rule_runs_operations.py new file mode 100644 index 000000000000..103226cf45fd --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_triggered_analytics_rule_runs_operations.py @@ -0,0 +1,146 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._get_triggered_analytics_rule_runs_operations import build_list_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class GetTriggeredAnalyticsRuleRunsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`get_triggered_analytics_rule_runs` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, resource_group_name: str, workspace_name: str, **kwargs: Any + ) -> AsyncIterable["_models.TriggeredAnalyticsRuleRun"]: + """Gets the triggered analytics rule runs. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either TriggeredAnalyticsRuleRun or the result of + cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.TriggeredAnalyticsRuleRun] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.TriggeredAnalyticsRuleRuns] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("TriggeredAnalyticsRuleRuns", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunt_comments_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunt_comments_operations.py new file mode 100644 index 000000000000..ca55b561c49b --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunt_comments_operations.py @@ -0,0 +1,479 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._hunt_comments_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class HuntCommentsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`hunt_comments` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.HuntComment"]: + """Gets all hunt comments. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either HuntComment or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.HuntComment] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.HuntCommentList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("HuntCommentList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments" + } + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, hunt_id: str, hunt_comment_id: str, **kwargs: Any + ) -> _models.HuntComment: + """Gets a hunt comment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_comment_id: The hunt comment id (GUID). Required. + :type hunt_comment_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntComment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntComment + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.HuntComment] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_comment_id=hunt_comment_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("HuntComment", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}" + } + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, hunt_id: str, hunt_comment_id: str, **kwargs: Any + ) -> None: + """Delete a hunt comment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_comment_id: The hunt comment id (GUID). Required. + :type hunt_comment_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_comment_id=hunt_comment_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}" + } + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_comment_id: str, + hunt_comment: _models.HuntComment, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.HuntComment: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_comment_id: The hunt comment id (GUID). Required. + :type hunt_comment_id: str + :param hunt_comment: The hunt comment. Required. + :type hunt_comment: ~azure.mgmt.securityinsight.models.HuntComment + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntComment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntComment + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_comment_id: str, + hunt_comment: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.HuntComment: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_comment_id: The hunt comment id (GUID). Required. + :type hunt_comment_id: str + :param hunt_comment: The hunt comment. Required. + :type hunt_comment: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntComment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntComment + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_comment_id: str, + hunt_comment: Union[_models.HuntComment, IO], + **kwargs: Any + ) -> _models.HuntComment: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_comment_id: The hunt comment id (GUID). Required. + :type hunt_comment_id: str + :param hunt_comment: The hunt comment. Is either a HuntComment type or a IO type. Required. + :type hunt_comment: ~azure.mgmt.securityinsight.models.HuntComment or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntComment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntComment + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.HuntComment] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(hunt_comment, (IOBase, bytes)): + _content = hunt_comment + else: + _json = self._serialize.body(hunt_comment, "HuntComment") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_comment_id=hunt_comment_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("HuntComment", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("HuntComment", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunt_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunt_relations_operations.py new file mode 100644 index 000000000000..0bb0f4ba9fef --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunt_relations_operations.py @@ -0,0 +1,480 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._hunt_relations_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class HuntRelationsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`hunt_relations` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.HuntRelation"]: + """Gets all hunt relations. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either HuntRelation or the result of cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.HuntRelation] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.HuntRelationList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("HuntRelationList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations" + } + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, hunt_id: str, hunt_relation_id: str, **kwargs: Any + ) -> _models.HuntRelation: + """Gets a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_relation_id: The hunt relation id (GUID). Required. + :type hunt_relation_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntRelation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntRelation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.HuntRelation] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_relation_id=hunt_relation_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("HuntRelation", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}" + } + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, hunt_id: str, hunt_relation_id: str, **kwargs: Any + ) -> None: + """Delete a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_relation_id: The hunt relation id (GUID). Required. + :type hunt_relation_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_relation_id=hunt_relation_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}" + } + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_relation_id: str, + hunt_relation: _models.HuntRelation, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.HuntRelation: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_relation_id: The hunt relation id (GUID). Required. + :type hunt_relation_id: str + :param hunt_relation: The hunt relation. Required. + :type hunt_relation: ~azure.mgmt.securityinsight.models.HuntRelation + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntRelation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntRelation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_relation_id: str, + hunt_relation: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.HuntRelation: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_relation_id: The hunt relation id (GUID). Required. + :type hunt_relation_id: str + :param hunt_relation: The hunt relation. Required. + :type hunt_relation: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntRelation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntRelation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_relation_id: str, + hunt_relation: Union[_models.HuntRelation, IO], + **kwargs: Any + ) -> _models.HuntRelation: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_relation_id: The hunt relation id (GUID). Required. + :type hunt_relation_id: str + :param hunt_relation: The hunt relation. Is either a HuntRelation type or a IO type. Required. + :type hunt_relation: ~azure.mgmt.securityinsight.models.HuntRelation or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntRelation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntRelation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.HuntRelation] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(hunt_relation, (IOBase, bytes)): + _content = hunt_relation + else: + _json = self._serialize.body(hunt_relation, "HuntRelation") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_relation_id=hunt_relation_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("HuntRelation", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("HuntRelation", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunts_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunts_operations.py new file mode 100644 index 000000000000..28288197e609 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunts_operations.py @@ -0,0 +1,452 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._hunts_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class HuntsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`hunts` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.Hunt"]: + """Gets all hunts, without relations and comments. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either Hunt or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.Hunt] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.HuntList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("HuntList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts" + } + + @distributed_trace_async + async def get(self, resource_group_name: str, workspace_name: str, hunt_id: str, **kwargs: Any) -> _models.Hunt: + """Gets a hunt, without relations and comments. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Hunt or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Hunt + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.Hunt] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Hunt", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}" + } + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, hunt_id: str, **kwargs: Any + ) -> None: + """Delete a hunt. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}" + } + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt: _models.Hunt, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Hunt: + """Create or update a hunt. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt: The hunt. Required. + :type hunt: ~azure.mgmt.securityinsight.models.Hunt + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Hunt or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Hunt + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Hunt: + """Create or update a hunt. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt: The hunt. Required. + :type hunt: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Hunt or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Hunt + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, resource_group_name: str, workspace_name: str, hunt_id: str, hunt: Union[_models.Hunt, IO], **kwargs: Any + ) -> _models.Hunt: + """Create or update a hunt. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt: The hunt. Is either a Hunt type or a IO type. Required. + :type hunt: ~azure.mgmt.securityinsight.models.Hunt or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Hunt or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Hunt + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.Hunt] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(hunt, (IOBase, bytes)): + _content = hunt + else: + _json = self._serialize.body(hunt, "Hunt") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("Hunt", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("Hunt", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_comments_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_comments_operations.py index 0a69a9384b3f..1b014d5a98a6 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_comments_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_comments_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -105,9 +101,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentCommentList] = kwargs.pop("cls", None) error_map = { @@ -166,8 +160,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -214,9 +209,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentComment] = kwargs.pop("cls", None) request = build_get_request( @@ -233,8 +226,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -343,7 +337,8 @@ async def create_or_update( :type incident_id: str :param incident_comment_id: Incident comment ID. Required. :type incident_comment_id: str - :param incident_comment: The incident comment. Is either a model type or a IO type. Required. + :param incident_comment: The incident comment. Is either a IncidentComment type or a IO type. + Required. :type incident_comment: ~azure.mgmt.securityinsight.models.IncidentComment or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -364,16 +359,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.IncidentComment] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(incident_comment, (IO, bytes)): + if isinstance(incident_comment, (IOBase, bytes)): _content = incident_comment else: _json = self._serialize.body(incident_comment, "IncidentComment") @@ -395,8 +388,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -451,9 +445,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -470,8 +462,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_relations_operations.py index 3fa719c8adf6..d94ab4774ec5 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_relations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_relations_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -104,9 +100,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.RelationList] = kwargs.pop("cls", None) error_map = { @@ -165,8 +159,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -213,9 +208,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) request = build_get_request( @@ -232,8 +225,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -342,7 +336,7 @@ async def create_or_update( :type incident_id: str :param relation_name: Relation Name. Required. :type relation_name: str - :param relation: The relation model. Is either a model type or a IO type. Required. + :param relation: The relation model. Is either a Relation type or a IO type. Required. :type relation: ~azure.mgmt.securityinsight.models.Relation or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -363,16 +357,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(relation, (IO, bytes)): + if isinstance(relation, (IOBase, bytes)): _content = relation else: _json = self._serialize.body(relation, "Relation") @@ -394,8 +386,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -450,9 +443,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -469,8 +460,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_tasks_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_tasks_operations.py index 3ab32b7e4d51..a718ca42cd8c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_tasks_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_tasks_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -85,9 +81,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentTaskList] = kwargs.pop("cls", None) error_map = { @@ -142,8 +136,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -190,9 +185,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentTask] = kwargs.pop("cls", None) request = build_get_request( @@ -209,8 +202,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -319,7 +313,7 @@ async def create_or_update( :type incident_id: str :param incident_task_id: Incident task ID. Required. :type incident_task_id: str - :param incident_task: The incident task. Is either a model type or a IO type. Required. + :param incident_task: The incident task. Is either a IncidentTask type or a IO type. Required. :type incident_task: ~azure.mgmt.securityinsight.models.IncidentTask or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -340,16 +334,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.IncidentTask] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(incident_task, (IO, bytes)): + if isinstance(incident_task, (IOBase, bytes)): _content = incident_task else: _json = self._serialize.body(incident_task, "IncidentTask") @@ -371,8 +363,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -427,9 +420,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -446,8 +437,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incidents_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incidents_operations.py index a0452b513c88..ba9f77da5319 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incidents_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incidents_operations.py @@ -6,6 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- +from io import IOBase import sys from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -45,10 +46,6 @@ from collections.abc import MutableMapping else: from typing import MutableMapping # type: ignore # pylint: disable=ungrouped-imports -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports JSON = MutableMapping[str, Any] # pylint: disable=unsubscriptable-object T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -153,7 +150,8 @@ async def run_playbook( :type workspace_name: str :param incident_identifier: Required. :type incident_identifier: str - :param request_body: Is either a model type or a IO type. Default value is None. + :param request_body: Is either a ManualTriggerRequestBody type or a IO type. Default value is + None. :type request_body: ~azure.mgmt.securityinsight.models.ManualTriggerRequestBody or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -174,16 +172,14 @@ async def run_playbook( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[JSON] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(request_body, (IO, bytes)): + if isinstance(request_body, (IOBase, bytes)): _content = request_body else: if request_body is not None: @@ -207,8 +203,9 @@ async def run_playbook( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -266,9 +263,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentList] = kwargs.pop("cls", None) error_map = { @@ -326,8 +321,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -372,9 +368,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Incident] = kwargs.pop("cls", None) request = build_get_request( @@ -390,8 +384,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -491,7 +486,7 @@ async def create_or_update( :type workspace_name: str :param incident_id: Incident ID. Required. :type incident_id: str - :param incident: The incident. Is either a model type or a IO type. Required. + :param incident: The incident. Is either a Incident type or a IO type. Required. :type incident: ~azure.mgmt.securityinsight.models.Incident or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -512,16 +507,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Incident] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(incident, (IO, bytes)): + if isinstance(incident, (IOBase, bytes)): _content = incident else: _json = self._serialize.body(incident, "Incident") @@ -542,8 +535,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -596,9 +590,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -614,8 +606,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -714,7 +707,8 @@ async def create_team( :type workspace_name: str :param incident_id: Incident ID. Required. :type incident_id: str - :param team_properties: Team properties. Is either a model type or a IO type. Required. + :param team_properties: Team properties. Is either a TeamInformation type or a IO type. + Required. :type team_properties: ~azure.mgmt.securityinsight.models.TeamInformation or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -735,16 +729,14 @@ async def create_team( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.TeamInformation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(team_properties, (IO, bytes)): + if isinstance(team_properties, (IOBase, bytes)): _content = team_properties else: _json = self._serialize.body(team_properties, "TeamInformation") @@ -765,8 +757,9 @@ async def create_team( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -815,9 +808,7 @@ async def list_alerts( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentAlertList] = kwargs.pop("cls", None) request = build_list_alerts_request( @@ -833,8 +824,9 @@ async def list_alerts( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -883,9 +875,7 @@ async def list_bookmarks( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentBookmarkList] = kwargs.pop("cls", None) request = build_list_bookmarks_request( @@ -901,8 +891,9 @@ async def list_bookmarks( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -951,9 +942,7 @@ async def list_entities( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentEntitiesResponse] = kwargs.pop("cls", None) request = build_list_entities_request( @@ -969,8 +958,9 @@ async def list_entities( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_ip_geodata_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_ip_geodata_operations.py index e1f7121e301e..e00105460c38 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_ip_geodata_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_ip_geodata_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -28,10 +27,6 @@ from ..._vendor import _convert_request from ...operations._ip_geodata_operations import build_get_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -80,9 +75,7 @@ async def get(self, resource_group_name: str, ip_address: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EnrichmentIpGeodata] = kwargs.pop("cls", None) request = build_get_request( @@ -97,8 +90,9 @@ async def get(self, resource_group_name: str, ip_address: str, **kwargs: Any) -> request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_metadata_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_metadata_operations.py index f9d87e686bcd..9d268bccbecb 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_metadata_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_metadata_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -37,10 +37,6 @@ build_update_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -101,9 +97,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.MetadataList] = kwargs.pop("cls", None) error_map = { @@ -161,8 +155,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -207,9 +202,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.MetadataModel] = kwargs.pop("cls", None) request = build_get_request( @@ -225,8 +218,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -275,9 +269,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -293,8 +285,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -390,7 +383,7 @@ async def create( :type workspace_name: str :param metadata_name: The Metadata name. Required. :type metadata_name: str - :param metadata: Metadata resource. Is either a model type or a IO type. Required. + :param metadata: Metadata resource. Is either a MetadataModel type or a IO type. Required. :type metadata: ~azure.mgmt.securityinsight.models.MetadataModel or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -411,16 +404,14 @@ async def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.MetadataModel] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(metadata, (IO, bytes)): + if isinstance(metadata, (IOBase, bytes)): _content = metadata else: _json = self._serialize.body(metadata, "MetadataModel") @@ -441,8 +432,9 @@ async def create( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -546,7 +538,8 @@ async def update( :type workspace_name: str :param metadata_name: The Metadata name. Required. :type metadata_name: str - :param metadata_patch: Partial metadata request. Is either a model type or a IO type. Required. + :param metadata_patch: Partial metadata request. Is either a MetadataPatch type or a IO type. + Required. :type metadata_patch: ~azure.mgmt.securityinsight.models.MetadataPatch or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -567,16 +560,14 @@ async def update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.MetadataModel] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(metadata_patch, (IO, bytes)): + if isinstance(metadata_patch, (IOBase, bytes)): _content = metadata_patch else: _json = self._serialize.body(metadata_patch, "MetadataPatch") @@ -597,8 +588,9 @@ async def update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_office_consents_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_office_consents_operations.py index fffada186187..06c618c659ee 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_office_consents_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_office_consents_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar import urllib.parse @@ -31,10 +30,6 @@ from ..._vendor import _convert_request from ...operations._office_consents_operations import build_delete_request, build_get_request, build_list_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -78,9 +73,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.OfficeConsentList] = kwargs.pop("cls", None) error_map = { @@ -134,8 +127,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -180,9 +174,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.OfficeConsent] = kwargs.pop("cls", None) request = build_get_request( @@ -198,8 +190,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -248,9 +241,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -266,8 +257,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_operations.py index 376f9dc326f2..126066cd2908 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar import urllib.parse @@ -30,10 +29,6 @@ from ..._vendor import _convert_request from ...operations._operations import build_list_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -69,9 +64,7 @@ def list(self, **kwargs: Any) -> AsyncIterable["_models.Operation"]: _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.OperationsList] = kwargs.pop("cls", None) error_map = { @@ -122,8 +115,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_package_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_package_operations.py new file mode 100644 index 000000000000..299b609ce05d --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_package_operations.py @@ -0,0 +1,118 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Optional, TypeVar + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._product_package_operations import build_get_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class ProductPackageOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`product_package` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, package_id: str, **kwargs: Any + ) -> _models.ProductPackageModel: + """Gets a package by its identifier from the catalog. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ProductPackageModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ProductPackageModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.ProductPackageModel] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + package_id=package_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("ProductPackageModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages/{packageId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_packages_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_packages_operations.py new file mode 100644 index 000000000000..939356ac2155 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_packages_operations.py @@ -0,0 +1,173 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._product_packages_operations import build_list_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class ProductPackagesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`product_packages` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.ProductPackageModel"]: + """Gets all packages from the catalog. + Expandable properties: + + + * properties/installed + * properties/packagedContent. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either ProductPackageModel or the result of cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.ProductPackageModel] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.ProductPackageList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("ProductPackageList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_settings_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_settings_operations.py index 3324a16bab68..8bd1f37e35ba 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_settings_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_settings_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload from azure.core.exceptions import ( @@ -33,10 +33,6 @@ build_update_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -85,9 +81,7 @@ async def list(self, resource_group_name: str, workspace_name: str, **kwargs: An _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SettingList] = kwargs.pop("cls", None) request = build_list_request( @@ -102,8 +96,9 @@ async def list(self, resource_group_name: str, workspace_name: str, **kwargs: An request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -153,9 +148,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Settings] = kwargs.pop("cls", None) request = build_get_request( @@ -171,8 +164,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -222,9 +216,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -240,8 +232,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -340,7 +333,7 @@ async def update( :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. Required. :type settings_name: str - :param settings: The setting. Is either a model type or a IO type. Required. + :param settings: The setting. Is either a Settings type or a IO type. Required. :type settings: ~azure.mgmt.securityinsight.models.Settings or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -361,16 +354,14 @@ async def update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Settings] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(settings, (IO, bytes)): + if isinstance(settings, (IOBase, bytes)): _content = settings else: _json = self._serialize.body(settings, "Settings") @@ -391,8 +382,9 @@ async def update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_template_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_template_operations.py new file mode 100644 index 000000000000..249ab76033f7 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_template_operations.py @@ -0,0 +1,118 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Optional, TypeVar + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._product_template_operations import build_get_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class ProductTemplateOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`product_template` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, template_id: str, **kwargs: Any + ) -> _models.ProductTemplateModel: + """Gets a template by its identifier. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ProductTemplateModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ProductTemplateModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.ProductTemplateModel] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + template_id=template_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("ProductTemplateModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentproducttemplates/{templateId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_templates_operations.py new file mode 100644 index 000000000000..a26f9a5c534b --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_templates_operations.py @@ -0,0 +1,183 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._product_templates_operations import build_list_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class ProductTemplatesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`product_templates` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + search: Optional[str] = None, + count: Optional[bool] = None, + top: Optional[int] = None, + skip: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.ProductTemplateModel"]: + """Gets all templates in the catalog. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param search: Searches for a substring in the response. Optional. Default value is None. + :type search: str + :param count: Instructs the server to return only object count without actual body. Optional. + Default value is None. + :type count: bool + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip: Used to skip n elements in the OData query (offset). Returns a nextLink to the + next page of results if there are any left. Default value is None. + :type skip: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either ProductTemplateModel or the result of + cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.ProductTemplateModel] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.ProductTemplateList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + search=search, + count=count, + top=top, + skip=skip, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("ProductTemplateList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductTemplates" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_security_ml_analytics_settings_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_security_ml_analytics_settings_operations.py index eb537fb84c40..88826758caba 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_security_ml_analytics_settings_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_security_ml_analytics_settings_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -84,9 +80,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SecurityMLAnalyticsSettingsList] = kwargs.pop("cls", None) error_map = { @@ -140,8 +134,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -186,9 +181,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SecurityMLAnalyticsSetting] = kwargs.pop("cls", None) request = build_get_request( @@ -204,8 +197,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -306,8 +300,8 @@ async def create_or_update( :type workspace_name: str :param settings_resource_name: Security ML Analytics Settings resource name. Required. :type settings_resource_name: str - :param security_ml_analytics_setting: The security ML Analytics setting. Is either a model type - or a IO type. Required. + :param security_ml_analytics_setting: The security ML Analytics setting. Is either a + SecurityMLAnalyticsSetting type or a IO type. Required. :type security_ml_analytics_setting: ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -329,16 +323,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.SecurityMLAnalyticsSetting] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(security_ml_analytics_setting, (IO, bytes)): + if isinstance(security_ml_analytics_setting, (IOBase, bytes)): _content = security_ml_analytics_setting else: _json = self._serialize.body(security_ml_analytics_setting, "SecurityMLAnalyticsSetting") @@ -359,8 +351,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -413,9 +406,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -431,8 +422,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_sentinel_onboarding_states_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_sentinel_onboarding_states_operations.py index aac64f7fdd94..5ab389dd046e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_sentinel_onboarding_states_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_sentinel_onboarding_states_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload from azure.core.exceptions import ( @@ -33,10 +33,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -90,9 +86,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SentinelOnboardingState] = kwargs.pop("cls", None) request = build_get_request( @@ -108,8 +102,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -216,7 +211,7 @@ async def create( Required. :type sentinel_onboarding_state_name: str :param sentinel_onboarding_state_parameter: The Sentinel onboarding state parameter. Is either - a model type or a IO type. Default value is None. + a SentinelOnboardingState type or a IO type. Default value is None. :type sentinel_onboarding_state_parameter: ~azure.mgmt.securityinsight.models.SentinelOnboardingState or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -238,16 +233,14 @@ async def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.SentinelOnboardingState] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(sentinel_onboarding_state_parameter, (IO, bytes)): + if isinstance(sentinel_onboarding_state_parameter, (IOBase, bytes)): _content = sentinel_onboarding_state_parameter else: if sentinel_onboarding_state_parameter is not None: @@ -271,8 +264,9 @@ async def create( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -326,9 +320,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -344,8 +336,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -388,9 +381,7 @@ async def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SentinelOnboardingStatesList] = kwargs.pop("cls", None) request = build_list_request( @@ -405,8 +396,9 @@ async def list( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_control_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_control_operations.py index 121de431e0c8..54f54a768870 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_control_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_control_operations.py @@ -6,8 +6,8 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys -from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar, Union +from io import IOBase +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse from azure.core.async_paging import AsyncItemPaged, AsyncList @@ -30,10 +30,6 @@ from ..._vendor import _convert_request from ...operations._source_control_operations import build_list_repositories_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -57,9 +53,69 @@ def __init__(self, *args, **kwargs) -> None: self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + @overload + def list_repositories( + self, + resource_group_name: str, + workspace_name: str, + repository_access: _models.RepositoryAccessProperties, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> AsyncIterable["_models.Repo"]: + """Gets a list of repositories metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param repository_access: The repository access credentials. Required. + :type repository_access: ~azure.mgmt.securityinsight.models.RepositoryAccessProperties + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either Repo or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.Repo] + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def list_repositories( + self, + resource_group_name: str, + workspace_name: str, + repository_access: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> AsyncIterable["_models.Repo"]: + """Gets a list of repositories metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param repository_access: The repository access credentials. Required. + :type repository_access: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either Repo or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.Repo] + :raises ~azure.core.exceptions.HttpResponseError: + """ + @distributed_trace def list_repositories( - self, resource_group_name: str, workspace_name: str, repo_type: Union[str, _models.RepoType], **kwargs: Any + self, + resource_group_name: str, + workspace_name: str, + repository_access: Union[_models.RepositoryAccessProperties, IO], + **kwargs: Any ) -> AsyncIterable["_models.Repo"]: """Gets a list of repositories metadata. @@ -68,8 +124,12 @@ def list_repositories( :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param repo_type: The repo type. Known values are: "Github" and "DevOps". Required. - :type repo_type: str or ~azure.mgmt.securityinsight.models.RepoType + :param repository_access: The repository access credentials. Is either a + RepositoryAccessProperties type or a IO type. Required. + :type repository_access: ~azure.mgmt.securityinsight.models.RepositoryAccessProperties or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response :return: An iterator like instance of either Repo or the result of cls(response) :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.Repo] @@ -78,10 +138,8 @@ def list_repositories( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: str = kwargs.pop("content_type", _headers.pop("Content-Type", "application/json")) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.RepoList] = kwargs.pop("cls", None) error_map = { @@ -91,10 +149,16 @@ def list_repositories( 304: ResourceNotModifiedError, } error_map.update(kwargs.pop("error_map", {}) or {}) + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(repository_access, (IOBase, bytes)): + _content = repository_access + else: + _json = self._serialize.body(repository_access, "RepositoryAccessProperties") def prepare_request(next_link=None): if not next_link: - _json = self._serialize.body(repo_type, "str") request = build_list_repositories_request( resource_group_name=resource_group_name, @@ -103,6 +167,7 @@ def prepare_request(next_link=None): api_version=api_version, content_type=content_type, json=_json, + content=_content, template_url=self.list_repositories.metadata["url"], headers=_headers, params=_params, @@ -138,8 +203,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_controls_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_controls_operations.py index a2a445e2e5e2..b9bfa4d5ac8b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_controls_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_controls_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -83,9 +79,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SourceControlList] = kwargs.pop("cls", None) error_map = { @@ -139,8 +133,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -185,9 +180,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SourceControl] = kwargs.pop("cls", None) request = build_get_request( @@ -203,8 +196,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -224,11 +218,78 @@ async def get( "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" } + @overload + async def create( + self, + resource_group_name: str, + workspace_name: str, + source_control_id: str, + source_control: _models.SourceControl, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.SourceControl: + """Creates a source control. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param source_control_id: Source control Id. Required. + :type source_control_id: str + :param source_control: The SourceControl. Required. + :type source_control: ~azure.mgmt.securityinsight.models.SourceControl + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SourceControl or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create( + self, + resource_group_name: str, + workspace_name: str, + source_control_id: str, + source_control: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.SourceControl: + """Creates a source control. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param source_control_id: Source control Id. Required. + :type source_control_id: str + :param source_control: The SourceControl. Required. + :type source_control: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SourceControl or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :raises ~azure.core.exceptions.HttpResponseError: + """ + @distributed_trace_async - async def delete( # pylint: disable=inconsistent-return-statements - self, resource_group_name: str, workspace_name: str, source_control_id: str, **kwargs: Any - ) -> None: - """Delete a source control. + async def create( + self, + resource_group_name: str, + workspace_name: str, + source_control_id: str, + source_control: Union[_models.SourceControl, IO], + **kwargs: Any + ) -> _models.SourceControl: + """Creates a source control. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -237,9 +298,15 @@ async def delete( # pylint: disable=inconsistent-return-statements :type workspace_name: str :param source_control_id: Source control Id. Required. :type source_control_id: str + :param source_control: The SourceControl. Is either a SourceControl type or a IO type. + Required. + :type source_control: ~azure.mgmt.securityinsight.models.SourceControl or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None + :return: SourceControl or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SourceControl :raises ~azure.core.exceptions.HttpResponseError: """ error_map = { @@ -250,56 +317,75 @@ async def delete( # pylint: disable=inconsistent-return-statements } error_map.update(kwargs.pop("error_map", {}) or {}) - _headers = kwargs.pop("headers", {}) or {} + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[None] = kwargs.pop("cls", None) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.SourceControl] = kwargs.pop("cls", None) - request = build_delete_request( + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(source_control, (IOBase, bytes)): + _content = source_control + else: + _json = self._serialize.body(source_control, "SourceControl") + + request = build_create_request( resource_group_name=resource_group_name, workspace_name=workspace_name, source_control_id=source_control_id, subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata["url"], + content_type=content_type, + json=_json, + content=_content, + template_url=self.create.metadata["url"], headers=_headers, params=_params, ) request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response - if response.status_code not in [200, 204]: + if response.status_code not in [200, 201]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) + if response.status_code == 200: + deserialized = self._deserialize("SourceControl", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("SourceControl", pipeline_response) + if cls: - return cls(pipeline_response, None, {}) + return cls(pipeline_response, deserialized, {}) # type: ignore - delete.metadata = { + return deserialized # type: ignore + + create.metadata = { "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" } @overload - async def create( + async def delete( self, resource_group_name: str, workspace_name: str, source_control_id: str, - source_control: _models.SourceControl, + repository_access: _models.RepositoryAccessProperties, *, content_type: str = "application/json", **kwargs: Any - ) -> _models.SourceControl: - """Creates a source control. + ) -> _models.Warning: + """Delete a source control. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -308,29 +394,29 @@ async def create( :type workspace_name: str :param source_control_id: Source control Id. Required. :type source_control_id: str - :param source_control: The SourceControl. Required. - :type source_control: ~azure.mgmt.securityinsight.models.SourceControl + :param repository_access: The repository access credentials. Required. + :type repository_access: ~azure.mgmt.securityinsight.models.RepositoryAccessProperties :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: SourceControl or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :return: Warning or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Warning :raises ~azure.core.exceptions.HttpResponseError: """ @overload - async def create( + async def delete( self, resource_group_name: str, workspace_name: str, source_control_id: str, - source_control: IO, + repository_access: IO, *, content_type: str = "application/json", **kwargs: Any - ) -> _models.SourceControl: - """Creates a source control. + ) -> _models.Warning: + """Delete a source control. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -339,27 +425,27 @@ async def create( :type workspace_name: str :param source_control_id: Source control Id. Required. :type source_control_id: str - :param source_control: The SourceControl. Required. - :type source_control: IO + :param repository_access: The repository access credentials. Required. + :type repository_access: IO :keyword content_type: Body Parameter content-type. Content type parameter for binary body. Default value is "application/json". :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: SourceControl or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :return: Warning or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Warning :raises ~azure.core.exceptions.HttpResponseError: """ @distributed_trace_async - async def create( + async def delete( self, resource_group_name: str, workspace_name: str, source_control_id: str, - source_control: Union[_models.SourceControl, IO], + repository_access: Union[_models.RepositoryAccessProperties, IO], **kwargs: Any - ) -> _models.SourceControl: - """Creates a source control. + ) -> _models.Warning: + """Delete a source control. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -368,14 +454,15 @@ async def create( :type workspace_name: str :param source_control_id: Source control Id. Required. :type source_control_id: str - :param source_control: The SourceControl. Is either a model type or a IO type. Required. - :type source_control: ~azure.mgmt.securityinsight.models.SourceControl or IO + :param repository_access: The repository access credentials. Is either a + RepositoryAccessProperties type or a IO type. Required. + :type repository_access: ~azure.mgmt.securityinsight.models.RepositoryAccessProperties or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: SourceControl or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :return: Warning or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Warning :raises ~azure.core.exceptions.HttpResponseError: """ error_map = { @@ -389,21 +476,19 @@ async def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.SourceControl] = kwargs.pop("cls", None) + cls: ClsType[_models.Warning] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(source_control, (IO, bytes)): - _content = source_control + if isinstance(repository_access, (IOBase, bytes)): + _content = repository_access else: - _json = self._serialize.body(source_control, "SourceControl") + _json = self._serialize.body(repository_access, "RepositoryAccessProperties") - request = build_create_request( + request = build_delete_request( resource_group_name=resource_group_name, workspace_name=workspace_name, source_control_id=source_control_id, @@ -412,34 +497,31 @@ async def create( content_type=content_type, json=_json, content=_content, - template_url=self.create.metadata["url"], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response - if response.status_code not in [200, 201]: + if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - if response.status_code == 200: - deserialized = self._deserialize("SourceControl", pipeline_response) - - if response.status_code == 201: - deserialized = self._deserialize("SourceControl", pipeline_response) + deserialized = self._deserialize("Warning", pipeline_response) if cls: - return cls(pipeline_response, deserialized, {}) # type: ignore + return cls(pipeline_response, deserialized, {}) - return deserialized # type: ignore + return deserialized - create.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}/delete" } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_metrics_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_metrics_operations.py index 5847ff70bdcb..6978118f5076 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_metrics_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_metrics_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -28,10 +27,6 @@ from ..._vendor import _convert_request from ...operations._threat_intelligence_indicator_metrics_operations import build_list_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -82,9 +77,7 @@ async def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.ThreatIntelligenceMetricsList] = kwargs.pop("cls", None) request = build_list_request( @@ -99,8 +92,9 @@ async def list( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_operations.py index e33a32402aa2..9985a2e6d9ea 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -39,10 +39,6 @@ build_replace_tags_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -141,7 +137,7 @@ async def create_indicator( :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param threat_intelligence_properties: Properties of threat intelligence indicators to create - and update. Is either a model type or a IO type. Required. + and update. Is either a ThreatIntelligenceIndicatorModel type or a IO type. Required. :type threat_intelligence_properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -163,16 +159,14 @@ async def create_indicator( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.ThreatIntelligenceInformation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(threat_intelligence_properties, (IO, bytes)): + if isinstance(threat_intelligence_properties, (IOBase, bytes)): _content = threat_intelligence_properties else: _json = self._serialize.body(threat_intelligence_properties, "ThreatIntelligenceIndicatorModel") @@ -192,8 +186,9 @@ async def create_indicator( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -246,9 +241,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.ThreatIntelligenceInformation] = kwargs.pop("cls", None) request = build_get_request( @@ -264,8 +257,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -369,7 +363,7 @@ async def create( :param name: Threat intelligence indicator name field. Required. :type name: str :param threat_intelligence_properties: Properties of threat intelligence indicators to create - and update. Is either a model type or a IO type. Required. + and update. Is either a ThreatIntelligenceIndicatorModel type or a IO type. Required. :type threat_intelligence_properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -391,16 +385,14 @@ async def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.ThreatIntelligenceInformation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(threat_intelligence_properties, (IO, bytes)): + if isinstance(threat_intelligence_properties, (IOBase, bytes)): _content = threat_intelligence_properties else: _json = self._serialize.body(threat_intelligence_properties, "ThreatIntelligenceIndicatorModel") @@ -421,8 +413,9 @@ async def create( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -475,9 +468,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -493,8 +484,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -589,7 +581,8 @@ def query_indicators( :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param threat_intelligence_filtering_criteria: Filtering criteria for querying threat - intelligence indicators. Is either a model type or a IO type. Required. + intelligence indicators. Is either a ThreatIntelligenceFilteringCriteria type or a IO type. + Required. :type threat_intelligence_filtering_criteria: ~azure.mgmt.securityinsight.models.ThreatIntelligenceFilteringCriteria or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -605,9 +598,7 @@ def query_indicators( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.ThreatIntelligenceInformationList] = kwargs.pop("cls", None) @@ -621,7 +612,7 @@ def query_indicators( content_type = content_type or "application/json" _json = None _content = None - if isinstance(threat_intelligence_filtering_criteria, (IO, bytes)): + if isinstance(threat_intelligence_filtering_criteria, (IOBase, bytes)): _content = threat_intelligence_filtering_criteria else: _json = self._serialize.body(threat_intelligence_filtering_criteria, "ThreatIntelligenceFilteringCriteria") @@ -672,8 +663,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -773,7 +765,7 @@ async def append_tags( # pylint: disable=inconsistent-return-statements :param name: Threat intelligence indicator name field. Required. :type name: str :param threat_intelligence_append_tags: The threat intelligence append tags request body. Is - either a model type or a IO type. Required. + either a ThreatIntelligenceAppendTags type or a IO type. Required. :type threat_intelligence_append_tags: ~azure.mgmt.securityinsight.models.ThreatIntelligenceAppendTags or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -795,16 +787,14 @@ async def append_tags( # pylint: disable=inconsistent-return-statements _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[None] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(threat_intelligence_append_tags, (IO, bytes)): + if isinstance(threat_intelligence_append_tags, (IOBase, bytes)): _content = threat_intelligence_append_tags else: _json = self._serialize.body(threat_intelligence_append_tags, "ThreatIntelligenceAppendTags") @@ -825,8 +815,9 @@ async def append_tags( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -926,7 +917,7 @@ async def replace_tags( :param name: Threat intelligence indicator name field. Required. :type name: str :param threat_intelligence_replace_tags: Tags in the threat intelligence indicator to be - replaced. Is either a model type or a IO type. Required. + replaced. Is either a ThreatIntelligenceIndicatorModel type or a IO type. Required. :type threat_intelligence_replace_tags: ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -948,16 +939,14 @@ async def replace_tags( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.ThreatIntelligenceInformation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(threat_intelligence_replace_tags, (IO, bytes)): + if isinstance(threat_intelligence_replace_tags, (IOBase, bytes)): _content = threat_intelligence_replace_tags else: _json = self._serialize.body(threat_intelligence_replace_tags, "ThreatIntelligenceIndicatorModel") @@ -978,8 +967,9 @@ async def replace_tags( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicators_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicators_operations.py index 43499935ceb1..e748fc3edbf9 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicators_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicators_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar import urllib.parse @@ -30,10 +29,6 @@ from ..._vendor import _convert_request from ...operations._threat_intelligence_indicators_operations import build_list_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -97,9 +92,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.ThreatIntelligenceInformationList] = kwargs.pop("cls", None) error_map = { @@ -157,8 +150,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_triggered_analytics_rule_run_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_triggered_analytics_rule_run_operations.py new file mode 100644 index 000000000000..38205bcfa831 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_triggered_analytics_rule_run_operations.py @@ -0,0 +1,118 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Optional, TypeVar + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._triggered_analytics_rule_run_operations import build_get_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class TriggeredAnalyticsRuleRunOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`triggered_analytics_rule_run` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, rule_run_id: str, **kwargs: Any + ) -> _models.TriggeredAnalyticsRuleRun: + """Gets the triggered analytics rule run. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_run_id: the triggered rule id. Required. + :type rule_run_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TriggeredAnalyticsRuleRun or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TriggeredAnalyticsRuleRun + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.TriggeredAnalyticsRuleRun] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_run_id=rule_run_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("TriggeredAnalyticsRuleRun", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/{ruleRunId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_update_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_update_operations.py index 18154771938c..a471a2ca1e55 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_update_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_update_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, List, Optional, TypeVar, Union, cast, overload from azure.core.exceptions import ( @@ -30,10 +30,6 @@ from ..._vendor import _convert_request from ...operations._update_operations import build_recommendation_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -76,16 +72,14 @@ async def _recommendation_initial( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Recommendation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(recommendation_patch, (IO, bytes)): + if isinstance(recommendation_patch, (IOBase, bytes)): _content = recommendation_patch else: _json = self._serialize.body(recommendation_patch, "[RecommendationPatch]") @@ -106,8 +100,9 @@ async def _recommendation_initial( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -223,8 +218,8 @@ async def begin_recommendation( :type workspace_name: str :param recommendation_id: Recommendation Id. Required. :type recommendation_id: str - :param recommendation_patch: Recommendation Fields to Update. Is either a list type or a IO - type. Required. + :param recommendation_patch: Recommendation Fields to Update. Is either a [RecommendationPatch] + type or a IO type. Required. :type recommendation_patch: list[~azure.mgmt.securityinsight.models.RecommendationPatch] or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -245,9 +240,7 @@ async def begin_recommendation( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Recommendation] = kwargs.pop("cls", None) polling: Union[bool, AsyncPollingMethod] = kwargs.pop("polling", True) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlist_items_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlist_items_operations.py index 913eefeee849..35d13d6dedd4 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlist_items_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlist_items_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -95,9 +91,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.WatchlistItemList] = kwargs.pop("cls", None) error_map = { @@ -153,8 +147,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -201,9 +196,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.WatchlistItem] = kwargs.pop("cls", None) request = build_get_request( @@ -220,8 +213,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -272,9 +266,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -291,8 +283,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -397,7 +390,8 @@ async def create_or_update( :type watchlist_alias: str :param watchlist_item_id: Watchlist Item Id (GUID). Required. :type watchlist_item_id: str - :param watchlist_item: The watchlist item. Is either a model type or a IO type. Required. + :param watchlist_item: The watchlist item. Is either a WatchlistItem type or a IO type. + Required. :type watchlist_item: ~azure.mgmt.securityinsight.models.WatchlistItem or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -418,16 +412,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.WatchlistItem] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(watchlist_item, (IO, bytes)): + if isinstance(watchlist_item, (IOBase, bytes)): _content = watchlist_item else: _json = self._serialize.body(watchlist_item, "WatchlistItem") @@ -449,8 +441,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlists_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlists_operations.py index 2028bb0b5458..10f7cc6bca5a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlists_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlists_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -87,9 +83,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.WatchlistList] = kwargs.pop("cls", None) error_map = { @@ -144,8 +138,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -190,9 +185,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Watchlist] = kwargs.pop("cls", None) request = build_get_request( @@ -208,8 +201,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -258,9 +252,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -276,8 +268,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -394,7 +387,7 @@ async def create_or_update( :type workspace_name: str :param watchlist_alias: Watchlist Alias. Required. :type watchlist_alias: str - :param watchlist: The watchlist. Is either a model type or a IO type. Required. + :param watchlist: The watchlist. Is either a Watchlist type or a IO type. Required. :type watchlist: ~azure.mgmt.securityinsight.models.Watchlist or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -415,16 +408,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Watchlist] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(watchlist, (IO, bytes)): + if isinstance(watchlist, (IOBase, bytes)): _content = watchlist else: _json = self._serialize.body(watchlist, "Watchlist") @@ -445,8 +436,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_assignment_jobs_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_assignment_jobs_operations.py new file mode 100644 index 000000000000..22b6d7cce4d8 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_assignment_jobs_operations.py @@ -0,0 +1,393 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._workspace_manager_assignment_jobs_operations import ( + build_create_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class WorkspaceManagerAssignmentJobsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`workspace_manager_assignment_jobs` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.Job"]: + """Get all jobs for the specified workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either Job or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.Job] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.JobList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + subscription_id=self._config.subscription_id, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("JobList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs" + } + + @distributed_trace_async + async def create( + self, resource_group_name: str, workspace_name: str, workspace_manager_assignment_name: str, **kwargs: Any + ) -> _models.Job: + """Create a job for the specified workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Job or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Job + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.Job] = kwargs.pop("cls", None) + + request = build_create_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.create.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Job", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + create.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs" + } + + @distributed_trace_async + async def get( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + job_name: str, + **kwargs: Any + ) -> _models.Job: + """Gets a job. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param job_name: The job name. Required. + :type job_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Job or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Job + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.Job] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + job_name=job_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Job", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs/{jobName}" + } + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + job_name: str, + **kwargs: Any + ) -> None: + """Deletes the specified job from the specified workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param job_name: The job name. Required. + :type job_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + job_name=job_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs/{jobName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_assignments_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_assignments_operations.py new file mode 100644 index 000000000000..cdcea494e7e5 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_assignments_operations.py @@ -0,0 +1,468 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._workspace_manager_assignments_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class WorkspaceManagerAssignmentsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`workspace_manager_assignments` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.WorkspaceManagerAssignment"]: + """Get all workspace manager assignments for the Sentinel workspace manager. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either WorkspaceManagerAssignment or the result of + cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerAssignmentList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("WorkspaceManagerAssignmentList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments" + } + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, workspace_manager_assignment_name: str, **kwargs: Any + ) -> _models.WorkspaceManagerAssignment: + """Gets a workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerAssignment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerAssignment] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("WorkspaceManagerAssignment", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}" + } + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + workspace_manager_assignment: _models.WorkspaceManagerAssignment, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerAssignment: + """Creates or updates a workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param workspace_manager_assignment: The workspace manager assignment. Required. + :type workspace_manager_assignment: + ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerAssignment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + workspace_manager_assignment: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerAssignment: + """Creates or updates a workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param workspace_manager_assignment: The workspace manager assignment. Required. + :type workspace_manager_assignment: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerAssignment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + workspace_manager_assignment: Union[_models.WorkspaceManagerAssignment, IO], + **kwargs: Any + ) -> _models.WorkspaceManagerAssignment: + """Creates or updates a workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param workspace_manager_assignment: The workspace manager assignment. Is either a + WorkspaceManagerAssignment type or a IO type. Required. + :type workspace_manager_assignment: + ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerAssignment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.WorkspaceManagerAssignment] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(workspace_manager_assignment, (IOBase, bytes)): + _content = workspace_manager_assignment + else: + _json = self._serialize.body(workspace_manager_assignment, "WorkspaceManagerAssignment") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("WorkspaceManagerAssignment", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("WorkspaceManagerAssignment", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}" + } + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, workspace_manager_assignment_name: str, **kwargs: Any + ) -> None: + """Deletes a workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_configurations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_configurations_operations.py new file mode 100644 index 000000000000..893c2ecdf078 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_configurations_operations.py @@ -0,0 +1,468 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._workspace_manager_configurations_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class WorkspaceManagerConfigurationsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`workspace_manager_configurations` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.WorkspaceManagerConfiguration"]: + """Gets all workspace manager configurations for a Sentinel workspace. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either WorkspaceManagerConfiguration or the result of + cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerConfigurationList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("WorkspaceManagerConfigurationList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations" + } + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, workspace_manager_configuration_name: str, **kwargs: Any + ) -> _models.WorkspaceManagerConfiguration: + """Gets a workspace manager configuration. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_configuration_name: The name of the workspace manager configuration. + Required. + :type workspace_manager_configuration_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerConfiguration or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerConfiguration] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_configuration_name=workspace_manager_configuration_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("WorkspaceManagerConfiguration", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}" + } + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, workspace_manager_configuration_name: str, **kwargs: Any + ) -> None: + """Deletes a workspace manager configuration. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_configuration_name: The name of the workspace manager configuration. + Required. + :type workspace_manager_configuration_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_configuration_name=workspace_manager_configuration_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}" + } + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_configuration_name: str, + workspace_manager_configuration: _models.WorkspaceManagerConfiguration, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerConfiguration: + """Creates or updates a workspace manager configuration. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_configuration_name: The name of the workspace manager configuration. + Required. + :type workspace_manager_configuration_name: str + :param workspace_manager_configuration: The workspace manager configuration. Required. + :type workspace_manager_configuration: + ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerConfiguration or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_configuration_name: str, + workspace_manager_configuration: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerConfiguration: + """Creates or updates a workspace manager configuration. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_configuration_name: The name of the workspace manager configuration. + Required. + :type workspace_manager_configuration_name: str + :param workspace_manager_configuration: The workspace manager configuration. Required. + :type workspace_manager_configuration: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerConfiguration or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_configuration_name: str, + workspace_manager_configuration: Union[_models.WorkspaceManagerConfiguration, IO], + **kwargs: Any + ) -> _models.WorkspaceManagerConfiguration: + """Creates or updates a workspace manager configuration. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_configuration_name: The name of the workspace manager configuration. + Required. + :type workspace_manager_configuration_name: str + :param workspace_manager_configuration: The workspace manager configuration. Is either a + WorkspaceManagerConfiguration type or a IO type. Required. + :type workspace_manager_configuration: + ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerConfiguration or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.WorkspaceManagerConfiguration] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(workspace_manager_configuration, (IOBase, bytes)): + _content = workspace_manager_configuration + else: + _json = self._serialize.body(workspace_manager_configuration, "WorkspaceManagerConfiguration") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_configuration_name=workspace_manager_configuration_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("WorkspaceManagerConfiguration", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("WorkspaceManagerConfiguration", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_groups_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_groups_operations.py new file mode 100644 index 000000000000..5e3f0ee9b406 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_groups_operations.py @@ -0,0 +1,461 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._workspace_manager_groups_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class WorkspaceManagerGroupsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`workspace_manager_groups` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.WorkspaceManagerGroup"]: + """Gets all workspace manager groups in the Sentinel workspace manager. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either WorkspaceManagerGroup or the result of + cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.WorkspaceManagerGroup] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerGroupList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("WorkspaceManagerGroupList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups" + } + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, workspace_manager_group_name: str, **kwargs: Any + ) -> _models.WorkspaceManagerGroup: + """Gets a workspace manager group. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_group_name: The name of the workspace manager group. Required. + :type workspace_manager_group_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerGroup or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerGroup] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_group_name=workspace_manager_group_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("WorkspaceManagerGroup", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}" + } + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_group_name: str, + workspace_manager_group: _models.WorkspaceManagerGroup, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerGroup: + """Creates or updates a workspace manager group. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_group_name: The name of the workspace manager group. Required. + :type workspace_manager_group_name: str + :param workspace_manager_group: The workspace manager group object. Required. + :type workspace_manager_group: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerGroup or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_group_name: str, + workspace_manager_group: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerGroup: + """Creates or updates a workspace manager group. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_group_name: The name of the workspace manager group. Required. + :type workspace_manager_group_name: str + :param workspace_manager_group: The workspace manager group object. Required. + :type workspace_manager_group: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerGroup or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_group_name: str, + workspace_manager_group: Union[_models.WorkspaceManagerGroup, IO], + **kwargs: Any + ) -> _models.WorkspaceManagerGroup: + """Creates or updates a workspace manager group. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_group_name: The name of the workspace manager group. Required. + :type workspace_manager_group_name: str + :param workspace_manager_group: The workspace manager group object. Is either a + WorkspaceManagerGroup type or a IO type. Required. + :type workspace_manager_group: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerGroup or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.WorkspaceManagerGroup] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(workspace_manager_group, (IOBase, bytes)): + _content = workspace_manager_group + else: + _json = self._serialize.body(workspace_manager_group, "WorkspaceManagerGroup") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_group_name=workspace_manager_group_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("WorkspaceManagerGroup", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("WorkspaceManagerGroup", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}" + } + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, workspace_manager_group_name: str, **kwargs: Any + ) -> None: + """Deletes a workspace manager group. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_group_name: The name of the workspace manager group. Required. + :type workspace_manager_group_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_group_name=workspace_manager_group_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_members_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_members_operations.py new file mode 100644 index 000000000000..876ac8ea781d --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_members_operations.py @@ -0,0 +1,461 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._workspace_manager_members_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class WorkspaceManagerMembersOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`workspace_manager_members` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.WorkspaceManagerMember"]: + """Gets all workspace manager members that exist for the given Sentinel workspace manager. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either WorkspaceManagerMember or the result of + cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.WorkspaceManagerMember] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerMembersList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("WorkspaceManagerMembersList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/" + } + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, workspace_manager_member_name: str, **kwargs: Any + ) -> _models.WorkspaceManagerMember: + """Gets a workspace manager member. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_member_name: The name of the workspace manager member. Required. + :type workspace_manager_member_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerMember or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerMember] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_member_name=workspace_manager_member_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("WorkspaceManagerMember", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}" + } + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_member_name: str, + workspace_manager_member: _models.WorkspaceManagerMember, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerMember: + """Creates or updates a workspace manager member. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_member_name: The name of the workspace manager member. Required. + :type workspace_manager_member_name: str + :param workspace_manager_member: The workspace manager member object. Required. + :type workspace_manager_member: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerMember or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_member_name: str, + workspace_manager_member: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerMember: + """Creates or updates a workspace manager member. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_member_name: The name of the workspace manager member. Required. + :type workspace_manager_member_name: str + :param workspace_manager_member: The workspace manager member object. Required. + :type workspace_manager_member: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerMember or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_member_name: str, + workspace_manager_member: Union[_models.WorkspaceManagerMember, IO], + **kwargs: Any + ) -> _models.WorkspaceManagerMember: + """Creates or updates a workspace manager member. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_member_name: The name of the workspace manager member. Required. + :type workspace_manager_member_name: str + :param workspace_manager_member: The workspace manager member object. Is either a + WorkspaceManagerMember type or a IO type. Required. + :type workspace_manager_member: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerMember or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.WorkspaceManagerMember] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(workspace_manager_member, (IOBase, bytes)): + _content = workspace_manager_member + else: + _json = self._serialize.body(workspace_manager_member, "WorkspaceManagerMember") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_member_name=workspace_manager_member_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("WorkspaceManagerMember", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("WorkspaceManagerMember", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}" + } + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, workspace_manager_member_name: str, **kwargs: Any + ) -> None: + """Deletes a workspace manager member. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_member_name: The name of the workspace manager member. Required. + :type workspace_manager_member_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_member_name=workspace_manager_member_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py index 805bb3d2b327..dcf69fccd04b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py @@ -42,9 +42,11 @@ from ._models_py3 import AlertRuleTemplatesList from ._models_py3 import AlertRulesList from ._models_py3 import AlertsDataTypeOfDataConnector +from ._models_py3 import AnalyticsRuleRunTrigger from ._models_py3 import Anomalies from ._models_py3 import AnomalySecurityMLAnalyticsSettings from ._models_py3 import AnomalyTimelineItem +from ._models_py3 import AssignmentItem from ._models_py3 import AutomationRule from ._models_py3 import AutomationRuleAction from ._models_py3 import AutomationRuleAddIncidentTaskAction @@ -68,8 +70,11 @@ from ._models_py3 import AwsS3DataConnectorDataTypes from ._models_py3 import AwsS3DataConnectorDataTypesLogs from ._models_py3 import AzureDevOpsResourceInfo +from ._models_py3 import AzureEntityResource from ._models_py3 import AzureResourceEntity from ._models_py3 import AzureResourceEntityProperties +from ._models_py3 import BillingStatistic +from ._models_py3 import BillingStatisticList from ._models_py3 import Bookmark from ._models_py3 import BookmarkEntityMappings from ._models_py3 import BookmarkExpandParameters @@ -97,15 +102,26 @@ from ._models_py3 import CodelessUiDataConnector from ._models_py3 import ConnectedEntity from ._models_py3 import ConnectivityCriteria +from ._models_py3 import ConnectivityCriterion +from ._models_py3 import ConnectorDataType +from ._models_py3 import ConnectorDefinitionsAvailability +from ._models_py3 import ConnectorDefinitionsPermissions +from ._models_py3 import ConnectorDefinitionsResourceProvider from ._models_py3 import ConnectorInstructionModelBase from ._models_py3 import Content -from ._models_py3 import ContentPathMap from ._models_py3 import CustomEntityQuery +from ._models_py3 import CustomPermissionDetails +from ._models_py3 import CustomizableConnectionsConfig +from ._models_py3 import CustomizableConnectorDefinition +from ._models_py3 import CustomizableConnectorUiConfig from ._models_py3 import Customs from ._models_py3 import CustomsPermission +from ._models_py3 import DCRConfiguration from ._models_py3 import DataConnector from ._models_py3 import DataConnectorConnectBody from ._models_py3 import DataConnectorDataTypeCommon +from ._models_py3 import DataConnectorDefinition +from ._models_py3 import DataConnectorDefinitionArmCollectionWrapper from ._models_py3 import DataConnectorList from ._models_py3 import DataConnectorRequirementsState from ._models_py3 import DataConnectorTenantId @@ -141,6 +157,7 @@ from ._models_py3 import EntityInsightItem from ._models_py3 import EntityInsightItemQueryTimeInterval from ._models_py3 import EntityList +from ._models_py3 import EntityManualTriggerRequestBody from ._models_py3 import EntityMapping from ._models_py3 import EntityQuery from ._models_py3 import EntityQueryItem @@ -152,6 +169,10 @@ from ._models_py3 import EntityTimelineItem from ._models_py3 import EntityTimelineParameters from ._models_py3 import EntityTimelineResponse +from ._models_py3 import Error +from ._models_py3 import ErrorAdditionalInfo +from ._models_py3 import ErrorDetail +from ._models_py3 import ErrorResponse from ._models_py3 import EventGroupingSettings from ._models_py3 import ExpansionEntityQuery from ._models_py3 import ExpansionResultAggregation @@ -175,15 +196,26 @@ from ._models_py3 import FusionTemplateSourceSetting from ._models_py3 import FusionTemplateSourceSubType from ._models_py3 import FusionTemplateSubTypeSeverityFilter +from ._models_py3 import GCPAuthProperties +from ._models_py3 import GCPDataConnector +from ._models_py3 import GCPRequestProperties from ._models_py3 import GeoLocation from ._models_py3 import GetInsightsErrorKind from ._models_py3 import GetInsightsResultsMetadata from ._models_py3 import GetQueriesResponse from ._models_py3 import GitHubResourceInfo from ._models_py3 import GraphQueries +from ._models_py3 import GraphQuery from ._models_py3 import GroupingConfiguration from ._models_py3 import HostEntity from ._models_py3 import HostEntityProperties +from ._models_py3 import Hunt +from ._models_py3 import HuntComment +from ._models_py3 import HuntCommentList +from ._models_py3 import HuntList +from ._models_py3 import HuntOwner +from ._models_py3 import HuntRelation +from ._models_py3 import HuntRelationList from ._models_py3 import HuntingBookmark from ._models_py3 import HuntingBookmarkProperties from ._models_py3 import Incident @@ -213,6 +245,8 @@ from ._models_py3 import InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem from ._models_py3 import InsightsTableResult from ._models_py3 import InsightsTableResultColumnsItem +from ._models_py3 import InstructionStep +from ._models_py3 import InstructionStepDetails from ._models_py3 import InstructionSteps from ._models_py3 import InstructionStepsInstructionsItem from ._models_py3 import Instructions @@ -223,6 +257,9 @@ from ._models_py3 import IoTDeviceEntityProperties from ._models_py3 import IpEntity from ._models_py3 import IpEntityProperties +from ._models_py3 import Job +from ._models_py3 import JobItem +from ._models_py3 import JobList from ._models_py3 import LastDataReceivedDataType from ._models_py3 import MCASCheckRequirements from ._models_py3 import MCASCheckRequirementsProperties @@ -240,12 +277,12 @@ from ._models_py3 import MSTICheckRequirementsProperties from ._models_py3 import MSTIDataConnector from ._models_py3 import MSTIDataConnectorDataTypes -from ._models_py3 import MSTIDataConnectorDataTypesBingSafetyPhishingURL from ._models_py3 import MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed from ._models_py3 import MSTIDataConnectorProperties from ._models_py3 import MTPCheckRequirementsProperties from ._models_py3 import MTPDataConnector from ._models_py3 import MTPDataConnectorDataTypes +from ._models_py3 import MTPDataConnectorDataTypesAlerts from ._models_py3 import MTPDataConnectorDataTypesIncidents from ._models_py3 import MTPDataConnectorProperties from ._models_py3 import MailClusterEntity @@ -265,12 +302,19 @@ from ._models_py3 import MetadataPatch from ._models_py3 import MetadataSource from ._models_py3 import MetadataSupport +from ._models_py3 import MicrosoftPurviewInformationProtectionCheckRequirements +from ._models_py3 import MicrosoftPurviewInformationProtectionCheckRequirementsProperties +from ._models_py3 import MicrosoftPurviewInformationProtectionConnectorDataTypes +from ._models_py3 import MicrosoftPurviewInformationProtectionConnectorDataTypesLogs +from ._models_py3 import MicrosoftPurviewInformationProtectionDataConnector +from ._models_py3 import MicrosoftPurviewInformationProtectionDataConnectorProperties from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRule from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleCommonProperties from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleProperties from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleTemplate from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties from ._models_py3 import MtpCheckRequirements +from ._models_py3 import MtpFilteredProviders from ._models_py3 import NicEntity from ._models_py3 import NicEntityProperties from ._models_py3 import NrtAlertRule @@ -307,16 +351,29 @@ from ._models_py3 import Operation from ._models_py3 import OperationDisplay from ._models_py3 import OperationsList +from ._models_py3 import PackageBaseProperties +from ._models_py3 import PackageList +from ._models_py3 import PackageModel +from ._models_py3 import PackageProperties from ._models_py3 import Permissions from ._models_py3 import PermissionsCustomsItem from ._models_py3 import PermissionsResourceProviderItem from ._models_py3 import PlaybookActionProperties from ._models_py3 import ProcessEntity from ._models_py3 import ProcessEntityProperties +from ._models_py3 import ProductPackageAdditionalProperties +from ._models_py3 import ProductPackageList +from ._models_py3 import ProductPackageModel +from ._models_py3 import ProductPackageProperties +from ._models_py3 import ProductTemplateAdditionalProperties +from ._models_py3 import ProductTemplateList +from ._models_py3 import ProductTemplateModel +from ._models_py3 import ProductTemplateProperties from ._models_py3 import PropertyArrayChangedConditionProperties from ._models_py3 import PropertyArrayConditionProperties from ._models_py3 import PropertyChangedConditionProperties from ._models_py3 import PropertyConditionProperties +from ._models_py3 import PullRequest from ._models_py3 import QueryBasedAlertRuleTemplateProperties from ._models_py3 import Recommendation from ._models_py3 import RecommendationList @@ -331,12 +388,17 @@ from ._models_py3 import Repo from ._models_py3 import RepoList from ._models_py3 import Repository +from ._models_py3 import RepositoryAccess +from ._models_py3 import RepositoryAccessProperties from ._models_py3 import RepositoryResourceInfo from ._models_py3 import RequiredPermissions from ._models_py3 import Resource from ._models_py3 import ResourceProvider +from ._models_py3 import ResourceProviderRequiredPermissions from ._models_py3 import ResourceWithEtag from ._models_py3 import SampleQueries +from ._models_py3 import SampleQuery +from ._models_py3 import SapSolutionUsageStatistic from ._models_py3 import ScheduledAlertRule from ._models_py3 import ScheduledAlertRuleCommonProperties from ._models_py3 import ScheduledAlertRuleProperties @@ -353,6 +415,7 @@ from ._models_py3 import SentinelEntityMapping from ._models_py3 import SentinelOnboardingState from ._models_py3 import SentinelOnboardingStatesList +from ._models_py3 import ServicePrincipal from ._models_py3 import SettingList from ._models_py3 import Settings from ._models_py3 import SourceControl @@ -368,6 +431,11 @@ from ._models_py3 import TIDataConnectorProperties from ._models_py3 import TeamInformation from ._models_py3 import TeamProperties +from ._models_py3 import TemplateAdditionalProperties +from ._models_py3 import TemplateBaseProperties +from ._models_py3 import TemplateList +from ._models_py3 import TemplateModel +from ._models_py3 import TemplateProperties from ._models_py3 import ThreatIntelligence from ._models_py3 import ThreatIntelligenceAlertRule from ._models_py3 import ThreatIntelligenceAlertRuleTemplate @@ -397,16 +465,28 @@ from ._models_py3 import TimelineAggregation from ._models_py3 import TimelineError from ._models_py3 import TimelineResultsMetadata +from ._models_py3 import TriggeredAnalyticsRuleRun +from ._models_py3 import TriggeredAnalyticsRuleRuns from ._models_py3 import Ueba from ._models_py3 import UrlEntity from ._models_py3 import UrlEntityProperties from ._models_py3 import UserInfo from ._models_py3 import ValidationError +from ._models_py3 import Warning +from ._models_py3 import WarningBody from ._models_py3 import Watchlist from ._models_py3 import WatchlistItem from ._models_py3 import WatchlistItemList from ._models_py3 import WatchlistList from ._models_py3 import Webhook +from ._models_py3 import WorkspaceManagerAssignment +from ._models_py3 import WorkspaceManagerAssignmentList +from ._models_py3 import WorkspaceManagerConfiguration +from ._models_py3 import WorkspaceManagerConfigurationList +from ._models_py3 import WorkspaceManagerGroup +from ._models_py3 import WorkspaceManagerGroupList +from ._models_py3 import WorkspaceManagerMember +from ._models_py3 import WorkspaceManagerMembersList from ._security_insights_enums import ActionType from ._security_insights_enums import AlertDetail @@ -425,6 +505,7 @@ from ._security_insights_enums import AutomationRulePropertyChangedConditionSupportedPropertyType from ._security_insights_enums import AutomationRulePropertyConditionSupportedOperator from ._security_insights_enums import AutomationRulePropertyConditionSupportedProperty +from ._security_insights_enums import BillingStatisticKind from ._security_insights_enums import Category from ._security_insights_enums import ConditionType from ._security_insights_enums import ConfidenceLevel @@ -436,6 +517,7 @@ from ._security_insights_enums import CreatedByType from ._security_insights_enums import CustomEntityQueryKind from ._security_insights_enums import DataConnectorAuthorizationState +from ._security_insights_enums import DataConnectorDefinitionKind from ._security_insights_enums import DataConnectorKind from ._security_insights_enums import DataConnectorLicenseState from ._security_insights_enums import DataTypeState @@ -448,21 +530,23 @@ from ._security_insights_enums import DeviceImportance from ._security_insights_enums import ElevationToken from ._security_insights_enums import EntityItemQueryKind -from ._security_insights_enums import EntityKind +from ._security_insights_enums import EntityKindEnum from ._security_insights_enums import EntityMappingType from ._security_insights_enums import EntityProviders from ._security_insights_enums import EntityQueryKind from ._security_insights_enums import EntityQueryTemplateKind from ._security_insights_enums import EntityTimelineKind from ._security_insights_enums import EntityType -from ._security_insights_enums import Enum13 -from ._security_insights_enums import Enum15 +from ._security_insights_enums import Enum20 +from ._security_insights_enums import Enum22 from ._security_insights_enums import EventGroupingAggregationKind from ._security_insights_enums import FileFormat from ._security_insights_enums import FileHashAlgorithm from ._security_insights_enums import FileImportContentType from ._security_insights_enums import FileImportState +from ._security_insights_enums import Flag from ._security_insights_enums import GetInsightsError +from ._security_insights_enums import HypothesisStatus from ._security_insights_enums import IncidentClassification from ._security_insights_enums import IncidentClassificationReason from ._security_insights_enums import IncidentLabelType @@ -474,17 +558,23 @@ from ._security_insights_enums import Kind from ._security_insights_enums import MatchingMethod from ._security_insights_enums import MicrosoftSecurityProductName +from ._security_insights_enums import Mode +from ._security_insights_enums import MtpProvider from ._security_insights_enums import OSFamily from ._security_insights_enums import Operator from ._security_insights_enums import OutputType from ._security_insights_enums import OwnerType +from ._security_insights_enums import PackageKind from ._security_insights_enums import PermissionProviderScope from ._security_insights_enums import PollingFrequency from ._security_insights_enums import Priority from ._security_insights_enums import ProviderName +from ._security_insights_enums import ProviderPermissionsScope +from ._security_insights_enums import ProvisioningState from ._security_insights_enums import RegistryHive from ._security_insights_enums import RegistryValueKind from ._security_insights_enums import RepoType +from ._security_insights_enums import RepositoryAccessKind from ._security_insights_enums import SecurityMLAnalyticsSettingsKind from ._security_insights_enums import SettingKind from ._security_insights_enums import SettingType @@ -492,15 +582,17 @@ from ._security_insights_enums import SourceKind from ._security_insights_enums import SourceType from ._security_insights_enums import State +from ._security_insights_enums import Status from ._security_insights_enums import SupportTier from ._security_insights_enums import TemplateStatus -from ._security_insights_enums import ThreatIntelligenceResourceKindEnum -from ._security_insights_enums import ThreatIntelligenceSortingCriteriaEnum +from ._security_insights_enums import ThreatIntelligenceResourceInnerKind +from ._security_insights_enums import ThreatIntelligenceSortingOrder from ._security_insights_enums import TriggerOperator from ._security_insights_enums import TriggersOn from ._security_insights_enums import TriggersWhen from ._security_insights_enums import UebaDataSources from ._security_insights_enums import Version +from ._security_insights_enums import WarningCode from ._patch import __all__ as _patch_all from ._patch import * # pylint: disable=unused-wildcard-import from ._patch import patch_sdk as _patch_sdk @@ -542,9 +634,11 @@ "AlertRuleTemplatesList", "AlertRulesList", "AlertsDataTypeOfDataConnector", + "AnalyticsRuleRunTrigger", "Anomalies", "AnomalySecurityMLAnalyticsSettings", "AnomalyTimelineItem", + "AssignmentItem", "AutomationRule", "AutomationRuleAction", "AutomationRuleAddIncidentTaskAction", @@ -568,8 +662,11 @@ "AwsS3DataConnectorDataTypes", "AwsS3DataConnectorDataTypesLogs", "AzureDevOpsResourceInfo", + "AzureEntityResource", "AzureResourceEntity", "AzureResourceEntityProperties", + "BillingStatistic", + "BillingStatisticList", "Bookmark", "BookmarkEntityMappings", "BookmarkExpandParameters", @@ -597,15 +694,26 @@ "CodelessUiDataConnector", "ConnectedEntity", "ConnectivityCriteria", + "ConnectivityCriterion", + "ConnectorDataType", + "ConnectorDefinitionsAvailability", + "ConnectorDefinitionsPermissions", + "ConnectorDefinitionsResourceProvider", "ConnectorInstructionModelBase", "Content", - "ContentPathMap", "CustomEntityQuery", + "CustomPermissionDetails", + "CustomizableConnectionsConfig", + "CustomizableConnectorDefinition", + "CustomizableConnectorUiConfig", "Customs", "CustomsPermission", + "DCRConfiguration", "DataConnector", "DataConnectorConnectBody", "DataConnectorDataTypeCommon", + "DataConnectorDefinition", + "DataConnectorDefinitionArmCollectionWrapper", "DataConnectorList", "DataConnectorRequirementsState", "DataConnectorTenantId", @@ -641,6 +749,7 @@ "EntityInsightItem", "EntityInsightItemQueryTimeInterval", "EntityList", + "EntityManualTriggerRequestBody", "EntityMapping", "EntityQuery", "EntityQueryItem", @@ -652,6 +761,10 @@ "EntityTimelineItem", "EntityTimelineParameters", "EntityTimelineResponse", + "Error", + "ErrorAdditionalInfo", + "ErrorDetail", + "ErrorResponse", "EventGroupingSettings", "ExpansionEntityQuery", "ExpansionResultAggregation", @@ -675,15 +788,26 @@ "FusionTemplateSourceSetting", "FusionTemplateSourceSubType", "FusionTemplateSubTypeSeverityFilter", + "GCPAuthProperties", + "GCPDataConnector", + "GCPRequestProperties", "GeoLocation", "GetInsightsErrorKind", "GetInsightsResultsMetadata", "GetQueriesResponse", "GitHubResourceInfo", "GraphQueries", + "GraphQuery", "GroupingConfiguration", "HostEntity", "HostEntityProperties", + "Hunt", + "HuntComment", + "HuntCommentList", + "HuntList", + "HuntOwner", + "HuntRelation", + "HuntRelationList", "HuntingBookmark", "HuntingBookmarkProperties", "Incident", @@ -713,6 +837,8 @@ "InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem", "InsightsTableResult", "InsightsTableResultColumnsItem", + "InstructionStep", + "InstructionStepDetails", "InstructionSteps", "InstructionStepsInstructionsItem", "Instructions", @@ -723,6 +849,9 @@ "IoTDeviceEntityProperties", "IpEntity", "IpEntityProperties", + "Job", + "JobItem", + "JobList", "LastDataReceivedDataType", "MCASCheckRequirements", "MCASCheckRequirementsProperties", @@ -740,12 +869,12 @@ "MSTICheckRequirementsProperties", "MSTIDataConnector", "MSTIDataConnectorDataTypes", - "MSTIDataConnectorDataTypesBingSafetyPhishingURL", "MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed", "MSTIDataConnectorProperties", "MTPCheckRequirementsProperties", "MTPDataConnector", "MTPDataConnectorDataTypes", + "MTPDataConnectorDataTypesAlerts", "MTPDataConnectorDataTypesIncidents", "MTPDataConnectorProperties", "MailClusterEntity", @@ -765,12 +894,19 @@ "MetadataPatch", "MetadataSource", "MetadataSupport", + "MicrosoftPurviewInformationProtectionCheckRequirements", + "MicrosoftPurviewInformationProtectionCheckRequirementsProperties", + "MicrosoftPurviewInformationProtectionConnectorDataTypes", + "MicrosoftPurviewInformationProtectionConnectorDataTypesLogs", + "MicrosoftPurviewInformationProtectionDataConnector", + "MicrosoftPurviewInformationProtectionDataConnectorProperties", "MicrosoftSecurityIncidentCreationAlertRule", "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties", "MicrosoftSecurityIncidentCreationAlertRuleProperties", "MicrosoftSecurityIncidentCreationAlertRuleTemplate", "MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties", "MtpCheckRequirements", + "MtpFilteredProviders", "NicEntity", "NicEntityProperties", "NrtAlertRule", @@ -807,16 +943,29 @@ "Operation", "OperationDisplay", "OperationsList", + "PackageBaseProperties", + "PackageList", + "PackageModel", + "PackageProperties", "Permissions", "PermissionsCustomsItem", "PermissionsResourceProviderItem", "PlaybookActionProperties", "ProcessEntity", "ProcessEntityProperties", + "ProductPackageAdditionalProperties", + "ProductPackageList", + "ProductPackageModel", + "ProductPackageProperties", + "ProductTemplateAdditionalProperties", + "ProductTemplateList", + "ProductTemplateModel", + "ProductTemplateProperties", "PropertyArrayChangedConditionProperties", "PropertyArrayConditionProperties", "PropertyChangedConditionProperties", "PropertyConditionProperties", + "PullRequest", "QueryBasedAlertRuleTemplateProperties", "Recommendation", "RecommendationList", @@ -831,12 +980,17 @@ "Repo", "RepoList", "Repository", + "RepositoryAccess", + "RepositoryAccessProperties", "RepositoryResourceInfo", "RequiredPermissions", "Resource", "ResourceProvider", + "ResourceProviderRequiredPermissions", "ResourceWithEtag", "SampleQueries", + "SampleQuery", + "SapSolutionUsageStatistic", "ScheduledAlertRule", "ScheduledAlertRuleCommonProperties", "ScheduledAlertRuleProperties", @@ -853,6 +1007,7 @@ "SentinelEntityMapping", "SentinelOnboardingState", "SentinelOnboardingStatesList", + "ServicePrincipal", "SettingList", "Settings", "SourceControl", @@ -868,6 +1023,11 @@ "TIDataConnectorProperties", "TeamInformation", "TeamProperties", + "TemplateAdditionalProperties", + "TemplateBaseProperties", + "TemplateList", + "TemplateModel", + "TemplateProperties", "ThreatIntelligence", "ThreatIntelligenceAlertRule", "ThreatIntelligenceAlertRuleTemplate", @@ -897,16 +1057,28 @@ "TimelineAggregation", "TimelineError", "TimelineResultsMetadata", + "TriggeredAnalyticsRuleRun", + "TriggeredAnalyticsRuleRuns", "Ueba", "UrlEntity", "UrlEntityProperties", "UserInfo", "ValidationError", + "Warning", + "WarningBody", "Watchlist", "WatchlistItem", "WatchlistItemList", "WatchlistList", "Webhook", + "WorkspaceManagerAssignment", + "WorkspaceManagerAssignmentList", + "WorkspaceManagerConfiguration", + "WorkspaceManagerConfigurationList", + "WorkspaceManagerGroup", + "WorkspaceManagerGroupList", + "WorkspaceManagerMember", + "WorkspaceManagerMembersList", "ActionType", "AlertDetail", "AlertProperty", @@ -924,6 +1096,7 @@ "AutomationRulePropertyChangedConditionSupportedPropertyType", "AutomationRulePropertyConditionSupportedOperator", "AutomationRulePropertyConditionSupportedProperty", + "BillingStatisticKind", "Category", "ConditionType", "ConfidenceLevel", @@ -935,6 +1108,7 @@ "CreatedByType", "CustomEntityQueryKind", "DataConnectorAuthorizationState", + "DataConnectorDefinitionKind", "DataConnectorKind", "DataConnectorLicenseState", "DataTypeState", @@ -947,21 +1121,23 @@ "DeviceImportance", "ElevationToken", "EntityItemQueryKind", - "EntityKind", + "EntityKindEnum", "EntityMappingType", "EntityProviders", "EntityQueryKind", "EntityQueryTemplateKind", "EntityTimelineKind", "EntityType", - "Enum13", - "Enum15", + "Enum20", + "Enum22", "EventGroupingAggregationKind", "FileFormat", "FileHashAlgorithm", "FileImportContentType", "FileImportState", + "Flag", "GetInsightsError", + "HypothesisStatus", "IncidentClassification", "IncidentClassificationReason", "IncidentLabelType", @@ -973,17 +1149,23 @@ "Kind", "MatchingMethod", "MicrosoftSecurityProductName", + "Mode", + "MtpProvider", "OSFamily", "Operator", "OutputType", "OwnerType", + "PackageKind", "PermissionProviderScope", "PollingFrequency", "Priority", "ProviderName", + "ProviderPermissionsScope", + "ProvisioningState", "RegistryHive", "RegistryValueKind", "RepoType", + "RepositoryAccessKind", "SecurityMLAnalyticsSettingsKind", "SettingKind", "SettingType", @@ -991,15 +1173,17 @@ "SourceKind", "SourceType", "State", + "Status", "SupportTier", "TemplateStatus", - "ThreatIntelligenceResourceKindEnum", - "ThreatIntelligenceSortingCriteriaEnum", + "ThreatIntelligenceResourceInnerKind", + "ThreatIntelligenceSortingOrder", "TriggerOperator", "TriggersOn", "TriggersWhen", "UebaDataSources", "Version", + "WarningCode", ] __all__.extend([p for p in _patch_all if p not in __all__]) _patch_sdk() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py index 5a15e9c34571..cb1974fa10a9 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py @@ -34,7 +34,8 @@ class DataConnectorsCheckRequirements(_serialization.Model): You probably want to use the sub-classes and not this class directly. Known sub-classes are: AwsCloudTrailCheckRequirements, AwsS3CheckRequirements, AADCheckRequirements, AATPCheckRequirements, ASCCheckRequirements, Dynamics365CheckRequirements, - IoTCheckRequirements, MCASCheckRequirements, MDATPCheckRequirements, MSTICheckRequirements, + IoTCheckRequirements, MCASCheckRequirements, MDATPCheckRequirements, + MicrosoftPurviewInformationProtectionCheckRequirements, MSTICheckRequirements, MtpCheckRequirements, Office365ProjectCheckRequirements, OfficeATPCheckRequirements, OfficeIRMCheckRequirements, OfficePowerBICheckRequirements, TICheckRequirements, TiTaxiiCheckRequirements @@ -44,10 +45,10 @@ class DataConnectorsCheckRequirements(_serialization.Model): :ivar kind: Describes the kind of connector to be checked. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind """ @@ -70,6 +71,7 @@ class DataConnectorsCheckRequirements(_serialization.Model): "IOT": "IoTCheckRequirements", "MicrosoftCloudAppSecurity": "MCASCheckRequirements", "MicrosoftDefenderAdvancedThreatProtection": "MDATPCheckRequirements", + "MicrosoftPurviewInformationProtection": "MicrosoftPurviewInformationProtectionCheckRequirements", "MicrosoftThreatIntelligence": "MSTICheckRequirements", "MicrosoftThreatProtection": "MtpCheckRequirements", "Office365Project": "Office365ProjectCheckRequirements", @@ -81,24 +83,24 @@ class DataConnectorsCheckRequirements(_serialization.Model): } } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: Optional[str] = None class AADCheckRequirements(DataConnectorsCheckRequirements): - """Represents AAD (Azure Active Directory) requirements check request. + """Represents AADIP (Azure Active Directory Identity Protection) requirements check request. All required parameters must be populated in order to send to Azure. :ivar kind: Describes the kind of connector to be checked. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str @@ -113,7 +115,7 @@ class AADCheckRequirements(DataConnectorsCheckRequirements): "tenant_id": {"key": "properties.tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str @@ -140,7 +142,7 @@ class DataConnectorTenantId(_serialization.Model): "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. Required. :paramtype tenant_id: str @@ -150,7 +152,7 @@ def __init__(self, *, tenant_id: str, **kwargs): class AADCheckRequirementsProperties(DataConnectorTenantId): - """AAD (Azure Active Directory) requirements check properties. + """AADIP (Azure Active Directory Identity Protection) requirements check properties. All required parameters must be populated in order to send to Azure. @@ -166,7 +168,7 @@ class AADCheckRequirementsProperties(DataConnectorTenantId): "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. Required. :paramtype tenant_id: str @@ -206,7 +208,7 @@ class Resource(_serialization.Model): "system_data": {"key": "systemData", "type": "SystemData"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.id = None @@ -250,7 +252,7 @@ class ResourceWithEtag(Resource): "etag": {"key": "etag", "type": "str"}, } - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -265,10 +267,10 @@ class DataConnector(ResourceWithEtag): You probably want to use the sub-classes and not this class directly. Known sub-classes are: CodelessApiPollingDataConnector, AwsCloudTrailDataConnector, AwsS3DataConnector, AADDataConnector, AATPDataConnector, ASCDataConnector, Dynamics365DataConnector, - CodelessUiDataConnector, IoTDataConnector, MCASDataConnector, MDATPDataConnector, - MSTIDataConnector, MTPDataConnector, OfficeDataConnector, Office365ProjectDataConnector, - OfficeATPDataConnector, OfficeIRMDataConnector, OfficePowerBIDataConnector, TIDataConnector, - TiTaxiiDataConnector + GCPDataConnector, CodelessUiDataConnector, IoTDataConnector, MCASDataConnector, + MDATPDataConnector, MicrosoftPurviewInformationProtectionDataConnector, MSTIDataConnector, + MTPDataConnector, OfficeDataConnector, Office365ProjectDataConnector, OfficeATPDataConnector, + OfficeIRMDataConnector, OfficePowerBIDataConnector, TIDataConnector, TiTaxiiDataConnector Variables are only populated by the server, and will be ignored when sending a request. @@ -290,10 +292,10 @@ class DataConnector(ResourceWithEtag): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind """ @@ -323,10 +325,12 @@ class DataConnector(ResourceWithEtag): "AzureAdvancedThreatProtection": "AATPDataConnector", "AzureSecurityCenter": "ASCDataConnector", "Dynamics365": "Dynamics365DataConnector", + "GCP": "GCPDataConnector", "GenericUI": "CodelessUiDataConnector", "IOT": "IoTDataConnector", "MicrosoftCloudAppSecurity": "MCASDataConnector", "MicrosoftDefenderAdvancedThreatProtection": "MDATPDataConnector", + "MicrosoftPurviewInformationProtection": "MicrosoftPurviewInformationProtectionDataConnector", "MicrosoftThreatIntelligence": "MSTIDataConnector", "MicrosoftThreatProtection": "MTPDataConnector", "Office365": "OfficeDataConnector", @@ -339,7 +343,7 @@ class DataConnector(ResourceWithEtag): } } - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -349,7 +353,7 @@ def __init__(self, *, etag: Optional[str] = None, **kwargs): class AADDataConnector(DataConnector): - """Represents AAD (Azure Active Directory) data connector. + """Represents AADIP (Azure Active Directory Identity Protection) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -371,10 +375,10 @@ class AADDataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str @@ -407,8 +411,8 @@ def __init__( etag: Optional[str] = None, tenant_id: Optional[str] = None, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -434,7 +438,7 @@ class DataConnectorWithAlertsProperties(_serialization.Model): "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, } - def __init__(self, *, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs): + def __init__(self, *, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs: Any) -> None: """ :keyword data_types: The available data types for the connector. :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector @@ -444,7 +448,7 @@ def __init__(self, *, data_types: Optional["_models.AlertsDataTypeOfDataConnecto class AADDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): - """AAD (Azure Active Directory) data connector properties. + """AADIP (Azure Active Directory Identity Protection) data connector properties. All required parameters must be populated in order to send to Azure. @@ -464,8 +468,8 @@ class AADDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsP } def __init__( - self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs - ): + self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs: Any + ) -> None: """ :keyword data_types: The available data types for the connector. :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector @@ -485,10 +489,10 @@ class AATPCheckRequirements(DataConnectorsCheckRequirements): :ivar kind: Describes the kind of connector to be checked. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str @@ -503,7 +507,7 @@ class AATPCheckRequirements(DataConnectorsCheckRequirements): "tenant_id": {"key": "properties.tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str @@ -530,7 +534,7 @@ class AATPCheckRequirementsProperties(DataConnectorTenantId): "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. Required. :paramtype tenant_id: str @@ -561,10 +565,10 @@ class AATPDataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str @@ -597,8 +601,8 @@ def __init__( etag: Optional[str] = None, tenant_id: Optional[str] = None, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -634,8 +638,8 @@ class AATPDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlerts } def __init__( - self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs - ): + self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs: Any + ) -> None: """ :keyword data_types: The available data types for the connector. :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector @@ -675,7 +679,7 @@ class Entity(Resource): "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum """ _validation = { @@ -721,7 +725,7 @@ class Entity(Resource): } } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: Optional[str] = None @@ -749,7 +753,7 @@ class AccountEntity(Entity): # pylint: disable=too-many-instance-attributes "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. :vartype additional_data: dict[str, any] @@ -831,7 +835,7 @@ class AccountEntity(Entity): # pylint: disable=too-many-instance-attributes "dns_domain": {"key": "properties.dnsDomain", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: str = "Account" @@ -874,7 +878,7 @@ class EntityCommonProperties(_serialization.Model): "friendly_name": {"key": "friendlyName", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.additional_data = None @@ -957,7 +961,7 @@ class AccountEntityProperties(EntityCommonProperties): # pylint: disable=too-ma "dns_domain": {"key": "dnsDomain", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.aad_tenant_id = None @@ -993,7 +997,7 @@ class ActionPropertiesBase(_serialization.Model): "logic_app_resource_id": {"key": "logicAppResourceId", "type": "str"}, } - def __init__(self, *, logic_app_resource_id: str, **kwargs): + def __init__(self, *, logic_app_resource_id: str, **kwargs: Any) -> None: """ :keyword logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. @@ -1052,8 +1056,8 @@ def __init__( etag: Optional[str] = None, logic_app_resource_id: Optional[str] = None, trigger_uri: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -1091,7 +1095,7 @@ class ActionRequestProperties(ActionPropertiesBase): "trigger_uri": {"key": "triggerUri", "type": "str"}, } - def __init__(self, *, logic_app_resource_id: str, trigger_uri: str, **kwargs): + def __init__(self, *, logic_app_resource_id: str, trigger_uri: str, **kwargs: Any) -> None: """ :keyword logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. @@ -1152,8 +1156,8 @@ def __init__( etag: Optional[str] = None, logic_app_resource_id: Optional[str] = None, workflow_id: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -1190,7 +1194,7 @@ class ActionResponseProperties(ActionPropertiesBase): "workflow_id": {"key": "workflowId", "type": "str"}, } - def __init__(self, *, logic_app_resource_id: str, workflow_id: Optional[str] = None, **kwargs): + def __init__(self, *, logic_app_resource_id: str, workflow_id: Optional[str] = None, **kwargs: Any) -> None: """ :keyword logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. @@ -1226,7 +1230,7 @@ class ActionsList(_serialization.Model): "value": {"key": "value", "type": "[ActionResponse]"}, } - def __init__(self, *, value: List["_models.ActionResponse"], **kwargs): + def __init__(self, *, value: List["_models.ActionResponse"], **kwargs: Any) -> None: """ :keyword value: Array of actions. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.ActionResponse] @@ -1282,7 +1286,7 @@ class CustomEntityQuery(ResourceWithEtag): _subtype_map = {"kind": {"Activity": "ActivityCustomEntityQuery"}} - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -1389,8 +1393,8 @@ def __init__( entities_filter: Optional[Dict[str, List[str]]] = None, template_name: Optional[str] = None, enabled: Optional[bool] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -1445,7 +1449,7 @@ class ActivityEntityQueriesPropertiesQueryDefinitions(_serialization.Model): "query": {"key": "query", "type": "str"}, } - def __init__(self, *, query: Optional[str] = None, **kwargs): + def __init__(self, *, query: Optional[str] = None, **kwargs: Any) -> None: """ :keyword query: The Activity query to run on a given entity. :paramtype query: str @@ -1501,7 +1505,7 @@ class EntityQuery(ResourceWithEtag): _subtype_map = {"kind": {"Activity": "ActivityEntityQuery", "Expansion": "ExpansionEntityQuery"}} - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -1609,8 +1613,8 @@ def __init__( entities_filter: Optional[Dict[str, List[str]]] = None, template_name: Optional[str] = None, enabled: Optional[bool] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -1697,7 +1701,7 @@ class EntityQueryTemplate(Resource): _subtype_map = {"kind": {"Activity": "ActivityEntityQueryTemplate"}} - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: Optional[str] = None @@ -1785,8 +1789,8 @@ def __init__( input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, required_input_fields_sets: Optional[List[List[str]]] = None, entities_filter: Optional[Dict[str, List[str]]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword title: The entity query title. :paramtype title: str @@ -1838,7 +1842,7 @@ class ActivityEntityQueryTemplatePropertiesQueryDefinitions(_serialization.Model "summarize_by": {"key": "summarizeBy", "type": "str"}, } - def __init__(self, *, query: Optional[str] = None, summarize_by: Optional[str] = None, **kwargs): + def __init__(self, *, query: Optional[str] = None, summarize_by: Optional[str] = None, **kwargs: Any) -> None: """ :keyword query: The Activity query to run on a given entity. :paramtype query: str @@ -1881,7 +1885,7 @@ class EntityTimelineItem(_serialization.Model): } } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: Optional[str] = None @@ -1943,8 +1947,8 @@ def __init__( last_activity_time_utc: datetime.datetime, content: str, title: str, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword query_id: The activity query id. Required. :paramtype query_id: str @@ -1994,7 +1998,7 @@ class AddIncidentTaskActionProperties(_serialization.Model): "description": {"key": "description", "type": "str"}, } - def __init__(self, *, title: str, description: Optional[str] = None, **kwargs): + def __init__(self, *, title: str, description: Optional[str] = None, **kwargs: Any) -> None: """ :keyword title: The title of the task. Required. :paramtype title: str @@ -2040,8 +2044,8 @@ def __init__( alert_tactics_column_name: Optional[str] = None, alert_severity_column_name: Optional[str] = None, alert_dynamic_properties: Optional[List["_models.AlertPropertyMapping"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword alert_display_name_format: the format containing columns name(s) to override the alert name. @@ -2086,8 +2090,8 @@ def __init__( *, alert_property: Optional[Union[str, "_models.AlertProperty"]] = None, value: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword alert_property: The V3 alert property. Known values are: "AlertLink", "ConfidenceLevel", "ConfidenceScore", "ExtendedLinks", "ProductName", "ProviderName", @@ -2159,7 +2163,7 @@ class AlertRule(ResourceWithEtag): } } - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -2191,7 +2195,7 @@ class AlertRulesList(_serialization.Model): "value": {"key": "value", "type": "[AlertRule]"}, } - def __init__(self, *, value: List["_models.AlertRule"], **kwargs): + def __init__(self, *, value: List["_models.AlertRule"], **kwargs: Any) -> None: """ :keyword value: Array of alert rules. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.AlertRule] @@ -2257,7 +2261,7 @@ class AlertRuleTemplate(Resource): } } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: Optional[str] = None @@ -2277,7 +2281,9 @@ class AlertRuleTemplateDataSource(_serialization.Model): "data_types": {"key": "dataTypes", "type": "[str]"}, } - def __init__(self, *, connector_id: Optional[str] = None, data_types: Optional[List[str]] = None, **kwargs): + def __init__( + self, *, connector_id: Optional[str] = None, data_types: Optional[List[str]] = None, **kwargs: Any + ) -> None: """ :keyword connector_id: The connector id that provides the following data types. :paramtype connector_id: str @@ -2336,8 +2342,8 @@ def __init__( display_name: Optional[str] = None, required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, status: Optional[Union[str, "_models.TemplateStatus"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword alert_rules_created_by_template_count: the number of alert rules that were created by this template. @@ -2386,7 +2392,7 @@ class AlertRuleTemplatesList(_serialization.Model): "value": {"key": "value", "type": "[AlertRuleTemplate]"}, } - def __init__(self, *, value: List["_models.AlertRuleTemplate"], **kwargs): + def __init__(self, *, value: List["_models.AlertRuleTemplate"], **kwargs: Any) -> None: """ :keyword value: Array of alert rule templates. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.AlertRuleTemplate] @@ -2451,8 +2457,8 @@ def __init__( status: Optional[Union[str, "_models.TemplateStatus"]] = None, tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, techniques: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword alert_rules_created_by_template_count: the number of alert rules that were created by this template. @@ -2501,7 +2507,7 @@ class AlertsDataTypeOfDataConnector(_serialization.Model): "alerts": {"key": "alerts", "type": "DataConnectorDataTypeCommon"}, } - def __init__(self, *, alerts: "_models.DataConnectorDataTypeCommon", **kwargs): + def __init__(self, *, alerts: "_models.DataConnectorDataTypeCommon", **kwargs: Any) -> None: """ :keyword alerts: Alerts data type connection. Required. :paramtype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon @@ -2510,6 +2516,32 @@ def __init__(self, *, alerts: "_models.DataConnectorDataTypeCommon", **kwargs): self.alerts = alerts +class AnalyticsRuleRunTrigger(_serialization.Model): + """Analytics Rule Run Trigger request. + + All required parameters must be populated in order to send to Azure. + + :ivar execution_time_utc: Required. + :vartype execution_time_utc: ~datetime.datetime + """ + + _validation = { + "execution_time_utc": {"required": True}, + } + + _attribute_map = { + "execution_time_utc": {"key": "properties.executionTimeUtc", "type": "iso-8601"}, + } + + def __init__(self, *, execution_time_utc: datetime.datetime, **kwargs: Any) -> None: + """ + :keyword execution_time_utc: Required. + :paramtype execution_time_utc: ~datetime.datetime + """ + super().__init__(**kwargs) + self.execution_time_utc = execution_time_utc + + class Settings(ResourceWithEtag): """The Setting. @@ -2559,7 +2591,7 @@ class Settings(ResourceWithEtag): "kind": {"Anomalies": "Anomalies", "EntityAnalytics": "EntityAnalytics", "EyesOn": "EyesOn", "Ueba": "Ueba"} } - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -2614,7 +2646,7 @@ class Anomalies(Settings): "is_enabled": {"key": "properties.isEnabled", "type": "bool"}, } - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -2670,7 +2702,7 @@ class SecurityMLAnalyticsSetting(ResourceWithEtag): _subtype_map = {"kind": {"Anomaly": "AnomalySecurityMLAnalyticsSettings"}} - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -2788,8 +2820,8 @@ def __init__( is_default_settings: Optional[bool] = None, anomaly_settings_version: Optional[int] = None, settings_definition_id: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -2915,8 +2947,8 @@ def __init__( intent: Optional[str] = None, techniques: Optional[List[str]] = None, reasons: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword azure_resource_id: The anomaly azure resource id. Required. :paramtype azure_resource_id: str @@ -2964,10 +2996,10 @@ class ASCCheckRequirements(DataConnectorsCheckRequirements): :ivar kind: Describes the kind of connector to be checked. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar subscription_id: The subscription id to connect to, and get the data from. :vartype subscription_id: str @@ -2982,7 +3014,7 @@ class ASCCheckRequirements(DataConnectorsCheckRequirements): "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, } - def __init__(self, *, subscription_id: Optional[str] = None, **kwargs): + def __init__(self, *, subscription_id: Optional[str] = None, **kwargs: Any) -> None: """ :keyword subscription_id: The subscription id to connect to, and get the data from. :paramtype subscription_id: str @@ -3015,10 +3047,10 @@ class ASCDataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar data_types: The available data types for the connector. :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector @@ -3051,8 +3083,8 @@ def __init__( etag: Optional[str] = None, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, subscription_id: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -3086,8 +3118,8 @@ def __init__( *, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, subscription_id: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword data_types: The available data types for the connector. :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector @@ -3098,6 +3130,26 @@ def __init__( self.subscription_id = subscription_id +class AssignmentItem(_serialization.Model): + """An entity describing a content item. + + :ivar resource_id: The resource id of the content item. + :vartype resource_id: str + """ + + _attribute_map = { + "resource_id": {"key": "resourceId", "type": "str"}, + } + + def __init__(self, *, resource_id: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword resource_id: The resource id of the content item. + :paramtype resource_id: str + """ + super().__init__(**kwargs) + self.resource_id = resource_id + + class AutomationRule(ResourceWithEtag): # pylint: disable=too-many-instance-attributes """AutomationRule. @@ -3175,8 +3227,8 @@ def __init__( triggering_logic: "_models.AutomationRuleTriggeringLogic", actions: List["_models.AutomationRuleAction"], etag: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -3234,7 +3286,7 @@ class AutomationRuleAction(_serialization.Model): } } - def __init__(self, *, order: int, **kwargs): + def __init__(self, *, order: int, **kwargs: Any) -> None: """ :keyword order: Required. :paramtype order: int @@ -3271,8 +3323,12 @@ class AutomationRuleAddIncidentTaskAction(AutomationRuleAction): } def __init__( - self, *, order: int, action_configuration: Optional["_models.AddIncidentTaskActionProperties"] = None, **kwargs - ): + self, + *, + order: int, + action_configuration: Optional["_models.AddIncidentTaskActionProperties"] = None, + **kwargs: Any + ) -> None: """ :keyword order: Required. :paramtype order: int @@ -3288,7 +3344,7 @@ def __init__( class AutomationRuleBooleanCondition(_serialization.Model): """AutomationRuleBooleanCondition. - :ivar operator: Known values are: "And" and "Or". + :ivar operator: Known values are: "And", "Or", "And", and "Or". :vartype operator: str or ~azure.mgmt.securityinsight.models.AutomationRuleBooleanConditionSupportedOperator :ivar inner_conditions: @@ -3309,10 +3365,10 @@ def __init__( *, operator: Optional[Union[str, "_models.AutomationRuleBooleanConditionSupportedOperator"]] = None, inner_conditions: Optional[List["_models.AutomationRuleCondition"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ - :keyword operator: Known values are: "And" and "Or". + :keyword operator: Known values are: "And", "Or", "And", and "Or". :paramtype operator: str or ~azure.mgmt.securityinsight.models.AutomationRuleBooleanConditionSupportedOperator :keyword inner_conditions: @@ -3355,7 +3411,7 @@ class AutomationRuleCondition(_serialization.Model): } } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.condition_type: Optional[str] = None @@ -3387,8 +3443,8 @@ class AutomationRuleModifyPropertiesAction(AutomationRuleAction): } def __init__( - self, *, order: int, action_configuration: Optional["_models.IncidentPropertiesAction"] = None, **kwargs - ): + self, *, order: int, action_configuration: Optional["_models.IncidentPropertiesAction"] = None, **kwargs: Any + ) -> None: """ :keyword order: Required. :paramtype order: int @@ -3425,8 +3481,8 @@ def __init__( change_type: Optional[ Union[str, "_models.AutomationRulePropertyArrayChangedConditionSupportedChangeType"] ] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword array_type: Known values are: "Alerts", "Labels", "Tactics", and "Comments". :paramtype array_type: str or @@ -3471,8 +3527,8 @@ def __init__( Union[str, "_models.AutomationRulePropertyArrayConditionSupportedArrayConditionType"] ] = None, item_conditions: Optional[List["_models.AutomationRuleCondition"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword array_type: Known values are: "CustomDetails" and "CustomDetailValues". :paramtype array_type: str or @@ -3523,8 +3579,8 @@ def __init__( change_type: Optional[Union[str, "_models.AutomationRulePropertyChangedConditionSupportedChangedType"]] = None, operator: Optional[Union[str, "_models.AutomationRulePropertyConditionSupportedOperator"]] = None, property_values: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword property_name: Known values are: "IncidentSeverity", "IncidentStatus", and "IncidentOwner". @@ -3588,8 +3644,8 @@ def __init__( property_name: Optional[Union[str, "_models.AutomationRulePropertyConditionSupportedProperty"]] = None, operator: Optional[Union[str, "_models.AutomationRulePropertyConditionSupportedOperator"]] = None, property_values: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword property_name: The property to evaluate in an automation rule property condition. Known values are: "IncidentTitle", "IncidentDescription", "IncidentSeverity", "IncidentStatus", @@ -3648,8 +3704,8 @@ class AutomationRuleRunPlaybookAction(AutomationRuleAction): } def __init__( - self, *, order: int, action_configuration: Optional["_models.PlaybookActionProperties"] = None, **kwargs - ): + self, *, order: int, action_configuration: Optional["_models.PlaybookActionProperties"] = None, **kwargs: Any + ) -> None: """ :keyword order: Required. :paramtype order: int @@ -3676,8 +3732,8 @@ class AutomationRulesList(_serialization.Model): } def __init__( - self, *, value: Optional[List["_models.AutomationRule"]] = None, next_link: Optional[str] = None, **kwargs - ): + self, *, value: Optional[List["_models.AutomationRule"]] = None, next_link: Optional[str] = None, **kwargs: Any + ) -> None: """ :keyword value: :paramtype value: list[~azure.mgmt.securityinsight.models.AutomationRule] @@ -3731,8 +3787,8 @@ def __init__( triggers_when: Union[str, "_models.TriggersWhen"], expiration_time_utc: Optional[datetime.datetime] = None, conditions: Optional[List["_models.AutomationRuleCondition"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword is_enabled: Determines whether the automation rule is enabled or disabled. Required. :paramtype is_enabled: bool @@ -3769,7 +3825,9 @@ class Availability(_serialization.Model): "is_preview": {"key": "isPreview", "type": "bool"}, } - def __init__(self, *, status: Optional[Literal[1]] = None, is_preview: Optional[bool] = None, **kwargs): + def __init__( + self, *, status: Optional[Literal[1]] = None, is_preview: Optional[bool] = None, **kwargs: Any + ) -> None: """ :keyword status: The connector Availability Status. Default value is 1. :paramtype status: int @@ -3789,10 +3847,10 @@ class AwsCloudTrailCheckRequirements(DataConnectorsCheckRequirements): :ivar kind: Describes the kind of connector to be checked. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind """ @@ -3804,7 +3862,7 @@ class AwsCloudTrailCheckRequirements(DataConnectorsCheckRequirements): "kind": {"key": "kind", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: str = "AmazonWebServicesCloudTrail" @@ -3833,10 +3891,10 @@ class AwsCloudTrailDataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar aws_role_arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. @@ -3870,8 +3928,8 @@ def __init__( etag: Optional[str] = None, aws_role_arn: Optional[str] = None, data_types: Optional["_models.AwsCloudTrailDataConnectorDataTypes"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -3904,7 +3962,7 @@ class AwsCloudTrailDataConnectorDataTypes(_serialization.Model): "logs": {"key": "logs", "type": "AwsCloudTrailDataConnectorDataTypesLogs"}, } - def __init__(self, *, logs: "_models.AwsCloudTrailDataConnectorDataTypesLogs", **kwargs): + def __init__(self, *, logs: "_models.AwsCloudTrailDataConnectorDataTypesLogs", **kwargs: Any) -> None: """ :keyword logs: Logs data type. Required. :paramtype logs: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypesLogs @@ -3931,7 +3989,7 @@ class DataConnectorDataTypeCommon(_serialization.Model): "state": {"key": "state", "type": "str"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: """ :keyword state: Describe whether this data type connection is enabled or not. Required. Known values are: "Enabled" and "Disabled". @@ -3959,7 +4017,7 @@ class AwsCloudTrailDataConnectorDataTypesLogs(DataConnectorDataTypeCommon): "state": {"key": "state", "type": "str"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: """ :keyword state: Describe whether this data type connection is enabled or not. Required. Known values are: "Enabled" and "Disabled". @@ -3976,10 +4034,10 @@ class AwsS3CheckRequirements(DataConnectorsCheckRequirements): :ivar kind: Describes the kind of connector to be checked. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind """ @@ -3991,7 +4049,7 @@ class AwsS3CheckRequirements(DataConnectorsCheckRequirements): "kind": {"key": "kind", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: str = "AmazonWebServicesS3" @@ -4020,10 +4078,10 @@ class AwsS3DataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar destination_table: The logs destination table name in LogAnalytics. :vartype destination_table: str @@ -4064,8 +4122,8 @@ def __init__( sqs_urls: Optional[List[str]] = None, role_arn: Optional[str] = None, data_types: Optional["_models.AwsS3DataConnectorDataTypes"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -4103,7 +4161,7 @@ class AwsS3DataConnectorDataTypes(_serialization.Model): "logs": {"key": "logs", "type": "AwsS3DataConnectorDataTypesLogs"}, } - def __init__(self, *, logs: "_models.AwsS3DataConnectorDataTypesLogs", **kwargs): + def __init__(self, *, logs: "_models.AwsS3DataConnectorDataTypesLogs", **kwargs: Any) -> None: """ :keyword logs: Logs data type. Required. :paramtype logs: ~azure.mgmt.securityinsight.models.AwsS3DataConnectorDataTypesLogs @@ -4130,7 +4188,7 @@ class AwsS3DataConnectorDataTypesLogs(DataConnectorDataTypeCommon): "state": {"key": "state", "type": "str"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: """ :keyword state: Describe whether this data type connection is enabled or not. Required. Known values are: "Enabled" and "Disabled". @@ -4153,7 +4211,9 @@ class AzureDevOpsResourceInfo(_serialization.Model): "service_connection_id": {"key": "serviceConnectionId", "type": "str"}, } - def __init__(self, *, pipeline_id: Optional[str] = None, service_connection_id: Optional[str] = None, **kwargs): + def __init__( + self, *, pipeline_id: Optional[str] = None, service_connection_id: Optional[str] = None, **kwargs: Any + ) -> None: """ :keyword pipeline_id: Id of the pipeline created for the source-control. :paramtype pipeline_id: str @@ -4165,6 +4225,48 @@ def __init__(self, *, pipeline_id: Optional[str] = None, service_connection_id: self.service_connection_id = service_connection_id +class AzureEntityResource(Resource): + """The resource model definition for an Azure Resource Manager resource with an etag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Resource Etag. + :vartype etag: str + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "etag": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.etag = None + + class AzureResourceEntity(Entity): """Represents an azure resource entity. @@ -4187,7 +4289,7 @@ class AzureResourceEntity(Entity): "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. :vartype additional_data: dict[str, any] @@ -4224,7 +4326,7 @@ class AzureResourceEntity(Entity): "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: str = "AzureResource" @@ -4265,13 +4367,99 @@ class AzureResourceEntityProperties(EntityCommonProperties): "subscription_id": {"key": "subscriptionId", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.resource_id = None self.subscription_id = None +class BillingStatistic(AzureEntityResource): + """Billing statistic. + + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + SapSolutionUsageStatistic + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Resource Etag. + :vartype etag: str + :ivar kind: The kind of the billing statistic. Required. "SapSolutionUsage" + :vartype kind: str or ~azure.mgmt.securityinsight.models.BillingStatisticKind + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "etag": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + } + + _subtype_map = {"kind": {"SapSolutionUsage": "SapSolutionUsageStatistic"}} + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.kind: Optional[str] = None + + +class BillingStatisticList(_serialization.Model): + """List of all Microsoft Sentinel billing statistics. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of billing statistics. + :vartype next_link: str + :ivar value: Array of billing statistics. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.BillingStatistic] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[BillingStatistic]"}, + } + + def __init__(self, *, value: List["_models.BillingStatistic"], **kwargs: Any) -> None: + """ + :keyword value: Array of billing statistics. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.BillingStatistic] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + class Bookmark(ResourceWithEtag): # pylint: disable=too-many-instance-attributes """Represents a bookmark in Azure Security Insights. @@ -4375,8 +4563,8 @@ def __init__( entity_mappings: Optional[List["_models.BookmarkEntityMappings"]] = None, tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, techniques: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -4451,8 +4639,8 @@ def __init__( *, entity_type: Optional[str] = None, field_mappings: Optional[List["_models.EntityFieldMapping"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword entity_type: The entity type. :paramtype entity_type: str @@ -4489,8 +4677,8 @@ def __init__( end_time: Optional[datetime.datetime] = None, expansion_id: Optional[str] = None, start_time: Optional[datetime.datetime] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword end_time: The end date filter, so the only expansion results returned are before this date. @@ -4526,8 +4714,8 @@ def __init__( *, meta_data: Optional["_models.ExpansionResultsMetadata"] = None, value: Optional["_models.BookmarkExpandResponseValue"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword meta_data: The metadata from the expansion operation results. :paramtype meta_data: ~azure.mgmt.securityinsight.models.ExpansionResultsMetadata @@ -4558,8 +4746,8 @@ def __init__( *, entities: Optional[List["_models.Entity"]] = None, edges: Optional[List["_models.ConnectedEntity"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword entities: Array of the expansion result entities. :paramtype entities: list[~azure.mgmt.securityinsight.models.Entity] @@ -4594,7 +4782,7 @@ class BookmarkList(_serialization.Model): "value": {"key": "value", "type": "[Bookmark]"}, } - def __init__(self, *, value: List["_models.Bookmark"], **kwargs): + def __init__(self, *, value: List["_models.Bookmark"], **kwargs: Any) -> None: """ :keyword value: Array of bookmarks. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.Bookmark] @@ -4658,8 +4846,8 @@ def __init__( event_time: Optional[datetime.datetime] = None, created_by: Optional["_models.UserInfo"] = None, labels: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword azure_resource_id: The bookmark azure resource id. Required. :paramtype azure_resource_id: str @@ -4691,7 +4879,8 @@ def __init__( class BooleanConditionProperties(AutomationRuleCondition): - """Describes an automation rule condition that applies a boolean operator (e.g AND, OR) to conditions. + """Describes an automation rule condition that applies a boolean operator (e.g AND, OR) to + conditions. All required parameters must be populated in order to send to Azure. @@ -4712,7 +4901,9 @@ class BooleanConditionProperties(AutomationRuleCondition): "condition_properties": {"key": "conditionProperties", "type": "AutomationRuleBooleanCondition"}, } - def __init__(self, *, condition_properties: Optional["_models.AutomationRuleBooleanCondition"] = None, **kwargs): + def __init__( + self, *, condition_properties: Optional["_models.AutomationRuleBooleanCondition"] = None, **kwargs: Any + ) -> None: """ :keyword condition_properties: :paramtype condition_properties: @@ -4750,8 +4941,8 @@ def __init__( name: Optional[str] = None, object_id: Optional[str] = None, user_principal_name: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword email: The email of the client. :paramtype email: str @@ -4791,7 +4982,7 @@ class CloudApplicationEntity(Entity): "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. :vartype additional_data: dict[str, any] @@ -4833,7 +5024,7 @@ class CloudApplicationEntity(Entity): "instance_name": {"key": "properties.instanceName", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: str = "CloudApplication" @@ -4880,7 +5071,7 @@ class CloudApplicationEntityProperties(EntityCommonProperties): "instance_name": {"key": "instanceName", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.app_id = None @@ -4911,7 +5102,7 @@ class CloudErrorBody(_serialization.Model): "message": {"key": "message", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.code = None @@ -4941,10 +5132,10 @@ class CodelessApiPollingDataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar connector_ui_config: Config to describe the instructions blade. :vartype connector_ui_config: @@ -4979,8 +5170,8 @@ def __init__( etag: Optional[str] = None, connector_ui_config: Optional["_models.CodelessUiConnectorConfigProperties"] = None, polling_config: Optional["_models.CodelessConnectorPollingConfigProperties"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -5070,8 +5261,8 @@ def __init__( token_endpoint_query_parameters: Optional[JSON] = None, is_client_secret_in_header: Optional[bool] = None, scope: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword auth_type: The authentication type. Required. :paramtype auth_type: str @@ -5161,8 +5352,8 @@ def __init__( is_active: Optional[bool] = None, paging: Optional["_models.CodelessConnectorPollingPagingProperties"] = None, response: Optional["_models.CodelessConnectorPollingResponseProperties"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword is_active: The poller active status. :paramtype is_active: bool @@ -5243,8 +5434,8 @@ def __init__( search_the_latest_time_stamp_from_events_list: Optional[str] = None, page_size_para_name: Optional[str] = None, page_size: Optional[int] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword paging_type: Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp'. Required. @@ -5352,8 +5543,8 @@ def __init__( query_parameters_template: Optional[str] = None, start_time_attribute_name: Optional[str] = None, end_time_attribute_name: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword api_endpoint: Describe the endpoint we should pull the data from. Required. :paramtype api_endpoint: str @@ -5437,8 +5628,8 @@ def __init__( success_status_json_path: Optional[str] = None, success_status_value: Optional[str] = None, is_gzip_compressed: Optional[bool] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword events_json_paths: Describes the path we should extract the data in the response. Required. @@ -5547,8 +5738,8 @@ def __init__( permissions: "_models.Permissions", instruction_steps: List["_models.CodelessUiConnectorConfigPropertiesInstructionStepsItem"], custom_image: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword title: Connector blade title. Required. :paramtype title: str @@ -5616,8 +5807,8 @@ def __init__( *, type: Optional[Union[str, "_models.ConnectivityType"]] = None, value: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword type: type of connectivity. "IsConnectedQuery" :paramtype type: str or ~azure.mgmt.securityinsight.models.ConnectivityType @@ -5648,8 +5839,8 @@ def __init__( *, type: Optional[Union[str, "_models.ConnectivityType"]] = None, value: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword type: type of connectivity. "IsConnectedQuery" :paramtype type: str or ~azure.mgmt.securityinsight.models.ConnectivityType @@ -5674,7 +5865,9 @@ class LastDataReceivedDataType(_serialization.Model): "last_data_received_query": {"key": "lastDataReceivedQuery", "type": "str"}, } - def __init__(self, *, name: Optional[str] = None, last_data_received_query: Optional[str] = None, **kwargs): + def __init__( + self, *, name: Optional[str] = None, last_data_received_query: Optional[str] = None, **kwargs: Any + ) -> None: """ :keyword name: Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder. @@ -5702,7 +5895,9 @@ class CodelessUiConnectorConfigPropertiesDataTypesItem(LastDataReceivedDataType) "last_data_received_query": {"key": "lastDataReceivedQuery", "type": "str"}, } - def __init__(self, *, name: Optional[str] = None, last_data_received_query: Optional[str] = None, **kwargs): + def __init__( + self, *, name: Optional[str] = None, last_data_received_query: Optional[str] = None, **kwargs: Any + ) -> None: """ :keyword name: Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder. @@ -5736,8 +5931,8 @@ def __init__( metric_name: Optional[str] = None, legend: Optional[str] = None, base_query: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword metric_name: the metric that the query is checking. :paramtype metric_name: str @@ -5775,8 +5970,8 @@ def __init__( metric_name: Optional[str] = None, legend: Optional[str] = None, base_query: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword metric_name: the metric that the query is checking. :paramtype metric_name: str @@ -5812,8 +6007,8 @@ def __init__( title: Optional[str] = None, description: Optional[str] = None, instructions: Optional[List["_models.InstructionStepsInstructionsItem"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword title: Instruction step title. :paramtype title: str @@ -5853,8 +6048,8 @@ def __init__( title: Optional[str] = None, description: Optional[str] = None, instructions: Optional[List["_models.InstructionStepsInstructionsItem"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword title: Instruction step title. :paramtype title: str @@ -5881,7 +6076,7 @@ class SampleQueries(_serialization.Model): "query": {"key": "query", "type": "str"}, } - def __init__(self, *, description: Optional[str] = None, query: Optional[str] = None, **kwargs): + def __init__(self, *, description: Optional[str] = None, query: Optional[str] = None, **kwargs: Any) -> None: """ :keyword description: The sample query description. :paramtype description: str @@ -5907,7 +6102,7 @@ class CodelessUiConnectorConfigPropertiesSampleQueriesItem(SampleQueries): "query": {"key": "query", "type": "str"}, } - def __init__(self, *, description: Optional[str] = None, query: Optional[str] = None, **kwargs): + def __init__(self, *, description: Optional[str] = None, query: Optional[str] = None, **kwargs: Any) -> None: """ :keyword description: The sample query description. :paramtype description: str @@ -5940,10 +6135,10 @@ class CodelessUiDataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar connector_ui_config: Config to describe the instructions blade. :vartype connector_ui_config: @@ -5973,8 +6168,8 @@ def __init__( *, etag: Optional[str] = None, connector_ui_config: Optional["_models.CodelessUiConnectorConfigProperties"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -6001,7 +6196,9 @@ class ConnectedEntity(_serialization.Model): "additional_data": {"key": "additionalData", "type": "object"}, } - def __init__(self, *, target_entity_id: Optional[str] = None, additional_data: Optional[JSON] = None, **kwargs): + def __init__( + self, *, target_entity_id: Optional[str] = None, additional_data: Optional[JSON] = None, **kwargs: Any + ) -> None: """ :keyword target_entity_id: Entity Id of the connected entity. :paramtype target_entity_id: str @@ -6013,16 +6210,16 @@ def __init__(self, *, target_entity_id: Optional[str] = None, additional_data: O self.additional_data = additional_data -class ConnectorInstructionModelBase(_serialization.Model): - """Instruction step details. +class ConnectivityCriterion(_serialization.Model): + """The criteria by which we determine whether the connector is connected or not. + For Example, use a KQL query to check if the expected data type is flowing). All required parameters must be populated in order to send to Azure. - :ivar parameters: The parameters for the setting. - :vartype parameters: JSON - :ivar type: The kind of the setting. Required. Known values are: "CopyableLabel", - "InstructionStepsGroup", and "InfoMessage". - :vartype type: str or ~azure.mgmt.securityinsight.models.SettingType + :ivar type: Gets or sets the type of connectivity. Required. + :vartype type: str + :ivar value: Gets or sets the queries for checking connectivity. + :vartype value: list[str] """ _validation = { @@ -6030,435 +6227,387 @@ class ConnectorInstructionModelBase(_serialization.Model): } _attribute_map = { - "parameters": {"key": "parameters", "type": "object"}, "type": {"key": "type", "type": "str"}, + "value": {"key": "value", "type": "[str]"}, } - def __init__(self, *, type: Union[str, "_models.SettingType"], parameters: Optional[JSON] = None, **kwargs): + def __init__(self, *, type: str, value: Optional[List[str]] = None, **kwargs: Any) -> None: """ - :keyword parameters: The parameters for the setting. - :paramtype parameters: JSON - :keyword type: The kind of the setting. Required. Known values are: "CopyableLabel", - "InstructionStepsGroup", and "InfoMessage". - :paramtype type: str or ~azure.mgmt.securityinsight.models.SettingType + :keyword type: Gets or sets the type of connectivity. Required. + :paramtype type: str + :keyword value: Gets or sets the queries for checking connectivity. + :paramtype value: list[str] """ super().__init__(**kwargs) - self.parameters = parameters self.type = type + self.value = value -class Content(_serialization.Model): - """Content section of the recommendation. +class ConnectorDataType(_serialization.Model): + """The data type which is created by the connector, + including a query indicated when was the last time that data type was received in the + workspace. All required parameters must be populated in order to send to Azure. - :ivar title: Title of the content. Required. - :vartype title: str - :ivar description: Description of the content. Required. - :vartype description: str + :ivar name: Gets or sets the name of the data type to show in the graph. Required. + :vartype name: str + :ivar last_data_received_query: Gets or sets the query to indicate when relevant data was last + received in the workspace. Required. + :vartype last_data_received_query: str """ _validation = { - "title": {"required": True}, - "description": {"required": True}, + "name": {"required": True}, + "last_data_received_query": {"required": True}, } _attribute_map = { - "title": {"key": "title", "type": "str"}, - "description": {"key": "description", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "last_data_received_query": {"key": "lastDataReceivedQuery", "type": "str"}, } - def __init__(self, *, title: str, description: str, **kwargs): + def __init__(self, *, name: str, last_data_received_query: str, **kwargs: Any) -> None: """ - :keyword title: Title of the content. Required. - :paramtype title: str - :keyword description: Description of the content. Required. - :paramtype description: str + :keyword name: Gets or sets the name of the data type to show in the graph. Required. + :paramtype name: str + :keyword last_data_received_query: Gets or sets the query to indicate when relevant data was + last received in the workspace. Required. + :paramtype last_data_received_query: str """ super().__init__(**kwargs) - self.title = title - self.description = description + self.name = name + self.last_data_received_query = last_data_received_query -class ContentPathMap(_serialization.Model): - """The mapping of content type to a repo path. +class ConnectorDefinitionsAvailability(_serialization.Model): + """The exposure status of the connector to the customers. - :ivar content_type: Content type. Known values are: "AnalyticRule" and "Workbook". - :vartype content_type: str or ~azure.mgmt.securityinsight.models.ContentType - :ivar path: The path to the content. - :vartype path: str + :ivar status: The exposure status of the connector to the customers. Available values are 0-4 + (0=None, 1=Available, 2=FeatureFlag, 3=Internal). + :vartype status: int + :ivar is_preview: Gets or sets a value indicating whether the connector is preview. + :vartype is_preview: bool """ _attribute_map = { - "content_type": {"key": "contentType", "type": "str"}, - "path": {"key": "path", "type": "str"}, + "status": {"key": "status", "type": "int"}, + "is_preview": {"key": "isPreview", "type": "bool"}, } - def __init__( - self, *, content_type: Optional[Union[str, "_models.ContentType"]] = None, path: Optional[str] = None, **kwargs - ): + def __init__(self, *, status: Optional[int] = None, is_preview: Optional[bool] = None, **kwargs: Any) -> None: """ - :keyword content_type: Content type. Known values are: "AnalyticRule" and "Workbook". - :paramtype content_type: str or ~azure.mgmt.securityinsight.models.ContentType - :keyword path: The path to the content. - :paramtype path: str + :keyword status: The exposure status of the connector to the customers. Available values are + 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal). + :paramtype status: int + :keyword is_preview: Gets or sets a value indicating whether the connector is preview. + :paramtype is_preview: bool """ super().__init__(**kwargs) - self.content_type = content_type - self.path = path + self.status = status + self.is_preview = is_preview -class CustomsPermission(_serialization.Model): - """Customs permissions required for the connector. +class ConnectorDefinitionsPermissions(_serialization.Model): + """The required Permissions for the connector. - :ivar name: Customs permissions name. - :vartype name: str - :ivar description: Customs permissions description. - :vartype description: str + :ivar tenant: Gets or sets the required tenant permissions for the connector. + :vartype tenant: list[str] + :ivar licenses: Gets or sets the required licenses for the user to create connections. + :vartype licenses: list[str] + :ivar resource_provider: Gets or sets the resource provider permissions required for the user + to create connections. + :vartype resource_provider: + list[~azure.mgmt.securityinsight.models.ConnectorDefinitionsResourceProvider] + :ivar customs: Gets or sets the customs permissions required for the user to create + connections. + :vartype customs: list[~azure.mgmt.securityinsight.models.CustomPermissionDetails] """ _attribute_map = { - "name": {"key": "name", "type": "str"}, - "description": {"key": "description", "type": "str"}, + "tenant": {"key": "tenant", "type": "[str]"}, + "licenses": {"key": "licenses", "type": "[str]"}, + "resource_provider": {"key": "resourceProvider", "type": "[ConnectorDefinitionsResourceProvider]"}, + "customs": {"key": "customs", "type": "[CustomPermissionDetails]"}, } - def __init__(self, *, name: Optional[str] = None, description: Optional[str] = None, **kwargs): - """ - :keyword name: Customs permissions name. - :paramtype name: str - :keyword description: Customs permissions description. - :paramtype description: str + def __init__( + self, + *, + tenant: Optional[List[str]] = None, + licenses: Optional[List[str]] = None, + resource_provider: Optional[List["_models.ConnectorDefinitionsResourceProvider"]] = None, + customs: Optional[List["_models.CustomPermissionDetails"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword tenant: Gets or sets the required tenant permissions for the connector. + :paramtype tenant: list[str] + :keyword licenses: Gets or sets the required licenses for the user to create connections. + :paramtype licenses: list[str] + :keyword resource_provider: Gets or sets the resource provider permissions required for the + user to create connections. + :paramtype resource_provider: + list[~azure.mgmt.securityinsight.models.ConnectorDefinitionsResourceProvider] + :keyword customs: Gets or sets the customs permissions required for the user to create + connections. + :paramtype customs: list[~azure.mgmt.securityinsight.models.CustomPermissionDetails] """ super().__init__(**kwargs) - self.name = name - self.description = description + self.tenant = tenant + self.licenses = licenses + self.resource_provider = resource_provider + self.customs = customs -class Customs(CustomsPermission): - """Customs permissions required for the connector. +class ConnectorDefinitionsResourceProvider(_serialization.Model): + """The resource provider details include the required permissions for the user to create + connections. + The user should have the required permissions(Read\Write, ..) in the specified scope + ProviderPermissionsScope against the specified resource provider. - :ivar name: Customs permissions name. - :vartype name: str - :ivar description: Customs permissions description. - :vartype description: str + All required parameters must be populated in order to send to Azure. + + :ivar provider: Gets or sets the provider name. Required. + :vartype provider: str + :ivar permissions_display_text: Gets or sets the permissions description text. Required. + :vartype permissions_display_text: str + :ivar provider_display_name: Gets or sets the permissions provider display name. Required. + :vartype provider_display_name: str + :ivar scope: The scope on which the user should have permissions, in order to be able to create + connections. Required. Known values are: "Subscription", "ResourceGroup", and "Workspace". + :vartype scope: str or ~azure.mgmt.securityinsight.models.ProviderPermissionsScope + :ivar required_permissions: Required permissions for the connector resource provider that + define in ResourceProviders. + For more information about the permissions see :code:`here`. + Required. + :vartype required_permissions: + ~azure.mgmt.securityinsight.models.ResourceProviderRequiredPermissions """ + _validation = { + "provider": {"required": True}, + "permissions_display_text": {"required": True}, + "provider_display_name": {"required": True}, + "scope": {"required": True}, + "required_permissions": {"required": True}, + } + _attribute_map = { - "name": {"key": "name", "type": "str"}, - "description": {"key": "description", "type": "str"}, + "provider": {"key": "provider", "type": "str"}, + "permissions_display_text": {"key": "permissionsDisplayText", "type": "str"}, + "provider_display_name": {"key": "providerDisplayName", "type": "str"}, + "scope": {"key": "scope", "type": "str"}, + "required_permissions": {"key": "requiredPermissions", "type": "ResourceProviderRequiredPermissions"}, } - def __init__(self, *, name: Optional[str] = None, description: Optional[str] = None, **kwargs): - """ - :keyword name: Customs permissions name. - :paramtype name: str - :keyword description: Customs permissions description. - :paramtype description: str + def __init__( + self, + *, + provider: str, + permissions_display_text: str, + provider_display_name: str, + scope: Union[str, "_models.ProviderPermissionsScope"], + required_permissions: "_models.ResourceProviderRequiredPermissions", + **kwargs: Any + ) -> None: + """ + :keyword provider: Gets or sets the provider name. Required. + :paramtype provider: str + :keyword permissions_display_text: Gets or sets the permissions description text. Required. + :paramtype permissions_display_text: str + :keyword provider_display_name: Gets or sets the permissions provider display name. Required. + :paramtype provider_display_name: str + :keyword scope: The scope on which the user should have permissions, in order to be able to + create connections. Required. Known values are: "Subscription", "ResourceGroup", and + "Workspace". + :paramtype scope: str or ~azure.mgmt.securityinsight.models.ProviderPermissionsScope + :keyword required_permissions: Required permissions for the connector resource provider that + define in ResourceProviders. + For more information about the permissions see :code:`here`. + Required. + :paramtype required_permissions: + ~azure.mgmt.securityinsight.models.ResourceProviderRequiredPermissions """ - super().__init__(name=name, description=description, **kwargs) - + super().__init__(**kwargs) + self.provider = provider + self.permissions_display_text = permissions_display_text + self.provider_display_name = provider_display_name + self.scope = scope + self.required_permissions = required_permissions -class DataConnectorConnectBody(_serialization.Model): # pylint: disable=too-many-instance-attributes - """Represents Codeless API Polling data connector. - :ivar kind: The authentication kind used to poll the data. Known values are: "Basic", "OAuth2", - and "APIKey". - :vartype kind: str or ~azure.mgmt.securityinsight.models.ConnectAuthKind - :ivar api_key: The API key of the audit server. - :vartype api_key: str - :ivar data_collection_endpoint: Used in v2 logs connector. Represents the data collection - ingestion endpoint in log analytics. - :vartype data_collection_endpoint: str - :ivar data_collection_rule_immutable_id: Used in v2 logs connector. The data collection rule - immutable id, the rule defines the transformation and data destination. - :vartype data_collection_rule_immutable_id: str - :ivar output_stream: Used in v2 logs connector. The stream we are sending the data to, this is - the name of the streamDeclarations defined in the DCR. - :vartype output_stream: str - :ivar client_secret: The client secret of the OAuth 2.0 application. - :vartype client_secret: str - :ivar client_id: The client id of the OAuth 2.0 application. - :vartype client_id: str - :ivar authorization_code: The authorization code used in OAuth 2.0 code flow to issue a token. - :vartype authorization_code: str - :ivar user_name: The user name in the audit log server. - :vartype user_name: str - :ivar password: The user password in the audit log server. - :vartype password: str - :ivar request_config_user_input_values: - :vartype request_config_user_input_values: list[JSON] +class ConnectorInstructionModelBase(_serialization.Model): + """Instruction step details. + + All required parameters must be populated in order to send to Azure. + + :ivar parameters: The parameters for the setting. + :vartype parameters: JSON + :ivar type: The kind of the setting. Required. Known values are: "CopyableLabel", + "InstructionStepsGroup", and "InfoMessage". + :vartype type: str or ~azure.mgmt.securityinsight.models.SettingType """ + _validation = { + "type": {"required": True}, + } + _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "api_key": {"key": "apiKey", "type": "str"}, - "data_collection_endpoint": {"key": "dataCollectionEndpoint", "type": "str"}, - "data_collection_rule_immutable_id": {"key": "dataCollectionRuleImmutableId", "type": "str"}, - "output_stream": {"key": "outputStream", "type": "str"}, - "client_secret": {"key": "clientSecret", "type": "str"}, - "client_id": {"key": "clientId", "type": "str"}, - "authorization_code": {"key": "authorizationCode", "type": "str"}, - "user_name": {"key": "userName", "type": "str"}, - "password": {"key": "password", "type": "str"}, - "request_config_user_input_values": {"key": "requestConfigUserInputValues", "type": "[object]"}, + "parameters": {"key": "parameters", "type": "object"}, + "type": {"key": "type", "type": "str"}, } def __init__( - self, - *, - kind: Optional[Union[str, "_models.ConnectAuthKind"]] = None, - api_key: Optional[str] = None, - data_collection_endpoint: Optional[str] = None, - data_collection_rule_immutable_id: Optional[str] = None, - output_stream: Optional[str] = None, - client_secret: Optional[str] = None, - client_id: Optional[str] = None, - authorization_code: Optional[str] = None, - user_name: Optional[str] = None, - password: Optional[str] = None, - request_config_user_input_values: Optional[List[JSON]] = None, - **kwargs - ): + self, *, type: Union[str, "_models.SettingType"], parameters: Optional[JSON] = None, **kwargs: Any + ) -> None: """ - :keyword kind: The authentication kind used to poll the data. Known values are: "Basic", - "OAuth2", and "APIKey". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.ConnectAuthKind - :keyword api_key: The API key of the audit server. - :paramtype api_key: str - :keyword data_collection_endpoint: Used in v2 logs connector. Represents the data collection - ingestion endpoint in log analytics. - :paramtype data_collection_endpoint: str - :keyword data_collection_rule_immutable_id: Used in v2 logs connector. The data collection rule - immutable id, the rule defines the transformation and data destination. - :paramtype data_collection_rule_immutable_id: str - :keyword output_stream: Used in v2 logs connector. The stream we are sending the data to, this - is the name of the streamDeclarations defined in the DCR. - :paramtype output_stream: str - :keyword client_secret: The client secret of the OAuth 2.0 application. - :paramtype client_secret: str - :keyword client_id: The client id of the OAuth 2.0 application. - :paramtype client_id: str - :keyword authorization_code: The authorization code used in OAuth 2.0 code flow to issue a - token. - :paramtype authorization_code: str - :keyword user_name: The user name in the audit log server. - :paramtype user_name: str - :keyword password: The user password in the audit log server. - :paramtype password: str - :keyword request_config_user_input_values: - :paramtype request_config_user_input_values: list[JSON] + :keyword parameters: The parameters for the setting. + :paramtype parameters: JSON + :keyword type: The kind of the setting. Required. Known values are: "CopyableLabel", + "InstructionStepsGroup", and "InfoMessage". + :paramtype type: str or ~azure.mgmt.securityinsight.models.SettingType """ super().__init__(**kwargs) - self.kind = kind - self.api_key = api_key - self.data_collection_endpoint = data_collection_endpoint - self.data_collection_rule_immutable_id = data_collection_rule_immutable_id - self.output_stream = output_stream - self.client_secret = client_secret - self.client_id = client_id - self.authorization_code = authorization_code - self.user_name = user_name - self.password = password - self.request_config_user_input_values = request_config_user_input_values - + self.parameters = parameters + self.type = type -class DataConnectorList(_serialization.Model): - """List all the data connectors. - Variables are only populated by the server, and will be ignored when sending a request. +class Content(_serialization.Model): + """Content section of the recommendation. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of data connectors. - :vartype next_link: str - :ivar value: Array of data connectors. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.DataConnector] + :ivar title: Title of the content. Required. + :vartype title: str + :ivar description: Description of the content. Required. + :vartype description: str """ _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, + "title": {"required": True}, + "description": {"required": True}, } _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[DataConnector]"}, + "title": {"key": "title", "type": "str"}, + "description": {"key": "description", "type": "str"}, } - def __init__(self, *, value: List["_models.DataConnector"], **kwargs): + def __init__(self, *, title: str, description: str, **kwargs: Any) -> None: """ - :keyword value: Array of data connectors. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.DataConnector] + :keyword title: Title of the content. Required. + :paramtype title: str + :keyword description: Description of the content. Required. + :paramtype description: str """ super().__init__(**kwargs) - self.next_link = None - self.value = value + self.title = title + self.description = description -class DataConnectorRequirementsState(_serialization.Model): - """Data connector requirements status. +class CustomizableConnectionsConfig(_serialization.Model): + """The UiConfig for 'Customizable' connector definition kind. - :ivar authorization_state: Authorization state for this connector. Known values are: "Valid" - and "Invalid". - :vartype authorization_state: str or - ~azure.mgmt.securityinsight.models.DataConnectorAuthorizationState - :ivar license_state: License state for this connector. Known values are: "Valid", "Invalid", - and "Unknown". - :vartype license_state: str or ~azure.mgmt.securityinsight.models.DataConnectorLicenseState + All required parameters must be populated in order to send to Azure. + + :ivar template_spec_name: Gets or sets the template name. The template includes ARM templates + that can be created by the connector, usually it will be the dataConnectors ARM templates. + Required. + :vartype template_spec_name: str + :ivar template_spec_version: Gets or sets the template version. Required. + :vartype template_spec_version: str """ + _validation = { + "template_spec_name": {"required": True}, + "template_spec_version": {"required": True}, + } + _attribute_map = { - "authorization_state": {"key": "authorizationState", "type": "str"}, - "license_state": {"key": "licenseState", "type": "str"}, + "template_spec_name": {"key": "templateSpecName", "type": "str"}, + "template_spec_version": {"key": "templateSpecVersion", "type": "str"}, } - def __init__( - self, - *, - authorization_state: Optional[Union[str, "_models.DataConnectorAuthorizationState"]] = None, - license_state: Optional[Union[str, "_models.DataConnectorLicenseState"]] = None, - **kwargs - ): + def __init__(self, *, template_spec_name: str, template_spec_version: str, **kwargs: Any) -> None: """ - :keyword authorization_state: Authorization state for this connector. Known values are: "Valid" - and "Invalid". - :paramtype authorization_state: str or - ~azure.mgmt.securityinsight.models.DataConnectorAuthorizationState - :keyword license_state: License state for this connector. Known values are: "Valid", "Invalid", - and "Unknown". - :paramtype license_state: str or ~azure.mgmt.securityinsight.models.DataConnectorLicenseState + :keyword template_spec_name: Gets or sets the template name. The template includes ARM + templates that can be created by the connector, usually it will be the dataConnectors ARM + templates. Required. + :paramtype template_spec_name: str + :keyword template_spec_version: Gets or sets the template version. Required. + :paramtype template_spec_version: str """ super().__init__(**kwargs) - self.authorization_state = authorization_state - self.license_state = license_state + self.template_spec_name = template_spec_name + self.template_spec_version = template_spec_version -class DataTypeDefinitions(_serialization.Model): - """The data type definition. +class DataConnectorDefinition(ResourceWithEtag): + """An Azure resource, which encapsulate the entire info requires to display a data connector page + in Azure portal, + and the info required to define data connections. - :ivar data_type: The data type name. - :vartype data_type: str + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + CustomizableConnectorDefinition + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. "Customizable" + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorDefinitionKind """ + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + _attribute_map = { - "data_type": {"key": "dataType", "type": "str"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, } - def __init__(self, *, data_type: Optional[str] = None, **kwargs): + _subtype_map = {"kind": {"Customizable": "CustomizableConnectorDefinition"}} + + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword data_type: The data type name. - :paramtype data_type: str + :keyword etag: Etag of the azure resource. + :paramtype etag: str """ - super().__init__(**kwargs) - self.data_type = data_type + super().__init__(etag=etag, **kwargs) + self.kind: Optional[str] = None -class Deployment(_serialization.Model): - """Description about a deployment. +class CustomizableConnectorDefinition(DataConnectorDefinition): + """Connector definition for kind 'Customizable'. - :ivar deployment_id: Deployment identifier. - :vartype deployment_id: str - :ivar deployment_state: Current status of the deployment. Known values are: "In_Progress", - "Completed", "Queued", and "Canceling". - :vartype deployment_state: str or ~azure.mgmt.securityinsight.models.DeploymentState - :ivar deployment_result: The outcome of the deployment. Known values are: "Success", - "Canceled", and "Failed". - :vartype deployment_result: str or ~azure.mgmt.securityinsight.models.DeploymentResult - :ivar deployment_time: The time when the deployment finished. - :vartype deployment_time: ~datetime.datetime - :ivar deployment_logs_url: Url to access repository action logs. - :vartype deployment_logs_url: str - """ + Variables are only populated by the server, and will be ignored when sending a request. - _attribute_map = { - "deployment_id": {"key": "deploymentId", "type": "str"}, - "deployment_state": {"key": "deploymentState", "type": "str"}, - "deployment_result": {"key": "deploymentResult", "type": "str"}, - "deployment_time": {"key": "deploymentTime", "type": "iso-8601"}, - "deployment_logs_url": {"key": "deploymentLogsUrl", "type": "str"}, - } - - def __init__( - self, - *, - deployment_id: Optional[str] = None, - deployment_state: Optional[Union[str, "_models.DeploymentState"]] = None, - deployment_result: Optional[Union[str, "_models.DeploymentResult"]] = None, - deployment_time: Optional[datetime.datetime] = None, - deployment_logs_url: Optional[str] = None, - **kwargs - ): - """ - :keyword deployment_id: Deployment identifier. - :paramtype deployment_id: str - :keyword deployment_state: Current status of the deployment. Known values are: "In_Progress", - "Completed", "Queued", and "Canceling". - :paramtype deployment_state: str or ~azure.mgmt.securityinsight.models.DeploymentState - :keyword deployment_result: The outcome of the deployment. Known values are: "Success", - "Canceled", and "Failed". - :paramtype deployment_result: str or ~azure.mgmt.securityinsight.models.DeploymentResult - :keyword deployment_time: The time when the deployment finished. - :paramtype deployment_time: ~datetime.datetime - :keyword deployment_logs_url: Url to access repository action logs. - :paramtype deployment_logs_url: str - """ - super().__init__(**kwargs) - self.deployment_id = deployment_id - self.deployment_state = deployment_state - self.deployment_result = deployment_result - self.deployment_time = deployment_time - self.deployment_logs_url = deployment_logs_url - - -class DeploymentInfo(_serialization.Model): - """Information regarding a deployment. - - :ivar deployment_fetch_status: Status while fetching the last deployment. Known values are: - "Success", "Unauthorized", and "NotFound". - :vartype deployment_fetch_status: str or - ~azure.mgmt.securityinsight.models.DeploymentFetchStatus - :ivar deployment: Deployment information. - :vartype deployment: ~azure.mgmt.securityinsight.models.Deployment - :ivar message: Additional details about the deployment that can be shown to the user. - :vartype message: str - """ - - _attribute_map = { - "deployment_fetch_status": {"key": "deploymentFetchStatus", "type": "str"}, - "deployment": {"key": "deployment", "type": "Deployment"}, - "message": {"key": "message", "type": "str"}, - } - - def __init__( - self, - *, - deployment_fetch_status: Optional[Union[str, "_models.DeploymentFetchStatus"]] = None, - deployment: Optional["_models.Deployment"] = None, - message: Optional[str] = None, - **kwargs - ): - """ - :keyword deployment_fetch_status: Status while fetching the last deployment. Known values are: - "Success", "Unauthorized", and "NotFound". - :paramtype deployment_fetch_status: str or - ~azure.mgmt.securityinsight.models.DeploymentFetchStatus - :keyword deployment: Deployment information. - :paramtype deployment: ~azure.mgmt.securityinsight.models.Deployment - :keyword message: Additional details about the deployment that can be shown to the user. - :paramtype message: str - """ - super().__init__(**kwargs) - self.deployment_fetch_status = deployment_fetch_status - self.deployment = deployment - self.message = message - - -class DnsEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a dns entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. + All required parameters must be populated in order to send to Azure. :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. @@ -6471,25 +6620,19 @@ class DnsEntity(Entity): # pylint: disable=too-many-instance-attributes :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar dns_server_ip_entity_id: An ip entity id for the dns server resolving the request. - :vartype dns_server_ip_entity_id: str - :ivar domain_name: The name of the dns record associated with the alert. - :vartype domain_name: str - :ivar host_ip_address_entity_id: An ip entity id for the dns request client. - :vartype host_ip_address_entity_id: str - :ivar ip_address_entity_ids: Ip entity identifiers for the resolved ip address. - :vartype ip_address_entity_ids: list[str] + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. "Customizable" + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorDefinitionKind + :ivar created_time_utc: Gets or sets the connector definition created date in UTC format. + :vartype created_time_utc: ~datetime.datetime + :ivar last_modified_utc: Gets or sets the connector definition last modified date in UTC + format. + :vartype last_modified_utc: ~datetime.datetime + :ivar connector_ui_config: The UiConfig for 'Customizable' connector definition kind. + :vartype connector_ui_config: ~azure.mgmt.securityinsight.models.CustomizableConnectorUiConfig + :ivar connections_config: The UiConfig for 'Customizable' connector definition kind. + :vartype connections_config: ~azure.mgmt.securityinsight.models.CustomizableConnectionsConfig """ _validation = { @@ -6498,12 +6641,6 @@ class DnsEntity(Entity): # pylint: disable=too-many-instance-attributes "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "dns_server_ip_entity_id": {"readonly": True}, - "domain_name": {"readonly": True}, - "host_ip_address_entity_id": {"readonly": True}, - "ip_address_entity_ids": {"readonly": True}, } _attribute_map = { @@ -6511,752 +6648,654 @@ class DnsEntity(Entity): # pylint: disable=too-many-instance-attributes "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "dns_server_ip_entity_id": {"key": "properties.dnsServerIpEntityId", "type": "str"}, - "domain_name": {"key": "properties.domainName", "type": "str"}, - "host_ip_address_entity_id": {"key": "properties.hostIpAddressEntityId", "type": "str"}, - "ip_address_entity_ids": {"key": "properties.ipAddressEntityIds", "type": "[str]"}, + "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, + "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, + "connector_ui_config": {"key": "properties.connectorUiConfig", "type": "CustomizableConnectorUiConfig"}, + "connections_config": {"key": "properties.connectionsConfig", "type": "CustomizableConnectionsConfig"}, } - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: str = "DnsResolution" - self.additional_data = None - self.friendly_name = None - self.dns_server_ip_entity_id = None - self.domain_name = None - self.host_ip_address_entity_id = None - self.ip_address_entity_ids = None + def __init__( + self, + *, + etag: Optional[str] = None, + created_time_utc: Optional[datetime.datetime] = None, + last_modified_utc: Optional[datetime.datetime] = None, + connector_ui_config: Optional["_models.CustomizableConnectorUiConfig"] = None, + connections_config: Optional["_models.CustomizableConnectionsConfig"] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword created_time_utc: Gets or sets the connector definition created date in UTC format. + :paramtype created_time_utc: ~datetime.datetime + :keyword last_modified_utc: Gets or sets the connector definition last modified date in UTC + format. + :paramtype last_modified_utc: ~datetime.datetime + :keyword connector_ui_config: The UiConfig for 'Customizable' connector definition kind. + :paramtype connector_ui_config: + ~azure.mgmt.securityinsight.models.CustomizableConnectorUiConfig + :keyword connections_config: The UiConfig for 'Customizable' connector definition kind. + :paramtype connections_config: ~azure.mgmt.securityinsight.models.CustomizableConnectionsConfig + """ + super().__init__(etag=etag, **kwargs) + self.kind: str = "Customizable" + self.created_time_utc = created_time_utc + self.last_modified_utc = last_modified_utc + self.connector_ui_config = connector_ui_config + self.connections_config = connections_config -class DnsEntityProperties(EntityCommonProperties): - """Dns entity property bag. +class CustomizableConnectorUiConfig(_serialization.Model): # pylint: disable=too-many-instance-attributes + """The UiConfig for 'Customizable' connector definition kind. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar dns_server_ip_entity_id: An ip entity id for the dns server resolving the request. - :vartype dns_server_ip_entity_id: str - :ivar domain_name: The name of the dns record associated with the alert. - :vartype domain_name: str - :ivar host_ip_address_entity_id: An ip entity id for the dns request client. - :vartype host_ip_address_entity_id: str - :ivar ip_address_entity_ids: Ip entity identifiers for the resolved ip address. - :vartype ip_address_entity_ids: list[str] + :ivar id: Gets or sets custom connector id. optional field. + :vartype id: str + :ivar title: Gets or sets the connector blade title. Required. + :vartype title: str + :ivar publisher: Gets or sets the connector publisher name. Required. + :vartype publisher: str + :ivar description_markdown: Gets or sets the connector description in markdown format. + Required. + :vartype description_markdown: str + :ivar graph_queries_table_name: Gets or sets the name of the table the connector will insert + the data to. + This name can be used in other queries by specifying {{graphQueriesTableName}} placeholder + in Query and LastDataReceivedQuery values. + :vartype graph_queries_table_name: str + :ivar graph_queries: Gets or sets the graph queries to show the current data volume over time. + Required. + :vartype graph_queries: list[~azure.mgmt.securityinsight.models.GraphQuery] + :ivar sample_queries: Gets or sets the sample queries for the connector. Required. + :vartype sample_queries: list[~azure.mgmt.securityinsight.models.SampleQuery] + :ivar data_types: Gets or sets the data types to check for last data received. Required. + :vartype data_types: list[~azure.mgmt.securityinsight.models.ConnectorDataType] + :ivar connectivity_criteria: Gets or sets the way the connector checks whether the connector is + connected. Required. + :vartype connectivity_criteria: list[~azure.mgmt.securityinsight.models.ConnectivityCriterion] + :ivar availability: The exposure status of the connector to the customers. + :vartype availability: ~azure.mgmt.securityinsight.models.ConnectorDefinitionsAvailability + :ivar permissions: The required Permissions for the connector. Required. + :vartype permissions: ~azure.mgmt.securityinsight.models.ConnectorDefinitionsPermissions + :ivar instruction_steps: Gets or sets the instruction steps to enable the connector. Required. + :vartype instruction_steps: list[~azure.mgmt.securityinsight.models.InstructionStep] + :ivar logo: Gets or sets the connector logo to be used when displaying the connector within + Azure Sentinel's connector's gallery. + The logo value should be in SVG format. + :vartype logo: str + :ivar is_connectivity_criterias_match_some: Gets or sets a value indicating whether to use + 'OR'(SOME) or 'AND' between ConnectivityCriteria items. + :vartype is_connectivity_criterias_match_some: bool """ _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "dns_server_ip_entity_id": {"readonly": True}, - "domain_name": {"readonly": True}, - "host_ip_address_entity_id": {"readonly": True}, - "ip_address_entity_ids": {"readonly": True}, + "title": {"required": True}, + "publisher": {"required": True}, + "description_markdown": {"required": True}, + "graph_queries": {"required": True}, + "sample_queries": {"required": True}, + "data_types": {"required": True}, + "connectivity_criteria": {"required": True}, + "permissions": {"required": True}, + "instruction_steps": {"required": True}, } _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "dns_server_ip_entity_id": {"key": "dnsServerIpEntityId", "type": "str"}, - "domain_name": {"key": "domainName", "type": "str"}, - "host_ip_address_entity_id": {"key": "hostIpAddressEntityId", "type": "str"}, - "ip_address_entity_ids": {"key": "ipAddressEntityIds", "type": "[str]"}, + "id": {"key": "id", "type": "str"}, + "title": {"key": "title", "type": "str"}, + "publisher": {"key": "publisher", "type": "str"}, + "description_markdown": {"key": "descriptionMarkdown", "type": "str"}, + "graph_queries_table_name": {"key": "graphQueriesTableName", "type": "str"}, + "graph_queries": {"key": "graphQueries", "type": "[GraphQuery]"}, + "sample_queries": {"key": "sampleQueries", "type": "[SampleQuery]"}, + "data_types": {"key": "dataTypes", "type": "[ConnectorDataType]"}, + "connectivity_criteria": {"key": "connectivityCriteria", "type": "[ConnectivityCriterion]"}, + "availability": {"key": "availability", "type": "ConnectorDefinitionsAvailability"}, + "permissions": {"key": "permissions", "type": "ConnectorDefinitionsPermissions"}, + "instruction_steps": {"key": "instructionSteps", "type": "[InstructionStep]"}, + "logo": {"key": "logo", "type": "str"}, + "is_connectivity_criterias_match_some": {"key": "isConnectivityCriteriasMatchSome", "type": "bool"}, } - def __init__(self, **kwargs): - """ """ + def __init__( + self, + *, + title: str, + publisher: str, + description_markdown: str, + graph_queries: List["_models.GraphQuery"], + sample_queries: List["_models.SampleQuery"], + data_types: List["_models.ConnectorDataType"], + connectivity_criteria: List["_models.ConnectivityCriterion"], + permissions: "_models.ConnectorDefinitionsPermissions", + instruction_steps: List["_models.InstructionStep"], + id: Optional[str] = None, # pylint: disable=redefined-builtin + graph_queries_table_name: Optional[str] = None, + availability: Optional["_models.ConnectorDefinitionsAvailability"] = None, + logo: Optional[str] = None, + is_connectivity_criterias_match_some: Optional[bool] = None, + **kwargs: Any + ) -> None: + """ + :keyword id: Gets or sets custom connector id. optional field. + :paramtype id: str + :keyword title: Gets or sets the connector blade title. Required. + :paramtype title: str + :keyword publisher: Gets or sets the connector publisher name. Required. + :paramtype publisher: str + :keyword description_markdown: Gets or sets the connector description in markdown format. + Required. + :paramtype description_markdown: str + :keyword graph_queries_table_name: Gets or sets the name of the table the connector will insert + the data to. + This name can be used in other queries by specifying {{graphQueriesTableName}} placeholder + in Query and LastDataReceivedQuery values. + :paramtype graph_queries_table_name: str + :keyword graph_queries: Gets or sets the graph queries to show the current data volume over + time. Required. + :paramtype graph_queries: list[~azure.mgmt.securityinsight.models.GraphQuery] + :keyword sample_queries: Gets or sets the sample queries for the connector. Required. + :paramtype sample_queries: list[~azure.mgmt.securityinsight.models.SampleQuery] + :keyword data_types: Gets or sets the data types to check for last data received. Required. + :paramtype data_types: list[~azure.mgmt.securityinsight.models.ConnectorDataType] + :keyword connectivity_criteria: Gets or sets the way the connector checks whether the connector + is connected. Required. + :paramtype connectivity_criteria: + list[~azure.mgmt.securityinsight.models.ConnectivityCriterion] + :keyword availability: The exposure status of the connector to the customers. + :paramtype availability: ~azure.mgmt.securityinsight.models.ConnectorDefinitionsAvailability + :keyword permissions: The required Permissions for the connector. Required. + :paramtype permissions: ~azure.mgmt.securityinsight.models.ConnectorDefinitionsPermissions + :keyword instruction_steps: Gets or sets the instruction steps to enable the connector. + Required. + :paramtype instruction_steps: list[~azure.mgmt.securityinsight.models.InstructionStep] + :keyword logo: Gets or sets the connector logo to be used when displaying the connector within + Azure Sentinel's connector's gallery. + The logo value should be in SVG format. + :paramtype logo: str + :keyword is_connectivity_criterias_match_some: Gets or sets a value indicating whether to use + 'OR'(SOME) or 'AND' between ConnectivityCriteria items. + :paramtype is_connectivity_criterias_match_some: bool + """ super().__init__(**kwargs) - self.dns_server_ip_entity_id = None - self.domain_name = None - self.host_ip_address_entity_id = None - self.ip_address_entity_ids = None + self.id = id + self.title = title + self.publisher = publisher + self.description_markdown = description_markdown + self.graph_queries_table_name = graph_queries_table_name + self.graph_queries = graph_queries + self.sample_queries = sample_queries + self.data_types = data_types + self.connectivity_criteria = connectivity_criteria + self.availability = availability + self.permissions = permissions + self.instruction_steps = instruction_steps + self.logo = logo + self.is_connectivity_criterias_match_some = is_connectivity_criterias_match_some -class Dynamics365CheckRequirements(DataConnectorsCheckRequirements): - """Represents Dynamics365 requirements check request. +class CustomPermissionDetails(_serialization.Model): + """The Custom permissions required for the connector. All required parameters must be populated in order to send to Azure. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str + :ivar name: Gets or sets the custom permissions name. Required. + :vartype name: str + :ivar description: Gets or sets the custom permissions description. Required. + :vartype description: str """ _validation = { - "kind": {"required": True}, + "name": {"required": True}, + "description": {"required": True}, } _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "description": {"key": "description", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, name: str, description: str, **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str + :keyword name: Gets or sets the custom permissions name. Required. + :paramtype name: str + :keyword description: Gets or sets the custom permissions description. Required. + :paramtype description: str """ super().__init__(**kwargs) - self.kind: str = "Dynamics365" - self.tenant_id = tenant_id - + self.name = name + self.description = description -class Dynamics365CheckRequirementsProperties(DataConnectorTenantId): - """Dynamics365 requirements check properties. - All required parameters must be populated in order to send to Azure. +class CustomsPermission(_serialization.Model): + """Customs permissions required for the connector. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str + :ivar name: Customs permissions name. + :vartype name: str + :ivar description: Customs permissions description. + :vartype description: str """ - _validation = { - "tenant_id": {"required": True}, - } - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "description": {"key": "description", "type": "str"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__(self, *, name: Optional[str] = None, description: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str + :keyword name: Customs permissions name. + :paramtype name: str + :keyword description: Customs permissions description. + :paramtype description: str """ - super().__init__(tenant_id=tenant_id, **kwargs) - - -class Dynamics365DataConnector(DataConnector): - """Represents Dynamics365 data connector. + super().__init__(**kwargs) + self.name = name + self.description = description - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class Customs(CustomsPermission): + """Customs permissions required for the connector. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. + :ivar name: Customs permissions name. :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes + :ivar description: Customs permissions description. + :vartype description: str """ - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - _attribute_map = { - "id": {"key": "id", "type": "str"}, "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "Dynamics365DataConnectorDataTypes"}, + "description": {"key": "description", "type": "str"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.Dynamics365DataConnectorDataTypes"] = None, - **kwargs - ): + def __init__(self, *, name: Optional[str] = None, description: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes + :keyword name: Customs permissions name. + :paramtype name: str + :keyword description: Customs permissions description. + :paramtype description: str """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "Dynamics365" - self.tenant_id = tenant_id - self.data_types = data_types - + super().__init__(name=name, description=description, **kwargs) -class Dynamics365DataConnectorDataTypes(_serialization.Model): - """The available data types for Dynamics365 data connector. - All required parameters must be populated in order to send to Azure. +class DataConnectorConnectBody(_serialization.Model): # pylint: disable=too-many-instance-attributes + """Represents Codeless API Polling data connector. - :ivar dynamics365_cds_activities: Common Data Service data type connection. Required. - :vartype dynamics365_cds_activities: - ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypesDynamics365CdsActivities + :ivar kind: The authentication kind used to poll the data. Known values are: "Basic", "OAuth2", + and "APIKey". + :vartype kind: str or ~azure.mgmt.securityinsight.models.ConnectAuthKind + :ivar api_key: The API key of the audit server. + :vartype api_key: str + :ivar data_collection_endpoint: Used in v2 logs connector. Represents the data collection + ingestion endpoint in log analytics. + :vartype data_collection_endpoint: str + :ivar data_collection_rule_immutable_id: Used in v2 logs connector. The data collection rule + immutable id, the rule defines the transformation and data destination. + :vartype data_collection_rule_immutable_id: str + :ivar output_stream: Used in v2 logs connector. The stream we are sending the data to, this is + the name of the streamDeclarations defined in the DCR. + :vartype output_stream: str + :ivar client_secret: The client secret of the OAuth 2.0 application. + :vartype client_secret: str + :ivar client_id: The client id of the OAuth 2.0 application. + :vartype client_id: str + :ivar authorization_code: The authorization code used in OAuth 2.0 code flow to issue a token. + :vartype authorization_code: str + :ivar user_name: The user name in the audit log server. + :vartype user_name: str + :ivar password: The user password in the audit log server. + :vartype password: str + :ivar request_config_user_input_values: + :vartype request_config_user_input_values: list[JSON] """ - _validation = { - "dynamics365_cds_activities": {"required": True}, - } - _attribute_map = { - "dynamics365_cds_activities": { - "key": "dynamics365CdsActivities", - "type": "Dynamics365DataConnectorDataTypesDynamics365CdsActivities", - }, + "kind": {"key": "kind", "type": "str"}, + "api_key": {"key": "apiKey", "type": "str"}, + "data_collection_endpoint": {"key": "dataCollectionEndpoint", "type": "str"}, + "data_collection_rule_immutable_id": {"key": "dataCollectionRuleImmutableId", "type": "str"}, + "output_stream": {"key": "outputStream", "type": "str"}, + "client_secret": {"key": "clientSecret", "type": "str"}, + "client_id": {"key": "clientId", "type": "str"}, + "authorization_code": {"key": "authorizationCode", "type": "str"}, + "user_name": {"key": "userName", "type": "str"}, + "password": {"key": "password", "type": "str"}, + "request_config_user_input_values": {"key": "requestConfigUserInputValues", "type": "[object]"}, } def __init__( self, *, - dynamics365_cds_activities: "_models.Dynamics365DataConnectorDataTypesDynamics365CdsActivities", - **kwargs - ): + kind: Optional[Union[str, "_models.ConnectAuthKind"]] = None, + api_key: Optional[str] = None, + data_collection_endpoint: Optional[str] = None, + data_collection_rule_immutable_id: Optional[str] = None, + output_stream: Optional[str] = None, + client_secret: Optional[str] = None, + client_id: Optional[str] = None, + authorization_code: Optional[str] = None, + user_name: Optional[str] = None, + password: Optional[str] = None, + request_config_user_input_values: Optional[List[JSON]] = None, + **kwargs: Any + ) -> None: """ - :keyword dynamics365_cds_activities: Common Data Service data type connection. Required. - :paramtype dynamics365_cds_activities: - ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypesDynamics365CdsActivities + :keyword kind: The authentication kind used to poll the data. Known values are: "Basic", + "OAuth2", and "APIKey". + :paramtype kind: str or ~azure.mgmt.securityinsight.models.ConnectAuthKind + :keyword api_key: The API key of the audit server. + :paramtype api_key: str + :keyword data_collection_endpoint: Used in v2 logs connector. Represents the data collection + ingestion endpoint in log analytics. + :paramtype data_collection_endpoint: str + :keyword data_collection_rule_immutable_id: Used in v2 logs connector. The data collection rule + immutable id, the rule defines the transformation and data destination. + :paramtype data_collection_rule_immutable_id: str + :keyword output_stream: Used in v2 logs connector. The stream we are sending the data to, this + is the name of the streamDeclarations defined in the DCR. + :paramtype output_stream: str + :keyword client_secret: The client secret of the OAuth 2.0 application. + :paramtype client_secret: str + :keyword client_id: The client id of the OAuth 2.0 application. + :paramtype client_id: str + :keyword authorization_code: The authorization code used in OAuth 2.0 code flow to issue a + token. + :paramtype authorization_code: str + :keyword user_name: The user name in the audit log server. + :paramtype user_name: str + :keyword password: The user password in the audit log server. + :paramtype password: str + :keyword request_config_user_input_values: + :paramtype request_config_user_input_values: list[JSON] """ super().__init__(**kwargs) - self.dynamics365_cds_activities = dynamics365_cds_activities - + self.kind = kind + self.api_key = api_key + self.data_collection_endpoint = data_collection_endpoint + self.data_collection_rule_immutable_id = data_collection_rule_immutable_id + self.output_stream = output_stream + self.client_secret = client_secret + self.client_id = client_id + self.authorization_code = authorization_code + self.user_name = user_name + self.password = password + self.request_config_user_input_values = request_config_user_input_values -class Dynamics365DataConnectorDataTypesDynamics365CdsActivities(DataConnectorDataTypeCommon): - """Common Data Service data type connection. - All required parameters must be populated in order to send to Azure. +class DataConnectorDefinitionArmCollectionWrapper(_serialization.Model): + """Encapsulate the data connector definition object. - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :ivar value: + :vartype value: list[~azure.mgmt.securityinsight.models.DataConnectorDefinition] + :ivar next_link: + :vartype next_link: str """ - _validation = { - "state": {"required": True}, - } - _attribute_map = { - "state": {"key": "state", "type": "str"}, + "value": {"key": "value", "type": "[DataConnectorDefinition]"}, + "next_link": {"key": "nextLink", "type": "str"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__( + self, + *, + value: Optional[List["_models.DataConnectorDefinition"]] = None, + next_link: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword value: + :paramtype value: list[~azure.mgmt.securityinsight.models.DataConnectorDefinition] + :keyword next_link: + :paramtype next_link: str """ - super().__init__(state=state, **kwargs) + super().__init__(**kwargs) + self.value = value + self.next_link = next_link -class Dynamics365DataConnectorProperties(DataConnectorTenantId): - """Dynamics365 data connector properties. +class DataConnectorList(_serialization.Model): + """List all the data connectors. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes + :ivar next_link: URL to fetch the next set of data connectors. + :vartype next_link: str + :ivar value: Array of data connectors. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.DataConnector] """ _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "Dynamics365DataConnectorDataTypes"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[DataConnector]"}, } - def __init__(self, *, tenant_id: str, data_types: "_models.Dynamics365DataConnectorDataTypes", **kwargs): + def __init__(self, *, value: List["_models.DataConnector"], **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes + :keyword value: Array of data connectors. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.DataConnector] """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.data_types = data_types + super().__init__(**kwargs) + self.next_link = None + self.value = value -class EnrichmentDomainWhois(_serialization.Model): - """Whois information for a given domain and associated metadata. +class DataConnectorRequirementsState(_serialization.Model): + """Data connector requirements status. - :ivar domain: The domain for this whois record. - :vartype domain: str - :ivar server: The hostname of this registrar's whois server. - :vartype server: str - :ivar created: The timestamp at which this record was created. - :vartype created: ~datetime.datetime - :ivar updated: The timestamp at which this record was last updated. - :vartype updated: ~datetime.datetime - :ivar expires: The timestamp at which this record will expire. - :vartype expires: ~datetime.datetime - :ivar parsed_whois: The whois record for a given domain. - :vartype parsed_whois: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisDetails + :ivar authorization_state: Authorization state for this connector. Known values are: "Valid" + and "Invalid". + :vartype authorization_state: str or + ~azure.mgmt.securityinsight.models.DataConnectorAuthorizationState + :ivar license_state: License state for this connector. Known values are: "Valid", "Invalid", + and "Unknown". + :vartype license_state: str or ~azure.mgmt.securityinsight.models.DataConnectorLicenseState """ _attribute_map = { - "domain": {"key": "domain", "type": "str"}, - "server": {"key": "server", "type": "str"}, - "created": {"key": "created", "type": "iso-8601"}, - "updated": {"key": "updated", "type": "iso-8601"}, - "expires": {"key": "expires", "type": "iso-8601"}, - "parsed_whois": {"key": "parsedWhois", "type": "EnrichmentDomainWhoisDetails"}, + "authorization_state": {"key": "authorizationState", "type": "str"}, + "license_state": {"key": "licenseState", "type": "str"}, } def __init__( self, *, - domain: Optional[str] = None, - server: Optional[str] = None, - created: Optional[datetime.datetime] = None, - updated: Optional[datetime.datetime] = None, - expires: Optional[datetime.datetime] = None, - parsed_whois: Optional["_models.EnrichmentDomainWhoisDetails"] = None, - **kwargs - ): + authorization_state: Optional[Union[str, "_models.DataConnectorAuthorizationState"]] = None, + license_state: Optional[Union[str, "_models.DataConnectorLicenseState"]] = None, + **kwargs: Any + ) -> None: """ - :keyword domain: The domain for this whois record. - :paramtype domain: str - :keyword server: The hostname of this registrar's whois server. - :paramtype server: str - :keyword created: The timestamp at which this record was created. - :paramtype created: ~datetime.datetime - :keyword updated: The timestamp at which this record was last updated. - :paramtype updated: ~datetime.datetime - :keyword expires: The timestamp at which this record will expire. - :paramtype expires: ~datetime.datetime - :keyword parsed_whois: The whois record for a given domain. - :paramtype parsed_whois: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisDetails + :keyword authorization_state: Authorization state for this connector. Known values are: "Valid" + and "Invalid". + :paramtype authorization_state: str or + ~azure.mgmt.securityinsight.models.DataConnectorAuthorizationState + :keyword license_state: License state for this connector. Known values are: "Valid", "Invalid", + and "Unknown". + :paramtype license_state: str or ~azure.mgmt.securityinsight.models.DataConnectorLicenseState """ super().__init__(**kwargs) - self.domain = domain - self.server = server - self.created = created - self.updated = updated - self.expires = expires - self.parsed_whois = parsed_whois + self.authorization_state = authorization_state + self.license_state = license_state -class EnrichmentDomainWhoisContact(_serialization.Model): - """An individual contact associated with this domain. +class DataTypeDefinitions(_serialization.Model): + """The data type definition. - :ivar name: The name of this contact. - :vartype name: str - :ivar org: The organization for this contact. - :vartype org: str - :ivar street: A list describing the street address for this contact. - :vartype street: list[str] - :ivar city: The city for this contact. - :vartype city: str - :ivar state: The state for this contact. - :vartype state: str - :ivar postal: The postal code for this contact. - :vartype postal: str - :ivar country: The country for this contact. - :vartype country: str - :ivar phone: The phone number for this contact. - :vartype phone: str - :ivar fax: The fax number for this contact. - :vartype fax: str - :ivar email: The email address for this contact. - :vartype email: str + :ivar data_type: The data type name. + :vartype data_type: str """ _attribute_map = { - "name": {"key": "name", "type": "str"}, - "org": {"key": "org", "type": "str"}, - "street": {"key": "street", "type": "[str]"}, - "city": {"key": "city", "type": "str"}, - "state": {"key": "state", "type": "str"}, - "postal": {"key": "postal", "type": "str"}, - "country": {"key": "country", "type": "str"}, - "phone": {"key": "phone", "type": "str"}, - "fax": {"key": "fax", "type": "str"}, - "email": {"key": "email", "type": "str"}, + "data_type": {"key": "dataType", "type": "str"}, } - def __init__( - self, - *, - name: Optional[str] = None, - org: Optional[str] = None, - street: Optional[List[str]] = None, - city: Optional[str] = None, - state: Optional[str] = None, - postal: Optional[str] = None, - country: Optional[str] = None, - phone: Optional[str] = None, - fax: Optional[str] = None, - email: Optional[str] = None, - **kwargs - ): + def __init__(self, *, data_type: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword name: The name of this contact. - :paramtype name: str - :keyword org: The organization for this contact. - :paramtype org: str - :keyword street: A list describing the street address for this contact. - :paramtype street: list[str] - :keyword city: The city for this contact. - :paramtype city: str - :keyword state: The state for this contact. - :paramtype state: str - :keyword postal: The postal code for this contact. - :paramtype postal: str - :keyword country: The country for this contact. - :paramtype country: str - :keyword phone: The phone number for this contact. - :paramtype phone: str - :keyword fax: The fax number for this contact. - :paramtype fax: str - :keyword email: The email address for this contact. - :paramtype email: str + :keyword data_type: The data type name. + :paramtype data_type: str """ super().__init__(**kwargs) - self.name = name - self.org = org - self.street = street - self.city = city - self.state = state - self.postal = postal - self.country = country - self.phone = phone - self.fax = fax - self.email = email + self.data_type = data_type -class EnrichmentDomainWhoisContacts(_serialization.Model): - """The set of contacts associated with this domain. +class DCRConfiguration(_serialization.Model): + """The configuration of the destination of the data. - :ivar admin: The admin contact for this whois record. - :vartype admin: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact - :ivar billing: The billing contact for this whois record. - :vartype billing: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact - :ivar registrant: The registrant contact for this whois record. - :vartype registrant: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact - :ivar tech: The technical contact for this whois record. - :vartype tech: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + All required parameters must be populated in order to send to Azure. + + :ivar data_collection_endpoint: Represents the data collection ingestion endpoint in log + analytics. Required. + :vartype data_collection_endpoint: str + :ivar data_collection_rule_immutable_id: The data collection rule immutable id, the rule + defines the transformation and data destination. Required. + :vartype data_collection_rule_immutable_id: str + :ivar stream_name: The stream we are sending the data to. Required. + :vartype stream_name: str """ + _validation = { + "data_collection_endpoint": {"required": True}, + "data_collection_rule_immutable_id": {"required": True}, + "stream_name": {"required": True}, + } + _attribute_map = { - "admin": {"key": "admin", "type": "EnrichmentDomainWhoisContact"}, - "billing": {"key": "billing", "type": "EnrichmentDomainWhoisContact"}, - "registrant": {"key": "registrant", "type": "EnrichmentDomainWhoisContact"}, - "tech": {"key": "tech", "type": "EnrichmentDomainWhoisContact"}, + "data_collection_endpoint": {"key": "dataCollectionEndpoint", "type": "str"}, + "data_collection_rule_immutable_id": {"key": "dataCollectionRuleImmutableId", "type": "str"}, + "stream_name": {"key": "streamName", "type": "str"}, } def __init__( - self, - *, - admin: Optional["_models.EnrichmentDomainWhoisContact"] = None, - billing: Optional["_models.EnrichmentDomainWhoisContact"] = None, - registrant: Optional["_models.EnrichmentDomainWhoisContact"] = None, - tech: Optional["_models.EnrichmentDomainWhoisContact"] = None, - **kwargs - ): + self, *, data_collection_endpoint: str, data_collection_rule_immutable_id: str, stream_name: str, **kwargs: Any + ) -> None: """ - :keyword admin: The admin contact for this whois record. - :paramtype admin: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact - :keyword billing: The billing contact for this whois record. - :paramtype billing: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact - :keyword registrant: The registrant contact for this whois record. - :paramtype registrant: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact - :keyword tech: The technical contact for this whois record. - :paramtype tech: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + :keyword data_collection_endpoint: Represents the data collection ingestion endpoint in log + analytics. Required. + :paramtype data_collection_endpoint: str + :keyword data_collection_rule_immutable_id: The data collection rule immutable id, the rule + defines the transformation and data destination. Required. + :paramtype data_collection_rule_immutable_id: str + :keyword stream_name: The stream we are sending the data to. Required. + :paramtype stream_name: str """ super().__init__(**kwargs) - self.admin = admin - self.billing = billing - self.registrant = registrant - self.tech = tech + self.data_collection_endpoint = data_collection_endpoint + self.data_collection_rule_immutable_id = data_collection_rule_immutable_id + self.stream_name = stream_name -class EnrichmentDomainWhoisDetails(_serialization.Model): - """The whois record for a given domain. +class Deployment(_serialization.Model): + """Description about a deployment. - :ivar registrar: The registrar associated with this domain. - :vartype registrar: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisRegistrarDetails - :ivar contacts: The set of contacts associated with this domain. - :vartype contacts: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContacts - :ivar name_servers: A list of name servers associated with this domain. - :vartype name_servers: list[str] - :ivar statuses: The set of status flags for this whois record. - :vartype statuses: list[str] + :ivar deployment_id: Deployment identifier. + :vartype deployment_id: str + :ivar deployment_state: Current status of the deployment. Known values are: "In_Progress", + "Completed", "Queued", and "Canceling". + :vartype deployment_state: str or ~azure.mgmt.securityinsight.models.DeploymentState + :ivar deployment_result: The outcome of the deployment. Known values are: "Success", + "Canceled", and "Failed". + :vartype deployment_result: str or ~azure.mgmt.securityinsight.models.DeploymentResult + :ivar deployment_time: The time when the deployment finished. + :vartype deployment_time: ~datetime.datetime + :ivar deployment_logs_url: Url to access repository action logs. + :vartype deployment_logs_url: str """ _attribute_map = { - "registrar": {"key": "registrar", "type": "EnrichmentDomainWhoisRegistrarDetails"}, - "contacts": {"key": "contacts", "type": "EnrichmentDomainWhoisContacts"}, - "name_servers": {"key": "nameServers", "type": "[str]"}, - "statuses": {"key": "statuses", "type": "[str]"}, + "deployment_id": {"key": "deploymentId", "type": "str"}, + "deployment_state": {"key": "deploymentState", "type": "str"}, + "deployment_result": {"key": "deploymentResult", "type": "str"}, + "deployment_time": {"key": "deploymentTime", "type": "iso-8601"}, + "deployment_logs_url": {"key": "deploymentLogsUrl", "type": "str"}, } def __init__( self, *, - registrar: Optional["_models.EnrichmentDomainWhoisRegistrarDetails"] = None, - contacts: Optional["_models.EnrichmentDomainWhoisContacts"] = None, - name_servers: Optional[List[str]] = None, - statuses: Optional[List[str]] = None, - **kwargs - ): + deployment_id: Optional[str] = None, + deployment_state: Optional[Union[str, "_models.DeploymentState"]] = None, + deployment_result: Optional[Union[str, "_models.DeploymentResult"]] = None, + deployment_time: Optional[datetime.datetime] = None, + deployment_logs_url: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword registrar: The registrar associated with this domain. - :paramtype registrar: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisRegistrarDetails - :keyword contacts: The set of contacts associated with this domain. - :paramtype contacts: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContacts - :keyword name_servers: A list of name servers associated with this domain. - :paramtype name_servers: list[str] - :keyword statuses: The set of status flags for this whois record. - :paramtype statuses: list[str] + :keyword deployment_id: Deployment identifier. + :paramtype deployment_id: str + :keyword deployment_state: Current status of the deployment. Known values are: "In_Progress", + "Completed", "Queued", and "Canceling". + :paramtype deployment_state: str or ~azure.mgmt.securityinsight.models.DeploymentState + :keyword deployment_result: The outcome of the deployment. Known values are: "Success", + "Canceled", and "Failed". + :paramtype deployment_result: str or ~azure.mgmt.securityinsight.models.DeploymentResult + :keyword deployment_time: The time when the deployment finished. + :paramtype deployment_time: ~datetime.datetime + :keyword deployment_logs_url: Url to access repository action logs. + :paramtype deployment_logs_url: str """ super().__init__(**kwargs) - self.registrar = registrar - self.contacts = contacts - self.name_servers = name_servers - self.statuses = statuses - - -class EnrichmentDomainWhoisRegistrarDetails(_serialization.Model): - """The registrar associated with this domain. - - :ivar name: The name of this registrar. - :vartype name: str - :ivar abuse_contact_email: This registrar's abuse contact email. - :vartype abuse_contact_email: str - :ivar abuse_contact_phone: This registrar's abuse contact phone number. - :vartype abuse_contact_phone: str - :ivar iana_id: This registrar's Internet Assigned Numbers Authority id. - :vartype iana_id: str - :ivar url: This registrar's URL. - :vartype url: str - :ivar whois_server: The hostname of this registrar's whois server. - :vartype whois_server: str - """ - - _attribute_map = { - "name": {"key": "name", "type": "str"}, - "abuse_contact_email": {"key": "abuseContactEmail", "type": "str"}, - "abuse_contact_phone": {"key": "abuseContactPhone", "type": "str"}, - "iana_id": {"key": "ianaId", "type": "str"}, - "url": {"key": "url", "type": "str"}, - "whois_server": {"key": "whoisServer", "type": "str"}, - } - - def __init__( - self, - *, - name: Optional[str] = None, - abuse_contact_email: Optional[str] = None, - abuse_contact_phone: Optional[str] = None, - iana_id: Optional[str] = None, - url: Optional[str] = None, - whois_server: Optional[str] = None, - **kwargs - ): - """ - :keyword name: The name of this registrar. - :paramtype name: str - :keyword abuse_contact_email: This registrar's abuse contact email. - :paramtype abuse_contact_email: str - :keyword abuse_contact_phone: This registrar's abuse contact phone number. - :paramtype abuse_contact_phone: str - :keyword iana_id: This registrar's Internet Assigned Numbers Authority id. - :paramtype iana_id: str - :keyword url: This registrar's URL. - :paramtype url: str - :keyword whois_server: The hostname of this registrar's whois server. - :paramtype whois_server: str - """ - super().__init__(**kwargs) - self.name = name - self.abuse_contact_email = abuse_contact_email - self.abuse_contact_phone = abuse_contact_phone - self.iana_id = iana_id - self.url = url - self.whois_server = whois_server + self.deployment_id = deployment_id + self.deployment_state = deployment_state + self.deployment_result = deployment_result + self.deployment_time = deployment_time + self.deployment_logs_url = deployment_logs_url -class EnrichmentIpGeodata(_serialization.Model): # pylint: disable=too-many-instance-attributes - """Geodata information for a given IP address. +class DeploymentInfo(_serialization.Model): + """Information regarding a deployment. - :ivar asn: The autonomous system number associated with this IP address. - :vartype asn: str - :ivar carrier: The name of the carrier for this IP address. - :vartype carrier: str - :ivar city: The city this IP address is located in. - :vartype city: str - :ivar city_cf: A numeric rating of confidence that the value in the 'city' field is correct, on - a scale of 0-100. - :vartype city_cf: int - :ivar continent: The continent this IP address is located on. - :vartype continent: str - :ivar country: The county this IP address is located in. - :vartype country: str - :ivar country_cf: A numeric rating of confidence that the value in the 'country' field is - correct on a scale of 0-100. - :vartype country_cf: int - :ivar ip_addr: The dotted-decimal or colon-separated string representation of the IP address. - :vartype ip_addr: str - :ivar ip_routing_type: A description of the connection type of this IP address. - :vartype ip_routing_type: str - :ivar latitude: The latitude of this IP address. - :vartype latitude: str - :ivar longitude: The longitude of this IP address. - :vartype longitude: str - :ivar organization: The name of the organization for this IP address. - :vartype organization: str - :ivar organization_type: The type of the organization for this IP address. - :vartype organization_type: str - :ivar region: The geographic region this IP address is located in. - :vartype region: str - :ivar state: The state this IP address is located in. - :vartype state: str - :ivar state_cf: A numeric rating of confidence that the value in the 'state' field is correct - on a scale of 0-100. - :vartype state_cf: int - :ivar state_code: The abbreviated name for the state this IP address is located in. - :vartype state_code: str + :ivar deployment_fetch_status: Status while fetching the last deployment. Known values are: + "Success", "Unauthorized", and "NotFound". + :vartype deployment_fetch_status: str or + ~azure.mgmt.securityinsight.models.DeploymentFetchStatus + :ivar deployment: Deployment information. + :vartype deployment: ~azure.mgmt.securityinsight.models.Deployment + :ivar message: Additional details about the deployment that can be shown to the user. + :vartype message: str """ _attribute_map = { - "asn": {"key": "asn", "type": "str"}, - "carrier": {"key": "carrier", "type": "str"}, - "city": {"key": "city", "type": "str"}, - "city_cf": {"key": "cityCf", "type": "int"}, - "continent": {"key": "continent", "type": "str"}, - "country": {"key": "country", "type": "str"}, - "country_cf": {"key": "countryCf", "type": "int"}, - "ip_addr": {"key": "ipAddr", "type": "str"}, - "ip_routing_type": {"key": "ipRoutingType", "type": "str"}, - "latitude": {"key": "latitude", "type": "str"}, - "longitude": {"key": "longitude", "type": "str"}, - "organization": {"key": "organization", "type": "str"}, - "organization_type": {"key": "organizationType", "type": "str"}, - "region": {"key": "region", "type": "str"}, - "state": {"key": "state", "type": "str"}, - "state_cf": {"key": "stateCf", "type": "int"}, - "state_code": {"key": "stateCode", "type": "str"}, + "deployment_fetch_status": {"key": "deploymentFetchStatus", "type": "str"}, + "deployment": {"key": "deployment", "type": "Deployment"}, + "message": {"key": "message", "type": "str"}, } def __init__( self, *, - asn: Optional[str] = None, - carrier: Optional[str] = None, - city: Optional[str] = None, - city_cf: Optional[int] = None, - continent: Optional[str] = None, - country: Optional[str] = None, - country_cf: Optional[int] = None, - ip_addr: Optional[str] = None, - ip_routing_type: Optional[str] = None, - latitude: Optional[str] = None, - longitude: Optional[str] = None, - organization: Optional[str] = None, - organization_type: Optional[str] = None, - region: Optional[str] = None, - state: Optional[str] = None, - state_cf: Optional[int] = None, - state_code: Optional[str] = None, - **kwargs - ): + deployment_fetch_status: Optional[Union[str, "_models.DeploymentFetchStatus"]] = None, + deployment: Optional["_models.Deployment"] = None, + message: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword asn: The autonomous system number associated with this IP address. - :paramtype asn: str - :keyword carrier: The name of the carrier for this IP address. - :paramtype carrier: str - :keyword city: The city this IP address is located in. - :paramtype city: str - :keyword city_cf: A numeric rating of confidence that the value in the 'city' field is correct, - on a scale of 0-100. - :paramtype city_cf: int - :keyword continent: The continent this IP address is located on. - :paramtype continent: str - :keyword country: The county this IP address is located in. - :paramtype country: str - :keyword country_cf: A numeric rating of confidence that the value in the 'country' field is - correct on a scale of 0-100. - :paramtype country_cf: int - :keyword ip_addr: The dotted-decimal or colon-separated string representation of the IP - address. - :paramtype ip_addr: str - :keyword ip_routing_type: A description of the connection type of this IP address. - :paramtype ip_routing_type: str - :keyword latitude: The latitude of this IP address. - :paramtype latitude: str - :keyword longitude: The longitude of this IP address. - :paramtype longitude: str - :keyword organization: The name of the organization for this IP address. - :paramtype organization: str - :keyword organization_type: The type of the organization for this IP address. - :paramtype organization_type: str - :keyword region: The geographic region this IP address is located in. - :paramtype region: str - :keyword state: The state this IP address is located in. - :paramtype state: str - :keyword state_cf: A numeric rating of confidence that the value in the 'state' field is - correct on a scale of 0-100. - :paramtype state_cf: int - :keyword state_code: The abbreviated name for the state this IP address is located in. - :paramtype state_code: str + :keyword deployment_fetch_status: Status while fetching the last deployment. Known values are: + "Success", "Unauthorized", and "NotFound". + :paramtype deployment_fetch_status: str or + ~azure.mgmt.securityinsight.models.DeploymentFetchStatus + :keyword deployment: Deployment information. + :paramtype deployment: ~azure.mgmt.securityinsight.models.Deployment + :keyword message: Additional details about the deployment that can be shown to the user. + :paramtype message: str """ super().__init__(**kwargs) - self.asn = asn - self.carrier = carrier - self.city = city - self.city_cf = city_cf - self.continent = continent - self.country = country - self.country_cf = country_cf - self.ip_addr = ip_addr - self.ip_routing_type = ip_routing_type - self.latitude = latitude - self.longitude = longitude - self.organization = organization - self.organization_type = organization_type - self.region = region - self.state = state - self.state_cf = state_cf - self.state_code = state_code + self.deployment_fetch_status = deployment_fetch_status + self.deployment = deployment + self.message = message -class EntityAnalytics(Settings): - """Settings with single toggle. +class DnsEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a dns entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -7273,13 +7312,25 @@ class EntityAnalytics(Settings): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", - "EntityAnalytics", and "Ueba". - :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind - :ivar entity_providers: The relevant entity providers that are synced. - :vartype entity_providers: list[str or ~azure.mgmt.securityinsight.models.EntityProviders] + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar dns_server_ip_entity_id: An ip entity id for the dns server resolving the request. + :vartype dns_server_ip_entity_id: str + :ivar domain_name: The name of the dns record associated with the alert. + :vartype domain_name: str + :ivar host_ip_address_entity_id: An ip entity id for the dns request client. + :vartype host_ip_address_entity_id: str + :ivar ip_address_entity_ids: Ip entity identifiers for the resolved ip address. + :vartype ip_address_entity_ids: list[str] """ _validation = { @@ -7288,6 +7339,12 @@ class EntityAnalytics(Settings): "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "dns_server_ip_entity_id": {"readonly": True}, + "domain_name": {"readonly": True}, + "host_ip_address_entity_id": {"readonly": True}, + "ip_address_entity_ids": {"readonly": True}, } _attribute_map = { @@ -7295,1378 +7352,1433 @@ class EntityAnalytics(Settings): "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "entity_providers": {"key": "properties.entityProviders", "type": "[str]"}, - } + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "dns_server_ip_entity_id": {"key": "properties.dnsServerIpEntityId", "type": "str"}, + "domain_name": {"key": "properties.domainName", "type": "str"}, + "host_ip_address_entity_id": {"key": "properties.hostIpAddressEntityId", "type": "str"}, + "ip_address_entity_ids": {"key": "properties.ipAddressEntityIds", "type": "[str]"}, + } - def __init__( - self, - *, - etag: Optional[str] = None, - entity_providers: Optional[List[Union[str, "_models.EntityProviders"]]] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword entity_providers: The relevant entity providers that are synced. - :paramtype entity_providers: list[str or ~azure.mgmt.securityinsight.models.EntityProviders] - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "EntityAnalytics" - self.entity_providers = entity_providers + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.kind: str = "DnsResolution" + self.additional_data = None + self.friendly_name = None + self.dns_server_ip_entity_id = None + self.domain_name = None + self.host_ip_address_entity_id = None + self.ip_address_entity_ids = None -class EntityEdges(_serialization.Model): - """The edge that connects the entity to the other entity. +class DnsEntityProperties(EntityCommonProperties): + """Dns entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. - :ivar target_entity_id: The target entity Id. - :vartype target_entity_id: str :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar dns_server_ip_entity_id: An ip entity id for the dns server resolving the request. + :vartype dns_server_ip_entity_id: str + :ivar domain_name: The name of the dns record associated with the alert. + :vartype domain_name: str + :ivar host_ip_address_entity_id: An ip entity id for the dns request client. + :vartype host_ip_address_entity_id: str + :ivar ip_address_entity_ids: Ip entity identifiers for the resolved ip address. + :vartype ip_address_entity_ids: list[str] """ + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "dns_server_ip_entity_id": {"readonly": True}, + "domain_name": {"readonly": True}, + "host_ip_address_entity_id": {"readonly": True}, + "ip_address_entity_ids": {"readonly": True}, + } + _attribute_map = { - "target_entity_id": {"key": "targetEntityId", "type": "str"}, "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "dns_server_ip_entity_id": {"key": "dnsServerIpEntityId", "type": "str"}, + "domain_name": {"key": "domainName", "type": "str"}, + "host_ip_address_entity_id": {"key": "hostIpAddressEntityId", "type": "str"}, + "ip_address_entity_ids": {"key": "ipAddressEntityIds", "type": "[str]"}, } - def __init__( - self, *, target_entity_id: Optional[str] = None, additional_data: Optional[Dict[str, Any]] = None, **kwargs - ): - """ - :keyword target_entity_id: The target entity Id. - :paramtype target_entity_id: str - :keyword additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :paramtype additional_data: dict[str, any] - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.target_entity_id = target_entity_id - self.additional_data = additional_data + self.dns_server_ip_entity_id = None + self.domain_name = None + self.host_ip_address_entity_id = None + self.ip_address_entity_ids = None -class EntityExpandParameters(_serialization.Model): - """The parameters required to execute an expand operation on the given entity. +class Dynamics365CheckRequirements(DataConnectorsCheckRequirements): + """Represents Dynamics365 requirements check request. - :ivar end_time: The end date filter, so the only expansion results returned are before this - date. - :vartype end_time: ~datetime.datetime - :ivar expansion_id: The Id of the expansion to perform. - :vartype expansion_id: str - :ivar start_time: The start date filter, so the only expansion results returned are after this - date. - :vartype start_time: ~datetime.datetime + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str """ + _validation = { + "kind": {"required": True}, + } + _attribute_map = { - "end_time": {"key": "endTime", "type": "iso-8601"}, - "expansion_id": {"key": "expansionId", "type": "str"}, - "start_time": {"key": "startTime", "type": "iso-8601"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, } - def __init__( - self, - *, - end_time: Optional[datetime.datetime] = None, - expansion_id: Optional[str] = None, - start_time: Optional[datetime.datetime] = None, - **kwargs - ): + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword end_time: The end date filter, so the only expansion results returned are before this - date. - :paramtype end_time: ~datetime.datetime - :keyword expansion_id: The Id of the expansion to perform. - :paramtype expansion_id: str - :keyword start_time: The start date filter, so the only expansion results returned are after - this date. - :paramtype start_time: ~datetime.datetime + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str """ super().__init__(**kwargs) - self.end_time = end_time - self.expansion_id = expansion_id - self.start_time = start_time + self.kind: str = "Dynamics365" + self.tenant_id = tenant_id -class EntityExpandResponse(_serialization.Model): - """The entity expansion result operation response. +class Dynamics365CheckRequirementsProperties(DataConnectorTenantId): + """Dynamics365 requirements check properties. - :ivar meta_data: The metadata from the expansion operation results. - :vartype meta_data: ~azure.mgmt.securityinsight.models.ExpansionResultsMetadata - :ivar value: The expansion result values. - :vartype value: ~azure.mgmt.securityinsight.models.EntityExpandResponseValue + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str """ + _validation = { + "tenant_id": {"required": True}, + } + _attribute_map = { - "meta_data": {"key": "metaData", "type": "ExpansionResultsMetadata"}, - "value": {"key": "value", "type": "EntityExpandResponseValue"}, + "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__( - self, - *, - meta_data: Optional["_models.ExpansionResultsMetadata"] = None, - value: Optional["_models.EntityExpandResponseValue"] = None, - **kwargs - ): + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: """ - :keyword meta_data: The metadata from the expansion operation results. - :paramtype meta_data: ~azure.mgmt.securityinsight.models.ExpansionResultsMetadata - :keyword value: The expansion result values. - :paramtype value: ~azure.mgmt.securityinsight.models.EntityExpandResponseValue + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str """ - super().__init__(**kwargs) - self.meta_data = meta_data - self.value = value + super().__init__(tenant_id=tenant_id, **kwargs) -class EntityExpandResponseValue(_serialization.Model): - """The expansion result values. +class Dynamics365DataConnector(DataConnector): + """Represents Dynamics365 data connector. - :ivar entities: Array of the expansion result entities. - :vartype entities: list[~azure.mgmt.securityinsight.models.Entity] - :ivar edges: Array of edges that connects the entity to the list of entities. - :vartype edges: list[~azure.mgmt.securityinsight.models.EntityEdges] + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes """ + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + _attribute_map = { - "entities": {"key": "entities", "type": "[Entity]"}, - "edges": {"key": "edges", "type": "[EntityEdges]"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "Dynamics365DataConnectorDataTypes"}, } def __init__( self, *, - entities: Optional[List["_models.Entity"]] = None, - edges: Optional[List["_models.EntityEdges"]] = None, - **kwargs - ): + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.Dynamics365DataConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: """ - :keyword entities: Array of the expansion result entities. - :paramtype entities: list[~azure.mgmt.securityinsight.models.Entity] - :keyword edges: Array of edges that connects the entity to the list of entities. - :paramtype edges: list[~azure.mgmt.securityinsight.models.EntityEdges] + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes """ - super().__init__(**kwargs) - self.entities = entities - self.edges = edges + super().__init__(etag=etag, **kwargs) + self.kind: str = "Dynamics365" + self.tenant_id = tenant_id + self.data_types = data_types -class EntityFieldMapping(_serialization.Model): - """Map identifiers of a single entity. +class Dynamics365DataConnectorDataTypes(_serialization.Model): + """The available data types for Dynamics365 data connector. - :ivar identifier: Alert V3 identifier. - :vartype identifier: str - :ivar value: The value of the identifier. - :vartype value: str + All required parameters must be populated in order to send to Azure. + + :ivar dynamics365_cds_activities: Common Data Service data type connection. Required. + :vartype dynamics365_cds_activities: + ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypesDynamics365CdsActivities """ - _attribute_map = { - "identifier": {"key": "identifier", "type": "str"}, - "value": {"key": "value", "type": "str"}, + _validation = { + "dynamics365_cds_activities": {"required": True}, } - def __init__(self, *, identifier: Optional[str] = None, value: Optional[str] = None, **kwargs): - """ - :keyword identifier: Alert V3 identifier. - :paramtype identifier: str - :keyword value: The value of the identifier. - :paramtype value: str + _attribute_map = { + "dynamics365_cds_activities": { + "key": "dynamics365CdsActivities", + "type": "Dynamics365DataConnectorDataTypesDynamics365CdsActivities", + }, + } + + def __init__( + self, + *, + dynamics365_cds_activities: "_models.Dynamics365DataConnectorDataTypesDynamics365CdsActivities", + **kwargs: Any + ) -> None: + """ + :keyword dynamics365_cds_activities: Common Data Service data type connection. Required. + :paramtype dynamics365_cds_activities: + ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypesDynamics365CdsActivities """ super().__init__(**kwargs) - self.identifier = identifier - self.value = value + self.dynamics365_cds_activities = dynamics365_cds_activities -class EntityGetInsightsParameters(_serialization.Model): - """The parameters required to execute insights operation on the given entity. +class Dynamics365DataConnectorDataTypesDynamics365CdsActivities(DataConnectorDataTypeCommon): + """Common Data Service data type connection. All required parameters must be populated in order to send to Azure. - :ivar start_time: The start timeline date, so the results returned are after this date. - Required. - :vartype start_time: ~datetime.datetime - :ivar end_time: The end timeline date, so the results returned are before this date. Required. - :vartype end_time: ~datetime.datetime - :ivar add_default_extended_time_range: Indicates if query time range should be extended with - default time range of the query. Default value is false. - :vartype add_default_extended_time_range: bool - :ivar insight_query_ids: List of Insights Query Id. If empty, default value is all insights of - this entity. - :vartype insight_query_ids: list[str] + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ _validation = { - "start_time": {"required": True}, - "end_time": {"required": True}, + "state": {"required": True}, } _attribute_map = { - "start_time": {"key": "startTime", "type": "iso-8601"}, - "end_time": {"key": "endTime", "type": "iso-8601"}, - "add_default_extended_time_range": {"key": "addDefaultExtendedTimeRange", "type": "bool"}, - "insight_query_ids": {"key": "insightQueryIds", "type": "[str]"}, + "state": {"key": "state", "type": "str"}, } - def __init__( - self, - *, - start_time: datetime.datetime, - end_time: datetime.datetime, - add_default_extended_time_range: Optional[bool] = None, - insight_query_ids: Optional[List[str]] = None, - **kwargs - ): + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: """ - :keyword start_time: The start timeline date, so the results returned are after this date. - Required. - :paramtype start_time: ~datetime.datetime - :keyword end_time: The end timeline date, so the results returned are before this date. - Required. - :paramtype end_time: ~datetime.datetime - :keyword add_default_extended_time_range: Indicates if query time range should be extended with - default time range of the query. Default value is false. - :paramtype add_default_extended_time_range: bool - :keyword insight_query_ids: List of Insights Query Id. If empty, default value is all insights - of this entity. - :paramtype insight_query_ids: list[str] + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ - super().__init__(**kwargs) - self.start_time = start_time - self.end_time = end_time - self.add_default_extended_time_range = add_default_extended_time_range - self.insight_query_ids = insight_query_ids + super().__init__(state=state, **kwargs) -class EntityGetInsightsResponse(_serialization.Model): - """The Get Insights result operation response. +class Dynamics365DataConnectorProperties(DataConnectorTenantId): + """Dynamics365 data connector properties. - :ivar meta_data: The metadata from the get insights operation results. - :vartype meta_data: ~azure.mgmt.securityinsight.models.GetInsightsResultsMetadata - :ivar value: The insights result values. - :vartype value: list[~azure.mgmt.securityinsight.models.EntityInsightItem] + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes """ + _validation = { + "tenant_id": {"required": True}, + "data_types": {"required": True}, + } + _attribute_map = { - "meta_data": {"key": "metaData", "type": "GetInsightsResultsMetadata"}, - "value": {"key": "value", "type": "[EntityInsightItem]"}, + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "Dynamics365DataConnectorDataTypes"}, } def __init__( - self, - *, - meta_data: Optional["_models.GetInsightsResultsMetadata"] = None, - value: Optional[List["_models.EntityInsightItem"]] = None, - **kwargs - ): + self, *, tenant_id: str, data_types: "_models.Dynamics365DataConnectorDataTypes", **kwargs: Any + ) -> None: """ - :keyword meta_data: The metadata from the get insights operation results. - :paramtype meta_data: ~azure.mgmt.securityinsight.models.GetInsightsResultsMetadata - :keyword value: The insights result values. - :paramtype value: list[~azure.mgmt.securityinsight.models.EntityInsightItem] + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes """ - super().__init__(**kwargs) - self.meta_data = meta_data - self.value = value + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types -class EntityInsightItem(_serialization.Model): - """Entity insight Item. +class EnrichmentDomainWhois(_serialization.Model): + """Whois information for a given domain and associated metadata. - :ivar query_id: The query id of the insight. - :vartype query_id: str - :ivar query_time_interval: The Time interval that the query actually executed on. - :vartype query_time_interval: - ~azure.mgmt.securityinsight.models.EntityInsightItemQueryTimeInterval - :ivar table_query_results: Query results for table insights query. - :vartype table_query_results: ~azure.mgmt.securityinsight.models.InsightsTableResult - :ivar chart_query_results: Query results for table insights query. - :vartype chart_query_results: list[~azure.mgmt.securityinsight.models.InsightsTableResult] + :ivar domain: The domain for this whois record. + :vartype domain: str + :ivar server: The hostname of this registrar's whois server. + :vartype server: str + :ivar created: The timestamp at which this record was created. + :vartype created: ~datetime.datetime + :ivar updated: The timestamp at which this record was last updated. + :vartype updated: ~datetime.datetime + :ivar expires: The timestamp at which this record will expire. + :vartype expires: ~datetime.datetime + :ivar parsed_whois: The whois record for a given domain. + :vartype parsed_whois: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisDetails """ _attribute_map = { - "query_id": {"key": "queryId", "type": "str"}, - "query_time_interval": {"key": "queryTimeInterval", "type": "EntityInsightItemQueryTimeInterval"}, - "table_query_results": {"key": "tableQueryResults", "type": "InsightsTableResult"}, - "chart_query_results": {"key": "chartQueryResults", "type": "[InsightsTableResult]"}, + "domain": {"key": "domain", "type": "str"}, + "server": {"key": "server", "type": "str"}, + "created": {"key": "created", "type": "iso-8601"}, + "updated": {"key": "updated", "type": "iso-8601"}, + "expires": {"key": "expires", "type": "iso-8601"}, + "parsed_whois": {"key": "parsedWhois", "type": "EnrichmentDomainWhoisDetails"}, } def __init__( self, *, - query_id: Optional[str] = None, - query_time_interval: Optional["_models.EntityInsightItemQueryTimeInterval"] = None, - table_query_results: Optional["_models.InsightsTableResult"] = None, - chart_query_results: Optional[List["_models.InsightsTableResult"]] = None, - **kwargs - ): + domain: Optional[str] = None, + server: Optional[str] = None, + created: Optional[datetime.datetime] = None, + updated: Optional[datetime.datetime] = None, + expires: Optional[datetime.datetime] = None, + parsed_whois: Optional["_models.EnrichmentDomainWhoisDetails"] = None, + **kwargs: Any + ) -> None: """ - :keyword query_id: The query id of the insight. - :paramtype query_id: str - :keyword query_time_interval: The Time interval that the query actually executed on. - :paramtype query_time_interval: - ~azure.mgmt.securityinsight.models.EntityInsightItemQueryTimeInterval - :keyword table_query_results: Query results for table insights query. - :paramtype table_query_results: ~azure.mgmt.securityinsight.models.InsightsTableResult - :keyword chart_query_results: Query results for table insights query. - :paramtype chart_query_results: list[~azure.mgmt.securityinsight.models.InsightsTableResult] + :keyword domain: The domain for this whois record. + :paramtype domain: str + :keyword server: The hostname of this registrar's whois server. + :paramtype server: str + :keyword created: The timestamp at which this record was created. + :paramtype created: ~datetime.datetime + :keyword updated: The timestamp at which this record was last updated. + :paramtype updated: ~datetime.datetime + :keyword expires: The timestamp at which this record will expire. + :paramtype expires: ~datetime.datetime + :keyword parsed_whois: The whois record for a given domain. + :paramtype parsed_whois: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisDetails """ super().__init__(**kwargs) - self.query_id = query_id - self.query_time_interval = query_time_interval - self.table_query_results = table_query_results - self.chart_query_results = chart_query_results + self.domain = domain + self.server = server + self.created = created + self.updated = updated + self.expires = expires + self.parsed_whois = parsed_whois -class EntityInsightItemQueryTimeInterval(_serialization.Model): - """The Time interval that the query actually executed on. +class EnrichmentDomainWhoisContact(_serialization.Model): + """An individual contact associated with this domain. - :ivar start_time: Insight query start time. - :vartype start_time: ~datetime.datetime - :ivar end_time: Insight query end time. - :vartype end_time: ~datetime.datetime + :ivar name: The name of this contact. + :vartype name: str + :ivar org: The organization for this contact. + :vartype org: str + :ivar street: A list describing the street address for this contact. + :vartype street: list[str] + :ivar city: The city for this contact. + :vartype city: str + :ivar state: The state for this contact. + :vartype state: str + :ivar postal: The postal code for this contact. + :vartype postal: str + :ivar country: The country for this contact. + :vartype country: str + :ivar phone: The phone number for this contact. + :vartype phone: str + :ivar fax: The fax number for this contact. + :vartype fax: str + :ivar email: The email address for this contact. + :vartype email: str """ _attribute_map = { - "start_time": {"key": "startTime", "type": "iso-8601"}, - "end_time": {"key": "endTime", "type": "iso-8601"}, + "name": {"key": "name", "type": "str"}, + "org": {"key": "org", "type": "str"}, + "street": {"key": "street", "type": "[str]"}, + "city": {"key": "city", "type": "str"}, + "state": {"key": "state", "type": "str"}, + "postal": {"key": "postal", "type": "str"}, + "country": {"key": "country", "type": "str"}, + "phone": {"key": "phone", "type": "str"}, + "fax": {"key": "fax", "type": "str"}, + "email": {"key": "email", "type": "str"}, } def __init__( - self, *, start_time: Optional[datetime.datetime] = None, end_time: Optional[datetime.datetime] = None, **kwargs - ): - """ - :keyword start_time: Insight query start time. - :paramtype start_time: ~datetime.datetime - :keyword end_time: Insight query end time. - :paramtype end_time: ~datetime.datetime + self, + *, + name: Optional[str] = None, + org: Optional[str] = None, + street: Optional[List[str]] = None, + city: Optional[str] = None, + state: Optional[str] = None, + postal: Optional[str] = None, + country: Optional[str] = None, + phone: Optional[str] = None, + fax: Optional[str] = None, + email: Optional[str] = None, + **kwargs: Any + ) -> None: """ - super().__init__(**kwargs) - self.start_time = start_time - self.end_time = end_time - - -class EntityList(_serialization.Model): - """List of all the entities. - - Variables are only populated by the server, and will be ignored when sending a request. + :keyword name: The name of this contact. + :paramtype name: str + :keyword org: The organization for this contact. + :paramtype org: str + :keyword street: A list describing the street address for this contact. + :paramtype street: list[str] + :keyword city: The city for this contact. + :paramtype city: str + :keyword state: The state for this contact. + :paramtype state: str + :keyword postal: The postal code for this contact. + :paramtype postal: str + :keyword country: The country for this contact. + :paramtype country: str + :keyword phone: The phone number for this contact. + :paramtype phone: str + :keyword fax: The fax number for this contact. + :paramtype fax: str + :keyword email: The email address for this contact. + :paramtype email: str + """ + super().__init__(**kwargs) + self.name = name + self.org = org + self.street = street + self.city = city + self.state = state + self.postal = postal + self.country = country + self.phone = phone + self.fax = fax + self.email = email - All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of entities. - :vartype next_link: str - :ivar value: Array of entities. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.Entity] - """ +class EnrichmentDomainWhoisContacts(_serialization.Model): + """The set of contacts associated with this domain. - _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, - } + :ivar admin: The admin contact for this whois record. + :vartype admin: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + :ivar billing: The billing contact for this whois record. + :vartype billing: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + :ivar registrant: The registrant contact for this whois record. + :vartype registrant: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + :ivar tech: The technical contact for this whois record. + :vartype tech: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + """ _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[Entity]"}, + "admin": {"key": "admin", "type": "EnrichmentDomainWhoisContact"}, + "billing": {"key": "billing", "type": "EnrichmentDomainWhoisContact"}, + "registrant": {"key": "registrant", "type": "EnrichmentDomainWhoisContact"}, + "tech": {"key": "tech", "type": "EnrichmentDomainWhoisContact"}, } - def __init__(self, *, value: List["_models.Entity"], **kwargs): + def __init__( + self, + *, + admin: Optional["_models.EnrichmentDomainWhoisContact"] = None, + billing: Optional["_models.EnrichmentDomainWhoisContact"] = None, + registrant: Optional["_models.EnrichmentDomainWhoisContact"] = None, + tech: Optional["_models.EnrichmentDomainWhoisContact"] = None, + **kwargs: Any + ) -> None: """ - :keyword value: Array of entities. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.Entity] + :keyword admin: The admin contact for this whois record. + :paramtype admin: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + :keyword billing: The billing contact for this whois record. + :paramtype billing: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + :keyword registrant: The registrant contact for this whois record. + :paramtype registrant: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + :keyword tech: The technical contact for this whois record. + :paramtype tech: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact """ super().__init__(**kwargs) - self.next_link = None - self.value = value + self.admin = admin + self.billing = billing + self.registrant = registrant + self.tech = tech -class EntityMapping(_serialization.Model): - """Single entity mapping for the alert rule. +class EnrichmentDomainWhoisDetails(_serialization.Model): + """The whois record for a given domain. - :ivar entity_type: The V3 type of the mapped entity. Known values are: "Account", "Host", "IP", - "Malware", "File", "Process", "CloudApplication", "DNS", "AzureResource", "FileHash", - "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "Mailbox", "MailCluster", - "MailMessage", and "SubmissionMail". - :vartype entity_type: str or ~azure.mgmt.securityinsight.models.EntityMappingType - :ivar field_mappings: array of field mappings for the given entity mapping. - :vartype field_mappings: list[~azure.mgmt.securityinsight.models.FieldMapping] + :ivar registrar: The registrar associated with this domain. + :vartype registrar: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisRegistrarDetails + :ivar contacts: The set of contacts associated with this domain. + :vartype contacts: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContacts + :ivar name_servers: A list of name servers associated with this domain. + :vartype name_servers: list[str] + :ivar statuses: The set of status flags for this whois record. + :vartype statuses: list[str] """ _attribute_map = { - "entity_type": {"key": "entityType", "type": "str"}, - "field_mappings": {"key": "fieldMappings", "type": "[FieldMapping]"}, + "registrar": {"key": "registrar", "type": "EnrichmentDomainWhoisRegistrarDetails"}, + "contacts": {"key": "contacts", "type": "EnrichmentDomainWhoisContacts"}, + "name_servers": {"key": "nameServers", "type": "[str]"}, + "statuses": {"key": "statuses", "type": "[str]"}, } def __init__( self, *, - entity_type: Optional[Union[str, "_models.EntityMappingType"]] = None, - field_mappings: Optional[List["_models.FieldMapping"]] = None, - **kwargs - ): + registrar: Optional["_models.EnrichmentDomainWhoisRegistrarDetails"] = None, + contacts: Optional["_models.EnrichmentDomainWhoisContacts"] = None, + name_servers: Optional[List[str]] = None, + statuses: Optional[List[str]] = None, + **kwargs: Any + ) -> None: """ - :keyword entity_type: The V3 type of the mapped entity. Known values are: "Account", "Host", - "IP", "Malware", "File", "Process", "CloudApplication", "DNS", "AzureResource", "FileHash", - "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "Mailbox", "MailCluster", - "MailMessage", and "SubmissionMail". - :paramtype entity_type: str or ~azure.mgmt.securityinsight.models.EntityMappingType - :keyword field_mappings: array of field mappings for the given entity mapping. - :paramtype field_mappings: list[~azure.mgmt.securityinsight.models.FieldMapping] + :keyword registrar: The registrar associated with this domain. + :paramtype registrar: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisRegistrarDetails + :keyword contacts: The set of contacts associated with this domain. + :paramtype contacts: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContacts + :keyword name_servers: A list of name servers associated with this domain. + :paramtype name_servers: list[str] + :keyword statuses: The set of status flags for this whois record. + :paramtype statuses: list[str] """ super().__init__(**kwargs) - self.entity_type = entity_type - self.field_mappings = field_mappings - - -class EntityQueryItem(_serialization.Model): - """An abstract Query item for entity. - - You probably want to use the sub-classes and not this class directly. Known sub-classes are: - InsightQueryItem + self.registrar = registrar + self.contacts = contacts + self.name_servers = name_servers + self.statuses = statuses - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class EnrichmentDomainWhoisRegistrarDetails(_serialization.Model): + """The registrar associated with this domain. - :ivar id: Query Template ARM ID. - :vartype id: str - :ivar name: Query Template ARM Name. + :ivar name: The name of this registrar. :vartype name: str - :ivar type: ARM Type. - :vartype type: str - :ivar kind: The kind of the entity query. Required. Known values are: "Expansion", "Insight", - and "Activity". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind + :ivar abuse_contact_email: This registrar's abuse contact email. + :vartype abuse_contact_email: str + :ivar abuse_contact_phone: This registrar's abuse contact phone number. + :vartype abuse_contact_phone: str + :ivar iana_id: This registrar's Internet Assigned Numbers Authority id. + :vartype iana_id: str + :ivar url: This registrar's URL. + :vartype url: str + :ivar whois_server: The hostname of this registrar's whois server. + :vartype whois_server: str """ - _validation = { - "id": {"readonly": True}, - "kind": {"required": True}, - } - _attribute_map = { - "id": {"key": "id", "type": "str"}, "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, + "abuse_contact_email": {"key": "abuseContactEmail", "type": "str"}, + "abuse_contact_phone": {"key": "abuseContactPhone", "type": "str"}, + "iana_id": {"key": "ianaId", "type": "str"}, + "url": {"key": "url", "type": "str"}, + "whois_server": {"key": "whoisServer", "type": "str"}, } - _subtype_map = {"kind": {"Insight": "InsightQueryItem"}} - - def __init__(self, *, name: Optional[str] = None, type: Optional[str] = None, **kwargs): + def __init__( + self, + *, + name: Optional[str] = None, + abuse_contact_email: Optional[str] = None, + abuse_contact_phone: Optional[str] = None, + iana_id: Optional[str] = None, + url: Optional[str] = None, + whois_server: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword name: Query Template ARM Name. + :keyword name: The name of this registrar. :paramtype name: str - :keyword type: ARM Type. - :paramtype type: str + :keyword abuse_contact_email: This registrar's abuse contact email. + :paramtype abuse_contact_email: str + :keyword abuse_contact_phone: This registrar's abuse contact phone number. + :paramtype abuse_contact_phone: str + :keyword iana_id: This registrar's Internet Assigned Numbers Authority id. + :paramtype iana_id: str + :keyword url: This registrar's URL. + :paramtype url: str + :keyword whois_server: The hostname of this registrar's whois server. + :paramtype whois_server: str """ super().__init__(**kwargs) - self.id = None self.name = name - self.type = type - self.kind: Optional[str] = None - - -class EntityQueryItemProperties(_serialization.Model): - """An properties abstract Query item for entity. + self.abuse_contact_email = abuse_contact_email + self.abuse_contact_phone = abuse_contact_phone + self.iana_id = iana_id + self.url = url + self.whois_server = whois_server - :ivar data_types: Data types for template. - :vartype data_types: - list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] - :ivar input_entity_type: The type of the entity. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", - "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :ivar required_input_fields_sets: Data types for template. - :vartype required_input_fields_sets: list[list[str]] - :ivar entities_filter: The query applied only to entities matching to all filters. - :vartype entities_filter: JSON - """ - _attribute_map = { - "data_types": {"key": "dataTypes", "type": "[EntityQueryItemPropertiesDataTypesItem]"}, - "input_entity_type": {"key": "inputEntityType", "type": "str"}, - "required_input_fields_sets": {"key": "requiredInputFieldsSets", "type": "[[str]]"}, - "entities_filter": {"key": "entitiesFilter", "type": "object"}, - } +class EnrichmentIpGeodata(_serialization.Model): # pylint: disable=too-many-instance-attributes + """Geodata information for a given IP address. - def __init__( - self, - *, - data_types: Optional[List["_models.EntityQueryItemPropertiesDataTypesItem"]] = None, - input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, - required_input_fields_sets: Optional[List[List[str]]] = None, - entities_filter: Optional[JSON] = None, - **kwargs - ): - """ - :keyword data_types: Data types for template. - :paramtype data_types: - list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] - :keyword input_entity_type: The type of the entity. Known values are: "Account", "Host", - "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", - "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :keyword required_input_fields_sets: Data types for template. - :paramtype required_input_fields_sets: list[list[str]] - :keyword entities_filter: The query applied only to entities matching to all filters. - :paramtype entities_filter: JSON - """ - super().__init__(**kwargs) - self.data_types = data_types - self.input_entity_type = input_entity_type - self.required_input_fields_sets = required_input_fields_sets - self.entities_filter = entities_filter - - -class EntityQueryItemPropertiesDataTypesItem(_serialization.Model): - """EntityQueryItemPropertiesDataTypesItem. - - :ivar data_type: Data type name. - :vartype data_type: str + :ivar asn: The autonomous system number associated with this IP address. + :vartype asn: str + :ivar carrier: The name of the carrier for this IP address. + :vartype carrier: str + :ivar city: The city this IP address is located in. + :vartype city: str + :ivar city_cf: A numeric rating of confidence that the value in the 'city' field is correct, on + a scale of 0-100. + :vartype city_cf: int + :ivar continent: The continent this IP address is located on. + :vartype continent: str + :ivar country: The county this IP address is located in. + :vartype country: str + :ivar country_cf: A numeric rating of confidence that the value in the 'country' field is + correct on a scale of 0-100. + :vartype country_cf: int + :ivar ip_addr: The dotted-decimal or colon-separated string representation of the IP address. + :vartype ip_addr: str + :ivar ip_routing_type: A description of the connection type of this IP address. + :vartype ip_routing_type: str + :ivar latitude: The latitude of this IP address. + :vartype latitude: str + :ivar longitude: The longitude of this IP address. + :vartype longitude: str + :ivar organization: The name of the organization for this IP address. + :vartype organization: str + :ivar organization_type: The type of the organization for this IP address. + :vartype organization_type: str + :ivar region: The geographic region this IP address is located in. + :vartype region: str + :ivar state: The state this IP address is located in. + :vartype state: str + :ivar state_cf: A numeric rating of confidence that the value in the 'state' field is correct + on a scale of 0-100. + :vartype state_cf: int + :ivar state_code: The abbreviated name for the state this IP address is located in. + :vartype state_code: str """ _attribute_map = { - "data_type": {"key": "dataType", "type": "str"}, + "asn": {"key": "asn", "type": "str"}, + "carrier": {"key": "carrier", "type": "str"}, + "city": {"key": "city", "type": "str"}, + "city_cf": {"key": "cityCf", "type": "int"}, + "continent": {"key": "continent", "type": "str"}, + "country": {"key": "country", "type": "str"}, + "country_cf": {"key": "countryCf", "type": "int"}, + "ip_addr": {"key": "ipAddr", "type": "str"}, + "ip_routing_type": {"key": "ipRoutingType", "type": "str"}, + "latitude": {"key": "latitude", "type": "str"}, + "longitude": {"key": "longitude", "type": "str"}, + "organization": {"key": "organization", "type": "str"}, + "organization_type": {"key": "organizationType", "type": "str"}, + "region": {"key": "region", "type": "str"}, + "state": {"key": "state", "type": "str"}, + "state_cf": {"key": "stateCf", "type": "int"}, + "state_code": {"key": "stateCode", "type": "str"}, } - def __init__(self, *, data_type: Optional[str] = None, **kwargs): + def __init__( + self, + *, + asn: Optional[str] = None, + carrier: Optional[str] = None, + city: Optional[str] = None, + city_cf: Optional[int] = None, + continent: Optional[str] = None, + country: Optional[str] = None, + country_cf: Optional[int] = None, + ip_addr: Optional[str] = None, + ip_routing_type: Optional[str] = None, + latitude: Optional[str] = None, + longitude: Optional[str] = None, + organization: Optional[str] = None, + organization_type: Optional[str] = None, + region: Optional[str] = None, + state: Optional[str] = None, + state_cf: Optional[int] = None, + state_code: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword data_type: Data type name. - :paramtype data_type: str + :keyword asn: The autonomous system number associated with this IP address. + :paramtype asn: str + :keyword carrier: The name of the carrier for this IP address. + :paramtype carrier: str + :keyword city: The city this IP address is located in. + :paramtype city: str + :keyword city_cf: A numeric rating of confidence that the value in the 'city' field is correct, + on a scale of 0-100. + :paramtype city_cf: int + :keyword continent: The continent this IP address is located on. + :paramtype continent: str + :keyword country: The county this IP address is located in. + :paramtype country: str + :keyword country_cf: A numeric rating of confidence that the value in the 'country' field is + correct on a scale of 0-100. + :paramtype country_cf: int + :keyword ip_addr: The dotted-decimal or colon-separated string representation of the IP + address. + :paramtype ip_addr: str + :keyword ip_routing_type: A description of the connection type of this IP address. + :paramtype ip_routing_type: str + :keyword latitude: The latitude of this IP address. + :paramtype latitude: str + :keyword longitude: The longitude of this IP address. + :paramtype longitude: str + :keyword organization: The name of the organization for this IP address. + :paramtype organization: str + :keyword organization_type: The type of the organization for this IP address. + :paramtype organization_type: str + :keyword region: The geographic region this IP address is located in. + :paramtype region: str + :keyword state: The state this IP address is located in. + :paramtype state: str + :keyword state_cf: A numeric rating of confidence that the value in the 'state' field is + correct on a scale of 0-100. + :paramtype state_cf: int + :keyword state_code: The abbreviated name for the state this IP address is located in. + :paramtype state_code: str """ super().__init__(**kwargs) - self.data_type = data_type + self.asn = asn + self.carrier = carrier + self.city = city + self.city_cf = city_cf + self.continent = continent + self.country = country + self.country_cf = country_cf + self.ip_addr = ip_addr + self.ip_routing_type = ip_routing_type + self.latitude = latitude + self.longitude = longitude + self.organization = organization + self.organization_type = organization_type + self.region = region + self.state = state + self.state_cf = state_cf + self.state_code = state_code -class EntityQueryList(_serialization.Model): - """List of all the entity queries. +class EntityAnalytics(Settings): + """Settings with single toggle. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of entity queries. - :vartype next_link: str - :ivar value: Array of entity queries. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.EntityQuery] + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", + "EntityAnalytics", and "Ueba". + :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind + :ivar entity_providers: The relevant entity providers that are synced. + :vartype entity_providers: list[str or ~azure.mgmt.securityinsight.models.EntityProviders] """ _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[EntityQuery]"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "entity_providers": {"key": "properties.entityProviders", "type": "[str]"}, } - def __init__(self, *, value: List["_models.EntityQuery"], **kwargs): + def __init__( + self, + *, + etag: Optional[str] = None, + entity_providers: Optional[List[Union[str, "_models.EntityProviders"]]] = None, + **kwargs: Any + ) -> None: """ - :keyword value: Array of entity queries. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.EntityQuery] + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword entity_providers: The relevant entity providers that are synced. + :paramtype entity_providers: list[str or ~azure.mgmt.securityinsight.models.EntityProviders] """ - super().__init__(**kwargs) - self.next_link = None - self.value = value - - -class EntityQueryTemplateList(_serialization.Model): - """List of all the entity query templates. + super().__init__(etag=etag, **kwargs) + self.kind: str = "EntityAnalytics" + self.entity_providers = entity_providers - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class EntityEdges(_serialization.Model): + """The edge that connects the entity to the other entity. - :ivar next_link: URL to fetch the next set of entity query templates. - :vartype next_link: str - :ivar value: Array of entity query templates. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.EntityQueryTemplate] + :ivar target_entity_id: The target entity Id. + :vartype target_entity_id: str + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] """ - _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, - } - _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[EntityQueryTemplate]"}, + "target_entity_id": {"key": "targetEntityId", "type": "str"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, } - def __init__(self, *, value: List["_models.EntityQueryTemplate"], **kwargs): + def __init__( + self, *, target_entity_id: Optional[str] = None, additional_data: Optional[Dict[str, Any]] = None, **kwargs: Any + ) -> None: """ - :keyword value: Array of entity query templates. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.EntityQueryTemplate] + :keyword target_entity_id: The target entity Id. + :paramtype target_entity_id: str + :keyword additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :paramtype additional_data: dict[str, any] """ super().__init__(**kwargs) - self.next_link = None - self.value = value - + self.target_entity_id = target_entity_id + self.additional_data = additional_data -class EntityTimelineParameters(_serialization.Model): - """The parameters required to execute s timeline operation on the given entity. - All required parameters must be populated in order to send to Azure. +class EntityExpandParameters(_serialization.Model): + """The parameters required to execute an expand operation on the given entity. - :ivar kinds: Array of timeline Item kinds. - :vartype kinds: list[str or ~azure.mgmt.securityinsight.models.EntityTimelineKind] - :ivar start_time: The start timeline date, so the results returned are after this date. - Required. - :vartype start_time: ~datetime.datetime - :ivar end_time: The end timeline date, so the results returned are before this date. Required. - :vartype end_time: ~datetime.datetime - :ivar number_of_bucket: The number of bucket for timeline queries aggregation. - :vartype number_of_bucket: int + :ivar end_time: The end date filter, so the only expansion results returned are before this + date. + :vartype end_time: ~datetime.datetime + :ivar expansion_id: The Id of the expansion to perform. + :vartype expansion_id: str + :ivar start_time: The start date filter, so the only expansion results returned are after this + date. + :vartype start_time: ~datetime.datetime """ - _validation = { - "start_time": {"required": True}, - "end_time": {"required": True}, - } - _attribute_map = { - "kinds": {"key": "kinds", "type": "[str]"}, - "start_time": {"key": "startTime", "type": "iso-8601"}, "end_time": {"key": "endTime", "type": "iso-8601"}, - "number_of_bucket": {"key": "numberOfBucket", "type": "int"}, + "expansion_id": {"key": "expansionId", "type": "str"}, + "start_time": {"key": "startTime", "type": "iso-8601"}, } def __init__( self, *, - start_time: datetime.datetime, - end_time: datetime.datetime, - kinds: Optional[List[Union[str, "_models.EntityTimelineKind"]]] = None, - number_of_bucket: Optional[int] = None, - **kwargs - ): + end_time: Optional[datetime.datetime] = None, + expansion_id: Optional[str] = None, + start_time: Optional[datetime.datetime] = None, + **kwargs: Any + ) -> None: """ - :keyword kinds: Array of timeline Item kinds. - :paramtype kinds: list[str or ~azure.mgmt.securityinsight.models.EntityTimelineKind] - :keyword start_time: The start timeline date, so the results returned are after this date. - Required. - :paramtype start_time: ~datetime.datetime - :keyword end_time: The end timeline date, so the results returned are before this date. - Required. + :keyword end_time: The end date filter, so the only expansion results returned are before this + date. :paramtype end_time: ~datetime.datetime - :keyword number_of_bucket: The number of bucket for timeline queries aggregation. - :paramtype number_of_bucket: int + :keyword expansion_id: The Id of the expansion to perform. + :paramtype expansion_id: str + :keyword start_time: The start date filter, so the only expansion results returned are after + this date. + :paramtype start_time: ~datetime.datetime """ super().__init__(**kwargs) - self.kinds = kinds - self.start_time = start_time self.end_time = end_time - self.number_of_bucket = number_of_bucket + self.expansion_id = expansion_id + self.start_time = start_time -class EntityTimelineResponse(_serialization.Model): - """The entity timeline result operation response. +class EntityExpandResponse(_serialization.Model): + """The entity expansion result operation response. - :ivar meta_data: The metadata from the timeline operation results. - :vartype meta_data: ~azure.mgmt.securityinsight.models.TimelineResultsMetadata - :ivar value: The timeline result values. - :vartype value: list[~azure.mgmt.securityinsight.models.EntityTimelineItem] + :ivar meta_data: The metadata from the expansion operation results. + :vartype meta_data: ~azure.mgmt.securityinsight.models.ExpansionResultsMetadata + :ivar value: The expansion result values. + :vartype value: ~azure.mgmt.securityinsight.models.EntityExpandResponseValue """ _attribute_map = { - "meta_data": {"key": "metaData", "type": "TimelineResultsMetadata"}, - "value": {"key": "value", "type": "[EntityTimelineItem]"}, + "meta_data": {"key": "metaData", "type": "ExpansionResultsMetadata"}, + "value": {"key": "value", "type": "EntityExpandResponseValue"}, } def __init__( self, *, - meta_data: Optional["_models.TimelineResultsMetadata"] = None, - value: Optional[List["_models.EntityTimelineItem"]] = None, - **kwargs - ): + meta_data: Optional["_models.ExpansionResultsMetadata"] = None, + value: Optional["_models.EntityExpandResponseValue"] = None, + **kwargs: Any + ) -> None: """ - :keyword meta_data: The metadata from the timeline operation results. - :paramtype meta_data: ~azure.mgmt.securityinsight.models.TimelineResultsMetadata - :keyword value: The timeline result values. - :paramtype value: list[~azure.mgmt.securityinsight.models.EntityTimelineItem] + :keyword meta_data: The metadata from the expansion operation results. + :paramtype meta_data: ~azure.mgmt.securityinsight.models.ExpansionResultsMetadata + :keyword value: The expansion result values. + :paramtype value: ~azure.mgmt.securityinsight.models.EntityExpandResponseValue """ super().__init__(**kwargs) self.meta_data = meta_data self.value = value -class EventGroupingSettings(_serialization.Model): - """Event grouping settings property bag. +class EntityExpandResponseValue(_serialization.Model): + """The expansion result values. - :ivar aggregation_kind: The event grouping aggregation kinds. Known values are: "SingleAlert" - and "AlertPerResult". - :vartype aggregation_kind: str or - ~azure.mgmt.securityinsight.models.EventGroupingAggregationKind + :ivar entities: Array of the expansion result entities. + :vartype entities: list[~azure.mgmt.securityinsight.models.Entity] + :ivar edges: Array of edges that connects the entity to the list of entities. + :vartype edges: list[~azure.mgmt.securityinsight.models.EntityEdges] """ _attribute_map = { - "aggregation_kind": {"key": "aggregationKind", "type": "str"}, + "entities": {"key": "entities", "type": "[Entity]"}, + "edges": {"key": "edges", "type": "[EntityEdges]"}, } def __init__( - self, *, aggregation_kind: Optional[Union[str, "_models.EventGroupingAggregationKind"]] = None, **kwargs - ): + self, + *, + entities: Optional[List["_models.Entity"]] = None, + edges: Optional[List["_models.EntityEdges"]] = None, + **kwargs: Any + ) -> None: """ - :keyword aggregation_kind: The event grouping aggregation kinds. Known values are: - "SingleAlert" and "AlertPerResult". - :paramtype aggregation_kind: str or - ~azure.mgmt.securityinsight.models.EventGroupingAggregationKind + :keyword entities: Array of the expansion result entities. + :paramtype entities: list[~azure.mgmt.securityinsight.models.Entity] + :keyword edges: Array of edges that connects the entity to the list of entities. + :paramtype edges: list[~azure.mgmt.securityinsight.models.EntityEdges] """ super().__init__(**kwargs) - self.aggregation_kind = aggregation_kind - - -class ExpansionEntityQuery(EntityQuery): # pylint: disable=too-many-instance-attributes - """Represents Expansion entity query. + self.entities = entities + self.edges = edges - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class EntityFieldMapping(_serialization.Model): + """Map identifiers of a single entity. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: the entity query kind. Required. Known values are: "Expansion", "Insight", and - "Activity". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind - :ivar data_sources: List of the data sources that are required to run the query. - :vartype data_sources: list[str] - :ivar display_name: The query display name. - :vartype display_name: str - :ivar input_entity_type: The type of the query's source entity. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", - "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", - "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", - and "Nic". - :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :ivar input_fields: List of the fields of the source entity that are required to run the query. - :vartype input_fields: list[str] - :ivar output_entity_types: List of the desired output types to be constructed from the result. - :vartype output_entity_types: list[str or ~azure.mgmt.securityinsight.models.EntityType] - :ivar query_template: The template query string to be parsed and formatted. - :vartype query_template: str + :ivar identifier: Alert V3 identifier. + :vartype identifier: str + :ivar value: The value of the identifier. + :vartype value: str """ - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "data_sources": {"key": "properties.dataSources", "type": "[str]"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "input_entity_type": {"key": "properties.inputEntityType", "type": "str"}, - "input_fields": {"key": "properties.inputFields", "type": "[str]"}, - "output_entity_types": {"key": "properties.outputEntityTypes", "type": "[str]"}, - "query_template": {"key": "properties.queryTemplate", "type": "str"}, + "identifier": {"key": "identifier", "type": "str"}, + "value": {"key": "value", "type": "str"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - data_sources: Optional[List[str]] = None, - display_name: Optional[str] = None, - input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, - input_fields: Optional[List[str]] = None, - output_entity_types: Optional[List[Union[str, "_models.EntityType"]]] = None, - query_template: Optional[str] = None, - **kwargs - ): + def __init__(self, *, identifier: Optional[str] = None, value: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword data_sources: List of the data sources that are required to run the query. - :paramtype data_sources: list[str] - :keyword display_name: The query display name. - :paramtype display_name: str - :keyword input_entity_type: The type of the query's source entity. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", - "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", - "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", - and "Nic". - :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :keyword input_fields: List of the fields of the source entity that are required to run the - query. - :paramtype input_fields: list[str] - :keyword output_entity_types: List of the desired output types to be constructed from the - result. - :paramtype output_entity_types: list[str or ~azure.mgmt.securityinsight.models.EntityType] - :keyword query_template: The template query string to be parsed and formatted. - :paramtype query_template: str + :keyword identifier: Alert V3 identifier. + :paramtype identifier: str + :keyword value: The value of the identifier. + :paramtype value: str """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "Expansion" - self.data_sources = data_sources - self.display_name = display_name - self.input_entity_type = input_entity_type - self.input_fields = input_fields - self.output_entity_types = output_entity_types - self.query_template = query_template + super().__init__(**kwargs) + self.identifier = identifier + self.value = value -class ExpansionResultAggregation(_serialization.Model): - """Information of a specific aggregation in the expansion result. +class EntityGetInsightsParameters(_serialization.Model): + """The parameters required to execute insights operation on the given entity. All required parameters must be populated in order to send to Azure. - :ivar aggregation_type: The common type of the aggregation. (for e.g. entity field name). - :vartype aggregation_type: str - :ivar count: Total number of aggregations of the given kind (and aggregationType if given) in - the expansion result. Required. - :vartype count: int - :ivar display_name: The display name of the aggregation by type. - :vartype display_name: str - :ivar entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", - "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", - "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and - "Nic". - :vartype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :ivar start_time: The start timeline date, so the results returned are after this date. + Required. + :vartype start_time: ~datetime.datetime + :ivar end_time: The end timeline date, so the results returned are before this date. Required. + :vartype end_time: ~datetime.datetime + :ivar add_default_extended_time_range: Indicates if query time range should be extended with + default time range of the query. Default value is false. + :vartype add_default_extended_time_range: bool + :ivar insight_query_ids: List of Insights Query Id. If empty, default value is all insights of + this entity. + :vartype insight_query_ids: list[str] """ _validation = { - "count": {"required": True}, - "entity_kind": {"required": True}, + "start_time": {"required": True}, + "end_time": {"required": True}, } _attribute_map = { - "aggregation_type": {"key": "aggregationType", "type": "str"}, - "count": {"key": "count", "type": "int"}, - "display_name": {"key": "displayName", "type": "str"}, - "entity_kind": {"key": "entityKind", "type": "str"}, + "start_time": {"key": "startTime", "type": "iso-8601"}, + "end_time": {"key": "endTime", "type": "iso-8601"}, + "add_default_extended_time_range": {"key": "addDefaultExtendedTimeRange", "type": "bool"}, + "insight_query_ids": {"key": "insightQueryIds", "type": "[str]"}, } def __init__( self, *, - count: int, - entity_kind: Union[str, "_models.EntityKind"], - aggregation_type: Optional[str] = None, - display_name: Optional[str] = None, - **kwargs - ): + start_time: datetime.datetime, + end_time: datetime.datetime, + add_default_extended_time_range: Optional[bool] = None, + insight_query_ids: Optional[List[str]] = None, + **kwargs: Any + ) -> None: """ - :keyword aggregation_type: The common type of the aggregation. (for e.g. entity field name). - :paramtype aggregation_type: str - :keyword count: Total number of aggregations of the given kind (and aggregationType if given) - in the expansion result. Required. - :paramtype count: int - :keyword display_name: The display name of the aggregation by type. - :paramtype display_name: str - :keyword entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", - "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", - "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and - "Nic". - :paramtype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :keyword start_time: The start timeline date, so the results returned are after this date. + Required. + :paramtype start_time: ~datetime.datetime + :keyword end_time: The end timeline date, so the results returned are before this date. + Required. + :paramtype end_time: ~datetime.datetime + :keyword add_default_extended_time_range: Indicates if query time range should be extended with + default time range of the query. Default value is false. + :paramtype add_default_extended_time_range: bool + :keyword insight_query_ids: List of Insights Query Id. If empty, default value is all insights + of this entity. + :paramtype insight_query_ids: list[str] """ super().__init__(**kwargs) - self.aggregation_type = aggregation_type - self.count = count - self.display_name = display_name - self.entity_kind = entity_kind + self.start_time = start_time + self.end_time = end_time + self.add_default_extended_time_range = add_default_extended_time_range + self.insight_query_ids = insight_query_ids -class ExpansionResultsMetadata(_serialization.Model): - """Expansion result metadata. +class EntityGetInsightsResponse(_serialization.Model): + """The Get Insights result operation response. - :ivar aggregations: Information of the aggregated nodes in the expansion result. - :vartype aggregations: list[~azure.mgmt.securityinsight.models.ExpansionResultAggregation] + :ivar meta_data: The metadata from the get insights operation results. + :vartype meta_data: ~azure.mgmt.securityinsight.models.GetInsightsResultsMetadata + :ivar value: The insights result values. + :vartype value: list[~azure.mgmt.securityinsight.models.EntityInsightItem] """ _attribute_map = { - "aggregations": {"key": "aggregations", "type": "[ExpansionResultAggregation]"}, + "meta_data": {"key": "metaData", "type": "GetInsightsResultsMetadata"}, + "value": {"key": "value", "type": "[EntityInsightItem]"}, } - def __init__(self, *, aggregations: Optional[List["_models.ExpansionResultAggregation"]] = None, **kwargs): + def __init__( + self, + *, + meta_data: Optional["_models.GetInsightsResultsMetadata"] = None, + value: Optional[List["_models.EntityInsightItem"]] = None, + **kwargs: Any + ) -> None: """ - :keyword aggregations: Information of the aggregated nodes in the expansion result. - :paramtype aggregations: list[~azure.mgmt.securityinsight.models.ExpansionResultAggregation] + :keyword meta_data: The metadata from the get insights operation results. + :paramtype meta_data: ~azure.mgmt.securityinsight.models.GetInsightsResultsMetadata + :keyword value: The insights result values. + :paramtype value: list[~azure.mgmt.securityinsight.models.EntityInsightItem] """ super().__init__(**kwargs) - self.aggregations = aggregations - - -class EyesOn(Settings): - """Settings with single toggle. + self.meta_data = meta_data + self.value = value - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class EntityInsightItem(_serialization.Model): + """Entity insight Item. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", - "EntityAnalytics", and "Ueba". - :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind - :ivar is_enabled: Determines whether the setting is enable or disabled. - :vartype is_enabled: bool + :ivar query_id: The query id of the insight. + :vartype query_id: str + :ivar query_time_interval: The Time interval that the query actually executed on. + :vartype query_time_interval: + ~azure.mgmt.securityinsight.models.EntityInsightItemQueryTimeInterval + :ivar table_query_results: Query results for table insights query. + :vartype table_query_results: ~azure.mgmt.securityinsight.models.InsightsTableResult + :ivar chart_query_results: Query results for table insights query. + :vartype chart_query_results: list[~azure.mgmt.securityinsight.models.InsightsTableResult] """ - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "is_enabled": {"readonly": True}, - } - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "is_enabled": {"key": "properties.isEnabled", "type": "bool"}, + "query_id": {"key": "queryId", "type": "str"}, + "query_time_interval": {"key": "queryTimeInterval", "type": "EntityInsightItemQueryTimeInterval"}, + "table_query_results": {"key": "tableQueryResults", "type": "InsightsTableResult"}, + "chart_query_results": {"key": "chartQueryResults", "type": "[InsightsTableResult]"}, } - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__( + self, + *, + query_id: Optional[str] = None, + query_time_interval: Optional["_models.EntityInsightItemQueryTimeInterval"] = None, + table_query_results: Optional["_models.InsightsTableResult"] = None, + chart_query_results: Optional[List["_models.InsightsTableResult"]] = None, + **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str + :keyword query_id: The query id of the insight. + :paramtype query_id: str + :keyword query_time_interval: The Time interval that the query actually executed on. + :paramtype query_time_interval: + ~azure.mgmt.securityinsight.models.EntityInsightItemQueryTimeInterval + :keyword table_query_results: Query results for table insights query. + :paramtype table_query_results: ~azure.mgmt.securityinsight.models.InsightsTableResult + :keyword chart_query_results: Query results for table insights query. + :paramtype chart_query_results: list[~azure.mgmt.securityinsight.models.InsightsTableResult] """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "EyesOn" - self.is_enabled = None + super().__init__(**kwargs) + self.query_id = query_id + self.query_time_interval = query_time_interval + self.table_query_results = table_query_results + self.chart_query_results = chart_query_results -class FieldMapping(_serialization.Model): - """A single field mapping of the mapped entity. +class EntityInsightItemQueryTimeInterval(_serialization.Model): + """The Time interval that the query actually executed on. - :ivar identifier: the V3 identifier of the entity. - :vartype identifier: str - :ivar column_name: the column name to be mapped to the identifier. - :vartype column_name: str + :ivar start_time: Insight query start time. + :vartype start_time: ~datetime.datetime + :ivar end_time: Insight query end time. + :vartype end_time: ~datetime.datetime """ _attribute_map = { - "identifier": {"key": "identifier", "type": "str"}, - "column_name": {"key": "columnName", "type": "str"}, + "start_time": {"key": "startTime", "type": "iso-8601"}, + "end_time": {"key": "endTime", "type": "iso-8601"}, } - def __init__(self, *, identifier: Optional[str] = None, column_name: Optional[str] = None, **kwargs): + def __init__( + self, + *, + start_time: Optional[datetime.datetime] = None, + end_time: Optional[datetime.datetime] = None, + **kwargs: Any + ) -> None: """ - :keyword identifier: the V3 identifier of the entity. - :paramtype identifier: str - :keyword column_name: the column name to be mapped to the identifier. - :paramtype column_name: str + :keyword start_time: Insight query start time. + :paramtype start_time: ~datetime.datetime + :keyword end_time: Insight query end time. + :paramtype end_time: ~datetime.datetime """ super().__init__(**kwargs) - self.identifier = identifier - self.column_name = column_name + self.start_time = start_time + self.end_time = end_time -class FileEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a file entity. +class EntityList(_serialization.Model): + """List of all the entities. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar directory: The full path to the file. - :vartype directory: str - :ivar file_hash_entity_ids: The file hash entity identifiers associated with this file. - :vartype file_hash_entity_ids: list[str] - :ivar file_name: The file name without path (some alerts might not include path). - :vartype file_name: str - :ivar host_entity_id: The Host entity id which the file belongs to. - :vartype host_entity_id: str + :ivar next_link: URL to fetch the next set of entities. + :vartype next_link: str + :ivar value: Array of entities. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Entity] """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "directory": {"readonly": True}, - "file_hash_entity_ids": {"readonly": True}, - "file_name": {"readonly": True}, - "host_entity_id": {"readonly": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "directory": {"key": "properties.directory", "type": "str"}, - "file_hash_entity_ids": {"key": "properties.fileHashEntityIds", "type": "[str]"}, - "file_name": {"key": "properties.fileName", "type": "str"}, - "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Entity]"}, } - def __init__(self, **kwargs): - """ """ + def __init__(self, *, value: List["_models.Entity"], **kwargs: Any) -> None: + """ + :keyword value: Array of entities. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Entity] + """ super().__init__(**kwargs) - self.kind: str = "File" - self.additional_data = None - self.friendly_name = None - self.directory = None - self.file_hash_entity_ids = None - self.file_name = None - self.host_entity_id = None - + self.next_link = None + self.value = value -class FileEntityProperties(EntityCommonProperties): - """File entity property bag. - Variables are only populated by the server, and will be ignored when sending a request. +class EntityManualTriggerRequestBody(_serialization.Model): + """Describes the request body for triggering a playbook on an entity. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar directory: The full path to the file. - :vartype directory: str - :ivar file_hash_entity_ids: The file hash entity identifiers associated with this file. - :vartype file_hash_entity_ids: list[str] - :ivar file_name: The file name without path (some alerts might not include path). - :vartype file_name: str - :ivar host_entity_id: The Host entity id which the file belongs to. - :vartype host_entity_id: str + All required parameters must be populated in order to send to Azure. + + :ivar incident_arm_id: Incident ARM id. + :vartype incident_arm_id: str + :ivar tenant_id: The tenant id of the playbook resource. + :vartype tenant_id: str + :ivar logic_apps_resource_id: The resource id of the playbook resource. Required. + :vartype logic_apps_resource_id: str """ _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "directory": {"readonly": True}, - "file_hash_entity_ids": {"readonly": True}, - "file_name": {"readonly": True}, - "host_entity_id": {"readonly": True}, + "logic_apps_resource_id": {"required": True}, } _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "directory": {"key": "directory", "type": "str"}, - "file_hash_entity_ids": {"key": "fileHashEntityIds", "type": "[str]"}, - "file_name": {"key": "fileName", "type": "str"}, - "host_entity_id": {"key": "hostEntityId", "type": "str"}, + "incident_arm_id": {"key": "incidentArmId", "type": "str"}, + "tenant_id": {"key": "tenantId", "type": "str"}, + "logic_apps_resource_id": {"key": "logicAppsResourceId", "type": "str"}, } - def __init__(self, **kwargs): - """ """ + def __init__( + self, + *, + logic_apps_resource_id: str, + incident_arm_id: Optional[str] = None, + tenant_id: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword incident_arm_id: Incident ARM id. + :paramtype incident_arm_id: str + :keyword tenant_id: The tenant id of the playbook resource. + :paramtype tenant_id: str + :keyword logic_apps_resource_id: The resource id of the playbook resource. Required. + :paramtype logic_apps_resource_id: str + """ super().__init__(**kwargs) - self.directory = None - self.file_hash_entity_ids = None - self.file_name = None - self.host_entity_id = None + self.incident_arm_id = incident_arm_id + self.tenant_id = tenant_id + self.logic_apps_resource_id = logic_apps_resource_id -class FileHashEntity(Entity): - """Represents a file hash entity. +class EntityMapping(_serialization.Model): + """Single entity mapping for the alert rule. + + :ivar entity_type: The V3 type of the mapped entity. Known values are: "Account", "Host", "IP", + "Malware", "File", "Process", "CloudApplication", "DNS", "AzureResource", "FileHash", + "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "Mailbox", "MailCluster", + "MailMessage", and "SubmissionMail". + :vartype entity_type: str or ~azure.mgmt.securityinsight.models.EntityMappingType + :ivar field_mappings: array of field mappings for the given entity mapping. + :vartype field_mappings: list[~azure.mgmt.securityinsight.models.FieldMapping] + """ + + _attribute_map = { + "entity_type": {"key": "entityType", "type": "str"}, + "field_mappings": {"key": "fieldMappings", "type": "[FieldMapping]"}, + } + + def __init__( + self, + *, + entity_type: Optional[Union[str, "_models.EntityMappingType"]] = None, + field_mappings: Optional[List["_models.FieldMapping"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword entity_type: The V3 type of the mapped entity. Known values are: "Account", "Host", + "IP", "Malware", "File", "Process", "CloudApplication", "DNS", "AzureResource", "FileHash", + "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "Mailbox", "MailCluster", + "MailMessage", and "SubmissionMail". + :paramtype entity_type: str or ~azure.mgmt.securityinsight.models.EntityMappingType + :keyword field_mappings: array of field mappings for the given entity mapping. + :paramtype field_mappings: list[~azure.mgmt.securityinsight.models.FieldMapping] + """ + super().__init__(**kwargs) + self.entity_type = entity_type + self.field_mappings = field_mappings + + +class EntityQueryItem(_serialization.Model): + """An abstract Query item for entity. + + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + InsightQueryItem Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :ivar id: Query Template ARM ID. :vartype id: str - :ivar name: The name of the resource. + :ivar name: Query Template ARM Name. :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". + :ivar type: ARM Type. :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar algorithm: The hash algorithm type. Known values are: "Unknown", "MD5", "SHA1", "SHA256", - and "SHA256AC". - :vartype algorithm: str or ~azure.mgmt.securityinsight.models.FileHashAlgorithm - :ivar hash_value: The file hash value. - :vartype hash_value: str + :ivar kind: The kind of the entity query. Required. Known values are: "Expansion", "Insight", + and "Activity". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind """ _validation = { "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "algorithm": {"readonly": True}, - "hash_value": {"readonly": True}, } _attribute_map = { "id": {"key": "id", "type": "str"}, "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "algorithm": {"key": "properties.algorithm", "type": "str"}, - "hash_value": {"key": "properties.hashValue", "type": "str"}, } - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: str = "FileHash" - self.additional_data = None - self.friendly_name = None - self.algorithm = None - self.hash_value = None + _subtype_map = {"kind": {"Insight": "InsightQueryItem"}} + def __init__(self, *, name: Optional[str] = None, type: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword name: Query Template ARM Name. + :paramtype name: str + :keyword type: ARM Type. + :paramtype type: str + """ + super().__init__(**kwargs) + self.id = None + self.name = name + self.type = type + self.kind: Optional[str] = None -class FileHashEntityProperties(EntityCommonProperties): - """FileHash entity property bag. - Variables are only populated by the server, and will be ignored when sending a request. +class EntityQueryItemProperties(_serialization.Model): + """An properties abstract Query item for entity. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar algorithm: The hash algorithm type. Known values are: "Unknown", "MD5", "SHA1", "SHA256", - and "SHA256AC". - :vartype algorithm: str or ~azure.mgmt.securityinsight.models.FileHashAlgorithm - :ivar hash_value: The file hash value. - :vartype hash_value: str + :ivar data_types: Data types for template. + :vartype data_types: + list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] + :ivar input_entity_type: The type of the entity. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", + "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :ivar required_input_fields_sets: Data types for template. + :vartype required_input_fields_sets: list[list[str]] + :ivar entities_filter: The query applied only to entities matching to all filters. + :vartype entities_filter: JSON """ - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "algorithm": {"readonly": True}, - "hash_value": {"readonly": True}, + _attribute_map = { + "data_types": {"key": "dataTypes", "type": "[EntityQueryItemPropertiesDataTypesItem]"}, + "input_entity_type": {"key": "inputEntityType", "type": "str"}, + "required_input_fields_sets": {"key": "requiredInputFieldsSets", "type": "[[str]]"}, + "entities_filter": {"key": "entitiesFilter", "type": "object"}, } + def __init__( + self, + *, + data_types: Optional[List["_models.EntityQueryItemPropertiesDataTypesItem"]] = None, + input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, + required_input_fields_sets: Optional[List[List[str]]] = None, + entities_filter: Optional[JSON] = None, + **kwargs: Any + ) -> None: + """ + :keyword data_types: Data types for template. + :paramtype data_types: + list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] + :keyword input_entity_type: The type of the entity. Known values are: "Account", "Host", + "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", + "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :keyword required_input_fields_sets: Data types for template. + :paramtype required_input_fields_sets: list[list[str]] + :keyword entities_filter: The query applied only to entities matching to all filters. + :paramtype entities_filter: JSON + """ + super().__init__(**kwargs) + self.data_types = data_types + self.input_entity_type = input_entity_type + self.required_input_fields_sets = required_input_fields_sets + self.entities_filter = entities_filter + + +class EntityQueryItemPropertiesDataTypesItem(_serialization.Model): + """EntityQueryItemPropertiesDataTypesItem. + + :ivar data_type: Data type name. + :vartype data_type: str + """ + _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "algorithm": {"key": "algorithm", "type": "str"}, - "hash_value": {"key": "hashValue", "type": "str"}, + "data_type": {"key": "dataType", "type": "str"}, } - def __init__(self, **kwargs): - """ """ + def __init__(self, *, data_type: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword data_type: Data type name. + :paramtype data_type: str + """ super().__init__(**kwargs) - self.algorithm = None - self.hash_value = None + self.data_type = data_type -class FileImport(Resource): # pylint: disable=too-many-instance-attributes - """Represents a file import in Azure Security Insights. +class EntityQueryList(_serialization.Model): + """List of all the entity queries. Variables are only populated by the server, and will be ignored when sending a request. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar ingestion_mode: Describes how to ingest the records in the file. Known values are: - "IngestOnlyIfAllAreValid", "IngestAnyValidRecords", and "Unspecified". - :vartype ingestion_mode: str or ~azure.mgmt.securityinsight.models.IngestionMode - :ivar content_type: The content type of this file. Known values are: "BasicIndicator", - "StixIndicator", and "Unspecified". - :vartype content_type: str or ~azure.mgmt.securityinsight.models.FileImportContentType - :ivar created_time_utc: The time the file was imported. - :vartype created_time_utc: ~datetime.datetime - :ivar error_file: Represents the error file (if the import was ingested with errors or failed - the validation). - :vartype error_file: ~azure.mgmt.securityinsight.models.FileMetadata - :ivar errors_preview: An ordered list of some of the errors that were encountered during - validation. - :vartype errors_preview: list[~azure.mgmt.securityinsight.models.ValidationError] - :ivar import_file: Represents the imported file. - :vartype import_file: ~azure.mgmt.securityinsight.models.FileMetadata - :ivar ingested_record_count: The number of records that have been successfully ingested. - :vartype ingested_record_count: int - :ivar source: The source for the data in the file. - :vartype source: str - :ivar state: The state of the file import. Known values are: "FatalError", "Ingested", - "IngestedWithErrors", "InProgress", "Invalid", "WaitingForUpload", and "Unspecified". - :vartype state: str or ~azure.mgmt.securityinsight.models.FileImportState - :ivar total_record_count: The number of records in the file. - :vartype total_record_count: int - :ivar valid_record_count: The number of records that have passed validation. - :vartype valid_record_count: int - :ivar files_valid_until_time_utc: The time the files associated with this import are deleted - from the storage account. - :vartype files_valid_until_time_utc: ~datetime.datetime - :ivar import_valid_until_time_utc: The time the file import record is soft deleted from the - database and history. - :vartype import_valid_until_time_utc: ~datetime.datetime + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of entity queries. + :vartype next_link: str + :ivar value: Array of entity queries. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.EntityQuery] """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "created_time_utc": {"readonly": True}, - "error_file": {"readonly": True}, - "errors_preview": {"readonly": True}, - "ingested_record_count": {"readonly": True}, - "state": {"readonly": True}, - "total_record_count": {"readonly": True}, - "valid_record_count": {"readonly": True}, - "files_valid_until_time_utc": {"readonly": True}, - "import_valid_until_time_utc": {"readonly": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "ingestion_mode": {"key": "properties.ingestionMode", "type": "str"}, - "content_type": {"key": "properties.contentType", "type": "str"}, - "created_time_utc": {"key": "properties.createdTimeUTC", "type": "iso-8601"}, - "error_file": {"key": "properties.errorFile", "type": "FileMetadata"}, - "errors_preview": {"key": "properties.errorsPreview", "type": "[ValidationError]"}, - "import_file": {"key": "properties.importFile", "type": "FileMetadata"}, - "ingested_record_count": {"key": "properties.ingestedRecordCount", "type": "int"}, - "source": {"key": "properties.source", "type": "str"}, - "state": {"key": "properties.state", "type": "str"}, - "total_record_count": {"key": "properties.totalRecordCount", "type": "int"}, - "valid_record_count": {"key": "properties.validRecordCount", "type": "int"}, - "files_valid_until_time_utc": {"key": "properties.filesValidUntilTimeUTC", "type": "iso-8601"}, - "import_valid_until_time_utc": {"key": "properties.importValidUntilTimeUTC", "type": "iso-8601"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[EntityQuery]"}, } - def __init__( - self, - *, - ingestion_mode: Optional[Union[str, "_models.IngestionMode"]] = None, - content_type: Optional[Union[str, "_models.FileImportContentType"]] = None, - import_file: Optional["_models.FileMetadata"] = None, - source: Optional[str] = None, - **kwargs - ): + def __init__(self, *, value: List["_models.EntityQuery"], **kwargs: Any) -> None: """ - :keyword ingestion_mode: Describes how to ingest the records in the file. Known values are: - "IngestOnlyIfAllAreValid", "IngestAnyValidRecords", and "Unspecified". - :paramtype ingestion_mode: str or ~azure.mgmt.securityinsight.models.IngestionMode - :keyword content_type: The content type of this file. Known values are: "BasicIndicator", - "StixIndicator", and "Unspecified". - :paramtype content_type: str or ~azure.mgmt.securityinsight.models.FileImportContentType - :keyword import_file: Represents the imported file. - :paramtype import_file: ~azure.mgmt.securityinsight.models.FileMetadata - :keyword source: The source for the data in the file. - :paramtype source: str + :keyword value: Array of entity queries. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.EntityQuery] """ super().__init__(**kwargs) - self.ingestion_mode = ingestion_mode - self.content_type = content_type - self.created_time_utc = None - self.error_file = None - self.errors_preview = None - self.import_file = import_file - self.ingested_record_count = None - self.source = source - self.state = None - self.total_record_count = None - self.valid_record_count = None - self.files_valid_until_time_utc = None - self.import_valid_until_time_utc = None + self.next_link = None + self.value = value -class FileImportList(_serialization.Model): - """List all the file imports. +class EntityQueryTemplateList(_serialization.Model): + """List of all the entity query templates. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of file imports. + :ivar next_link: URL to fetch the next set of entity query templates. :vartype next_link: str - :ivar value: Array of file imports. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.FileImport] + :ivar value: Array of entity query templates. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.EntityQueryTemplate] """ _validation = { @@ -8676,199 +8788,262 @@ class FileImportList(_serialization.Model): _attribute_map = { "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[FileImport]"}, + "value": {"key": "value", "type": "[EntityQueryTemplate]"}, } - def __init__(self, *, value: List["_models.FileImport"], **kwargs): + def __init__(self, *, value: List["_models.EntityQueryTemplate"], **kwargs: Any) -> None: """ - :keyword value: Array of file imports. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.FileImport] + :keyword value: Array of entity query templates. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.EntityQueryTemplate] """ super().__init__(**kwargs) self.next_link = None self.value = value -class FileMetadata(_serialization.Model): - """Represents a file. +class EntityTimelineParameters(_serialization.Model): + """The parameters required to execute s timeline operation on the given entity. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. - :ivar file_format: The format of the file. Known values are: "CSV", "JSON", and "Unspecified". - :vartype file_format: str or ~azure.mgmt.securityinsight.models.FileFormat - :ivar file_name: The name of the file. - :vartype file_name: str - :ivar file_size: The size of the file. - :vartype file_size: int - :ivar file_content_uri: A URI with a valid SAS token to allow uploading / downloading the file. - :vartype file_content_uri: str - :ivar delete_status: Indicates whether the file was deleted from the storage account. Known - values are: "Deleted", "NotDeleted", and "Unspecified". - :vartype delete_status: str or ~azure.mgmt.securityinsight.models.DeleteStatus + :ivar kinds: Array of timeline Item kinds. + :vartype kinds: list[str or ~azure.mgmt.securityinsight.models.EntityTimelineKind] + :ivar start_time: The start timeline date, so the results returned are after this date. + Required. + :vartype start_time: ~datetime.datetime + :ivar end_time: The end timeline date, so the results returned are before this date. Required. + :vartype end_time: ~datetime.datetime + :ivar number_of_bucket: The number of bucket for timeline queries aggregation. + :vartype number_of_bucket: int """ _validation = { - "file_content_uri": {"readonly": True}, - "delete_status": {"readonly": True}, + "start_time": {"required": True}, + "end_time": {"required": True}, } _attribute_map = { - "file_format": {"key": "fileFormat", "type": "str"}, - "file_name": {"key": "fileName", "type": "str"}, - "file_size": {"key": "fileSize", "type": "int"}, - "file_content_uri": {"key": "fileContentUri", "type": "str"}, - "delete_status": {"key": "deleteStatus", "type": "str"}, + "kinds": {"key": "kinds", "type": "[str]"}, + "start_time": {"key": "startTime", "type": "iso-8601"}, + "end_time": {"key": "endTime", "type": "iso-8601"}, + "number_of_bucket": {"key": "numberOfBucket", "type": "int"}, } def __init__( self, *, - file_format: Optional[Union[str, "_models.FileFormat"]] = None, - file_name: Optional[str] = None, - file_size: Optional[int] = None, - **kwargs - ): + start_time: datetime.datetime, + end_time: datetime.datetime, + kinds: Optional[List[Union[str, "_models.EntityTimelineKind"]]] = None, + number_of_bucket: Optional[int] = None, + **kwargs: Any + ) -> None: """ - :keyword file_format: The format of the file. Known values are: "CSV", "JSON", and - "Unspecified". - :paramtype file_format: str or ~azure.mgmt.securityinsight.models.FileFormat - :keyword file_name: The name of the file. - :paramtype file_name: str - :keyword file_size: The size of the file. - :paramtype file_size: int + :keyword kinds: Array of timeline Item kinds. + :paramtype kinds: list[str or ~azure.mgmt.securityinsight.models.EntityTimelineKind] + :keyword start_time: The start timeline date, so the results returned are after this date. + Required. + :paramtype start_time: ~datetime.datetime + :keyword end_time: The end timeline date, so the results returned are before this date. + Required. + :paramtype end_time: ~datetime.datetime + :keyword number_of_bucket: The number of bucket for timeline queries aggregation. + :paramtype number_of_bucket: int """ super().__init__(**kwargs) - self.file_format = file_format - self.file_name = file_name - self.file_size = file_size - self.file_content_uri = None - self.delete_status = None + self.kinds = kinds + self.start_time = start_time + self.end_time = end_time + self.number_of_bucket = number_of_bucket -class FusionAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes - """Represents Fusion alert rule. +class EntityTimelineResponse(_serialization.Model): + """The entity timeline result operation response. - Variables are only populated by the server, and will be ignored when sending a request. + :ivar meta_data: The metadata from the timeline operation results. + :vartype meta_data: ~azure.mgmt.securityinsight.models.TimelineResultsMetadata + :ivar value: The timeline result values. + :vartype value: list[~azure.mgmt.securityinsight.models.EntityTimelineItem] + """ + + _attribute_map = { + "meta_data": {"key": "metaData", "type": "TimelineResultsMetadata"}, + "value": {"key": "value", "type": "[EntityTimelineItem]"}, + } + + def __init__( + self, + *, + meta_data: Optional["_models.TimelineResultsMetadata"] = None, + value: Optional[List["_models.EntityTimelineItem"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword meta_data: The metadata from the timeline operation results. + :paramtype meta_data: ~azure.mgmt.securityinsight.models.TimelineResultsMetadata + :keyword value: The timeline result values. + :paramtype value: list[~azure.mgmt.securityinsight.models.EntityTimelineItem] + """ + super().__init__(**kwargs) + self.meta_data = meta_data + self.value = value + + +class Error(_serialization.Model): + """The error description for why a publication failed. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. - :vartype alert_rule_template_name: str - :ivar description: The description of the alert rule. - :vartype description: str - :ivar display_name: The display name for alerts created by this alert rule. - :vartype display_name: str - :ivar enabled: Determines whether this alert rule is enabled or disabled. - :vartype enabled: bool - :ivar source_settings: Configuration for all supported source signals in fusion detection. - :vartype source_settings: list[~azure.mgmt.securityinsight.models.FusionSourceSettings] - :ivar scenario_exclusion_patterns: Configuration to exclude scenarios in fusion detection. - :vartype scenario_exclusion_patterns: - list[~azure.mgmt.securityinsight.models.FusionScenarioExclusionPattern] - :ivar last_modified_utc: The last time that this alert has been modified. - :vartype last_modified_utc: ~datetime.datetime - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] + :ivar member_resource_name: The member resource name for which the publication error occured. + Required. + :vartype member_resource_name: str + :ivar error_message: The error message. Required. + :vartype error_message: str + """ + + _validation = { + "member_resource_name": {"required": True}, + "error_message": {"required": True}, + } + + _attribute_map = { + "member_resource_name": {"key": "memberResourceName", "type": "str"}, + "error_message": {"key": "errorMessage", "type": "str"}, + } + + def __init__(self, *, member_resource_name: str, error_message: str, **kwargs: Any) -> None: + """ + :keyword member_resource_name: The member resource name for which the publication error + occured. Required. + :paramtype member_resource_name: str + :keyword error_message: The error message. Required. + :paramtype error_message: str + """ + super().__init__(**kwargs) + self.member_resource_name = member_resource_name + self.error_message = error_message + + +class ErrorAdditionalInfo(_serialization.Model): + """The resource management error additional info. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar type: The additional info type. + :vartype type: str + :ivar info: The additional info. + :vartype info: JSON """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "description": {"readonly": True}, - "display_name": {"readonly": True}, - "last_modified_utc": {"readonly": True}, - "severity": {"readonly": True}, - "tactics": {"readonly": True}, - "techniques": {"readonly": True}, + "info": {"readonly": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "enabled": {"key": "properties.enabled", "type": "bool"}, - "source_settings": {"key": "properties.sourceSettings", "type": "[FusionSourceSettings]"}, - "scenario_exclusion_patterns": { - "key": "properties.scenarioExclusionPatterns", - "type": "[FusionScenarioExclusionPattern]", - }, - "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, - "severity": {"key": "properties.severity", "type": "str"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, + "info": {"key": "info", "type": "object"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.type = None + self.info = None + + +class ErrorDetail(_serialization.Model): + """The error detail. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar code: The error code. + :vartype code: str + :ivar message: The error message. + :vartype message: str + :ivar target: The error target. + :vartype target: str + :ivar details: The error details. + :vartype details: list[~azure.mgmt.securityinsight.models.ErrorDetail] + :ivar additional_info: The error additional info. + :vartype additional_info: list[~azure.mgmt.securityinsight.models.ErrorAdditionalInfo] + """ + + _validation = { + "code": {"readonly": True}, + "message": {"readonly": True}, + "target": {"readonly": True}, + "details": {"readonly": True}, + "additional_info": {"readonly": True}, + } + + _attribute_map = { + "code": {"key": "code", "type": "str"}, + "message": {"key": "message", "type": "str"}, + "target": {"key": "target", "type": "str"}, + "details": {"key": "details", "type": "[ErrorDetail]"}, + "additional_info": {"key": "additionalInfo", "type": "[ErrorAdditionalInfo]"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.code = None + self.message = None + self.target = None + self.details = None + self.additional_info = None + + +class ErrorResponse(_serialization.Model): + """Common error response for all Azure Resource Manager APIs to return error details for failed + operations. (This also follows the OData error response format.). + + :ivar error: The error object. + :vartype error: ~azure.mgmt.securityinsight.models.ErrorDetail + """ + + _attribute_map = { + "error": {"key": "error", "type": "ErrorDetail"}, + } + + def __init__(self, *, error: Optional["_models.ErrorDetail"] = None, **kwargs: Any) -> None: + """ + :keyword error: The error object. + :paramtype error: ~azure.mgmt.securityinsight.models.ErrorDetail + """ + super().__init__(**kwargs) + self.error = error + + +class EventGroupingSettings(_serialization.Model): + """Event grouping settings property bag. + + :ivar aggregation_kind: The event grouping aggregation kinds. Known values are: "SingleAlert" + and "AlertPerResult". + :vartype aggregation_kind: str or + ~azure.mgmt.securityinsight.models.EventGroupingAggregationKind + """ + + _attribute_map = { + "aggregation_kind": {"key": "aggregationKind", "type": "str"}, } def __init__( - self, - *, - etag: Optional[str] = None, - alert_rule_template_name: Optional[str] = None, - enabled: Optional[bool] = None, - source_settings: Optional[List["_models.FusionSourceSettings"]] = None, - scenario_exclusion_patterns: Optional[List["_models.FusionScenarioExclusionPattern"]] = None, - **kwargs - ): + self, *, aggregation_kind: Optional[Union[str, "_models.EventGroupingAggregationKind"]] = None, **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword alert_rule_template_name: The Name of the alert rule template used to create this - rule. - :paramtype alert_rule_template_name: str - :keyword enabled: Determines whether this alert rule is enabled or disabled. - :paramtype enabled: bool - :keyword source_settings: Configuration for all supported source signals in fusion detection. - :paramtype source_settings: list[~azure.mgmt.securityinsight.models.FusionSourceSettings] - :keyword scenario_exclusion_patterns: Configuration to exclude scenarios in fusion detection. - :paramtype scenario_exclusion_patterns: - list[~azure.mgmt.securityinsight.models.FusionScenarioExclusionPattern] + :keyword aggregation_kind: The event grouping aggregation kinds. Known values are: + "SingleAlert" and "AlertPerResult". + :paramtype aggregation_kind: str or + ~azure.mgmt.securityinsight.models.EventGroupingAggregationKind """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "Fusion" - self.alert_rule_template_name = alert_rule_template_name - self.description = None - self.display_name = None - self.enabled = enabled - self.source_settings = source_settings - self.scenario_exclusion_patterns = scenario_exclusion_patterns - self.last_modified_utc = None - self.severity = None - self.tactics = None - self.techniques = None + super().__init__(**kwargs) + self.aggregation_kind = aggregation_kind -class FusionAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes - """Represents Fusion alert rule template. +class ExpansionEntityQuery(EntityQuery): # pylint: disable=too-many-instance-attributes + """Represents Expansion entity query. Variables are only populated by the server, and will be ignored when sending a request. @@ -8885,36 +9060,27 @@ class FusionAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-in :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar last_updated_date_utc: The time that this alert rule template was last updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: the entity query kind. Required. Known values are: "Expansion", "Insight", and + "Activity". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind + :ivar data_sources: List of the data sources that are required to run the query. + :vartype data_sources: list[str] + :ivar display_name: The query display name. :vartype display_name: str - :ivar required_data_connectors: The required data connectors for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar tactics: The tactics of the alert rule template. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - :ivar source_settings: All supported source signal configurations consumed in fusion detection. - :vartype source_settings: list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSetting] + :ivar input_entity_type: The type of the query's source entity. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", + "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", + "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", + and "Nic". + :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :ivar input_fields: List of the fields of the source entity that are required to run the query. + :vartype input_fields: list[str] + :ivar output_entity_types: List of the desired output types to be constructed from the result. + :vartype output_entity_types: list[str or ~azure.mgmt.securityinsight.models.EntityType] + :ivar query_template: The template query string to be parsed and formatted. + :vartype query_template: str """ _validation = { @@ -8923,8 +9089,6 @@ class FusionAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-in "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "created_date_utc": {"readonly": True}, - "last_updated_date_utc": {"readonly": True}, } _attribute_map = { @@ -8932,693 +9096,678 @@ class FusionAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-in "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, - "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, - "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, - "description": {"key": "properties.description", "type": "str"}, + "data_sources": {"key": "properties.dataSources", "type": "[str]"}, "display_name": {"key": "properties.displayName", "type": "str"}, - "required_data_connectors": { - "key": "properties.requiredDataConnectors", - "type": "[AlertRuleTemplateDataSource]", - }, - "status": {"key": "properties.status", "type": "str"}, - "severity": {"key": "properties.severity", "type": "str"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, - "source_settings": {"key": "properties.sourceSettings", "type": "[FusionTemplateSourceSetting]"}, + "input_entity_type": {"key": "properties.inputEntityType", "type": "str"}, + "input_fields": {"key": "properties.inputFields", "type": "[str]"}, + "output_entity_types": {"key": "properties.outputEntityTypes", "type": "[str]"}, + "query_template": {"key": "properties.queryTemplate", "type": "str"}, } def __init__( self, *, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, + etag: Optional[str] = None, + data_sources: Optional[List[str]] = None, display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - source_settings: Optional[List["_models.FusionTemplateSourceSetting"]] = None, - **kwargs - ): + input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, + input_fields: Optional[List[str]] = None, + output_entity_types: Optional[List[Union[str, "_models.EntityType"]]] = None, + query_template: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword data_sources: List of the data sources that are required to run the query. + :paramtype data_sources: list[str] + :keyword display_name: The query display name. :paramtype display_name: str - :keyword required_data_connectors: The required data connectors for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword tactics: The tactics of the alert rule template. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] - :keyword source_settings: All supported source signal configurations consumed in fusion - detection. - :paramtype source_settings: - list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSetting] + :keyword input_entity_type: The type of the query's source entity. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", + "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", + "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", + and "Nic". + :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :keyword input_fields: List of the fields of the source entity that are required to run the + query. + :paramtype input_fields: list[str] + :keyword output_entity_types: List of the desired output types to be constructed from the + result. + :paramtype output_entity_types: list[str or ~azure.mgmt.securityinsight.models.EntityType] + :keyword query_template: The template query string to be parsed and formatted. + :paramtype query_template: str """ - super().__init__(**kwargs) - self.kind: str = "Fusion" - self.alert_rules_created_by_template_count = alert_rules_created_by_template_count - self.created_date_utc = None - self.last_updated_date_utc = None - self.description = description + super().__init__(etag=etag, **kwargs) + self.kind: str = "Expansion" + self.data_sources = data_sources self.display_name = display_name - self.required_data_connectors = required_data_connectors - self.status = status - self.severity = severity - self.tactics = tactics - self.techniques = techniques - self.source_settings = source_settings + self.input_entity_type = input_entity_type + self.input_fields = input_fields + self.output_entity_types = output_entity_types + self.query_template = query_template -class FusionScenarioExclusionPattern(_serialization.Model): - """Represents a Fusion scenario exclusion patterns in Fusion detection. +class ExpansionResultAggregation(_serialization.Model): + """Information of a specific aggregation in the expansion result. All required parameters must be populated in order to send to Azure. - :ivar exclusion_pattern: Scenario exclusion pattern. Required. - :vartype exclusion_pattern: str - :ivar date_added_in_utc: DateTime when scenario exclusion pattern is added in UTC. Required. - :vartype date_added_in_utc: str + :ivar aggregation_type: The common type of the aggregation. (for e.g. entity field name). + :vartype aggregation_type: str + :ivar count: Total number of aggregations of the given kind (and aggregationType if given) in + the expansion result. Required. + :vartype count: int + :ivar display_name: The display name of the aggregation by type. + :vartype display_name: str + :ivar entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", + "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", + "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and + "Nic". + :vartype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum """ _validation = { - "exclusion_pattern": {"required": True}, - "date_added_in_utc": {"required": True}, + "count": {"required": True}, + "entity_kind": {"required": True}, } _attribute_map = { - "exclusion_pattern": {"key": "exclusionPattern", "type": "str"}, - "date_added_in_utc": {"key": "dateAddedInUTC", "type": "str"}, + "aggregation_type": {"key": "aggregationType", "type": "str"}, + "count": {"key": "count", "type": "int"}, + "display_name": {"key": "displayName", "type": "str"}, + "entity_kind": {"key": "entityKind", "type": "str"}, } - def __init__(self, *, exclusion_pattern: str, date_added_in_utc: str, **kwargs): + def __init__( + self, + *, + count: int, + entity_kind: Union[str, "_models.EntityKindEnum"], + aggregation_type: Optional[str] = None, + display_name: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword exclusion_pattern: Scenario exclusion pattern. Required. - :paramtype exclusion_pattern: str - :keyword date_added_in_utc: DateTime when scenario exclusion pattern is added in UTC. Required. - :paramtype date_added_in_utc: str + :keyword aggregation_type: The common type of the aggregation. (for e.g. entity field name). + :paramtype aggregation_type: str + :keyword count: Total number of aggregations of the given kind (and aggregationType if given) + in the expansion result. Required. + :paramtype count: int + :keyword display_name: The display name of the aggregation by type. + :paramtype display_name: str + :keyword entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", + "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", + "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and + "Nic". + :paramtype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum """ super().__init__(**kwargs) - self.exclusion_pattern = exclusion_pattern - self.date_added_in_utc = date_added_in_utc - + self.aggregation_type = aggregation_type + self.count = count + self.display_name = display_name + self.entity_kind = entity_kind -class FusionSourceSettings(_serialization.Model): - """Represents a supported source signal configuration in Fusion detection. - All required parameters must be populated in order to send to Azure. +class ExpansionResultsMetadata(_serialization.Model): + """Expansion result metadata. - :ivar enabled: Determines whether this source signal is enabled or disabled in Fusion - detection. Required. - :vartype enabled: bool - :ivar source_name: Name of the Fusion source signal. Refer to Fusion alert rule template for - supported values. Required. - :vartype source_name: str - :ivar source_sub_types: Configuration for all source subtypes under this source signal consumed - in fusion detection. - :vartype source_sub_types: list[~azure.mgmt.securityinsight.models.FusionSourceSubTypeSetting] + :ivar aggregations: Information of the aggregated nodes in the expansion result. + :vartype aggregations: list[~azure.mgmt.securityinsight.models.ExpansionResultAggregation] """ - _validation = { - "enabled": {"required": True}, - "source_name": {"required": True}, - } - _attribute_map = { - "enabled": {"key": "enabled", "type": "bool"}, - "source_name": {"key": "sourceName", "type": "str"}, - "source_sub_types": {"key": "sourceSubTypes", "type": "[FusionSourceSubTypeSetting]"}, + "aggregations": {"key": "aggregations", "type": "[ExpansionResultAggregation]"}, } def __init__( - self, - *, - enabled: bool, - source_name: str, - source_sub_types: Optional[List["_models.FusionSourceSubTypeSetting"]] = None, - **kwargs - ): + self, *, aggregations: Optional[List["_models.ExpansionResultAggregation"]] = None, **kwargs: Any + ) -> None: """ - :keyword enabled: Determines whether this source signal is enabled or disabled in Fusion - detection. Required. - :paramtype enabled: bool - :keyword source_name: Name of the Fusion source signal. Refer to Fusion alert rule template for - supported values. Required. - :paramtype source_name: str - :keyword source_sub_types: Configuration for all source subtypes under this source signal - consumed in fusion detection. - :paramtype source_sub_types: - list[~azure.mgmt.securityinsight.models.FusionSourceSubTypeSetting] + :keyword aggregations: Information of the aggregated nodes in the expansion result. + :paramtype aggregations: list[~azure.mgmt.securityinsight.models.ExpansionResultAggregation] """ super().__init__(**kwargs) - self.enabled = enabled - self.source_name = source_name - self.source_sub_types = source_sub_types + self.aggregations = aggregations -class FusionSourceSubTypeSetting(_serialization.Model): - """Represents a supported source subtype configuration under a source signal in Fusion detection. +class EyesOn(Settings): + """Settings with single toggle. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar enabled: Determines whether this source subtype under source signal is enabled or - disabled in Fusion detection. Required. - :vartype enabled: bool - :ivar source_sub_type_name: The Name of the source subtype under a given source signal in - Fusion detection. Refer to Fusion alert rule template for supported values. Required. - :vartype source_sub_type_name: str - :ivar source_sub_type_display_name: The display name of source subtype under a source signal - consumed in Fusion detection. - :vartype source_sub_type_display_name: str - :ivar severity_filters: Severity configuration for a source subtype consumed in fusion - detection. Required. - :vartype severity_filters: ~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFilter + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", + "EntityAnalytics", and "Ueba". + :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind + :ivar is_enabled: Determines whether the setting is enable or disabled. + :vartype is_enabled: bool """ _validation = { - "enabled": {"required": True}, - "source_sub_type_name": {"required": True}, - "source_sub_type_display_name": {"readonly": True}, - "severity_filters": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "is_enabled": {"readonly": True}, } _attribute_map = { - "enabled": {"key": "enabled", "type": "bool"}, - "source_sub_type_name": {"key": "sourceSubTypeName", "type": "str"}, - "source_sub_type_display_name": {"key": "sourceSubTypeDisplayName", "type": "str"}, - "severity_filters": {"key": "severityFilters", "type": "FusionSubTypeSeverityFilter"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "is_enabled": {"key": "properties.isEnabled", "type": "bool"}, } - def __init__( - self, - *, - enabled: bool, - source_sub_type_name: str, - severity_filters: "_models.FusionSubTypeSeverityFilter", - **kwargs - ): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword enabled: Determines whether this source subtype under source signal is enabled or - disabled in Fusion detection. Required. - :paramtype enabled: bool - :keyword source_sub_type_name: The Name of the source subtype under a given source signal in - Fusion detection. Refer to Fusion alert rule template for supported values. Required. - :paramtype source_sub_type_name: str - :keyword severity_filters: Severity configuration for a source subtype consumed in fusion - detection. Required. - :paramtype severity_filters: ~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFilter + :keyword etag: Etag of the azure resource. + :paramtype etag: str """ - super().__init__(**kwargs) - self.enabled = enabled - self.source_sub_type_name = source_sub_type_name - self.source_sub_type_display_name = None - self.severity_filters = severity_filters - + super().__init__(etag=etag, **kwargs) + self.kind: str = "EyesOn" + self.is_enabled = None -class FusionSubTypeSeverityFilter(_serialization.Model): - """Represents severity configuration for a source subtype consumed in Fusion detection. - Variables are only populated by the server, and will be ignored when sending a request. +class FieldMapping(_serialization.Model): + """A single field mapping of the mapped entity. - :ivar is_supported: Determines whether this source subtype supports severity configuration or - not. - :vartype is_supported: bool - :ivar filters: Individual Severity configuration settings for a given source subtype consumed - in Fusion detection. - :vartype filters: list[~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFiltersItem] + :ivar identifier: the V3 identifier of the entity. + :vartype identifier: str + :ivar column_name: the column name to be mapped to the identifier. + :vartype column_name: str """ - _validation = { - "is_supported": {"readonly": True}, - } - _attribute_map = { - "is_supported": {"key": "isSupported", "type": "bool"}, - "filters": {"key": "filters", "type": "[FusionSubTypeSeverityFiltersItem]"}, + "identifier": {"key": "identifier", "type": "str"}, + "column_name": {"key": "columnName", "type": "str"}, } - def __init__(self, *, filters: Optional[List["_models.FusionSubTypeSeverityFiltersItem"]] = None, **kwargs): + def __init__(self, *, identifier: Optional[str] = None, column_name: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword filters: Individual Severity configuration settings for a given source subtype - consumed in Fusion detection. - :paramtype filters: list[~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFiltersItem] + :keyword identifier: the V3 identifier of the entity. + :paramtype identifier: str + :keyword column_name: the column name to be mapped to the identifier. + :paramtype column_name: str """ super().__init__(**kwargs) - self.is_supported = None - self.filters = filters + self.identifier = identifier + self.column_name = column_name -class FusionSubTypeSeverityFiltersItem(_serialization.Model): - """Represents a Severity filter setting for a given source subtype consumed in Fusion detection. +class FileEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a file entity. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar severity: The Severity for a given source subtype consumed in Fusion detection. Required. - Known values are: "High", "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar enabled: Determines whether this severity is enabled or disabled for this source subtype - consumed in Fusion detection. Required. - :vartype enabled: bool + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar directory: The full path to the file. + :vartype directory: str + :ivar file_hash_entity_ids: The file hash entity identifiers associated with this file. + :vartype file_hash_entity_ids: list[str] + :ivar file_name: The file name without path (some alerts might not include path). + :vartype file_name: str + :ivar host_entity_id: The Host entity id which the file belongs to. + :vartype host_entity_id: str """ _validation = { - "severity": {"required": True}, - "enabled": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "directory": {"readonly": True}, + "file_hash_entity_ids": {"readonly": True}, + "file_name": {"readonly": True}, + "host_entity_id": {"readonly": True}, } _attribute_map = { - "severity": {"key": "severity", "type": "str"}, - "enabled": {"key": "enabled", "type": "bool"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "directory": {"key": "properties.directory", "type": "str"}, + "file_hash_entity_ids": {"key": "properties.fileHashEntityIds", "type": "[str]"}, + "file_name": {"key": "properties.fileName", "type": "str"}, + "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, } - def __init__(self, *, severity: Union[str, "_models.AlertSeverity"], enabled: bool, **kwargs): - """ - :keyword severity: The Severity for a given source subtype consumed in Fusion detection. - Required. Known values are: "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword enabled: Determines whether this severity is enabled or disabled for this source - subtype consumed in Fusion detection. Required. - :paramtype enabled: bool - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.severity = severity - self.enabled = enabled + self.kind: str = "File" + self.additional_data = None + self.friendly_name = None + self.directory = None + self.file_hash_entity_ids = None + self.file_name = None + self.host_entity_id = None -class FusionTemplateSourceSetting(_serialization.Model): - """Represents a source signal consumed in Fusion detection. +class FileEntityProperties(EntityCommonProperties): + """File entity property bag. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar source_name: The name of a source signal consumed in Fusion detection. Required. - :vartype source_name: str - :ivar source_sub_types: All supported source subtypes under this source signal consumed in - fusion detection. - :vartype source_sub_types: list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSubType] + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar directory: The full path to the file. + :vartype directory: str + :ivar file_hash_entity_ids: The file hash entity identifiers associated with this file. + :vartype file_hash_entity_ids: list[str] + :ivar file_name: The file name without path (some alerts might not include path). + :vartype file_name: str + :ivar host_entity_id: The Host entity id which the file belongs to. + :vartype host_entity_id: str """ _validation = { - "source_name": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "directory": {"readonly": True}, + "file_hash_entity_ids": {"readonly": True}, + "file_name": {"readonly": True}, + "host_entity_id": {"readonly": True}, } _attribute_map = { - "source_name": {"key": "sourceName", "type": "str"}, - "source_sub_types": {"key": "sourceSubTypes", "type": "[FusionTemplateSourceSubType]"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "directory": {"key": "directory", "type": "str"}, + "file_hash_entity_ids": {"key": "fileHashEntityIds", "type": "[str]"}, + "file_name": {"key": "fileName", "type": "str"}, + "host_entity_id": {"key": "hostEntityId", "type": "str"}, } - def __init__( - self, - *, - source_name: str, - source_sub_types: Optional[List["_models.FusionTemplateSourceSubType"]] = None, - **kwargs - ): - """ - :keyword source_name: The name of a source signal consumed in Fusion detection. Required. - :paramtype source_name: str - :keyword source_sub_types: All supported source subtypes under this source signal consumed in - fusion detection. - :paramtype source_sub_types: - list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSubType] - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.source_name = source_name - self.source_sub_types = source_sub_types + self.directory = None + self.file_hash_entity_ids = None + self.file_name = None + self.host_entity_id = None -class FusionTemplateSourceSubType(_serialization.Model): - """Represents a source subtype under a source signal consumed in Fusion detection. +class FileHashEntity(Entity): + """Represents a file hash entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar source_sub_type_name: The name of source subtype under a source signal consumed in Fusion - detection. Required. - :vartype source_sub_type_name: str - :ivar source_sub_type_display_name: The display name of source subtype under a source signal - consumed in Fusion detection. - :vartype source_sub_type_display_name: str - :ivar severity_filter: Severity configuration available for a source subtype consumed in fusion - detection. Required. - :vartype severity_filter: - ~azure.mgmt.securityinsight.models.FusionTemplateSubTypeSeverityFilter + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar algorithm: The hash algorithm type. Known values are: "Unknown", "MD5", "SHA1", "SHA256", + and "SHA256AC". + :vartype algorithm: str or ~azure.mgmt.securityinsight.models.FileHashAlgorithm + :ivar hash_value: The file hash value. + :vartype hash_value: str """ _validation = { - "source_sub_type_name": {"required": True}, - "source_sub_type_display_name": {"readonly": True}, - "severity_filter": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "algorithm": {"readonly": True}, + "hash_value": {"readonly": True}, } _attribute_map = { - "source_sub_type_name": {"key": "sourceSubTypeName", "type": "str"}, - "source_sub_type_display_name": {"key": "sourceSubTypeDisplayName", "type": "str"}, - "severity_filter": {"key": "severityFilter", "type": "FusionTemplateSubTypeSeverityFilter"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "algorithm": {"key": "properties.algorithm", "type": "str"}, + "hash_value": {"key": "properties.hashValue", "type": "str"}, } - def __init__( - self, *, source_sub_type_name: str, severity_filter: "_models.FusionTemplateSubTypeSeverityFilter", **kwargs - ): - """ - :keyword source_sub_type_name: The name of source subtype under a source signal consumed in - Fusion detection. Required. - :paramtype source_sub_type_name: str - :keyword severity_filter: Severity configuration available for a source subtype consumed in - fusion detection. Required. - :paramtype severity_filter: - ~azure.mgmt.securityinsight.models.FusionTemplateSubTypeSeverityFilter - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.source_sub_type_name = source_sub_type_name - self.source_sub_type_display_name = None - self.severity_filter = severity_filter - - -class FusionTemplateSubTypeSeverityFilter(_serialization.Model): - """Represents severity configurations available for a source subtype consumed in Fusion detection. + self.kind: str = "FileHash" + self.additional_data = None + self.friendly_name = None + self.algorithm = None + self.hash_value = None - All required parameters must be populated in order to send to Azure. - :ivar is_supported: Determines whether severity configuration is supported for this source - subtype consumed in Fusion detection. Required. - :vartype is_supported: bool - :ivar severity_filters: List of all supported severities for this source subtype consumed in - Fusion detection. - :vartype severity_filters: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - """ +class FileHashEntityProperties(EntityCommonProperties): + """FileHash entity property bag. - _validation = { - "is_supported": {"required": True}, - } + Variables are only populated by the server, and will be ignored when sending a request. - _attribute_map = { - "is_supported": {"key": "isSupported", "type": "bool"}, - "severity_filters": {"key": "severityFilters", "type": "[str]"}, - } - - def __init__( - self, - *, - is_supported: bool, - severity_filters: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - **kwargs - ): - """ - :keyword is_supported: Determines whether severity configuration is supported for this source - subtype consumed in Fusion detection. Required. - :paramtype is_supported: bool - :keyword severity_filters: List of all supported severities for this source subtype consumed in - Fusion detection. - :paramtype severity_filters: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - """ - super().__init__(**kwargs) - self.is_supported = is_supported - self.severity_filters = severity_filters - - -class GeoLocation(_serialization.Model): - """The geo-location context attached to the ip entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar asn: Autonomous System Number. - :vartype asn: int - :ivar city: City name. - :vartype city: str - :ivar country_code: The country code according to ISO 3166 format. - :vartype country_code: str - :ivar country_name: Country name according to ISO 3166 Alpha 2: the lowercase of the English - Short Name. - :vartype country_name: str - :ivar latitude: The longitude of the identified location, expressed as a floating point number - with range of -180 to 180, with positive numbers representing East and negative numbers - representing West. Latitude and longitude are derived from the city or postal code. - :vartype latitude: float - :ivar longitude: The latitude of the identified location, expressed as a floating point number - with range of - 90 to 90, with positive numbers representing North and negative numbers - representing South. Latitude and longitude are derived from the city or postal code. - :vartype longitude: float - :ivar state: State name. - :vartype state: str + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar algorithm: The hash algorithm type. Known values are: "Unknown", "MD5", "SHA1", "SHA256", + and "SHA256AC". + :vartype algorithm: str or ~azure.mgmt.securityinsight.models.FileHashAlgorithm + :ivar hash_value: The file hash value. + :vartype hash_value: str """ _validation = { - "asn": {"readonly": True}, - "city": {"readonly": True}, - "country_code": {"readonly": True}, - "country_name": {"readonly": True}, - "latitude": {"readonly": True}, - "longitude": {"readonly": True}, - "state": {"readonly": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "algorithm": {"readonly": True}, + "hash_value": {"readonly": True}, } _attribute_map = { - "asn": {"key": "asn", "type": "int"}, - "city": {"key": "city", "type": "str"}, - "country_code": {"key": "countryCode", "type": "str"}, - "country_name": {"key": "countryName", "type": "str"}, - "latitude": {"key": "latitude", "type": "float"}, - "longitude": {"key": "longitude", "type": "float"}, - "state": {"key": "state", "type": "str"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "algorithm": {"key": "algorithm", "type": "str"}, + "hash_value": {"key": "hashValue", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) - self.asn = None - self.city = None - self.country_code = None - self.country_name = None - self.latitude = None - self.longitude = None - self.state = None + self.algorithm = None + self.hash_value = None -class GetInsightsErrorKind(_serialization.Model): - """GetInsights Query Errors. +class FileImport(Resource): # pylint: disable=too-many-instance-attributes + """Represents a file import in Azure Security Insights. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar kind: the query kind. Required. "Insight" - :vartype kind: str or ~azure.mgmt.securityinsight.models.GetInsightsError - :ivar query_id: the query id. - :vartype query_id: str - :ivar error_message: the error message. Required. - :vartype error_message: str + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar ingestion_mode: Describes how to ingest the records in the file. Known values are: + "IngestOnlyIfAllAreValid", "IngestAnyValidRecords", and "Unspecified". + :vartype ingestion_mode: str or ~azure.mgmt.securityinsight.models.IngestionMode + :ivar content_type: The content type of this file. Known values are: "BasicIndicator", + "StixIndicator", and "Unspecified". + :vartype content_type: str or ~azure.mgmt.securityinsight.models.FileImportContentType + :ivar created_time_utc: The time the file was imported. + :vartype created_time_utc: ~datetime.datetime + :ivar error_file: Represents the error file (if the import was ingested with errors or failed + the validation). + :vartype error_file: ~azure.mgmt.securityinsight.models.FileMetadata + :ivar errors_preview: An ordered list of some of the errors that were encountered during + validation. + :vartype errors_preview: list[~azure.mgmt.securityinsight.models.ValidationError] + :ivar import_file: Represents the imported file. + :vartype import_file: ~azure.mgmt.securityinsight.models.FileMetadata + :ivar ingested_record_count: The number of records that have been successfully ingested. + :vartype ingested_record_count: int + :ivar source: The source for the data in the file. + :vartype source: str + :ivar state: The state of the file import. Known values are: "FatalError", "Ingested", + "IngestedWithErrors", "InProgress", "Invalid", "WaitingForUpload", and "Unspecified". + :vartype state: str or ~azure.mgmt.securityinsight.models.FileImportState + :ivar total_record_count: The number of records in the file. + :vartype total_record_count: int + :ivar valid_record_count: The number of records that have passed validation. + :vartype valid_record_count: int + :ivar files_valid_until_time_utc: The time the files associated with this import are deleted + from the storage account. + :vartype files_valid_until_time_utc: ~datetime.datetime + :ivar import_valid_until_time_utc: The time the file import record is soft deleted from the + database and history. + :vartype import_valid_until_time_utc: ~datetime.datetime """ _validation = { - "kind": {"required": True}, - "error_message": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "created_time_utc": {"readonly": True}, + "error_file": {"readonly": True}, + "errors_preview": {"readonly": True}, + "ingested_record_count": {"readonly": True}, + "state": {"readonly": True}, + "total_record_count": {"readonly": True}, + "valid_record_count": {"readonly": True}, + "files_valid_until_time_utc": {"readonly": True}, + "import_valid_until_time_utc": {"readonly": True}, } _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "query_id": {"key": "queryId", "type": "str"}, - "error_message": {"key": "errorMessage", "type": "str"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "ingestion_mode": {"key": "properties.ingestionMode", "type": "str"}, + "content_type": {"key": "properties.contentType", "type": "str"}, + "created_time_utc": {"key": "properties.createdTimeUTC", "type": "iso-8601"}, + "error_file": {"key": "properties.errorFile", "type": "FileMetadata"}, + "errors_preview": {"key": "properties.errorsPreview", "type": "[ValidationError]"}, + "import_file": {"key": "properties.importFile", "type": "FileMetadata"}, + "ingested_record_count": {"key": "properties.ingestedRecordCount", "type": "int"}, + "source": {"key": "properties.source", "type": "str"}, + "state": {"key": "properties.state", "type": "str"}, + "total_record_count": {"key": "properties.totalRecordCount", "type": "int"}, + "valid_record_count": {"key": "properties.validRecordCount", "type": "int"}, + "files_valid_until_time_utc": {"key": "properties.filesValidUntilTimeUTC", "type": "iso-8601"}, + "import_valid_until_time_utc": {"key": "properties.importValidUntilTimeUTC", "type": "iso-8601"}, } def __init__( self, *, - kind: Union[str, "_models.GetInsightsError"], - error_message: str, - query_id: Optional[str] = None, - **kwargs - ): + ingestion_mode: Optional[Union[str, "_models.IngestionMode"]] = None, + content_type: Optional[Union[str, "_models.FileImportContentType"]] = None, + import_file: Optional["_models.FileMetadata"] = None, + source: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword kind: the query kind. Required. "Insight" - :paramtype kind: str or ~azure.mgmt.securityinsight.models.GetInsightsError - :keyword query_id: the query id. - :paramtype query_id: str - :keyword error_message: the error message. Required. - :paramtype error_message: str + :keyword ingestion_mode: Describes how to ingest the records in the file. Known values are: + "IngestOnlyIfAllAreValid", "IngestAnyValidRecords", and "Unspecified". + :paramtype ingestion_mode: str or ~azure.mgmt.securityinsight.models.IngestionMode + :keyword content_type: The content type of this file. Known values are: "BasicIndicator", + "StixIndicator", and "Unspecified". + :paramtype content_type: str or ~azure.mgmt.securityinsight.models.FileImportContentType + :keyword import_file: Represents the imported file. + :paramtype import_file: ~azure.mgmt.securityinsight.models.FileMetadata + :keyword source: The source for the data in the file. + :paramtype source: str """ super().__init__(**kwargs) - self.kind = kind - self.query_id = query_id - self.error_message = error_message + self.ingestion_mode = ingestion_mode + self.content_type = content_type + self.created_time_utc = None + self.error_file = None + self.errors_preview = None + self.import_file = import_file + self.ingested_record_count = None + self.source = source + self.state = None + self.total_record_count = None + self.valid_record_count = None + self.files_valid_until_time_utc = None + self.import_valid_until_time_utc = None -class GetInsightsResultsMetadata(_serialization.Model): - """Get Insights result metadata. +class FileImportList(_serialization.Model): + """List all the file imports. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar total_count: the total items found for the insights request. Required. - :vartype total_count: int - :ivar errors: information about the failed queries. - :vartype errors: list[~azure.mgmt.securityinsight.models.GetInsightsErrorKind] + :ivar next_link: URL to fetch the next set of file imports. + :vartype next_link: str + :ivar value: Array of file imports. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.FileImport] """ _validation = { - "total_count": {"required": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "total_count": {"key": "totalCount", "type": "int"}, - "errors": {"key": "errors", "type": "[GetInsightsErrorKind]"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[FileImport]"}, } - def __init__(self, *, total_count: int, errors: Optional[List["_models.GetInsightsErrorKind"]] = None, **kwargs): + def __init__(self, *, value: List["_models.FileImport"], **kwargs: Any) -> None: """ - :keyword total_count: the total items found for the insights request. Required. - :paramtype total_count: int - :keyword errors: information about the failed queries. - :paramtype errors: list[~azure.mgmt.securityinsight.models.GetInsightsErrorKind] + :keyword value: Array of file imports. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.FileImport] """ super().__init__(**kwargs) - self.total_count = total_count - self.errors = errors - + self.next_link = None + self.value = value -class GetQueriesResponse(_serialization.Model): - """Retrieve queries for entity result operation response. - :ivar value: The query result values. - :vartype value: list[~azure.mgmt.securityinsight.models.EntityQueryItem] - """ +class FileMetadata(_serialization.Model): + """Represents a file. - _attribute_map = { - "value": {"key": "value", "type": "[EntityQueryItem]"}, - } + Variables are only populated by the server, and will be ignored when sending a request. - def __init__(self, *, value: Optional[List["_models.EntityQueryItem"]] = None, **kwargs): - """ - :keyword value: The query result values. - :paramtype value: list[~azure.mgmt.securityinsight.models.EntityQueryItem] - """ - super().__init__(**kwargs) - self.value = value - - -class GitHubResourceInfo(_serialization.Model): - """Resources created in GitHub repository. - - :ivar app_installation_id: GitHub application installation id. - :vartype app_installation_id: str - """ - - _attribute_map = { - "app_installation_id": {"key": "appInstallationId", "type": "str"}, - } - - def __init__(self, *, app_installation_id: Optional[str] = None, **kwargs): - """ - :keyword app_installation_id: GitHub application installation id. - :paramtype app_installation_id: str - """ - super().__init__(**kwargs) - self.app_installation_id = app_installation_id - - -class GroupingConfiguration(_serialization.Model): - """Grouping configuration property bag. - - All required parameters must be populated in order to send to Azure. - - :ivar enabled: Grouping enabled. Required. - :vartype enabled: bool - :ivar reopen_closed_incident: Re-open closed matching incidents. Required. - :vartype reopen_closed_incident: bool - :ivar lookback_duration: Limit the group to alerts created within the lookback duration (in ISO - 8601 duration format). Required. - :vartype lookback_duration: ~datetime.timedelta - :ivar matching_method: Grouping matching method. When method is Selected at least one of - groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. - Required. Known values are: "AllEntities", "AnyAlert", and "Selected". - :vartype matching_method: str or ~azure.mgmt.securityinsight.models.MatchingMethod - :ivar group_by_entities: A list of entity types to group by (when matchingMethod is Selected). - Only entities defined in the current alert rule may be used. - :vartype group_by_entities: list[str or ~azure.mgmt.securityinsight.models.EntityMappingType] - :ivar group_by_alert_details: A list of alert details to group by (when matchingMethod is - Selected). - :vartype group_by_alert_details: list[str or ~azure.mgmt.securityinsight.models.AlertDetail] - :ivar group_by_custom_details: A list of custom details keys to group by (when matchingMethod - is Selected). Only keys defined in the current alert rule may be used. - :vartype group_by_custom_details: list[str] + :ivar file_format: The format of the file. Known values are: "CSV", "JSON", and "Unspecified". + :vartype file_format: str or ~azure.mgmt.securityinsight.models.FileFormat + :ivar file_name: The name of the file. + :vartype file_name: str + :ivar file_size: The size of the file. + :vartype file_size: int + :ivar file_content_uri: A URI with a valid SAS token to allow uploading / downloading the file. + :vartype file_content_uri: str + :ivar delete_status: Indicates whether the file was deleted from the storage account. Known + values are: "Deleted", "NotDeleted", and "Unspecified". + :vartype delete_status: str or ~azure.mgmt.securityinsight.models.DeleteStatus """ _validation = { - "enabled": {"required": True}, - "reopen_closed_incident": {"required": True}, - "lookback_duration": {"required": True}, - "matching_method": {"required": True}, + "file_content_uri": {"readonly": True}, + "delete_status": {"readonly": True}, } _attribute_map = { - "enabled": {"key": "enabled", "type": "bool"}, - "reopen_closed_incident": {"key": "reopenClosedIncident", "type": "bool"}, - "lookback_duration": {"key": "lookbackDuration", "type": "duration"}, - "matching_method": {"key": "matchingMethod", "type": "str"}, - "group_by_entities": {"key": "groupByEntities", "type": "[str]"}, - "group_by_alert_details": {"key": "groupByAlertDetails", "type": "[str]"}, - "group_by_custom_details": {"key": "groupByCustomDetails", "type": "[str]"}, + "file_format": {"key": "fileFormat", "type": "str"}, + "file_name": {"key": "fileName", "type": "str"}, + "file_size": {"key": "fileSize", "type": "int"}, + "file_content_uri": {"key": "fileContentUri", "type": "str"}, + "delete_status": {"key": "deleteStatus", "type": "str"}, } def __init__( self, *, - enabled: bool, - reopen_closed_incident: bool, - lookback_duration: datetime.timedelta, - matching_method: Union[str, "_models.MatchingMethod"], - group_by_entities: Optional[List[Union[str, "_models.EntityMappingType"]]] = None, - group_by_alert_details: Optional[List[Union[str, "_models.AlertDetail"]]] = None, - group_by_custom_details: Optional[List[str]] = None, - **kwargs - ): + file_format: Optional[Union[str, "_models.FileFormat"]] = None, + file_name: Optional[str] = None, + file_size: Optional[int] = None, + **kwargs: Any + ) -> None: """ - :keyword enabled: Grouping enabled. Required. - :paramtype enabled: bool - :keyword reopen_closed_incident: Re-open closed matching incidents. Required. - :paramtype reopen_closed_incident: bool - :keyword lookback_duration: Limit the group to alerts created within the lookback duration (in - ISO 8601 duration format). Required. - :paramtype lookback_duration: ~datetime.timedelta - :keyword matching_method: Grouping matching method. When method is Selected at least one of - groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. - Required. Known values are: "AllEntities", "AnyAlert", and "Selected". - :paramtype matching_method: str or ~azure.mgmt.securityinsight.models.MatchingMethod - :keyword group_by_entities: A list of entity types to group by (when matchingMethod is - Selected). Only entities defined in the current alert rule may be used. - :paramtype group_by_entities: list[str or ~azure.mgmt.securityinsight.models.EntityMappingType] - :keyword group_by_alert_details: A list of alert details to group by (when matchingMethod is - Selected). - :paramtype group_by_alert_details: list[str or ~azure.mgmt.securityinsight.models.AlertDetail] - :keyword group_by_custom_details: A list of custom details keys to group by (when - matchingMethod is Selected). Only keys defined in the current alert rule may be used. - :paramtype group_by_custom_details: list[str] + :keyword file_format: The format of the file. Known values are: "CSV", "JSON", and + "Unspecified". + :paramtype file_format: str or ~azure.mgmt.securityinsight.models.FileFormat + :keyword file_name: The name of the file. + :paramtype file_name: str + :keyword file_size: The size of the file. + :paramtype file_size: int """ super().__init__(**kwargs) - self.enabled = enabled - self.reopen_closed_incident = reopen_closed_incident - self.lookback_duration = lookback_duration - self.matching_method = matching_method - self.group_by_entities = group_by_entities - self.group_by_alert_details = group_by_alert_details - self.group_by_custom_details = group_by_custom_details + self.file_format = file_format + self.file_name = file_name + self.file_size = file_size + self.file_content_uri = None + self.delete_status = None -class HostEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a host entity. +class FusionAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes + """Represents Fusion alert rule. Variables are only populated by the server, and will be ignored when sending a request. @@ -9635,39 +9784,34 @@ class HostEntity(Entity): # pylint: disable=too-many-instance-attributes :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar azure_id: The azure resource id of the VM. - :vartype azure_id: str - :ivar dns_domain: The DNS domain that this host belongs to. Should contain the compete DNS - suffix for the domain. - :vartype dns_domain: str - :ivar host_name: The hostname without the domain suffix. - :vartype host_name: str - :ivar is_domain_joined: Determines whether this host belongs to a domain. - :vartype is_domain_joined: bool - :ivar net_bios_name: The host name (pre-windows2000). - :vartype net_bios_name: str - :ivar nt_domain: The NT domain that this host belongs to. - :vartype nt_domain: str - :ivar oms_agent_id: The OMS agent id, if the host has OMS agent installed. - :vartype oms_agent_id: str - :ivar os_family: The operating system type. Known values are: "Linux", "Windows", "Android", - "IOS", and "Unknown". - :vartype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily - :ivar os_version: A free text representation of the operating system. This field is meant to - hold specific versions the are more fine grained than OSFamily or future values not supported - by OSFamily enumeration. - :vartype os_version: str + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. + :vartype alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. + :vartype display_name: str + :ivar enabled: Determines whether this alert rule is enabled or disabled. + :vartype enabled: bool + :ivar source_settings: Configuration for all supported source signals in fusion detection. + :vartype source_settings: list[~azure.mgmt.securityinsight.models.FusionSourceSettings] + :ivar scenario_exclusion_patterns: Configuration to exclude scenarios in fusion detection. + :vartype scenario_exclusion_patterns: + list[~azure.mgmt.securityinsight.models.FusionScenarioExclusionPattern] + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] """ _validation = { @@ -9676,16 +9820,12 @@ class HostEntity(Entity): # pylint: disable=too-many-instance-attributes "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "azure_id": {"readonly": True}, - "dns_domain": {"readonly": True}, - "host_name": {"readonly": True}, - "is_domain_joined": {"readonly": True}, - "net_bios_name": {"readonly": True}, - "nt_domain": {"readonly": True}, - "oms_agent_id": {"readonly": True}, - "os_version": {"readonly": True}, + "description": {"readonly": True}, + "display_name": {"readonly": True}, + "last_modified_utc": {"readonly": True}, + "severity": {"readonly": True}, + "tactics": {"readonly": True}, + "techniques": {"readonly": True}, } _attribute_map = { @@ -9693,123 +9833,63 @@ class HostEntity(Entity): # pylint: disable=too-many-instance-attributes "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "azure_id": {"key": "properties.azureID", "type": "str"}, - "dns_domain": {"key": "properties.dnsDomain", "type": "str"}, - "host_name": {"key": "properties.hostName", "type": "str"}, - "is_domain_joined": {"key": "properties.isDomainJoined", "type": "bool"}, - "net_bios_name": {"key": "properties.netBiosName", "type": "str"}, - "nt_domain": {"key": "properties.ntDomain", "type": "str"}, - "oms_agent_id": {"key": "properties.omsAgentID", "type": "str"}, - "os_family": {"key": "properties.osFamily", "type": "str"}, - "os_version": {"key": "properties.osVersion", "type": "str"}, + "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "enabled": {"key": "properties.enabled", "type": "bool"}, + "source_settings": {"key": "properties.sourceSettings", "type": "[FusionSourceSettings]"}, + "scenario_exclusion_patterns": { + "key": "properties.scenarioExclusionPatterns", + "type": "[FusionScenarioExclusionPattern]", + }, + "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, + "severity": {"key": "properties.severity", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, } - def __init__(self, *, os_family: Optional[Union[str, "_models.OSFamily"]] = None, **kwargs): - """ - :keyword os_family: The operating system type. Known values are: "Linux", "Windows", "Android", - "IOS", and "Unknown". - :paramtype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily + def __init__( + self, + *, + etag: Optional[str] = None, + alert_rule_template_name: Optional[str] = None, + enabled: Optional[bool] = None, + source_settings: Optional[List["_models.FusionSourceSettings"]] = None, + scenario_exclusion_patterns: Optional[List["_models.FusionScenarioExclusionPattern"]] = None, + **kwargs: Any + ) -> None: """ - super().__init__(**kwargs) - self.kind: str = "Host" - self.additional_data = None - self.friendly_name = None - self.azure_id = None - self.dns_domain = None - self.host_name = None - self.is_domain_joined = None - self.net_bios_name = None - self.nt_domain = None - self.oms_agent_id = None - self.os_family = os_family - self.os_version = None - - -class HostEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """Host entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar azure_id: The azure resource id of the VM. - :vartype azure_id: str - :ivar dns_domain: The DNS domain that this host belongs to. Should contain the compete DNS - suffix for the domain. - :vartype dns_domain: str - :ivar host_name: The hostname without the domain suffix. - :vartype host_name: str - :ivar is_domain_joined: Determines whether this host belongs to a domain. - :vartype is_domain_joined: bool - :ivar net_bios_name: The host name (pre-windows2000). - :vartype net_bios_name: str - :ivar nt_domain: The NT domain that this host belongs to. - :vartype nt_domain: str - :ivar oms_agent_id: The OMS agent id, if the host has OMS agent installed. - :vartype oms_agent_id: str - :ivar os_family: The operating system type. Known values are: "Linux", "Windows", "Android", - "IOS", and "Unknown". - :vartype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily - :ivar os_version: A free text representation of the operating system. This field is meant to - hold specific versions the are more fine grained than OSFamily or future values not supported - by OSFamily enumeration. - :vartype os_version: str - """ - - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "azure_id": {"readonly": True}, - "dns_domain": {"readonly": True}, - "host_name": {"readonly": True}, - "is_domain_joined": {"readonly": True}, - "net_bios_name": {"readonly": True}, - "nt_domain": {"readonly": True}, - "oms_agent_id": {"readonly": True}, - "os_version": {"readonly": True}, - } - - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "azure_id": {"key": "azureID", "type": "str"}, - "dns_domain": {"key": "dnsDomain", "type": "str"}, - "host_name": {"key": "hostName", "type": "str"}, - "is_domain_joined": {"key": "isDomainJoined", "type": "bool"}, - "net_bios_name": {"key": "netBiosName", "type": "str"}, - "nt_domain": {"key": "ntDomain", "type": "str"}, - "oms_agent_id": {"key": "omsAgentID", "type": "str"}, - "os_family": {"key": "osFamily", "type": "str"}, - "os_version": {"key": "osVersion", "type": "str"}, - } - - def __init__(self, *, os_family: Optional[Union[str, "_models.OSFamily"]] = None, **kwargs): - """ - :keyword os_family: The operating system type. Known values are: "Linux", "Windows", "Android", - "IOS", and "Unknown". - :paramtype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword alert_rule_template_name: The Name of the alert rule template used to create this + rule. + :paramtype alert_rule_template_name: str + :keyword enabled: Determines whether this alert rule is enabled or disabled. + :paramtype enabled: bool + :keyword source_settings: Configuration for all supported source signals in fusion detection. + :paramtype source_settings: list[~azure.mgmt.securityinsight.models.FusionSourceSettings] + :keyword scenario_exclusion_patterns: Configuration to exclude scenarios in fusion detection. + :paramtype scenario_exclusion_patterns: + list[~azure.mgmt.securityinsight.models.FusionScenarioExclusionPattern] """ - super().__init__(**kwargs) - self.azure_id = None - self.dns_domain = None - self.host_name = None - self.is_domain_joined = None - self.net_bios_name = None - self.nt_domain = None - self.oms_agent_id = None - self.os_family = os_family - self.os_version = None + super().__init__(etag=etag, **kwargs) + self.kind: str = "Fusion" + self.alert_rule_template_name = alert_rule_template_name + self.description = None + self.display_name = None + self.enabled = enabled + self.source_settings = source_settings + self.scenario_exclusion_patterns = scenario_exclusion_patterns + self.last_modified_utc = None + self.severity = None + self.tactics = None + self.techniques = None -class HuntingBookmark(Entity): # pylint: disable=too-many-instance-attributes - """Represents a Hunting bookmark entity. +class FusionAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes + """Represents Fusion alert rule template. Variables are only populated by the server, and will be ignored when sending a request. @@ -9826,39 +9906,36 @@ class HuntingBookmark(Entity): # pylint: disable=too-many-instance-attributes :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar created: The time the bookmark was created. - :vartype created: ~datetime.datetime - :ivar created_by: Describes a user that created the bookmark. - :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar display_name: The display name of the bookmark. + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar last_updated_date_utc: The time that this alert rule template was last updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. :vartype display_name: str - :ivar event_time: The time of the event. - :vartype event_time: ~datetime.datetime - :ivar labels: List of labels relevant to this bookmark. - :vartype labels: list[str] - :ivar notes: The notes of the bookmark. - :vartype notes: str - :ivar query: The query of the bookmark. - :vartype query: str - :ivar query_result: The query result of the bookmark. - :vartype query_result: str - :ivar updated: The last time the bookmark was updated. - :vartype updated: ~datetime.datetime - :ivar updated_by: Describes a user that updated the bookmark. - :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar incident_info: Describes an incident that relates to bookmark. - :vartype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + :ivar required_data_connectors: The required data connectors for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar tactics: The tactics of the alert rule template. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + :ivar source_settings: All supported source signal configurations consumed in fusion detection. + :vartype source_settings: list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSetting] """ _validation = { @@ -9867,8 +9944,8 @@ class HuntingBookmark(Entity): # pylint: disable=too-many-instance-attributes "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, + "created_date_utc": {"readonly": True}, + "last_updated_date_utc": {"readonly": True}, } _attribute_map = { @@ -9877,1661 +9954,1751 @@ class HuntingBookmark(Entity): # pylint: disable=too-many-instance-attributes "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "created": {"key": "properties.created", "type": "iso-8601"}, - "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, + "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, + "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, + "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, + "description": {"key": "properties.description", "type": "str"}, "display_name": {"key": "properties.displayName", "type": "str"}, - "event_time": {"key": "properties.eventTime", "type": "iso-8601"}, - "labels": {"key": "properties.labels", "type": "[str]"}, - "notes": {"key": "properties.notes", "type": "str"}, - "query": {"key": "properties.query", "type": "str"}, - "query_result": {"key": "properties.queryResult", "type": "str"}, - "updated": {"key": "properties.updated", "type": "iso-8601"}, - "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, - "incident_info": {"key": "properties.incidentInfo", "type": "IncidentInfo"}, + "required_data_connectors": { + "key": "properties.requiredDataConnectors", + "type": "[AlertRuleTemplateDataSource]", + }, + "status": {"key": "properties.status", "type": "str"}, + "severity": {"key": "properties.severity", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + "source_settings": {"key": "properties.sourceSettings", "type": "[FusionTemplateSourceSetting]"}, } def __init__( self, *, - created: Optional[datetime.datetime] = None, - created_by: Optional["_models.UserInfo"] = None, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, display_name: Optional[str] = None, - event_time: Optional[datetime.datetime] = None, - labels: Optional[List[str]] = None, - notes: Optional[str] = None, - query: Optional[str] = None, - query_result: Optional[str] = None, - updated: Optional[datetime.datetime] = None, - updated_by: Optional["_models.UserInfo"] = None, - incident_info: Optional["_models.IncidentInfo"] = None, - **kwargs - ): + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + source_settings: Optional[List["_models.FusionTemplateSourceSetting"]] = None, + **kwargs: Any + ) -> None: """ - :keyword created: The time the bookmark was created. - :paramtype created: ~datetime.datetime - :keyword created_by: Describes a user that created the bookmark. - :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword display_name: The display name of the bookmark. + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. :paramtype display_name: str - :keyword event_time: The time of the event. - :paramtype event_time: ~datetime.datetime - :keyword labels: List of labels relevant to this bookmark. - :paramtype labels: list[str] - :keyword notes: The notes of the bookmark. - :paramtype notes: str - :keyword query: The query of the bookmark. - :paramtype query: str - :keyword query_result: The query result of the bookmark. - :paramtype query_result: str - :keyword updated: The last time the bookmark was updated. - :paramtype updated: ~datetime.datetime - :keyword updated_by: Describes a user that updated the bookmark. - :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword incident_info: Describes an incident that relates to bookmark. - :paramtype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo - """ - super().__init__(**kwargs) - self.kind: str = "Bookmark" - self.additional_data = None - self.friendly_name = None - self.created = created - self.created_by = created_by - self.display_name = display_name - self.event_time = event_time - self.labels = labels - self.notes = notes - self.query = query - self.query_result = query_result - self.updated = updated - self.updated_by = updated_by - self.incident_info = incident_info - + :keyword required_data_connectors: The required data connectors for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword tactics: The tactics of the alert rule template. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + :keyword source_settings: All supported source signal configurations consumed in fusion + detection. + :paramtype source_settings: + list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSetting] + """ + super().__init__(**kwargs) + self.kind: str = "Fusion" + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.created_date_utc = None + self.last_updated_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.severity = severity + self.tactics = tactics + self.techniques = techniques + self.source_settings = source_settings -class HuntingBookmarkProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """Describes bookmark properties. - Variables are only populated by the server, and will be ignored when sending a request. +class FusionScenarioExclusionPattern(_serialization.Model): + """Represents a Fusion scenario exclusion patterns in Fusion detection. All required parameters must be populated in order to send to Azure. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar created: The time the bookmark was created. - :vartype created: ~datetime.datetime - :ivar created_by: Describes a user that created the bookmark. - :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar display_name: The display name of the bookmark. Required. - :vartype display_name: str - :ivar event_time: The time of the event. - :vartype event_time: ~datetime.datetime - :ivar labels: List of labels relevant to this bookmark. - :vartype labels: list[str] - :ivar notes: The notes of the bookmark. - :vartype notes: str - :ivar query: The query of the bookmark. Required. - :vartype query: str - :ivar query_result: The query result of the bookmark. - :vartype query_result: str - :ivar updated: The last time the bookmark was updated. - :vartype updated: ~datetime.datetime - :ivar updated_by: Describes a user that updated the bookmark. - :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar incident_info: Describes an incident that relates to bookmark. - :vartype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + :ivar exclusion_pattern: Scenario exclusion pattern. Required. + :vartype exclusion_pattern: str + :ivar date_added_in_utc: DateTime when scenario exclusion pattern is added in UTC. Required. + :vartype date_added_in_utc: str """ _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "display_name": {"required": True}, - "query": {"required": True}, + "exclusion_pattern": {"required": True}, + "date_added_in_utc": {"required": True}, } _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "created": {"key": "created", "type": "iso-8601"}, - "created_by": {"key": "createdBy", "type": "UserInfo"}, - "display_name": {"key": "displayName", "type": "str"}, - "event_time": {"key": "eventTime", "type": "iso-8601"}, - "labels": {"key": "labels", "type": "[str]"}, - "notes": {"key": "notes", "type": "str"}, - "query": {"key": "query", "type": "str"}, - "query_result": {"key": "queryResult", "type": "str"}, - "updated": {"key": "updated", "type": "iso-8601"}, - "updated_by": {"key": "updatedBy", "type": "UserInfo"}, - "incident_info": {"key": "incidentInfo", "type": "IncidentInfo"}, + "exclusion_pattern": {"key": "exclusionPattern", "type": "str"}, + "date_added_in_utc": {"key": "dateAddedInUTC", "type": "str"}, } - def __init__( - self, - *, - display_name: str, - query: str, - created: Optional[datetime.datetime] = None, - created_by: Optional["_models.UserInfo"] = None, - event_time: Optional[datetime.datetime] = None, - labels: Optional[List[str]] = None, - notes: Optional[str] = None, - query_result: Optional[str] = None, - updated: Optional[datetime.datetime] = None, - updated_by: Optional["_models.UserInfo"] = None, - incident_info: Optional["_models.IncidentInfo"] = None, - **kwargs - ): + def __init__(self, *, exclusion_pattern: str, date_added_in_utc: str, **kwargs: Any) -> None: """ - :keyword created: The time the bookmark was created. - :paramtype created: ~datetime.datetime - :keyword created_by: Describes a user that created the bookmark. - :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword display_name: The display name of the bookmark. Required. - :paramtype display_name: str - :keyword event_time: The time of the event. - :paramtype event_time: ~datetime.datetime - :keyword labels: List of labels relevant to this bookmark. - :paramtype labels: list[str] - :keyword notes: The notes of the bookmark. - :paramtype notes: str - :keyword query: The query of the bookmark. Required. - :paramtype query: str - :keyword query_result: The query result of the bookmark. - :paramtype query_result: str - :keyword updated: The last time the bookmark was updated. - :paramtype updated: ~datetime.datetime - :keyword updated_by: Describes a user that updated the bookmark. - :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword incident_info: Describes an incident that relates to bookmark. - :paramtype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + :keyword exclusion_pattern: Scenario exclusion pattern. Required. + :paramtype exclusion_pattern: str + :keyword date_added_in_utc: DateTime when scenario exclusion pattern is added in UTC. Required. + :paramtype date_added_in_utc: str """ super().__init__(**kwargs) - self.created = created - self.created_by = created_by - self.display_name = display_name - self.event_time = event_time - self.labels = labels - self.notes = notes - self.query = query - self.query_result = query_result - self.updated = updated - self.updated_by = updated_by - self.incident_info = incident_info + self.exclusion_pattern = exclusion_pattern + self.date_added_in_utc = date_added_in_utc -class Incident(ResourceWithEtag): # pylint: disable=too-many-instance-attributes - """Incident. +class FusionSourceSettings(_serialization.Model): + """Represents a supported source signal configuration in Fusion detection. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar title: The title of the incident. - :vartype title: str - :ivar description: The description of the incident. - :vartype description: str - :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and - "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :ivar status: The status of the incident. Known values are: "New", "Active", and "Closed". - :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus - :ivar classification: The reason the incident was closed. Known values are: "Undetermined", - "TruePositive", "BenignPositive", and "FalsePositive". - :vartype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification - :ivar classification_reason: The classification reason the incident was closed with. Known - values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and - "InaccurateData". - :vartype classification_reason: str or - ~azure.mgmt.securityinsight.models.IncidentClassificationReason - :ivar classification_comment: Describes the reason the incident was closed. - :vartype classification_comment: str - :ivar owner: Describes a user that the incident is assigned to. - :vartype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo - :ivar labels: List of labels relevant to this incident. - :vartype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] - :ivar first_activity_time_utc: The time of the first activity in the incident. - :vartype first_activity_time_utc: ~datetime.datetime - :ivar last_activity_time_utc: The time of the last activity in the incident. - :vartype last_activity_time_utc: ~datetime.datetime - :ivar last_modified_time_utc: The last time the incident was updated. - :vartype last_modified_time_utc: ~datetime.datetime - :ivar created_time_utc: The time the incident was created. - :vartype created_time_utc: ~datetime.datetime - :ivar incident_number: A sequential number. - :vartype incident_number: int - :ivar additional_data: Additional data on the incident. - :vartype additional_data: ~azure.mgmt.securityinsight.models.IncidentAdditionalData - :ivar related_analytic_rule_ids: List of resource ids of Analytic rules related to the - incident. - :vartype related_analytic_rule_ids: list[str] - :ivar incident_url: The deep-link url to the incident in Azure portal. - :vartype incident_url: str - :ivar provider_name: The name of the source provider that generated the incident. - :vartype provider_name: str - :ivar provider_incident_id: The incident ID assigned by the incident provider. - :vartype provider_incident_id: str - :ivar team_information: Describes a team for the incident. - :vartype team_information: ~azure.mgmt.securityinsight.models.TeamInformation + :ivar enabled: Determines whether this source signal is enabled or disabled in Fusion + detection. Required. + :vartype enabled: bool + :ivar source_name: Name of the Fusion source signal. Refer to Fusion alert rule template for + supported values. Required. + :vartype source_name: str + :ivar source_sub_types: Configuration for all source subtypes under this source signal consumed + in fusion detection. + :vartype source_sub_types: list[~azure.mgmt.securityinsight.models.FusionSourceSubTypeSetting] """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "last_modified_time_utc": {"readonly": True}, - "created_time_utc": {"readonly": True}, - "incident_number": {"readonly": True}, - "additional_data": {"readonly": True}, - "related_analytic_rule_ids": {"readonly": True}, - "incident_url": {"readonly": True}, + "enabled": {"required": True}, + "source_name": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "title": {"key": "properties.title", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "severity": {"key": "properties.severity", "type": "str"}, - "status": {"key": "properties.status", "type": "str"}, - "classification": {"key": "properties.classification", "type": "str"}, - "classification_reason": {"key": "properties.classificationReason", "type": "str"}, - "classification_comment": {"key": "properties.classificationComment", "type": "str"}, - "owner": {"key": "properties.owner", "type": "IncidentOwnerInfo"}, - "labels": {"key": "properties.labels", "type": "[IncidentLabel]"}, - "first_activity_time_utc": {"key": "properties.firstActivityTimeUtc", "type": "iso-8601"}, - "last_activity_time_utc": {"key": "properties.lastActivityTimeUtc", "type": "iso-8601"}, - "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, - "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, - "incident_number": {"key": "properties.incidentNumber", "type": "int"}, - "additional_data": {"key": "properties.additionalData", "type": "IncidentAdditionalData"}, - "related_analytic_rule_ids": {"key": "properties.relatedAnalyticRuleIds", "type": "[str]"}, - "incident_url": {"key": "properties.incidentUrl", "type": "str"}, - "provider_name": {"key": "properties.providerName", "type": "str"}, - "provider_incident_id": {"key": "properties.providerIncidentId", "type": "str"}, - "team_information": {"key": "properties.teamInformation", "type": "TeamInformation"}, + "enabled": {"key": "enabled", "type": "bool"}, + "source_name": {"key": "sourceName", "type": "str"}, + "source_sub_types": {"key": "sourceSubTypes", "type": "[FusionSourceSubTypeSetting]"}, } - def __init__( # pylint: disable=too-many-locals + def __init__( self, *, - etag: Optional[str] = None, - title: Optional[str] = None, - description: Optional[str] = None, - severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, - status: Optional[Union[str, "_models.IncidentStatus"]] = None, - classification: Optional[Union[str, "_models.IncidentClassification"]] = None, - classification_reason: Optional[Union[str, "_models.IncidentClassificationReason"]] = None, - classification_comment: Optional[str] = None, - owner: Optional["_models.IncidentOwnerInfo"] = None, - labels: Optional[List["_models.IncidentLabel"]] = None, - first_activity_time_utc: Optional[datetime.datetime] = None, - last_activity_time_utc: Optional[datetime.datetime] = None, - provider_name: Optional[str] = None, - provider_incident_id: Optional[str] = None, - team_information: Optional["_models.TeamInformation"] = None, - **kwargs - ): + enabled: bool, + source_name: str, + source_sub_types: Optional[List["_models.FusionSourceSubTypeSetting"]] = None, + **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword title: The title of the incident. - :paramtype title: str - :keyword description: The description of the incident. - :paramtype description: str - :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and - "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :keyword status: The status of the incident. Known values are: "New", "Active", and "Closed". - :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus - :keyword classification: The reason the incident was closed. Known values are: "Undetermined", - "TruePositive", "BenignPositive", and "FalsePositive". - :paramtype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification - :keyword classification_reason: The classification reason the incident was closed with. Known - values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and - "InaccurateData". - :paramtype classification_reason: str or - ~azure.mgmt.securityinsight.models.IncidentClassificationReason - :keyword classification_comment: Describes the reason the incident was closed. - :paramtype classification_comment: str - :keyword owner: Describes a user that the incident is assigned to. - :paramtype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo - :keyword labels: List of labels relevant to this incident. - :paramtype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] - :keyword first_activity_time_utc: The time of the first activity in the incident. - :paramtype first_activity_time_utc: ~datetime.datetime - :keyword last_activity_time_utc: The time of the last activity in the incident. - :paramtype last_activity_time_utc: ~datetime.datetime - :keyword provider_name: The name of the source provider that generated the incident. - :paramtype provider_name: str - :keyword provider_incident_id: The incident ID assigned by the incident provider. - :paramtype provider_incident_id: str - :keyword team_information: Describes a team for the incident. - :paramtype team_information: ~azure.mgmt.securityinsight.models.TeamInformation + :keyword enabled: Determines whether this source signal is enabled or disabled in Fusion + detection. Required. + :paramtype enabled: bool + :keyword source_name: Name of the Fusion source signal. Refer to Fusion alert rule template for + supported values. Required. + :paramtype source_name: str + :keyword source_sub_types: Configuration for all source subtypes under this source signal + consumed in fusion detection. + :paramtype source_sub_types: + list[~azure.mgmt.securityinsight.models.FusionSourceSubTypeSetting] """ - super().__init__(etag=etag, **kwargs) - self.title = title - self.description = description - self.severity = severity - self.status = status - self.classification = classification - self.classification_reason = classification_reason - self.classification_comment = classification_comment - self.owner = owner - self.labels = labels - self.first_activity_time_utc = first_activity_time_utc - self.last_activity_time_utc = last_activity_time_utc - self.last_modified_time_utc = None - self.created_time_utc = None - self.incident_number = None - self.additional_data = None - self.related_analytic_rule_ids = None - self.incident_url = None - self.provider_name = provider_name - self.provider_incident_id = provider_incident_id - self.team_information = team_information + super().__init__(**kwargs) + self.enabled = enabled + self.source_name = source_name + self.source_sub_types = source_sub_types -class IncidentAdditionalData(_serialization.Model): - """Incident additional data property bag. +class FusionSourceSubTypeSetting(_serialization.Model): + """Represents a supported source subtype configuration under a source signal in Fusion detection. Variables are only populated by the server, and will be ignored when sending a request. - :ivar alerts_count: The number of alerts in the incident. - :vartype alerts_count: int - :ivar bookmarks_count: The number of bookmarks in the incident. - :vartype bookmarks_count: int - :ivar comments_count: The number of comments in the incident. - :vartype comments_count: int - :ivar alert_product_names: List of product names of alerts in the incident. - :vartype alert_product_names: list[str] - :ivar tactics: The tactics associated with incident. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques associated with incident's tactics. - :vartype techniques: list[str] - :ivar provider_incident_url: The provider incident url to the incident in Microsoft 365 - Defender portal. - :vartype provider_incident_url: str + All required parameters must be populated in order to send to Azure. + + :ivar enabled: Determines whether this source subtype under source signal is enabled or + disabled in Fusion detection. Required. + :vartype enabled: bool + :ivar source_sub_type_name: The Name of the source subtype under a given source signal in + Fusion detection. Refer to Fusion alert rule template for supported values. Required. + :vartype source_sub_type_name: str + :ivar source_sub_type_display_name: The display name of source subtype under a source signal + consumed in Fusion detection. + :vartype source_sub_type_display_name: str + :ivar severity_filters: Severity configuration for a source subtype consumed in fusion + detection. Required. + :vartype severity_filters: ~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFilter """ _validation = { - "alerts_count": {"readonly": True}, - "bookmarks_count": {"readonly": True}, - "comments_count": {"readonly": True}, - "alert_product_names": {"readonly": True}, - "tactics": {"readonly": True}, - "techniques": {"readonly": True}, - "provider_incident_url": {"readonly": True}, + "enabled": {"required": True}, + "source_sub_type_name": {"required": True}, + "source_sub_type_display_name": {"readonly": True}, + "severity_filters": {"required": True}, } _attribute_map = { - "alerts_count": {"key": "alertsCount", "type": "int"}, - "bookmarks_count": {"key": "bookmarksCount", "type": "int"}, - "comments_count": {"key": "commentsCount", "type": "int"}, - "alert_product_names": {"key": "alertProductNames", "type": "[str]"}, - "tactics": {"key": "tactics", "type": "[str]"}, - "techniques": {"key": "techniques", "type": "[str]"}, - "provider_incident_url": {"key": "providerIncidentUrl", "type": "str"}, + "enabled": {"key": "enabled", "type": "bool"}, + "source_sub_type_name": {"key": "sourceSubTypeName", "type": "str"}, + "source_sub_type_display_name": {"key": "sourceSubTypeDisplayName", "type": "str"}, + "severity_filters": {"key": "severityFilters", "type": "FusionSubTypeSeverityFilter"}, } - def __init__(self, **kwargs): - """ """ + def __init__( + self, + *, + enabled: bool, + source_sub_type_name: str, + severity_filters: "_models.FusionSubTypeSeverityFilter", + **kwargs: Any + ) -> None: + """ + :keyword enabled: Determines whether this source subtype under source signal is enabled or + disabled in Fusion detection. Required. + :paramtype enabled: bool + :keyword source_sub_type_name: The Name of the source subtype under a given source signal in + Fusion detection. Refer to Fusion alert rule template for supported values. Required. + :paramtype source_sub_type_name: str + :keyword severity_filters: Severity configuration for a source subtype consumed in fusion + detection. Required. + :paramtype severity_filters: ~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFilter + """ super().__init__(**kwargs) - self.alerts_count = None - self.bookmarks_count = None - self.comments_count = None - self.alert_product_names = None - self.tactics = None - self.techniques = None - self.provider_incident_url = None + self.enabled = enabled + self.source_sub_type_name = source_sub_type_name + self.source_sub_type_display_name = None + self.severity_filters = severity_filters -class IncidentAlertList(_serialization.Model): - """List of incident alerts. +class FusionSubTypeSeverityFilter(_serialization.Model): + """Represents severity configuration for a source subtype consumed in Fusion detection. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar value: Array of incident alerts. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.SecurityAlert] + :ivar is_supported: Determines whether this source subtype supports severity configuration or + not. + :vartype is_supported: bool + :ivar filters: Individual Severity configuration settings for a given source subtype consumed + in Fusion detection. + :vartype filters: list[~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFiltersItem] """ _validation = { - "value": {"required": True}, + "is_supported": {"readonly": True}, } _attribute_map = { - "value": {"key": "value", "type": "[SecurityAlert]"}, + "is_supported": {"key": "isSupported", "type": "bool"}, + "filters": {"key": "filters", "type": "[FusionSubTypeSeverityFiltersItem]"}, } - def __init__(self, *, value: List["_models.SecurityAlert"], **kwargs): + def __init__( + self, *, filters: Optional[List["_models.FusionSubTypeSeverityFiltersItem"]] = None, **kwargs: Any + ) -> None: """ - :keyword value: Array of incident alerts. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.SecurityAlert] + :keyword filters: Individual Severity configuration settings for a given source subtype + consumed in Fusion detection. + :paramtype filters: list[~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFiltersItem] """ super().__init__(**kwargs) - self.value = value + self.is_supported = None + self.filters = filters -class IncidentBookmarkList(_serialization.Model): - """List of incident bookmarks. +class FusionSubTypeSeverityFiltersItem(_serialization.Model): + """Represents a Severity filter setting for a given source subtype consumed in Fusion detection. All required parameters must be populated in order to send to Azure. - :ivar value: Array of incident bookmarks. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.HuntingBookmark] + :ivar severity: The Severity for a given source subtype consumed in Fusion detection. Required. + Known values are: "High", "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar enabled: Determines whether this severity is enabled or disabled for this source subtype + consumed in Fusion detection. Required. + :vartype enabled: bool """ _validation = { - "value": {"required": True}, + "severity": {"required": True}, + "enabled": {"required": True}, } _attribute_map = { - "value": {"key": "value", "type": "[HuntingBookmark]"}, + "severity": {"key": "severity", "type": "str"}, + "enabled": {"key": "enabled", "type": "bool"}, } - def __init__(self, *, value: List["_models.HuntingBookmark"], **kwargs): + def __init__(self, *, severity: Union[str, "_models.AlertSeverity"], enabled: bool, **kwargs: Any) -> None: """ - :keyword value: Array of incident bookmarks. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.HuntingBookmark] + :keyword severity: The Severity for a given source subtype consumed in Fusion detection. + Required. Known values are: "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword enabled: Determines whether this severity is enabled or disabled for this source + subtype consumed in Fusion detection. Required. + :paramtype enabled: bool """ super().__init__(**kwargs) - self.value = value + self.severity = severity + self.enabled = enabled -class IncidentComment(ResourceWithEtag): - """Represents an incident comment. +class FusionTemplateSourceSetting(_serialization.Model): + """Represents a source signal consumed in Fusion detection. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar message: The comment message. - :vartype message: str - :ivar created_time_utc: The time the comment was created. - :vartype created_time_utc: ~datetime.datetime - :ivar last_modified_time_utc: The time the comment was updated. - :vartype last_modified_time_utc: ~datetime.datetime - :ivar author: Describes the client that created the comment. - :vartype author: ~azure.mgmt.securityinsight.models.ClientInfo - """ + :ivar source_name: The name of a source signal consumed in Fusion detection. Required. + :vartype source_name: str + :ivar source_sub_types: All supported source subtypes under this source signal consumed in + fusion detection. + :vartype source_sub_types: list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSubType] + """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "created_time_utc": {"readonly": True}, - "last_modified_time_utc": {"readonly": True}, - "author": {"readonly": True}, + "source_name": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "message": {"key": "properties.message", "type": "str"}, - "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, - "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, - "author": {"key": "properties.author", "type": "ClientInfo"}, + "source_name": {"key": "sourceName", "type": "str"}, + "source_sub_types": {"key": "sourceSubTypes", "type": "[FusionTemplateSourceSubType]"}, } - def __init__(self, *, etag: Optional[str] = None, message: Optional[str] = None, **kwargs): + def __init__( + self, + *, + source_name: str, + source_sub_types: Optional[List["_models.FusionTemplateSourceSubType"]] = None, + **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword message: The comment message. - :paramtype message: str + :keyword source_name: The name of a source signal consumed in Fusion detection. Required. + :paramtype source_name: str + :keyword source_sub_types: All supported source subtypes under this source signal consumed in + fusion detection. + :paramtype source_sub_types: + list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSubType] """ - super().__init__(etag=etag, **kwargs) - self.message = message - self.created_time_utc = None - self.last_modified_time_utc = None - self.author = None + super().__init__(**kwargs) + self.source_name = source_name + self.source_sub_types = source_sub_types -class IncidentCommentList(_serialization.Model): - """IncidentCommentList. +class FusionTemplateSourceSubType(_serialization.Model): + """Represents a source subtype under a source signal consumed in Fusion detection. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar value: Required. - :vartype value: list[~azure.mgmt.securityinsight.models.IncidentComment] - :ivar next_link: - :vartype next_link: str + :ivar source_sub_type_name: The name of source subtype under a source signal consumed in Fusion + detection. Required. + :vartype source_sub_type_name: str + :ivar source_sub_type_display_name: The display name of source subtype under a source signal + consumed in Fusion detection. + :vartype source_sub_type_display_name: str + :ivar severity_filter: Severity configuration available for a source subtype consumed in fusion + detection. Required. + :vartype severity_filter: + ~azure.mgmt.securityinsight.models.FusionTemplateSubTypeSeverityFilter """ _validation = { - "value": {"required": True}, - "next_link": {"readonly": True}, + "source_sub_type_name": {"required": True}, + "source_sub_type_display_name": {"readonly": True}, + "severity_filter": {"required": True}, } _attribute_map = { - "value": {"key": "value", "type": "[IncidentComment]"}, - "next_link": {"key": "nextLink", "type": "str"}, + "source_sub_type_name": {"key": "sourceSubTypeName", "type": "str"}, + "source_sub_type_display_name": {"key": "sourceSubTypeDisplayName", "type": "str"}, + "severity_filter": {"key": "severityFilter", "type": "FusionTemplateSubTypeSeverityFilter"}, } - def __init__(self, *, value: List["_models.IncidentComment"], **kwargs): + def __init__( + self, + *, + source_sub_type_name: str, + severity_filter: "_models.FusionTemplateSubTypeSeverityFilter", + **kwargs: Any + ) -> None: """ - :keyword value: Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.IncidentComment] + :keyword source_sub_type_name: The name of source subtype under a source signal consumed in + Fusion detection. Required. + :paramtype source_sub_type_name: str + :keyword severity_filter: Severity configuration available for a source subtype consumed in + fusion detection. Required. + :paramtype severity_filter: + ~azure.mgmt.securityinsight.models.FusionTemplateSubTypeSeverityFilter """ super().__init__(**kwargs) - self.value = value - self.next_link = None + self.source_sub_type_name = source_sub_type_name + self.source_sub_type_display_name = None + self.severity_filter = severity_filter -class IncidentConfiguration(_serialization.Model): - """Incident Configuration property bag. +class FusionTemplateSubTypeSeverityFilter(_serialization.Model): + """Represents severity configurations available for a source subtype consumed in Fusion detection. All required parameters must be populated in order to send to Azure. - :ivar create_incident: Create incidents from alerts triggered by this analytics rule. Required. - :vartype create_incident: bool - :ivar grouping_configuration: Set how the alerts that are triggered by this analytics rule, are - grouped into incidents. - :vartype grouping_configuration: ~azure.mgmt.securityinsight.models.GroupingConfiguration + :ivar is_supported: Determines whether severity configuration is supported for this source + subtype consumed in Fusion detection. Required. + :vartype is_supported: bool + :ivar severity_filters: List of all supported severities for this source subtype consumed in + Fusion detection. + :vartype severity_filters: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] """ _validation = { - "create_incident": {"required": True}, + "is_supported": {"required": True}, } _attribute_map = { - "create_incident": {"key": "createIncident", "type": "bool"}, - "grouping_configuration": {"key": "groupingConfiguration", "type": "GroupingConfiguration"}, + "is_supported": {"key": "isSupported", "type": "bool"}, + "severity_filters": {"key": "severityFilters", "type": "[str]"}, } def __init__( self, *, - create_incident: bool, - grouping_configuration: Optional["_models.GroupingConfiguration"] = None, - **kwargs - ): + is_supported: bool, + severity_filters: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + **kwargs: Any + ) -> None: """ - :keyword create_incident: Create incidents from alerts triggered by this analytics rule. - Required. - :paramtype create_incident: bool - :keyword grouping_configuration: Set how the alerts that are triggered by this analytics rule, - are grouped into incidents. - :paramtype grouping_configuration: ~azure.mgmt.securityinsight.models.GroupingConfiguration + :keyword is_supported: Determines whether severity configuration is supported for this source + subtype consumed in Fusion detection. Required. + :paramtype is_supported: bool + :keyword severity_filters: List of all supported severities for this source subtype consumed in + Fusion detection. + :paramtype severity_filters: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] """ super().__init__(**kwargs) - self.create_incident = create_incident - self.grouping_configuration = grouping_configuration + self.is_supported = is_supported + self.severity_filters = severity_filters -class IncidentEntitiesResponse(_serialization.Model): - """The incident related entities response. +class GCPAuthProperties(_serialization.Model): + """Google Cloud Platform auth section properties. - :ivar entities: Array of the incident related entities. - :vartype entities: list[~azure.mgmt.securityinsight.models.Entity] - :ivar meta_data: The metadata from the incident related entities results. - :vartype meta_data: list[~azure.mgmt.securityinsight.models.IncidentEntitiesResultsMetadata] + All required parameters must be populated in order to send to Azure. + + :ivar service_account_email: The service account that is used to access the GCP project. + Required. + :vartype service_account_email: str + :ivar project_number: The GCP project number. Required. + :vartype project_number: str + :ivar workload_identity_provider_id: The workload identity provider id that is used to gain + access to the GCP project. Required. + :vartype workload_identity_provider_id: str """ + _validation = { + "service_account_email": {"required": True}, + "project_number": {"required": True}, + "workload_identity_provider_id": {"required": True}, + } + _attribute_map = { - "entities": {"key": "entities", "type": "[Entity]"}, - "meta_data": {"key": "metaData", "type": "[IncidentEntitiesResultsMetadata]"}, + "service_account_email": {"key": "serviceAccountEmail", "type": "str"}, + "project_number": {"key": "projectNumber", "type": "str"}, + "workload_identity_provider_id": {"key": "workloadIdentityProviderId", "type": "str"}, } def __init__( - self, - *, - entities: Optional[List["_models.Entity"]] = None, - meta_data: Optional[List["_models.IncidentEntitiesResultsMetadata"]] = None, - **kwargs - ): + self, *, service_account_email: str, project_number: str, workload_identity_provider_id: str, **kwargs: Any + ) -> None: """ - :keyword entities: Array of the incident related entities. - :paramtype entities: list[~azure.mgmt.securityinsight.models.Entity] - :keyword meta_data: The metadata from the incident related entities results. - :paramtype meta_data: list[~azure.mgmt.securityinsight.models.IncidentEntitiesResultsMetadata] + :keyword service_account_email: The service account that is used to access the GCP project. + Required. + :paramtype service_account_email: str + :keyword project_number: The GCP project number. Required. + :paramtype project_number: str + :keyword workload_identity_provider_id: The workload identity provider id that is used to gain + access to the GCP project. Required. + :paramtype workload_identity_provider_id: str """ super().__init__(**kwargs) - self.entities = entities - self.meta_data = meta_data + self.service_account_email = service_account_email + self.project_number = project_number + self.workload_identity_provider_id = workload_identity_provider_id -class IncidentEntitiesResultsMetadata(_serialization.Model): - """Information of a specific aggregation in the incident related entities result. +class GCPDataConnector(DataConnector): + """Represents Google Cloud Platform data connector. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", - "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", - "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and - "Nic". - :vartype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar count: Total number of aggregations of the given kind in the incident related entities - result. Required. - :vartype count: int + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar connector_definition_name: The name of the connector definition that represents the UI + config. + :vartype connector_definition_name: str + :ivar auth: The auth section of the connector. + :vartype auth: ~azure.mgmt.securityinsight.models.GCPAuthProperties + :ivar request: The request section of the connector. + :vartype request: ~azure.mgmt.securityinsight.models.GCPRequestProperties + :ivar dcr_config: The configuration of the destination of the data. + :vartype dcr_config: ~azure.mgmt.securityinsight.models.DCRConfiguration """ _validation = { - "entity_kind": {"required": True}, - "count": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - "entity_kind": {"key": "entityKind", "type": "str"}, - "count": {"key": "count", "type": "int"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "connector_definition_name": {"key": "properties.connectorDefinitionName", "type": "str"}, + "auth": {"key": "properties.auth", "type": "GCPAuthProperties"}, + "request": {"key": "properties.request", "type": "GCPRequestProperties"}, + "dcr_config": {"key": "properties.dcrConfig", "type": "DCRConfiguration"}, } - def __init__(self, *, entity_kind: Union[str, "_models.EntityKind"], count: int, **kwargs): + def __init__( + self, + *, + etag: Optional[str] = None, + connector_definition_name: Optional[str] = None, + auth: Optional["_models.GCPAuthProperties"] = None, + request: Optional["_models.GCPRequestProperties"] = None, + dcr_config: Optional["_models.DCRConfiguration"] = None, + **kwargs: Any + ) -> None: """ - :keyword entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", - "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", - "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and - "Nic". - :paramtype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :keyword count: Total number of aggregations of the given kind in the incident related entities - result. Required. - :paramtype count: int + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword connector_definition_name: The name of the connector definition that represents the UI + config. + :paramtype connector_definition_name: str + :keyword auth: The auth section of the connector. + :paramtype auth: ~azure.mgmt.securityinsight.models.GCPAuthProperties + :keyword request: The request section of the connector. + :paramtype request: ~azure.mgmt.securityinsight.models.GCPRequestProperties + :keyword dcr_config: The configuration of the destination of the data. + :paramtype dcr_config: ~azure.mgmt.securityinsight.models.DCRConfiguration """ - super().__init__(**kwargs) - self.entity_kind = entity_kind - self.count = count + super().__init__(etag=etag, **kwargs) + self.kind: str = "GCP" + self.connector_definition_name = connector_definition_name + self.auth = auth + self.request = request + self.dcr_config = dcr_config -class IncidentInfo(_serialization.Model): - """Describes related incident information for the bookmark. +class GCPRequestProperties(_serialization.Model): + """Google Cloud Platform request section properties. - :ivar incident_id: Incident Id. - :vartype incident_id: str - :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and - "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :ivar title: The title of the incident. - :vartype title: str - :ivar relation_name: Relation Name. - :vartype relation_name: str + All required parameters must be populated in order to send to Azure. + + :ivar project_id: The GCP project id. Required. + :vartype project_id: str + :ivar subscription_names: The GCP pub/sub subscription names. Required. + :vartype subscription_names: list[str] """ + _validation = { + "project_id": {"required": True}, + "subscription_names": {"required": True}, + } + _attribute_map = { - "incident_id": {"key": "incidentId", "type": "str"}, - "severity": {"key": "severity", "type": "str"}, - "title": {"key": "title", "type": "str"}, - "relation_name": {"key": "relationName", "type": "str"}, + "project_id": {"key": "projectId", "type": "str"}, + "subscription_names": {"key": "subscriptionNames", "type": "[str]"}, } - def __init__( - self, - *, - incident_id: Optional[str] = None, - severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, - title: Optional[str] = None, - relation_name: Optional[str] = None, - **kwargs - ): + def __init__(self, *, project_id: str, subscription_names: List[str], **kwargs: Any) -> None: """ - :keyword incident_id: Incident Id. - :paramtype incident_id: str - :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and - "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :keyword title: The title of the incident. - :paramtype title: str - :keyword relation_name: Relation Name. - :paramtype relation_name: str + :keyword project_id: The GCP project id. Required. + :paramtype project_id: str + :keyword subscription_names: The GCP pub/sub subscription names. Required. + :paramtype subscription_names: list[str] """ super().__init__(**kwargs) - self.incident_id = incident_id - self.severity = severity - self.title = title - self.relation_name = relation_name + self.project_id = project_id + self.subscription_names = subscription_names -class IncidentLabel(_serialization.Model): - """Represents an incident label. +class GeoLocation(_serialization.Model): + """The geo-location context attached to the ip entity. Variables are only populated by the server, and will be ignored when sending a request. + :ivar asn: Autonomous System Number. + :vartype asn: int + :ivar city: City name. + :vartype city: str + :ivar country_code: The country code according to ISO 3166 format. + :vartype country_code: str + :ivar country_name: Country name according to ISO 3166 Alpha 2: the lowercase of the English + Short Name. + :vartype country_name: str + :ivar latitude: The latitude of the identified location, expressed as a floating point number + with range of - 90 to 90. Latitude and longitude are derived from the city or postal code. + :vartype latitude: float + :ivar longitude: The longitude of the identified location, expressed as a floating point number + with range of -180 to 180. Latitude and longitude are derived from the city or postal code. + :vartype longitude: float + :ivar state: State name. + :vartype state: str + """ + + _validation = { + "asn": {"readonly": True}, + "city": {"readonly": True}, + "country_code": {"readonly": True}, + "country_name": {"readonly": True}, + "latitude": {"readonly": True}, + "longitude": {"readonly": True}, + "state": {"readonly": True}, + } + + _attribute_map = { + "asn": {"key": "asn", "type": "int"}, + "city": {"key": "city", "type": "str"}, + "country_code": {"key": "countryCode", "type": "str"}, + "country_name": {"key": "countryName", "type": "str"}, + "latitude": {"key": "latitude", "type": "float"}, + "longitude": {"key": "longitude", "type": "float"}, + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.asn = None + self.city = None + self.country_code = None + self.country_name = None + self.latitude = None + self.longitude = None + self.state = None + + +class GetInsightsErrorKind(_serialization.Model): + """GetInsights Query Errors. + All required parameters must be populated in order to send to Azure. - :ivar label_name: The name of the label. Required. - :vartype label_name: str - :ivar label_type: The type of the label. Known values are: "User" and "AutoAssigned". - :vartype label_type: str or ~azure.mgmt.securityinsight.models.IncidentLabelType + :ivar kind: the query kind. Required. "Insight" + :vartype kind: str or ~azure.mgmt.securityinsight.models.GetInsightsError + :ivar query_id: the query id. + :vartype query_id: str + :ivar error_message: the error message. Required. + :vartype error_message: str """ _validation = { - "label_name": {"required": True}, - "label_type": {"readonly": True}, + "kind": {"required": True}, + "error_message": {"required": True}, } _attribute_map = { - "label_name": {"key": "labelName", "type": "str"}, - "label_type": {"key": "labelType", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "query_id": {"key": "queryId", "type": "str"}, + "error_message": {"key": "errorMessage", "type": "str"}, } - def __init__(self, *, label_name: str, **kwargs): + def __init__( + self, + *, + kind: Union[str, "_models.GetInsightsError"], + error_message: str, + query_id: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword label_name: The name of the label. Required. - :paramtype label_name: str + :keyword kind: the query kind. Required. "Insight" + :paramtype kind: str or ~azure.mgmt.securityinsight.models.GetInsightsError + :keyword query_id: the query id. + :paramtype query_id: str + :keyword error_message: the error message. Required. + :paramtype error_message: str """ super().__init__(**kwargs) - self.label_name = label_name - self.label_type = None - + self.kind = kind + self.query_id = query_id + self.error_message = error_message -class IncidentList(_serialization.Model): - """List all the incidents. - Variables are only populated by the server, and will be ignored when sending a request. +class GetInsightsResultsMetadata(_serialization.Model): + """Get Insights result metadata. All required parameters must be populated in order to send to Azure. - :ivar value: Required. - :vartype value: list[~azure.mgmt.securityinsight.models.Incident] - :ivar next_link: URL to fetch the next set of incidents. - :vartype next_link: str + :ivar total_count: the total items found for the insights request. Required. + :vartype total_count: int + :ivar errors: information about the failed queries. + :vartype errors: list[~azure.mgmt.securityinsight.models.GetInsightsErrorKind] """ _validation = { - "value": {"required": True}, - "next_link": {"readonly": True}, + "total_count": {"required": True}, } _attribute_map = { - "value": {"key": "value", "type": "[Incident]"}, - "next_link": {"key": "nextLink", "type": "str"}, + "total_count": {"key": "totalCount", "type": "int"}, + "errors": {"key": "errors", "type": "[GetInsightsErrorKind]"}, } - def __init__(self, *, value: List["_models.Incident"], **kwargs): + def __init__( + self, *, total_count: int, errors: Optional[List["_models.GetInsightsErrorKind"]] = None, **kwargs: Any + ) -> None: """ - :keyword value: Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.Incident] + :keyword total_count: the total items found for the insights request. Required. + :paramtype total_count: int + :keyword errors: information about the failed queries. + :paramtype errors: list[~azure.mgmt.securityinsight.models.GetInsightsErrorKind] """ super().__init__(**kwargs) - self.value = value - self.next_link = None + self.total_count = total_count + self.errors = errors -class IncidentOwnerInfo(_serialization.Model): - """Information on the user an incident is assigned to. +class GetQueriesResponse(_serialization.Model): + """Retrieve queries for entity result operation response. - :ivar email: The email of the user the incident is assigned to. - :vartype email: str - :ivar assigned_to: The name of the user the incident is assigned to. - :vartype assigned_to: str - :ivar object_id: The object id of the user the incident is assigned to. - :vartype object_id: str - :ivar user_principal_name: The user principal name of the user the incident is assigned to. - :vartype user_principal_name: str - :ivar owner_type: The type of the owner the incident is assigned to. Known values are: - "Unknown", "User", and "Group". - :vartype owner_type: str or ~azure.mgmt.securityinsight.models.OwnerType + :ivar value: The query result values. + :vartype value: list[~azure.mgmt.securityinsight.models.EntityQueryItem] """ _attribute_map = { - "email": {"key": "email", "type": "str"}, - "assigned_to": {"key": "assignedTo", "type": "str"}, - "object_id": {"key": "objectId", "type": "str"}, - "user_principal_name": {"key": "userPrincipalName", "type": "str"}, - "owner_type": {"key": "ownerType", "type": "str"}, + "value": {"key": "value", "type": "[EntityQueryItem]"}, } - def __init__( - self, - *, - email: Optional[str] = None, - assigned_to: Optional[str] = None, - object_id: Optional[str] = None, - user_principal_name: Optional[str] = None, - owner_type: Optional[Union[str, "_models.OwnerType"]] = None, - **kwargs - ): + def __init__(self, *, value: Optional[List["_models.EntityQueryItem"]] = None, **kwargs: Any) -> None: """ - :keyword email: The email of the user the incident is assigned to. - :paramtype email: str - :keyword assigned_to: The name of the user the incident is assigned to. - :paramtype assigned_to: str - :keyword object_id: The object id of the user the incident is assigned to. - :paramtype object_id: str - :keyword user_principal_name: The user principal name of the user the incident is assigned to. - :paramtype user_principal_name: str - :keyword owner_type: The type of the owner the incident is assigned to. Known values are: - "Unknown", "User", and "Group". - :paramtype owner_type: str or ~azure.mgmt.securityinsight.models.OwnerType + :keyword value: The query result values. + :paramtype value: list[~azure.mgmt.securityinsight.models.EntityQueryItem] """ super().__init__(**kwargs) - self.email = email - self.assigned_to = assigned_to - self.object_id = object_id - self.user_principal_name = user_principal_name - self.owner_type = owner_type + self.value = value -class IncidentPropertiesAction(_serialization.Model): - """IncidentPropertiesAction. +class GitHubResourceInfo(_serialization.Model): + """Resources created in GitHub repository. - :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and - "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :ivar status: The status of the incident. Known values are: "New", "Active", and "Closed". - :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus - :ivar classification: The reason the incident was closed. Known values are: "Undetermined", - "TruePositive", "BenignPositive", and "FalsePositive". - :vartype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification - :ivar classification_reason: The classification reason the incident was closed with. Known - values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and - "InaccurateData". - :vartype classification_reason: str or - ~azure.mgmt.securityinsight.models.IncidentClassificationReason - :ivar classification_comment: Describes the reason the incident was closed. - :vartype classification_comment: str - :ivar owner: Information on the user an incident is assigned to. - :vartype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo - :ivar labels: List of labels to add to the incident. - :vartype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + :ivar app_installation_id: GitHub application installation id. + :vartype app_installation_id: str """ _attribute_map = { - "severity": {"key": "severity", "type": "str"}, - "status": {"key": "status", "type": "str"}, - "classification": {"key": "classification", "type": "str"}, - "classification_reason": {"key": "classificationReason", "type": "str"}, - "classification_comment": {"key": "classificationComment", "type": "str"}, - "owner": {"key": "owner", "type": "IncidentOwnerInfo"}, - "labels": {"key": "labels", "type": "[IncidentLabel]"}, + "app_installation_id": {"key": "appInstallationId", "type": "str"}, } - def __init__( - self, - *, - severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, - status: Optional[Union[str, "_models.IncidentStatus"]] = None, - classification: Optional[Union[str, "_models.IncidentClassification"]] = None, - classification_reason: Optional[Union[str, "_models.IncidentClassificationReason"]] = None, - classification_comment: Optional[str] = None, - owner: Optional["_models.IncidentOwnerInfo"] = None, - labels: Optional[List["_models.IncidentLabel"]] = None, - **kwargs - ): + def __init__(self, *, app_installation_id: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and - "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :keyword status: The status of the incident. Known values are: "New", "Active", and "Closed". - :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus - :keyword classification: The reason the incident was closed. Known values are: "Undetermined", - "TruePositive", "BenignPositive", and "FalsePositive". - :paramtype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification - :keyword classification_reason: The classification reason the incident was closed with. Known - values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and - "InaccurateData". - :paramtype classification_reason: str or - ~azure.mgmt.securityinsight.models.IncidentClassificationReason - :keyword classification_comment: Describes the reason the incident was closed. - :paramtype classification_comment: str - :keyword owner: Information on the user an incident is assigned to. - :paramtype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo - :keyword labels: List of labels to add to the incident. - :paramtype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + :keyword app_installation_id: GitHub application installation id. + :paramtype app_installation_id: str """ super().__init__(**kwargs) - self.severity = severity - self.status = status - self.classification = classification - self.classification_reason = classification_reason - self.classification_comment = classification_comment - self.owner = owner - self.labels = labels + self.app_installation_id = app_installation_id -class IncidentTask(ResourceWithEtag): # pylint: disable=too-many-instance-attributes - """IncidentTask. - - Variables are only populated by the server, and will be ignored when sending a request. +class GraphQuery(_serialization.Model): + """The graph query to show the volume of data arriving into the workspace over time. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar title: The title of the task. Required. - :vartype title: str - :ivar description: The description of the task. - :vartype description: str - :ivar status: Required. Known values are: "New" and "Completed". - :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentTaskStatus - :ivar created_time_utc: The time the task was created. - :vartype created_time_utc: ~datetime.datetime - :ivar last_modified_time_utc: The last time the task was updated. - :vartype last_modified_time_utc: ~datetime.datetime - :ivar created_by: Information on the client (user or application) that made some action. - :vartype created_by: ~azure.mgmt.securityinsight.models.ClientInfo - :ivar last_modified_by: Information on the client (user or application) that made some action. - :vartype last_modified_by: ~azure.mgmt.securityinsight.models.ClientInfo + :ivar metric_name: Gets or sets the metric name that the query is checking. For example: 'Total + data receive'. Required. + :vartype metric_name: str + :ivar legend: Gets or sets the legend for the graph. Required. + :vartype legend: str + :ivar base_query: Gets or sets the base query for the graph. + The base query is wrapped by Sentinel UI infra with a KQL query, that measures the volume over + time. Required. + :vartype base_query: str """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "title": {"required": True}, - "status": {"required": True}, - "created_time_utc": {"readonly": True}, - "last_modified_time_utc": {"readonly": True}, + "metric_name": {"required": True}, + "legend": {"required": True}, + "base_query": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "title": {"key": "properties.title", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "status": {"key": "properties.status", "type": "str"}, - "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, - "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, - "created_by": {"key": "properties.createdBy", "type": "ClientInfo"}, - "last_modified_by": {"key": "properties.lastModifiedBy", "type": "ClientInfo"}, + "metric_name": {"key": "metricName", "type": "str"}, + "legend": {"key": "legend", "type": "str"}, + "base_query": {"key": "baseQuery", "type": "str"}, } - def __init__( - self, - *, - title: str, - status: Union[str, "_models.IncidentTaskStatus"], - etag: Optional[str] = None, - description: Optional[str] = None, - created_by: Optional["_models.ClientInfo"] = None, - last_modified_by: Optional["_models.ClientInfo"] = None, - **kwargs - ): + def __init__(self, *, metric_name: str, legend: str, base_query: str, **kwargs: Any) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword title: The title of the task. Required. - :paramtype title: str - :keyword description: The description of the task. - :paramtype description: str - :keyword status: Required. Known values are: "New" and "Completed". - :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentTaskStatus - :keyword created_by: Information on the client (user or application) that made some action. - :paramtype created_by: ~azure.mgmt.securityinsight.models.ClientInfo - :keyword last_modified_by: Information on the client (user or application) that made some - action. - :paramtype last_modified_by: ~azure.mgmt.securityinsight.models.ClientInfo + :keyword metric_name: Gets or sets the metric name that the query is checking. For example: + 'Total data receive'. Required. + :paramtype metric_name: str + :keyword legend: Gets or sets the legend for the graph. Required. + :paramtype legend: str + :keyword base_query: Gets or sets the base query for the graph. + The base query is wrapped by Sentinel UI infra with a KQL query, that measures the volume over + time. Required. + :paramtype base_query: str """ - super().__init__(etag=etag, **kwargs) - self.title = title - self.description = description - self.status = status - self.created_time_utc = None - self.last_modified_time_utc = None - self.created_by = created_by - self.last_modified_by = last_modified_by + super().__init__(**kwargs) + self.metric_name = metric_name + self.legend = legend + self.base_query = base_query -class IncidentTaskList(_serialization.Model): - """IncidentTaskList. +class GroupingConfiguration(_serialization.Model): + """Grouping configuration property bag. - :ivar value: - :vartype value: list[~azure.mgmt.securityinsight.models.IncidentTask] - :ivar next_link: - :vartype next_link: str + All required parameters must be populated in order to send to Azure. + + :ivar enabled: Grouping enabled. Required. + :vartype enabled: bool + :ivar reopen_closed_incident: Re-open closed matching incidents. Required. + :vartype reopen_closed_incident: bool + :ivar lookback_duration: Limit the group to alerts created within the lookback duration (in ISO + 8601 duration format). Required. + :vartype lookback_duration: ~datetime.timedelta + :ivar matching_method: Grouping matching method. When method is Selected at least one of + groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. + Required. Known values are: "AllEntities", "AnyAlert", and "Selected". + :vartype matching_method: str or ~azure.mgmt.securityinsight.models.MatchingMethod + :ivar group_by_entities: A list of entity types to group by (when matchingMethod is Selected). + Only entities defined in the current alert rule may be used. + :vartype group_by_entities: list[str or ~azure.mgmt.securityinsight.models.EntityMappingType] + :ivar group_by_alert_details: A list of alert details to group by (when matchingMethod is + Selected). + :vartype group_by_alert_details: list[str or ~azure.mgmt.securityinsight.models.AlertDetail] + :ivar group_by_custom_details: A list of custom details keys to group by (when matchingMethod + is Selected). Only keys defined in the current alert rule may be used. + :vartype group_by_custom_details: list[str] """ + _validation = { + "enabled": {"required": True}, + "reopen_closed_incident": {"required": True}, + "lookback_duration": {"required": True}, + "matching_method": {"required": True}, + } + _attribute_map = { - "value": {"key": "value", "type": "[IncidentTask]"}, - "next_link": {"key": "nextLink", "type": "str"}, + "enabled": {"key": "enabled", "type": "bool"}, + "reopen_closed_incident": {"key": "reopenClosedIncident", "type": "bool"}, + "lookback_duration": {"key": "lookbackDuration", "type": "duration"}, + "matching_method": {"key": "matchingMethod", "type": "str"}, + "group_by_entities": {"key": "groupByEntities", "type": "[str]"}, + "group_by_alert_details": {"key": "groupByAlertDetails", "type": "[str]"}, + "group_by_custom_details": {"key": "groupByCustomDetails", "type": "[str]"}, } def __init__( - self, *, value: Optional[List["_models.IncidentTask"]] = None, next_link: Optional[str] = None, **kwargs - ): + self, + *, + enabled: bool, + reopen_closed_incident: bool, + lookback_duration: datetime.timedelta, + matching_method: Union[str, "_models.MatchingMethod"], + group_by_entities: Optional[List[Union[str, "_models.EntityMappingType"]]] = None, + group_by_alert_details: Optional[List[Union[str, "_models.AlertDetail"]]] = None, + group_by_custom_details: Optional[List[str]] = None, + **kwargs: Any + ) -> None: """ - :keyword value: - :paramtype value: list[~azure.mgmt.securityinsight.models.IncidentTask] - :keyword next_link: - :paramtype next_link: str + :keyword enabled: Grouping enabled. Required. + :paramtype enabled: bool + :keyword reopen_closed_incident: Re-open closed matching incidents. Required. + :paramtype reopen_closed_incident: bool + :keyword lookback_duration: Limit the group to alerts created within the lookback duration (in + ISO 8601 duration format). Required. + :paramtype lookback_duration: ~datetime.timedelta + :keyword matching_method: Grouping matching method. When method is Selected at least one of + groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. + Required. Known values are: "AllEntities", "AnyAlert", and "Selected". + :paramtype matching_method: str or ~azure.mgmt.securityinsight.models.MatchingMethod + :keyword group_by_entities: A list of entity types to group by (when matchingMethod is + Selected). Only entities defined in the current alert rule may be used. + :paramtype group_by_entities: list[str or ~azure.mgmt.securityinsight.models.EntityMappingType] + :keyword group_by_alert_details: A list of alert details to group by (when matchingMethod is + Selected). + :paramtype group_by_alert_details: list[str or ~azure.mgmt.securityinsight.models.AlertDetail] + :keyword group_by_custom_details: A list of custom details keys to group by (when + matchingMethod is Selected). Only keys defined in the current alert rule may be used. + :paramtype group_by_custom_details: list[str] """ super().__init__(**kwargs) - self.value = value - self.next_link = next_link + self.enabled = enabled + self.reopen_closed_incident = reopen_closed_incident + self.lookback_duration = lookback_duration + self.matching_method = matching_method + self.group_by_entities = group_by_entities + self.group_by_alert_details = group_by_alert_details + self.group_by_custom_details = group_by_custom_details -class InsightQueryItem(EntityQueryItem): - """Represents Insight Query. +class HostEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a host entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar id: Query Template ARM ID. + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str - :ivar name: Query Template ARM Name. + :ivar name: The name of the resource. :vartype name: str - :ivar type: ARM Type. + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". :vartype type: str - :ivar kind: The kind of the entity query. Required. Known values are: "Expansion", "Insight", - and "Activity". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind - :ivar properties: Properties bag for InsightQueryItem. - :vartype properties: ~azure.mgmt.securityinsight.models.InsightQueryItemProperties + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar azure_id: The azure resource id of the VM. + :vartype azure_id: str + :ivar dns_domain: The DNS domain that this host belongs to. Should contain the compete DNS + suffix for the domain. + :vartype dns_domain: str + :ivar host_name: The hostname without the domain suffix. + :vartype host_name: str + :ivar is_domain_joined: Determines whether this host belongs to a domain. + :vartype is_domain_joined: bool + :ivar net_bios_name: The host name (pre-windows2000). + :vartype net_bios_name: str + :ivar nt_domain: The NT domain that this host belongs to. + :vartype nt_domain: str + :ivar oms_agent_id: The OMS agent id, if the host has OMS agent installed. + :vartype oms_agent_id: str + :ivar os_family: The operating system type. Known values are: "Linux", "Windows", "Android", + "IOS", and "Unknown". + :vartype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily + :ivar os_version: A free text representation of the operating system. This field is meant to + hold specific versions the are more fine grained than OSFamily or future values not supported + by OSFamily enumeration. + :vartype os_version: str """ _validation = { "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "azure_id": {"readonly": True}, + "dns_domain": {"readonly": True}, + "host_name": {"readonly": True}, + "is_domain_joined": {"readonly": True}, + "net_bios_name": {"readonly": True}, + "nt_domain": {"readonly": True}, + "oms_agent_id": {"readonly": True}, + "os_version": {"readonly": True}, } _attribute_map = { "id": {"key": "id", "type": "str"}, "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, "kind": {"key": "kind", "type": "str"}, - "properties": {"key": "properties", "type": "InsightQueryItemProperties"}, - } - - def __init__( - self, - *, - name: Optional[str] = None, - type: Optional[str] = None, - properties: Optional["_models.InsightQueryItemProperties"] = None, - **kwargs - ): - """ - :keyword name: Query Template ARM Name. - :paramtype name: str - :keyword type: ARM Type. - :paramtype type: str - :keyword properties: Properties bag for InsightQueryItem. - :paramtype properties: ~azure.mgmt.securityinsight.models.InsightQueryItemProperties + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "azure_id": {"key": "properties.azureID", "type": "str"}, + "dns_domain": {"key": "properties.dnsDomain", "type": "str"}, + "host_name": {"key": "properties.hostName", "type": "str"}, + "is_domain_joined": {"key": "properties.isDomainJoined", "type": "bool"}, + "net_bios_name": {"key": "properties.netBiosName", "type": "str"}, + "nt_domain": {"key": "properties.ntDomain", "type": "str"}, + "oms_agent_id": {"key": "properties.omsAgentID", "type": "str"}, + "os_family": {"key": "properties.osFamily", "type": "str"}, + "os_version": {"key": "properties.osVersion", "type": "str"}, + } + + def __init__(self, *, os_family: Optional[Union[str, "_models.OSFamily"]] = None, **kwargs: Any) -> None: """ - super().__init__(name=name, type=type, **kwargs) - self.kind: str = "Insight" - self.properties = properties + :keyword os_family: The operating system type. Known values are: "Linux", "Windows", "Android", + "IOS", and "Unknown". + :paramtype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily + """ + super().__init__(**kwargs) + self.kind: str = "Host" + self.additional_data = None + self.friendly_name = None + self.azure_id = None + self.dns_domain = None + self.host_name = None + self.is_domain_joined = None + self.net_bios_name = None + self.nt_domain = None + self.oms_agent_id = None + self.os_family = os_family + self.os_version = None -class InsightQueryItemProperties(EntityQueryItemProperties): # pylint: disable=too-many-instance-attributes - """Represents Insight Query. +class HostEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Host entity property bag. - :ivar data_types: Data types for template. - :vartype data_types: - list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] - :ivar input_entity_type: The type of the entity. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", - "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :ivar required_input_fields_sets: Data types for template. - :vartype required_input_fields_sets: list[list[str]] - :ivar entities_filter: The query applied only to entities matching to all filters. - :vartype entities_filter: JSON - :ivar display_name: The insight display name. + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar azure_id: The azure resource id of the VM. + :vartype azure_id: str + :ivar dns_domain: The DNS domain that this host belongs to. Should contain the compete DNS + suffix for the domain. + :vartype dns_domain: str + :ivar host_name: The hostname without the domain suffix. + :vartype host_name: str + :ivar is_domain_joined: Determines whether this host belongs to a domain. + :vartype is_domain_joined: bool + :ivar net_bios_name: The host name (pre-windows2000). + :vartype net_bios_name: str + :ivar nt_domain: The NT domain that this host belongs to. + :vartype nt_domain: str + :ivar oms_agent_id: The OMS agent id, if the host has OMS agent installed. + :vartype oms_agent_id: str + :ivar os_family: The operating system type. Known values are: "Linux", "Windows", "Android", + "IOS", and "Unknown". + :vartype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily + :ivar os_version: A free text representation of the operating system. This field is meant to + hold specific versions the are more fine grained than OSFamily or future values not supported + by OSFamily enumeration. + :vartype os_version: str + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "azure_id": {"readonly": True}, + "dns_domain": {"readonly": True}, + "host_name": {"readonly": True}, + "is_domain_joined": {"readonly": True}, + "net_bios_name": {"readonly": True}, + "nt_domain": {"readonly": True}, + "oms_agent_id": {"readonly": True}, + "os_version": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "azure_id": {"key": "azureID", "type": "str"}, + "dns_domain": {"key": "dnsDomain", "type": "str"}, + "host_name": {"key": "hostName", "type": "str"}, + "is_domain_joined": {"key": "isDomainJoined", "type": "bool"}, + "net_bios_name": {"key": "netBiosName", "type": "str"}, + "nt_domain": {"key": "ntDomain", "type": "str"}, + "oms_agent_id": {"key": "omsAgentID", "type": "str"}, + "os_family": {"key": "osFamily", "type": "str"}, + "os_version": {"key": "osVersion", "type": "str"}, + } + + def __init__(self, *, os_family: Optional[Union[str, "_models.OSFamily"]] = None, **kwargs: Any) -> None: + """ + :keyword os_family: The operating system type. Known values are: "Linux", "Windows", "Android", + "IOS", and "Unknown". + :paramtype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily + """ + super().__init__(**kwargs) + self.azure_id = None + self.dns_domain = None + self.host_name = None + self.is_domain_joined = None + self.net_bios_name = None + self.nt_domain = None + self.oms_agent_id = None + self.os_family = os_family + self.os_version = None + + +class Hunt(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Represents a Hunt in Azure Security Insights. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar display_name: The display name of the hunt. :vartype display_name: str - :ivar description: The insight description. + :ivar description: The description of the hunt. :vartype description: str - :ivar base_query: The base query of the insight. - :vartype base_query: str - :ivar table_query: The insight table query. - :vartype table_query: ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQuery - :ivar chart_query: The insight chart query. - :vartype chart_query: JSON - :ivar additional_query: The activity query definitions. - :vartype additional_query: - ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesAdditionalQuery - :ivar default_time_range: The insight chart query. - :vartype default_time_range: - ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesDefaultTimeRange - :ivar reference_time_range: The insight chart query. - :vartype reference_time_range: - ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesReferenceTimeRange + :ivar status: The status of the hunt. Known values are: "New", "Active", "Closed", "Backlog", + "Approved", "Succeeded", "Failed", and "InProgress". + :vartype status: str or ~azure.mgmt.securityinsight.models.Status + :ivar hypothesis_status: The hypothesis status of the hunt. Known values are: "Unknown", + "Invalidated", and "Validated". + :vartype hypothesis_status: str or ~azure.mgmt.securityinsight.models.HypothesisStatus + :ivar attack_tactics: A list of mitre attack tactics the hunt is associated with. + :vartype attack_tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar attack_techniques: A list of a mitre attack techniques the hunt is associated with. + :vartype attack_techniques: list[str] + :ivar labels: List of labels relevant to this hunt. + :vartype labels: list[str] + :ivar owner: Describes a user that the hunt is assigned to. + :vartype owner: ~azure.mgmt.securityinsight.models.HuntOwner """ + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + } + _attribute_map = { - "data_types": {"key": "dataTypes", "type": "[EntityQueryItemPropertiesDataTypesItem]"}, - "input_entity_type": {"key": "inputEntityType", "type": "str"}, - "required_input_fields_sets": {"key": "requiredInputFieldsSets", "type": "[[str]]"}, - "entities_filter": {"key": "entitiesFilter", "type": "object"}, - "display_name": {"key": "displayName", "type": "str"}, - "description": {"key": "description", "type": "str"}, - "base_query": {"key": "baseQuery", "type": "str"}, - "table_query": {"key": "tableQuery", "type": "InsightQueryItemPropertiesTableQuery"}, - "chart_query": {"key": "chartQuery", "type": "object"}, - "additional_query": {"key": "additionalQuery", "type": "InsightQueryItemPropertiesAdditionalQuery"}, - "default_time_range": {"key": "defaultTimeRange", "type": "InsightQueryItemPropertiesDefaultTimeRange"}, - "reference_time_range": {"key": "referenceTimeRange", "type": "InsightQueryItemPropertiesReferenceTimeRange"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "status": {"key": "properties.status", "type": "str"}, + "hypothesis_status": {"key": "properties.hypothesisStatus", "type": "str"}, + "attack_tactics": {"key": "properties.attackTactics", "type": "[str]"}, + "attack_techniques": {"key": "properties.attackTechniques", "type": "[str]"}, + "labels": {"key": "properties.labels", "type": "[str]"}, + "owner": {"key": "properties.owner", "type": "HuntOwner"}, } def __init__( self, *, - data_types: Optional[List["_models.EntityQueryItemPropertiesDataTypesItem"]] = None, - input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, - required_input_fields_sets: Optional[List[List[str]]] = None, - entities_filter: Optional[JSON] = None, + etag: Optional[str] = None, display_name: Optional[str] = None, description: Optional[str] = None, - base_query: Optional[str] = None, - table_query: Optional["_models.InsightQueryItemPropertiesTableQuery"] = None, - chart_query: Optional[JSON] = None, - additional_query: Optional["_models.InsightQueryItemPropertiesAdditionalQuery"] = None, - default_time_range: Optional["_models.InsightQueryItemPropertiesDefaultTimeRange"] = None, - reference_time_range: Optional["_models.InsightQueryItemPropertiesReferenceTimeRange"] = None, - **kwargs - ): + status: Optional[Union[str, "_models.Status"]] = None, + hypothesis_status: Union[str, "_models.HypothesisStatus"] = "Unknown", + attack_tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + attack_techniques: Optional[List[str]] = None, + labels: Optional[List[str]] = None, + owner: Optional["_models.HuntOwner"] = None, + **kwargs: Any + ) -> None: """ - :keyword data_types: Data types for template. - :paramtype data_types: - list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] - :keyword input_entity_type: The type of the entity. Known values are: "Account", "Host", - "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", - "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :keyword required_input_fields_sets: Data types for template. - :paramtype required_input_fields_sets: list[list[str]] - :keyword entities_filter: The query applied only to entities matching to all filters. - :paramtype entities_filter: JSON - :keyword display_name: The insight display name. + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword display_name: The display name of the hunt. :paramtype display_name: str - :keyword description: The insight description. + :keyword description: The description of the hunt. :paramtype description: str - :keyword base_query: The base query of the insight. - :paramtype base_query: str - :keyword table_query: The insight table query. - :paramtype table_query: ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQuery - :keyword chart_query: The insight chart query. - :paramtype chart_query: JSON - :keyword additional_query: The activity query definitions. - :paramtype additional_query: - ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesAdditionalQuery - :keyword default_time_range: The insight chart query. - :paramtype default_time_range: - ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesDefaultTimeRange - :keyword reference_time_range: The insight chart query. - :paramtype reference_time_range: - ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesReferenceTimeRange + :keyword status: The status of the hunt. Known values are: "New", "Active", "Closed", + "Backlog", "Approved", "Succeeded", "Failed", and "InProgress". + :paramtype status: str or ~azure.mgmt.securityinsight.models.Status + :keyword hypothesis_status: The hypothesis status of the hunt. Known values are: "Unknown", + "Invalidated", and "Validated". + :paramtype hypothesis_status: str or ~azure.mgmt.securityinsight.models.HypothesisStatus + :keyword attack_tactics: A list of mitre attack tactics the hunt is associated with. + :paramtype attack_tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword attack_techniques: A list of a mitre attack techniques the hunt is associated with. + :paramtype attack_techniques: list[str] + :keyword labels: List of labels relevant to this hunt. + :paramtype labels: list[str] + :keyword owner: Describes a user that the hunt is assigned to. + :paramtype owner: ~azure.mgmt.securityinsight.models.HuntOwner """ - super().__init__( - data_types=data_types, - input_entity_type=input_entity_type, - required_input_fields_sets=required_input_fields_sets, - entities_filter=entities_filter, - **kwargs - ) + super().__init__(etag=etag, **kwargs) self.display_name = display_name self.description = description - self.base_query = base_query - self.table_query = table_query - self.chart_query = chart_query - self.additional_query = additional_query - self.default_time_range = default_time_range - self.reference_time_range = reference_time_range + self.status = status + self.hypothesis_status = hypothesis_status + self.attack_tactics = attack_tactics + self.attack_techniques = attack_techniques + self.labels = labels + self.owner = owner -class InsightQueryItemPropertiesAdditionalQuery(_serialization.Model): - """The activity query definitions. +class HuntComment(ResourceWithEtag): + """Represents a Hunt Comment in Azure Security Insights. - :ivar query: The insight query. - :vartype query: str - :ivar text: The insight text. - :vartype text: str + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar message: The message for the comment. + :vartype message: str """ - _attribute_map = { - "query": {"key": "query", "type": "str"}, - "text": {"key": "text", "type": "str"}, + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, } - def __init__(self, *, query: Optional[str] = None, text: Optional[str] = None, **kwargs): - """ - :keyword query: The insight query. - :paramtype query: str - :keyword text: The insight text. - :paramtype text: str - """ - super().__init__(**kwargs) - self.query = query - self.text = text - - -class InsightQueryItemPropertiesDefaultTimeRange(_serialization.Model): - """The insight chart query. - - :ivar before_range: The padding for the start time of the query. - :vartype before_range: str - :ivar after_range: The padding for the end time of the query. - :vartype after_range: str - """ - _attribute_map = { - "before_range": {"key": "beforeRange", "type": "str"}, - "after_range": {"key": "afterRange", "type": "str"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "message": {"key": "properties.message", "type": "str"}, } - def __init__(self, *, before_range: Optional[str] = None, after_range: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, message: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword before_range: The padding for the start time of the query. - :paramtype before_range: str - :keyword after_range: The padding for the end time of the query. - :paramtype after_range: str + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword message: The message for the comment. + :paramtype message: str """ - super().__init__(**kwargs) - self.before_range = before_range - self.after_range = after_range + super().__init__(etag=etag, **kwargs) + self.message = message -class InsightQueryItemPropertiesReferenceTimeRange(_serialization.Model): - """The insight chart query. +class HuntCommentList(_serialization.Model): + """List of all hunt comments. - :ivar before_range: Additional query time for looking back. - :vartype before_range: str + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of hunt comments. + :vartype next_link: str + :ivar value: Array of hunt comments. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.HuntComment] """ + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + _attribute_map = { - "before_range": {"key": "beforeRange", "type": "str"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[HuntComment]"}, } - def __init__(self, *, before_range: Optional[str] = None, **kwargs): + def __init__(self, *, value: List["_models.HuntComment"], **kwargs: Any) -> None: """ - :keyword before_range: Additional query time for looking back. - :paramtype before_range: str + :keyword value: Array of hunt comments. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.HuntComment] """ super().__init__(**kwargs) - self.before_range = before_range + self.next_link = None + self.value = value -class InsightQueryItemPropertiesTableQuery(_serialization.Model): - """The insight table query. +class HuntingBookmark(Entity): # pylint: disable=too-many-instance-attributes + """Represents a Hunting bookmark entity. - :ivar columns_definitions: List of insight column definitions. - :vartype columns_definitions: - list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem] - :ivar queries_definitions: List of insight queries definitions. - :vartype queries_definitions: - list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem] + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar created: The time the bookmark was created. + :vartype created: ~datetime.datetime + :ivar created_by: Describes a user that created the bookmark. + :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar display_name: The display name of the bookmark. + :vartype display_name: str + :ivar event_time: The time of the event. + :vartype event_time: ~datetime.datetime + :ivar labels: List of labels relevant to this bookmark. + :vartype labels: list[str] + :ivar notes: The notes of the bookmark. + :vartype notes: str + :ivar query: The query of the bookmark. + :vartype query: str + :ivar query_result: The query result of the bookmark. + :vartype query_result: str + :ivar updated: The last time the bookmark was updated. + :vartype updated: ~datetime.datetime + :ivar updated_by: Describes a user that updated the bookmark. + :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar incident_info: Describes an incident that relates to bookmark. + :vartype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo """ + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + } + _attribute_map = { - "columns_definitions": { - "key": "columnsDefinitions", - "type": "[InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem]", - }, - "queries_definitions": { - "key": "queriesDefinitions", - "type": "[InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem]", - }, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "created": {"key": "properties.created", "type": "iso-8601"}, + "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "event_time": {"key": "properties.eventTime", "type": "iso-8601"}, + "labels": {"key": "properties.labels", "type": "[str]"}, + "notes": {"key": "properties.notes", "type": "str"}, + "query": {"key": "properties.query", "type": "str"}, + "query_result": {"key": "properties.queryResult", "type": "str"}, + "updated": {"key": "properties.updated", "type": "iso-8601"}, + "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, + "incident_info": {"key": "properties.incidentInfo", "type": "IncidentInfo"}, } def __init__( self, *, - columns_definitions: Optional[ - List["_models.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem"] - ] = None, - queries_definitions: Optional[ - List["_models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem"] - ] = None, - **kwargs - ): + created: Optional[datetime.datetime] = None, + created_by: Optional["_models.UserInfo"] = None, + display_name: Optional[str] = None, + event_time: Optional[datetime.datetime] = None, + labels: Optional[List[str]] = None, + notes: Optional[str] = None, + query: Optional[str] = None, + query_result: Optional[str] = None, + updated: Optional[datetime.datetime] = None, + updated_by: Optional["_models.UserInfo"] = None, + incident_info: Optional["_models.IncidentInfo"] = None, + **kwargs: Any + ) -> None: """ - :keyword columns_definitions: List of insight column definitions. - :paramtype columns_definitions: - list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem] - :keyword queries_definitions: List of insight queries definitions. - :paramtype queries_definitions: - list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem] + :keyword created: The time the bookmark was created. + :paramtype created: ~datetime.datetime + :keyword created_by: Describes a user that created the bookmark. + :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword display_name: The display name of the bookmark. + :paramtype display_name: str + :keyword event_time: The time of the event. + :paramtype event_time: ~datetime.datetime + :keyword labels: List of labels relevant to this bookmark. + :paramtype labels: list[str] + :keyword notes: The notes of the bookmark. + :paramtype notes: str + :keyword query: The query of the bookmark. + :paramtype query: str + :keyword query_result: The query result of the bookmark. + :paramtype query_result: str + :keyword updated: The last time the bookmark was updated. + :paramtype updated: ~datetime.datetime + :keyword updated_by: Describes a user that updated the bookmark. + :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword incident_info: Describes an incident that relates to bookmark. + :paramtype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo """ super().__init__(**kwargs) - self.columns_definitions = columns_definitions - self.queries_definitions = queries_definitions + self.kind: str = "Bookmark" + self.additional_data = None + self.friendly_name = None + self.created = created + self.created_by = created_by + self.display_name = display_name + self.event_time = event_time + self.labels = labels + self.notes = notes + self.query = query + self.query_result = query_result + self.updated = updated + self.updated_by = updated_by + self.incident_info = incident_info -class InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem(_serialization.Model): - """InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem. +class HuntingBookmarkProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Describes bookmark properties. - :ivar header: Insight column header. - :vartype header: str - :ivar output_type: Insights Column type. Known values are: "Number", "String", "Date", and - "Entity". - :vartype output_type: str or ~azure.mgmt.securityinsight.models.OutputType - :ivar support_deep_link: Is query supports deep-link. - :vartype support_deep_link: bool - """ + Variables are only populated by the server, and will be ignored when sending a request. - _attribute_map = { - "header": {"key": "header", "type": "str"}, - "output_type": {"key": "outputType", "type": "str"}, - "support_deep_link": {"key": "supportDeepLink", "type": "bool"}, - } - - def __init__( - self, - *, - header: Optional[str] = None, - output_type: Optional[Union[str, "_models.OutputType"]] = None, - support_deep_link: Optional[bool] = None, - **kwargs - ): - """ - :keyword header: Insight column header. - :paramtype header: str - :keyword output_type: Insights Column type. Known values are: "Number", "String", "Date", and - "Entity". - :paramtype output_type: str or ~azure.mgmt.securityinsight.models.OutputType - :keyword support_deep_link: Is query supports deep-link. - :paramtype support_deep_link: bool - """ - super().__init__(**kwargs) - self.header = header - self.output_type = output_type - self.support_deep_link = support_deep_link - - -class InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem(_serialization.Model): - """InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem. + All required parameters must be populated in order to send to Azure. - :ivar filter: Insight column header. - :vartype filter: str - :ivar summarize: Insight column header. - :vartype summarize: str - :ivar project: Insight column header. - :vartype project: str - :ivar link_columns_definitions: Insight column header. - :vartype link_columns_definitions: - list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem] + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar created: The time the bookmark was created. + :vartype created: ~datetime.datetime + :ivar created_by: Describes a user that created the bookmark. + :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar display_name: The display name of the bookmark. Required. + :vartype display_name: str + :ivar event_time: The time of the event. + :vartype event_time: ~datetime.datetime + :ivar labels: List of labels relevant to this bookmark. + :vartype labels: list[str] + :ivar notes: The notes of the bookmark. + :vartype notes: str + :ivar query: The query of the bookmark. Required. + :vartype query: str + :ivar query_result: The query result of the bookmark. + :vartype query_result: str + :ivar updated: The last time the bookmark was updated. + :vartype updated: ~datetime.datetime + :ivar updated_by: Describes a user that updated the bookmark. + :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar incident_info: Describes an incident that relates to bookmark. + :vartype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo """ + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "display_name": {"required": True}, + "query": {"required": True}, + } + _attribute_map = { - "filter": {"key": "filter", "type": "str"}, - "summarize": {"key": "summarize", "type": "str"}, - "project": {"key": "project", "type": "str"}, - "link_columns_definitions": { - "key": "linkColumnsDefinitions", - "type": "[InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem]", - }, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "created": {"key": "created", "type": "iso-8601"}, + "created_by": {"key": "createdBy", "type": "UserInfo"}, + "display_name": {"key": "displayName", "type": "str"}, + "event_time": {"key": "eventTime", "type": "iso-8601"}, + "labels": {"key": "labels", "type": "[str]"}, + "notes": {"key": "notes", "type": "str"}, + "query": {"key": "query", "type": "str"}, + "query_result": {"key": "queryResult", "type": "str"}, + "updated": {"key": "updated", "type": "iso-8601"}, + "updated_by": {"key": "updatedBy", "type": "UserInfo"}, + "incident_info": {"key": "incidentInfo", "type": "IncidentInfo"}, } def __init__( self, *, - filter: Optional[str] = None, # pylint: disable=redefined-builtin - summarize: Optional[str] = None, - project: Optional[str] = None, - link_columns_definitions: Optional[ - List["_models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem"] - ] = None, - **kwargs - ): + display_name: str, + query: str, + created: Optional[datetime.datetime] = None, + created_by: Optional["_models.UserInfo"] = None, + event_time: Optional[datetime.datetime] = None, + labels: Optional[List[str]] = None, + notes: Optional[str] = None, + query_result: Optional[str] = None, + updated: Optional[datetime.datetime] = None, + updated_by: Optional["_models.UserInfo"] = None, + incident_info: Optional["_models.IncidentInfo"] = None, + **kwargs: Any + ) -> None: """ - :keyword filter: Insight column header. - :paramtype filter: str - :keyword summarize: Insight column header. - :paramtype summarize: str - :keyword project: Insight column header. - :paramtype project: str - :keyword link_columns_definitions: Insight column header. - :paramtype link_columns_definitions: - list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem] + :keyword created: The time the bookmark was created. + :paramtype created: ~datetime.datetime + :keyword created_by: Describes a user that created the bookmark. + :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword display_name: The display name of the bookmark. Required. + :paramtype display_name: str + :keyword event_time: The time of the event. + :paramtype event_time: ~datetime.datetime + :keyword labels: List of labels relevant to this bookmark. + :paramtype labels: list[str] + :keyword notes: The notes of the bookmark. + :paramtype notes: str + :keyword query: The query of the bookmark. Required. + :paramtype query: str + :keyword query_result: The query result of the bookmark. + :paramtype query_result: str + :keyword updated: The last time the bookmark was updated. + :paramtype updated: ~datetime.datetime + :keyword updated_by: Describes a user that updated the bookmark. + :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword incident_info: Describes an incident that relates to bookmark. + :paramtype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo """ super().__init__(**kwargs) - self.filter = filter - self.summarize = summarize - self.project = project - self.link_columns_definitions = link_columns_definitions + self.created = created + self.created_by = created_by + self.display_name = display_name + self.event_time = event_time + self.labels = labels + self.notes = notes + self.query = query + self.query_result = query_result + self.updated = updated + self.updated_by = updated_by + self.incident_info = incident_info -class InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem(_serialization.Model): - """InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem. +class HuntList(_serialization.Model): + """List all the hunts. - :ivar projected_name: Insight Link Definition Projected Name. - :vartype projected_name: str - :ivar query: Insight Link Definition Query. - :vartype query: str + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of hunts. + :vartype next_link: str + :ivar value: Array of hunts. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Hunt] """ + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + _attribute_map = { - "projected_name": {"key": "projectedName", "type": "str"}, - "query": {"key": "Query", "type": "str"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Hunt]"}, } - def __init__(self, *, projected_name: Optional[str] = None, query: Optional[str] = None, **kwargs): + def __init__(self, *, value: List["_models.Hunt"], **kwargs: Any) -> None: """ - :keyword projected_name: Insight Link Definition Projected Name. - :paramtype projected_name: str - :keyword query: Insight Link Definition Query. - :paramtype query: str + :keyword value: Array of hunts. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Hunt] """ super().__init__(**kwargs) - self.projected_name = projected_name - self.query = query + self.next_link = None + self.value = value -class InsightsTableResult(_serialization.Model): - """Query results for table insights query. +class HuntOwner(_serialization.Model): + """Describes a user that the hunt is assigned to. - :ivar columns: Columns Metadata of the table. - :vartype columns: list[~azure.mgmt.securityinsight.models.InsightsTableResultColumnsItem] - :ivar rows: Rows data of the table. - :vartype rows: list[list[str]] + :ivar email: The email of the user the hunt is assigned to. + :vartype email: str + :ivar assigned_to: The name of the user the hunt is assigned to. + :vartype assigned_to: str + :ivar object_id: The object id of the user the hunt is assigned to. + :vartype object_id: str + :ivar user_principal_name: The user principal name of the user the hunt is assigned to. + :vartype user_principal_name: str + :ivar owner_type: The type of the owner the hunt is assigned to. Known values are: "Unknown", + "User", and "Group". + :vartype owner_type: str or ~azure.mgmt.securityinsight.models.OwnerType """ _attribute_map = { - "columns": {"key": "columns", "type": "[InsightsTableResultColumnsItem]"}, - "rows": {"key": "rows", "type": "[[str]]"}, + "email": {"key": "email", "type": "str"}, + "assigned_to": {"key": "assignedTo", "type": "str"}, + "object_id": {"key": "objectId", "type": "str"}, + "user_principal_name": {"key": "userPrincipalName", "type": "str"}, + "owner_type": {"key": "ownerType", "type": "str"}, } def __init__( self, *, - columns: Optional[List["_models.InsightsTableResultColumnsItem"]] = None, - rows: Optional[List[List[str]]] = None, - **kwargs - ): + email: Optional[str] = None, + assigned_to: Optional[str] = None, + object_id: Optional[str] = None, + user_principal_name: Optional[str] = None, + owner_type: Optional[Union[str, "_models.OwnerType"]] = None, + **kwargs: Any + ) -> None: """ - :keyword columns: Columns Metadata of the table. - :paramtype columns: list[~azure.mgmt.securityinsight.models.InsightsTableResultColumnsItem] - :keyword rows: Rows data of the table. - :paramtype rows: list[list[str]] + :keyword email: The email of the user the hunt is assigned to. + :paramtype email: str + :keyword assigned_to: The name of the user the hunt is assigned to. + :paramtype assigned_to: str + :keyword object_id: The object id of the user the hunt is assigned to. + :paramtype object_id: str + :keyword user_principal_name: The user principal name of the user the hunt is assigned to. + :paramtype user_principal_name: str + :keyword owner_type: The type of the owner the hunt is assigned to. Known values are: + "Unknown", "User", and "Group". + :paramtype owner_type: str or ~azure.mgmt.securityinsight.models.OwnerType """ super().__init__(**kwargs) - self.columns = columns - self.rows = rows + self.email = email + self.assigned_to = assigned_to + self.object_id = object_id + self.user_principal_name = user_principal_name + self.owner_type = owner_type -class InsightsTableResultColumnsItem(_serialization.Model): - """InsightsTableResultColumnsItem. +class HuntRelation(ResourceWithEtag): + """Represents a Hunt Relation in Azure Security Insights. - :ivar type: the type of the colum. - :vartype type: str - :ivar name: the name of the colum. + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. :vartype name: str - """ - - _attribute_map = { - "type": {"key": "type", "type": "str"}, - "name": {"key": "name", "type": "str"}, - } - - def __init__(self, *, type: Optional[str] = None, name: Optional[str] = None, **kwargs): - """ - :keyword type: the type of the colum. - :paramtype type: str - :keyword name: the name of the colum. - :paramtype name: str - """ - super().__init__(**kwargs) - self.type = type - self.name = name - - -class Instructions(_serialization.Model): - """Instructions section of a recommendation. - - All required parameters must be populated in order to send to Azure. - - :ivar actions_to_be_performed: What actions should be taken to complete the recommendation. - Required. - :vartype actions_to_be_performed: str - :ivar recommendation_importance: Explains why the recommendation is important. Required. - :vartype recommendation_importance: str - :ivar how_to_perform_action_details: How should the user complete the recommendation. - :vartype how_to_perform_action_details: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar related_resource_id: The id of the related resource. + :vartype related_resource_id: str + :ivar related_resource_name: The name of the related resource. + :vartype related_resource_name: str + :ivar relation_type: The type of the hunt relation. + :vartype relation_type: str + :ivar related_resource_kind: The resource that the relation is related to. + :vartype related_resource_kind: str + :ivar labels: List of labels relevant to this hunt. + :vartype labels: list[str] """ _validation = { - "actions_to_be_performed": {"required": True}, - "recommendation_importance": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "related_resource_name": {"readonly": True}, + "relation_type": {"readonly": True}, + "related_resource_kind": {"readonly": True}, } _attribute_map = { - "actions_to_be_performed": {"key": "actionsToBePerformed", "type": "str"}, - "recommendation_importance": {"key": "recommendationImportance", "type": "str"}, - "how_to_perform_action_details": {"key": "howToPerformActionDetails", "type": "str"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "related_resource_id": {"key": "properties.relatedResourceId", "type": "str"}, + "related_resource_name": {"key": "properties.relatedResourceName", "type": "str"}, + "relation_type": {"key": "properties.relationType", "type": "str"}, + "related_resource_kind": {"key": "properties.relatedResourceKind", "type": "str"}, + "labels": {"key": "properties.labels", "type": "[str]"}, } def __init__( self, *, - actions_to_be_performed: str, - recommendation_importance: str, - how_to_perform_action_details: Optional[str] = None, - **kwargs - ): + etag: Optional[str] = None, + related_resource_id: Optional[str] = None, + labels: Optional[List[str]] = None, + **kwargs: Any + ) -> None: """ - :keyword actions_to_be_performed: What actions should be taken to complete the recommendation. - Required. - :paramtype actions_to_be_performed: str - :keyword recommendation_importance: Explains why the recommendation is important. Required. - :paramtype recommendation_importance: str - :keyword how_to_perform_action_details: How should the user complete the recommendation. - :paramtype how_to_perform_action_details: str + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword related_resource_id: The id of the related resource. + :paramtype related_resource_id: str + :keyword labels: List of labels relevant to this hunt. + :paramtype labels: list[str] """ - super().__init__(**kwargs) - self.actions_to_be_performed = actions_to_be_performed - self.recommendation_importance = recommendation_importance - self.how_to_perform_action_details = how_to_perform_action_details - - -class InstructionStepsInstructionsItem(ConnectorInstructionModelBase): - """InstructionStepsInstructionsItem. - - All required parameters must be populated in order to send to Azure. - - :ivar parameters: The parameters for the setting. - :vartype parameters: JSON - :ivar type: The kind of the setting. Required. Known values are: "CopyableLabel", - "InstructionStepsGroup", and "InfoMessage". - :vartype type: str or ~azure.mgmt.securityinsight.models.SettingType - """ - - _validation = { - "type": {"required": True}, - } - - _attribute_map = { - "parameters": {"key": "parameters", "type": "object"}, - "type": {"key": "type", "type": "str"}, - } + super().__init__(etag=etag, **kwargs) + self.related_resource_id = related_resource_id + self.related_resource_name = None + self.relation_type = None + self.related_resource_kind = None + self.labels = labels - def __init__(self, *, type: Union[str, "_models.SettingType"], parameters: Optional[JSON] = None, **kwargs): - """ - :keyword parameters: The parameters for the setting. - :paramtype parameters: JSON - :keyword type: The kind of the setting. Required. Known values are: "CopyableLabel", - "InstructionStepsGroup", and "InfoMessage". - :paramtype type: str or ~azure.mgmt.securityinsight.models.SettingType - """ - super().__init__(parameters=parameters, type=type, **kwargs) +class HuntRelationList(_serialization.Model): + """List of all the hunt relations. -class IoTCheckRequirements(DataConnectorsCheckRequirements): - """Represents IoT requirements check request. + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar subscription_id: The subscription id to connect to, and get the data from. - :vartype subscription_id: str + :ivar next_link: URL to fetch the next set of hunt relations. + :vartype next_link: str + :ivar value: Array of hunt relations. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.HuntRelation] """ _validation = { - "kind": {"required": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[HuntRelation]"}, } - def __init__(self, *, subscription_id: Optional[str] = None, **kwargs): + def __init__(self, *, value: List["_models.HuntRelation"], **kwargs: Any) -> None: """ - :keyword subscription_id: The subscription id to connect to, and get the data from. - :paramtype subscription_id: str + :keyword value: Array of hunt relations. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.HuntRelation] """ super().__init__(**kwargs) - self.kind: str = "IOT" - self.subscription_id = subscription_id + self.next_link = None + self.value = value -class IoTDataConnector(DataConnector): - """Represents IoT data connector. +class Incident(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Incident. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -11545,18 +11712,52 @@ class IoTDataConnector(DataConnector): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :ivar subscription_id: The subscription id to connect to, and get the data from. - :vartype subscription_id: str + :ivar title: The title of the incident. + :vartype title: str + :ivar description: The description of the incident. + :vartype description: str + :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :ivar status: The status of the incident. Known values are: "New", "Active", and "Closed". + :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus + :ivar classification: The reason the incident was closed. Known values are: "Undetermined", + "TruePositive", "BenignPositive", and "FalsePositive". + :vartype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification + :ivar classification_reason: The classification reason the incident was closed with. Known + values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and + "InaccurateData". + :vartype classification_reason: str or + ~azure.mgmt.securityinsight.models.IncidentClassificationReason + :ivar classification_comment: Describes the reason the incident was closed. + :vartype classification_comment: str + :ivar owner: Describes a user that the incident is assigned to. + :vartype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo + :ivar labels: List of labels relevant to this incident. + :vartype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + :ivar first_activity_time_utc: The time of the first activity in the incident. + :vartype first_activity_time_utc: ~datetime.datetime + :ivar last_activity_time_utc: The time of the last activity in the incident. + :vartype last_activity_time_utc: ~datetime.datetime + :ivar last_modified_time_utc: The last time the incident was updated. + :vartype last_modified_time_utc: ~datetime.datetime + :ivar created_time_utc: The time the incident was created. + :vartype created_time_utc: ~datetime.datetime + :ivar incident_number: A sequential number. + :vartype incident_number: int + :ivar additional_data: Additional data on the incident. + :vartype additional_data: ~azure.mgmt.securityinsight.models.IncidentAdditionalData + :ivar related_analytic_rule_ids: List of resource ids of Analytic rules related to the + incident. + :vartype related_analytic_rule_ids: list[str] + :ivar incident_url: The deep-link url to the incident in Azure portal. + :vartype incident_url: str + :ivar provider_name: The name of the source provider that generated the incident. + :vartype provider_name: str + :ivar provider_incident_id: The incident ID assigned by the incident provider. + :vartype provider_incident_id: str + :ivar team_information: Describes a team for the incident. + :vartype team_information: ~azure.mgmt.securityinsight.models.TeamInformation """ _validation = { @@ -11564,7 +11765,14 @@ class IoTDataConnector(DataConnector): "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, - "kind": {"required": True}, + "last_modified_time_utc": {"readonly": True}, + "created_time_utc": {"readonly": True}, + "incident_number": {"readonly": True}, + "additional_data": {"readonly": True}, + "related_analytic_rule_ids": {"readonly": True}, + "incident_url": {"readonly": True}, + "provider_name": {"readonly": True}, + "provider_incident_id": {"readonly": True}, } _attribute_map = { @@ -11573,71 +11781,213 @@ class IoTDataConnector(DataConnector): "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, - "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, + "title": {"key": "properties.title", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "severity": {"key": "properties.severity", "type": "str"}, + "status": {"key": "properties.status", "type": "str"}, + "classification": {"key": "properties.classification", "type": "str"}, + "classification_reason": {"key": "properties.classificationReason", "type": "str"}, + "classification_comment": {"key": "properties.classificationComment", "type": "str"}, + "owner": {"key": "properties.owner", "type": "IncidentOwnerInfo"}, + "labels": {"key": "properties.labels", "type": "[IncidentLabel]"}, + "first_activity_time_utc": {"key": "properties.firstActivityTimeUtc", "type": "iso-8601"}, + "last_activity_time_utc": {"key": "properties.lastActivityTimeUtc", "type": "iso-8601"}, + "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, + "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, + "incident_number": {"key": "properties.incidentNumber", "type": "int"}, + "additional_data": {"key": "properties.additionalData", "type": "IncidentAdditionalData"}, + "related_analytic_rule_ids": {"key": "properties.relatedAnalyticRuleIds", "type": "[str]"}, + "incident_url": {"key": "properties.incidentUrl", "type": "str"}, + "provider_name": {"key": "properties.providerName", "type": "str"}, + "provider_incident_id": {"key": "properties.providerIncidentId", "type": "str"}, + "team_information": {"key": "properties.teamInformation", "type": "TeamInformation"}, } - def __init__( + def __init__( # pylint: disable=too-many-locals self, *, etag: Optional[str] = None, - data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - subscription_id: Optional[str] = None, - **kwargs - ): + title: Optional[str] = None, + description: Optional[str] = None, + severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, + status: Optional[Union[str, "_models.IncidentStatus"]] = None, + classification: Optional[Union[str, "_models.IncidentClassification"]] = None, + classification_reason: Optional[Union[str, "_models.IncidentClassificationReason"]] = None, + classification_comment: Optional[str] = None, + owner: Optional["_models.IncidentOwnerInfo"] = None, + labels: Optional[List["_models.IncidentLabel"]] = None, + first_activity_time_utc: Optional[datetime.datetime] = None, + last_activity_time_utc: Optional[datetime.datetime] = None, + team_information: Optional["_models.TeamInformation"] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :keyword subscription_id: The subscription id to connect to, and get the data from. - :paramtype subscription_id: str - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "IOT" - self.data_types = data_types - self.subscription_id = subscription_id - - -class IoTDataConnectorProperties(DataConnectorWithAlertsProperties): - """IoT data connector properties. - - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :ivar subscription_id: The subscription id to connect to, and get the data from. - :vartype subscription_id: str - """ - - _attribute_map = { - "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, - "subscription_id": {"key": "subscriptionId", "type": "str"}, - } - - def __init__( - self, - *, - data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - subscription_id: Optional[str] = None, - **kwargs - ): - """ - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :keyword subscription_id: The subscription id to connect to, and get the data from. - :paramtype subscription_id: str + :keyword title: The title of the incident. + :paramtype title: str + :keyword description: The description of the incident. + :paramtype description: str + :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :keyword status: The status of the incident. Known values are: "New", "Active", and "Closed". + :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus + :keyword classification: The reason the incident was closed. Known values are: "Undetermined", + "TruePositive", "BenignPositive", and "FalsePositive". + :paramtype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification + :keyword classification_reason: The classification reason the incident was closed with. Known + values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and + "InaccurateData". + :paramtype classification_reason: str or + ~azure.mgmt.securityinsight.models.IncidentClassificationReason + :keyword classification_comment: Describes the reason the incident was closed. + :paramtype classification_comment: str + :keyword owner: Describes a user that the incident is assigned to. + :paramtype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo + :keyword labels: List of labels relevant to this incident. + :paramtype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + :keyword first_activity_time_utc: The time of the first activity in the incident. + :paramtype first_activity_time_utc: ~datetime.datetime + :keyword last_activity_time_utc: The time of the last activity in the incident. + :paramtype last_activity_time_utc: ~datetime.datetime + :keyword team_information: Describes a team for the incident. + :paramtype team_information: ~azure.mgmt.securityinsight.models.TeamInformation """ - super().__init__(data_types=data_types, **kwargs) - self.subscription_id = subscription_id + super().__init__(etag=etag, **kwargs) + self.title = title + self.description = description + self.severity = severity + self.status = status + self.classification = classification + self.classification_reason = classification_reason + self.classification_comment = classification_comment + self.owner = owner + self.labels = labels + self.first_activity_time_utc = first_activity_time_utc + self.last_activity_time_utc = last_activity_time_utc + self.last_modified_time_utc = None + self.created_time_utc = None + self.incident_number = None + self.additional_data = None + self.related_analytic_rule_ids = None + self.incident_url = None + self.provider_name = None + self.provider_incident_id = None + self.team_information = team_information -class IoTDeviceEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents an IoT device entity. +class IncidentAdditionalData(_serialization.Model): + """Incident additional data property bag. Variables are only populated by the server, and will be ignored when sending a request. + :ivar alerts_count: The number of alerts in the incident. + :vartype alerts_count: int + :ivar bookmarks_count: The number of bookmarks in the incident. + :vartype bookmarks_count: int + :ivar comments_count: The number of comments in the incident. + :vartype comments_count: int + :ivar alert_product_names: List of product names of alerts in the incident. + :vartype alert_product_names: list[str] + :ivar tactics: The tactics associated with incident. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques associated with incident's tactics. + :vartype techniques: list[str] + :ivar provider_incident_url: The provider incident url to the incident in Microsoft 365 + Defender portal. + :vartype provider_incident_url: str + """ + + _validation = { + "alerts_count": {"readonly": True}, + "bookmarks_count": {"readonly": True}, + "comments_count": {"readonly": True}, + "alert_product_names": {"readonly": True}, + "tactics": {"readonly": True}, + "techniques": {"readonly": True}, + "provider_incident_url": {"readonly": True}, + } + + _attribute_map = { + "alerts_count": {"key": "alertsCount", "type": "int"}, + "bookmarks_count": {"key": "bookmarksCount", "type": "int"}, + "comments_count": {"key": "commentsCount", "type": "int"}, + "alert_product_names": {"key": "alertProductNames", "type": "[str]"}, + "tactics": {"key": "tactics", "type": "[str]"}, + "techniques": {"key": "techniques", "type": "[str]"}, + "provider_incident_url": {"key": "providerIncidentUrl", "type": "str"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.alerts_count = None + self.bookmarks_count = None + self.comments_count = None + self.alert_product_names = None + self.tactics = None + self.techniques = None + self.provider_incident_url = None + + +class IncidentAlertList(_serialization.Model): + """List of incident alerts. + + All required parameters must be populated in order to send to Azure. + + :ivar value: Array of incident alerts. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.SecurityAlert] + """ + + _validation = { + "value": {"required": True}, + } + + _attribute_map = { + "value": {"key": "value", "type": "[SecurityAlert]"}, + } + + def __init__(self, *, value: List["_models.SecurityAlert"], **kwargs: Any) -> None: + """ + :keyword value: Array of incident alerts. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.SecurityAlert] + """ + super().__init__(**kwargs) + self.value = value + + +class IncidentBookmarkList(_serialization.Model): + """List of incident bookmarks. + All required parameters must be populated in order to send to Azure. + :ivar value: Array of incident bookmarks. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.HuntingBookmark] + """ + + _validation = { + "value": {"required": True}, + } + + _attribute_map = { + "value": {"key": "value", "type": "[HuntingBookmark]"}, + } + + def __init__(self, *, value: List["_models.HuntingBookmark"], **kwargs: Any) -> None: + """ + :keyword value: Array of incident bookmarks. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.HuntingBookmark] + """ + super().__init__(**kwargs) + self.value = value + + +class IncidentComment(ResourceWithEtag): + """Represents an incident comment. + + Variables are only populated by the server, and will be ignored when sending a request. + :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -11649,74 +11999,16 @@ class IoTDeviceEntity(Entity): # pylint: disable=too-many-instance-attributes :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar device_id: The ID of the IoT Device in the IoT Hub. - :vartype device_id: str - :ivar device_name: The friendly name of the device. - :vartype device_name: str - :ivar source: The source of the device. - :vartype source: str - :ivar iot_security_agent_id: The ID of the security agent running on the device. - :vartype iot_security_agent_id: str - :ivar device_type: The type of the device. - :vartype device_type: str - :ivar vendor: The vendor of the device. - :vartype vendor: str - :ivar edge_id: The ID of the edge device. - :vartype edge_id: str - :ivar mac_address: The MAC address of the device. - :vartype mac_address: str - :ivar model: The model of the device. - :vartype model: str - :ivar serial_number: The serial number of the device. - :vartype serial_number: str - :ivar firmware_version: The firmware version of the device. - :vartype firmware_version: str - :ivar operating_system: The operating system of the device. - :vartype operating_system: str - :ivar iot_hub_entity_id: The AzureResource entity id of the IoT Hub. - :vartype iot_hub_entity_id: str - :ivar host_entity_id: The Host entity id of this device. - :vartype host_entity_id: str - :ivar ip_address_entity_id: The IP entity if of this device. - :vartype ip_address_entity_id: str - :ivar threat_intelligence: A list of TI contexts attached to the IoTDevice entity. - :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] - :ivar protocols: A list of protocols of the IoTDevice entity. - :vartype protocols: list[str] - :ivar owners: A list of owners of the IoTDevice entity. - :vartype owners: list[str] - :ivar nic_entity_ids: A list of Nic entity ids of the IoTDevice entity. - :vartype nic_entity_ids: list[str] - :ivar site: The site of the device. - :vartype site: str - :ivar zone: The zone location of the device within a site. - :vartype zone: str - :ivar sensor: The sensor the device is monitored by. - :vartype sensor: str - :ivar device_sub_type: The subType of the device ('PLC', 'HMI', 'EWS', etc.). - :vartype device_sub_type: str - :ivar importance: Device importance, determines if the device classified as 'crown jewel'. - Known values are: "Unknown", "Low", "Normal", and "High". - :vartype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance - :ivar purdue_layer: The Purdue Layer of the device. - :vartype purdue_layer: str - :ivar is_authorized: Determines whether the device classified as authorized device. - :vartype is_authorized: bool - :ivar is_programming: Determines whether the device classified as programming device. - :vartype is_programming: bool - :ivar is_scanner: Is the device classified as a scanner device. - :vartype is_scanner: bool + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar message: The comment message. + :vartype message: str + :ivar created_time_utc: The time the comment was created. + :vartype created_time_utc: ~datetime.datetime + :ivar last_modified_time_utc: The time the comment was updated. + :vartype last_modified_time_utc: ~datetime.datetime + :ivar author: Describes the client that created the comment. + :vartype author: ~azure.mgmt.securityinsight.models.ClientInfo """ _validation = { @@ -11724,36 +12016,9 @@ class IoTDeviceEntity(Entity): # pylint: disable=too-many-instance-attributes "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "device_id": {"readonly": True}, - "device_name": {"readonly": True}, - "source": {"readonly": True}, - "iot_security_agent_id": {"readonly": True}, - "device_type": {"readonly": True}, - "vendor": {"readonly": True}, - "edge_id": {"readonly": True}, - "mac_address": {"readonly": True}, - "model": {"readonly": True}, - "serial_number": {"readonly": True}, - "firmware_version": {"readonly": True}, - "operating_system": {"readonly": True}, - "iot_hub_entity_id": {"readonly": True}, - "host_entity_id": {"readonly": True}, - "ip_address_entity_id": {"readonly": True}, - "threat_intelligence": {"readonly": True}, - "protocols": {"readonly": True}, - "owners": {"readonly": True}, - "nic_entity_ids": {"readonly": True}, - "site": {"readonly": True}, - "zone": {"readonly": True}, - "sensor": {"readonly": True}, - "device_sub_type": {"readonly": True}, - "purdue_layer": {"readonly": True}, - "is_authorized": {"readonly": True}, - "is_programming": {"readonly": True}, - "is_scanner": {"readonly": True}, + "created_time_utc": {"readonly": True}, + "last_modified_time_utc": {"readonly": True}, + "author": {"readonly": True}, } _attribute_map = { @@ -11761,742 +12026,424 @@ class IoTDeviceEntity(Entity): # pylint: disable=too-many-instance-attributes "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "device_id": {"key": "properties.deviceId", "type": "str"}, - "device_name": {"key": "properties.deviceName", "type": "str"}, - "source": {"key": "properties.source", "type": "str"}, - "iot_security_agent_id": {"key": "properties.iotSecurityAgentId", "type": "str"}, - "device_type": {"key": "properties.deviceType", "type": "str"}, - "vendor": {"key": "properties.vendor", "type": "str"}, - "edge_id": {"key": "properties.edgeId", "type": "str"}, - "mac_address": {"key": "properties.macAddress", "type": "str"}, - "model": {"key": "properties.model", "type": "str"}, - "serial_number": {"key": "properties.serialNumber", "type": "str"}, - "firmware_version": {"key": "properties.firmwareVersion", "type": "str"}, - "operating_system": {"key": "properties.operatingSystem", "type": "str"}, - "iot_hub_entity_id": {"key": "properties.iotHubEntityId", "type": "str"}, - "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, - "ip_address_entity_id": {"key": "properties.ipAddressEntityId", "type": "str"}, - "threat_intelligence": {"key": "properties.threatIntelligence", "type": "[ThreatIntelligence]"}, - "protocols": {"key": "properties.protocols", "type": "[str]"}, - "owners": {"key": "properties.owners", "type": "[str]"}, - "nic_entity_ids": {"key": "properties.nicEntityIds", "type": "[str]"}, - "site": {"key": "properties.site", "type": "str"}, - "zone": {"key": "properties.zone", "type": "str"}, - "sensor": {"key": "properties.sensor", "type": "str"}, - "device_sub_type": {"key": "properties.deviceSubType", "type": "str"}, - "importance": {"key": "properties.importance", "type": "str"}, - "purdue_layer": {"key": "properties.purdueLayer", "type": "str"}, - "is_authorized": {"key": "properties.isAuthorized", "type": "bool"}, - "is_programming": {"key": "properties.isProgramming", "type": "bool"}, - "is_scanner": {"key": "properties.isScanner", "type": "bool"}, + "etag": {"key": "etag", "type": "str"}, + "message": {"key": "properties.message", "type": "str"}, + "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, + "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, + "author": {"key": "properties.author", "type": "ClientInfo"}, } - def __init__( # pylint: disable=too-many-locals - self, *, importance: Optional[Union[str, "_models.DeviceImportance"]] = None, **kwargs - ): + def __init__(self, *, etag: Optional[str] = None, message: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword importance: Device importance, determines if the device classified as 'crown jewel'. - Known values are: "Unknown", "Low", "Normal", and "High". - :paramtype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword message: The comment message. + :paramtype message: str """ - super().__init__(**kwargs) - self.kind: str = "IoTDevice" - self.additional_data = None - self.friendly_name = None - self.device_id = None - self.device_name = None - self.source = None - self.iot_security_agent_id = None - self.device_type = None - self.vendor = None - self.edge_id = None - self.mac_address = None - self.model = None - self.serial_number = None - self.firmware_version = None - self.operating_system = None - self.iot_hub_entity_id = None - self.host_entity_id = None - self.ip_address_entity_id = None - self.threat_intelligence = None - self.protocols = None - self.owners = None - self.nic_entity_ids = None - self.site = None - self.zone = None - self.sensor = None - self.device_sub_type = None - self.importance = importance - self.purdue_layer = None - self.is_authorized = None - self.is_programming = None - self.is_scanner = None + super().__init__(etag=etag, **kwargs) + self.message = message + self.created_time_utc = None + self.last_modified_time_utc = None + self.author = None -class IoTDeviceEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """IoTDevice entity property bag. +class IncidentCommentList(_serialization.Model): + """IncidentCommentList. Variables are only populated by the server, and will be ignored when sending a request. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar device_id: The ID of the IoT Device in the IoT Hub. - :vartype device_id: str - :ivar device_name: The friendly name of the device. - :vartype device_name: str - :ivar source: The source of the device. - :vartype source: str - :ivar iot_security_agent_id: The ID of the security agent running on the device. - :vartype iot_security_agent_id: str - :ivar device_type: The type of the device. - :vartype device_type: str - :ivar vendor: The vendor of the device. - :vartype vendor: str - :ivar edge_id: The ID of the edge device. - :vartype edge_id: str - :ivar mac_address: The MAC address of the device. - :vartype mac_address: str - :ivar model: The model of the device. - :vartype model: str - :ivar serial_number: The serial number of the device. - :vartype serial_number: str - :ivar firmware_version: The firmware version of the device. - :vartype firmware_version: str - :ivar operating_system: The operating system of the device. - :vartype operating_system: str - :ivar iot_hub_entity_id: The AzureResource entity id of the IoT Hub. - :vartype iot_hub_entity_id: str - :ivar host_entity_id: The Host entity id of this device. - :vartype host_entity_id: str - :ivar ip_address_entity_id: The IP entity if of this device. - :vartype ip_address_entity_id: str - :ivar threat_intelligence: A list of TI contexts attached to the IoTDevice entity. - :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] - :ivar protocols: A list of protocols of the IoTDevice entity. - :vartype protocols: list[str] - :ivar owners: A list of owners of the IoTDevice entity. - :vartype owners: list[str] - :ivar nic_entity_ids: A list of Nic entity ids of the IoTDevice entity. - :vartype nic_entity_ids: list[str] - :ivar site: The site of the device. - :vartype site: str - :ivar zone: The zone location of the device within a site. - :vartype zone: str - :ivar sensor: The sensor the device is monitored by. - :vartype sensor: str - :ivar device_sub_type: The subType of the device ('PLC', 'HMI', 'EWS', etc.). - :vartype device_sub_type: str - :ivar importance: Device importance, determines if the device classified as 'crown jewel'. - Known values are: "Unknown", "Low", "Normal", and "High". - :vartype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance - :ivar purdue_layer: The Purdue Layer of the device. - :vartype purdue_layer: str - :ivar is_authorized: Determines whether the device classified as authorized device. - :vartype is_authorized: bool - :ivar is_programming: Determines whether the device classified as programming device. - :vartype is_programming: bool - :ivar is_scanner: Is the device classified as a scanner device. - :vartype is_scanner: bool + All required parameters must be populated in order to send to Azure. + + :ivar value: Required. + :vartype value: list[~azure.mgmt.securityinsight.models.IncidentComment] + :ivar next_link: + :vartype next_link: str """ _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "device_id": {"readonly": True}, - "device_name": {"readonly": True}, - "source": {"readonly": True}, - "iot_security_agent_id": {"readonly": True}, - "device_type": {"readonly": True}, - "vendor": {"readonly": True}, - "edge_id": {"readonly": True}, - "mac_address": {"readonly": True}, - "model": {"readonly": True}, - "serial_number": {"readonly": True}, - "firmware_version": {"readonly": True}, - "operating_system": {"readonly": True}, - "iot_hub_entity_id": {"readonly": True}, - "host_entity_id": {"readonly": True}, - "ip_address_entity_id": {"readonly": True}, - "threat_intelligence": {"readonly": True}, - "protocols": {"readonly": True}, - "owners": {"readonly": True}, - "nic_entity_ids": {"readonly": True}, - "site": {"readonly": True}, - "zone": {"readonly": True}, - "sensor": {"readonly": True}, - "device_sub_type": {"readonly": True}, - "purdue_layer": {"readonly": True}, - "is_authorized": {"readonly": True}, - "is_programming": {"readonly": True}, - "is_scanner": {"readonly": True}, + "value": {"required": True}, + "next_link": {"readonly": True}, } _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "device_id": {"key": "deviceId", "type": "str"}, - "device_name": {"key": "deviceName", "type": "str"}, - "source": {"key": "source", "type": "str"}, - "iot_security_agent_id": {"key": "iotSecurityAgentId", "type": "str"}, - "device_type": {"key": "deviceType", "type": "str"}, - "vendor": {"key": "vendor", "type": "str"}, - "edge_id": {"key": "edgeId", "type": "str"}, - "mac_address": {"key": "macAddress", "type": "str"}, - "model": {"key": "model", "type": "str"}, - "serial_number": {"key": "serialNumber", "type": "str"}, - "firmware_version": {"key": "firmwareVersion", "type": "str"}, - "operating_system": {"key": "operatingSystem", "type": "str"}, - "iot_hub_entity_id": {"key": "iotHubEntityId", "type": "str"}, - "host_entity_id": {"key": "hostEntityId", "type": "str"}, - "ip_address_entity_id": {"key": "ipAddressEntityId", "type": "str"}, - "threat_intelligence": {"key": "threatIntelligence", "type": "[ThreatIntelligence]"}, - "protocols": {"key": "protocols", "type": "[str]"}, - "owners": {"key": "owners", "type": "[str]"}, - "nic_entity_ids": {"key": "nicEntityIds", "type": "[str]"}, - "site": {"key": "site", "type": "str"}, - "zone": {"key": "zone", "type": "str"}, - "sensor": {"key": "sensor", "type": "str"}, - "device_sub_type": {"key": "deviceSubType", "type": "str"}, - "importance": {"key": "importance", "type": "str"}, - "purdue_layer": {"key": "purdueLayer", "type": "str"}, - "is_authorized": {"key": "isAuthorized", "type": "bool"}, - "is_programming": {"key": "isProgramming", "type": "bool"}, - "is_scanner": {"key": "isScanner", "type": "bool"}, + "value": {"key": "value", "type": "[IncidentComment]"}, + "next_link": {"key": "nextLink", "type": "str"}, } - def __init__( # pylint: disable=too-many-locals - self, *, importance: Optional[Union[str, "_models.DeviceImportance"]] = None, **kwargs - ): + def __init__(self, *, value: List["_models.IncidentComment"], **kwargs: Any) -> None: """ - :keyword importance: Device importance, determines if the device classified as 'crown jewel'. - Known values are: "Unknown", "Low", "Normal", and "High". - :paramtype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance + :keyword value: Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.IncidentComment] """ super().__init__(**kwargs) - self.device_id = None - self.device_name = None - self.source = None - self.iot_security_agent_id = None - self.device_type = None - self.vendor = None - self.edge_id = None - self.mac_address = None - self.model = None - self.serial_number = None - self.firmware_version = None - self.operating_system = None - self.iot_hub_entity_id = None - self.host_entity_id = None - self.ip_address_entity_id = None - self.threat_intelligence = None - self.protocols = None - self.owners = None - self.nic_entity_ids = None - self.site = None - self.zone = None - self.sensor = None - self.device_sub_type = None - self.importance = importance - self.purdue_layer = None - self.is_authorized = None - self.is_programming = None - self.is_scanner = None - + self.value = value + self.next_link = None -class IpEntity(Entity): - """Represents an ip entity. - Variables are only populated by the server, and will be ignored when sending a request. +class IncidentConfiguration(_serialization.Model): + """Incident Configuration property bag. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar address: The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6). - :vartype address: str - :ivar location: The geo-location context attached to the ip entity. - :vartype location: ~azure.mgmt.securityinsight.models.GeoLocation - :ivar threat_intelligence: A list of TI contexts attached to the ip entity. - :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + :ivar create_incident: Create incidents from alerts triggered by this analytics rule. Required. + :vartype create_incident: bool + :ivar grouping_configuration: Set how the alerts that are triggered by this analytics rule, are + grouped into incidents. + :vartype grouping_configuration: ~azure.mgmt.securityinsight.models.GroupingConfiguration """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "address": {"readonly": True}, - "location": {"readonly": True}, - "threat_intelligence": {"readonly": True}, + "create_incident": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "address": {"key": "properties.address", "type": "str"}, - "location": {"key": "properties.location", "type": "GeoLocation"}, - "threat_intelligence": {"key": "properties.threatIntelligence", "type": "[ThreatIntelligence]"}, + "create_incident": {"key": "createIncident", "type": "bool"}, + "grouping_configuration": {"key": "groupingConfiguration", "type": "GroupingConfiguration"}, } - def __init__(self, **kwargs): - """ """ + def __init__( + self, + *, + create_incident: bool, + grouping_configuration: Optional["_models.GroupingConfiguration"] = None, + **kwargs: Any + ) -> None: + """ + :keyword create_incident: Create incidents from alerts triggered by this analytics rule. + Required. + :paramtype create_incident: bool + :keyword grouping_configuration: Set how the alerts that are triggered by this analytics rule, + are grouped into incidents. + :paramtype grouping_configuration: ~azure.mgmt.securityinsight.models.GroupingConfiguration + """ super().__init__(**kwargs) - self.kind: str = "Ip" - self.additional_data = None - self.friendly_name = None - self.address = None - self.location = None - self.threat_intelligence = None - + self.create_incident = create_incident + self.grouping_configuration = grouping_configuration -class IpEntityProperties(EntityCommonProperties): - """Ip entity property bag. - Variables are only populated by the server, and will be ignored when sending a request. +class IncidentEntitiesResponse(_serialization.Model): + """The incident related entities response. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar address: The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6). - :vartype address: str - :ivar location: The geo-location context attached to the ip entity. - :vartype location: ~azure.mgmt.securityinsight.models.GeoLocation - :ivar threat_intelligence: A list of TI contexts attached to the ip entity. - :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + :ivar entities: Array of the incident related entities. + :vartype entities: list[~azure.mgmt.securityinsight.models.Entity] + :ivar meta_data: The metadata from the incident related entities results. + :vartype meta_data: list[~azure.mgmt.securityinsight.models.IncidentEntitiesResultsMetadata] """ - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "address": {"readonly": True}, - "location": {"readonly": True}, - "threat_intelligence": {"readonly": True}, - } - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "address": {"key": "address", "type": "str"}, - "location": {"key": "location", "type": "GeoLocation"}, - "threat_intelligence": {"key": "threatIntelligence", "type": "[ThreatIntelligence]"}, + "entities": {"key": "entities", "type": "[Entity]"}, + "meta_data": {"key": "metaData", "type": "[IncidentEntitiesResultsMetadata]"}, } - def __init__(self, **kwargs): - """ """ + def __init__( + self, + *, + entities: Optional[List["_models.Entity"]] = None, + meta_data: Optional[List["_models.IncidentEntitiesResultsMetadata"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword entities: Array of the incident related entities. + :paramtype entities: list[~azure.mgmt.securityinsight.models.Entity] + :keyword meta_data: The metadata from the incident related entities results. + :paramtype meta_data: list[~azure.mgmt.securityinsight.models.IncidentEntitiesResultsMetadata] + """ super().__init__(**kwargs) - self.address = None - self.location = None - self.threat_intelligence = None - + self.entities = entities + self.meta_data = meta_data -class MailboxEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a mailbox entity. - Variables are only populated by the server, and will be ignored when sending a request. +class IncidentEntitiesResultsMetadata(_serialization.Model): + """Information of a specific aggregation in the incident related entities result. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar mailbox_primary_address: The mailbox's primary address. - :vartype mailbox_primary_address: str - :ivar display_name: The mailbox's display name. - :vartype display_name: str - :ivar upn: The mailbox's UPN. - :vartype upn: str - :ivar external_directory_object_id: The AzureAD identifier of mailbox. Similar to AadUserId in - account entity but this property is specific to mailbox object on office side. - :vartype external_directory_object_id: str + :ivar entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", + "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", + "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and + "Nic". + :vartype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar count: Total number of aggregations of the given kind in the incident related entities + result. Required. + :vartype count: int """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "mailbox_primary_address": {"readonly": True}, - "display_name": {"readonly": True}, - "upn": {"readonly": True}, - "external_directory_object_id": {"readonly": True}, + "entity_kind": {"required": True}, + "count": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "mailbox_primary_address": {"key": "properties.mailboxPrimaryAddress", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "upn": {"key": "properties.upn", "type": "str"}, - "external_directory_object_id": {"key": "properties.externalDirectoryObjectId", "type": "str"}, + "entity_kind": {"key": "entityKind", "type": "str"}, + "count": {"key": "count", "type": "int"}, } - def __init__(self, **kwargs): - """ """ + def __init__(self, *, entity_kind: Union[str, "_models.EntityKindEnum"], count: int, **kwargs: Any) -> None: + """ + :keyword entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", + "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", + "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and + "Nic". + :paramtype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :keyword count: Total number of aggregations of the given kind in the incident related entities + result. Required. + :paramtype count: int + """ super().__init__(**kwargs) - self.kind: str = "Mailbox" - self.additional_data = None - self.friendly_name = None - self.mailbox_primary_address = None - self.display_name = None - self.upn = None - self.external_directory_object_id = None + self.entity_kind = entity_kind + self.count = count -class MailboxEntityProperties(EntityCommonProperties): - """Mailbox entity property bag. +class IncidentInfo(_serialization.Model): + """Describes related incident information for the bookmark. - Variables are only populated by the server, and will be ignored when sending a request. + :ivar incident_id: Incident Id. + :vartype incident_id: str + :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :ivar title: The title of the incident. + :vartype title: str + :ivar relation_name: Relation Name. + :vartype relation_name: str + """ - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar mailbox_primary_address: The mailbox's primary address. - :vartype mailbox_primary_address: str - :ivar display_name: The mailbox's display name. - :vartype display_name: str - :ivar upn: The mailbox's UPN. - :vartype upn: str - :ivar external_directory_object_id: The AzureAD identifier of mailbox. Similar to AadUserId in - account entity but this property is specific to mailbox object on office side. - :vartype external_directory_object_id: str + _attribute_map = { + "incident_id": {"key": "incidentId", "type": "str"}, + "severity": {"key": "severity", "type": "str"}, + "title": {"key": "title", "type": "str"}, + "relation_name": {"key": "relationName", "type": "str"}, + } + + def __init__( + self, + *, + incident_id: Optional[str] = None, + severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, + title: Optional[str] = None, + relation_name: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword incident_id: Incident Id. + :paramtype incident_id: str + :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :keyword title: The title of the incident. + :paramtype title: str + :keyword relation_name: Relation Name. + :paramtype relation_name: str + """ + super().__init__(**kwargs) + self.incident_id = incident_id + self.severity = severity + self.title = title + self.relation_name = relation_name + + +class IncidentLabel(_serialization.Model): + """Represents an incident label. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar label_name: The name of the label. Required. + :vartype label_name: str + :ivar label_type: The type of the label. Known values are: "User" and "AutoAssigned". + :vartype label_type: str or ~azure.mgmt.securityinsight.models.IncidentLabelType """ _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "mailbox_primary_address": {"readonly": True}, - "display_name": {"readonly": True}, - "upn": {"readonly": True}, - "external_directory_object_id": {"readonly": True}, + "label_name": {"required": True}, + "label_type": {"readonly": True}, } _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "mailbox_primary_address": {"key": "mailboxPrimaryAddress", "type": "str"}, - "display_name": {"key": "displayName", "type": "str"}, - "upn": {"key": "upn", "type": "str"}, - "external_directory_object_id": {"key": "externalDirectoryObjectId", "type": "str"}, + "label_name": {"key": "labelName", "type": "str"}, + "label_type": {"key": "labelType", "type": "str"}, } - def __init__(self, **kwargs): - """ """ + def __init__(self, *, label_name: str, **kwargs: Any) -> None: + """ + :keyword label_name: The name of the label. Required. + :paramtype label_name: str + """ super().__init__(**kwargs) - self.mailbox_primary_address = None - self.display_name = None - self.upn = None - self.external_directory_object_id = None + self.label_name = label_name + self.label_type = None -class MailClusterEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a mail cluster entity. +class IncidentList(_serialization.Model): + """List all the incidents. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar network_message_ids: The mail message IDs that are part of the mail cluster. - :vartype network_message_ids: list[str] - :ivar count_by_delivery_status: Count of mail messages by DeliveryStatus string representation. - :vartype count_by_delivery_status: JSON - :ivar count_by_threat_type: Count of mail messages by ThreatType string representation. - :vartype count_by_threat_type: JSON - :ivar count_by_protection_status: Count of mail messages by ProtectionStatus string - representation. - :vartype count_by_protection_status: JSON - :ivar threats: The threats of mail messages that are part of the mail cluster. - :vartype threats: list[str] - :ivar query: The query that was used to identify the messages of the mail cluster. - :vartype query: str - :ivar query_time: The query time. - :vartype query_time: ~datetime.datetime - :ivar mail_count: The number of mail messages that are part of the mail cluster. - :vartype mail_count: int - :ivar is_volume_anomaly: Is this a volume anomaly mail cluster. - :vartype is_volume_anomaly: bool - :ivar source: The source of the mail cluster (default is 'O365 ATP'). - :vartype source: str - :ivar cluster_source_identifier: The id of the cluster source. - :vartype cluster_source_identifier: str - :ivar cluster_source_type: The type of the cluster source. - :vartype cluster_source_type: str - :ivar cluster_query_start_time: The cluster query start time. - :vartype cluster_query_start_time: ~datetime.datetime - :ivar cluster_query_end_time: The cluster query end time. - :vartype cluster_query_end_time: ~datetime.datetime - :ivar cluster_group: The cluster group. - :vartype cluster_group: str + :ivar value: Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Incident] + :ivar next_link: URL to fetch the next set of incidents. + :vartype next_link: str """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "network_message_ids": {"readonly": True}, - "count_by_delivery_status": {"readonly": True}, - "count_by_threat_type": {"readonly": True}, - "count_by_protection_status": {"readonly": True}, - "threats": {"readonly": True}, - "query": {"readonly": True}, - "query_time": {"readonly": True}, - "mail_count": {"readonly": True}, - "is_volume_anomaly": {"readonly": True}, - "source": {"readonly": True}, - "cluster_source_identifier": {"readonly": True}, - "cluster_source_type": {"readonly": True}, - "cluster_query_start_time": {"readonly": True}, - "cluster_query_end_time": {"readonly": True}, - "cluster_group": {"readonly": True}, + "value": {"required": True}, + "next_link": {"readonly": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "network_message_ids": {"key": "properties.networkMessageIds", "type": "[str]"}, - "count_by_delivery_status": {"key": "properties.countByDeliveryStatus", "type": "object"}, - "count_by_threat_type": {"key": "properties.countByThreatType", "type": "object"}, - "count_by_protection_status": {"key": "properties.countByProtectionStatus", "type": "object"}, - "threats": {"key": "properties.threats", "type": "[str]"}, - "query": {"key": "properties.query", "type": "str"}, - "query_time": {"key": "properties.queryTime", "type": "iso-8601"}, - "mail_count": {"key": "properties.mailCount", "type": "int"}, - "is_volume_anomaly": {"key": "properties.isVolumeAnomaly", "type": "bool"}, - "source": {"key": "properties.source", "type": "str"}, - "cluster_source_identifier": {"key": "properties.clusterSourceIdentifier", "type": "str"}, - "cluster_source_type": {"key": "properties.clusterSourceType", "type": "str"}, - "cluster_query_start_time": {"key": "properties.clusterQueryStartTime", "type": "iso-8601"}, - "cluster_query_end_time": {"key": "properties.clusterQueryEndTime", "type": "iso-8601"}, - "cluster_group": {"key": "properties.clusterGroup", "type": "str"}, + "value": {"key": "value", "type": "[Incident]"}, + "next_link": {"key": "nextLink", "type": "str"}, } - def __init__(self, **kwargs): - """ """ + def __init__(self, *, value: List["_models.Incident"], **kwargs: Any) -> None: + """ + :keyword value: Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Incident] + """ super().__init__(**kwargs) - self.kind: str = "MailCluster" - self.additional_data = None - self.friendly_name = None - self.network_message_ids = None - self.count_by_delivery_status = None - self.count_by_threat_type = None - self.count_by_protection_status = None - self.threats = None - self.query = None - self.query_time = None - self.mail_count = None - self.is_volume_anomaly = None - self.source = None - self.cluster_source_identifier = None - self.cluster_source_type = None - self.cluster_query_start_time = None - self.cluster_query_end_time = None - self.cluster_group = None + self.value = value + self.next_link = None -class MailClusterEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """Mail cluster entity property bag. +class IncidentOwnerInfo(_serialization.Model): + """Information on the user an incident is assigned to. - Variables are only populated by the server, and will be ignored when sending a request. + :ivar email: The email of the user the incident is assigned to. + :vartype email: str + :ivar assigned_to: The name of the user the incident is assigned to. + :vartype assigned_to: str + :ivar object_id: The object id of the user the incident is assigned to. + :vartype object_id: str + :ivar user_principal_name: The user principal name of the user the incident is assigned to. + :vartype user_principal_name: str + :ivar owner_type: The type of the owner the incident is assigned to. Known values are: + "Unknown", "User", and "Group". + :vartype owner_type: str or ~azure.mgmt.securityinsight.models.OwnerType + """ - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar network_message_ids: The mail message IDs that are part of the mail cluster. - :vartype network_message_ids: list[str] - :ivar count_by_delivery_status: Count of mail messages by DeliveryStatus string representation. - :vartype count_by_delivery_status: JSON - :ivar count_by_threat_type: Count of mail messages by ThreatType string representation. - :vartype count_by_threat_type: JSON - :ivar count_by_protection_status: Count of mail messages by ProtectionStatus string - representation. - :vartype count_by_protection_status: JSON - :ivar threats: The threats of mail messages that are part of the mail cluster. - :vartype threats: list[str] - :ivar query: The query that was used to identify the messages of the mail cluster. - :vartype query: str - :ivar query_time: The query time. - :vartype query_time: ~datetime.datetime - :ivar mail_count: The number of mail messages that are part of the mail cluster. - :vartype mail_count: int - :ivar is_volume_anomaly: Is this a volume anomaly mail cluster. - :vartype is_volume_anomaly: bool - :ivar source: The source of the mail cluster (default is 'O365 ATP'). - :vartype source: str - :ivar cluster_source_identifier: The id of the cluster source. - :vartype cluster_source_identifier: str - :ivar cluster_source_type: The type of the cluster source. - :vartype cluster_source_type: str - :ivar cluster_query_start_time: The cluster query start time. - :vartype cluster_query_start_time: ~datetime.datetime - :ivar cluster_query_end_time: The cluster query end time. - :vartype cluster_query_end_time: ~datetime.datetime - :ivar cluster_group: The cluster group. - :vartype cluster_group: str - """ - - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "network_message_ids": {"readonly": True}, - "count_by_delivery_status": {"readonly": True}, - "count_by_threat_type": {"readonly": True}, - "count_by_protection_status": {"readonly": True}, - "threats": {"readonly": True}, - "query": {"readonly": True}, - "query_time": {"readonly": True}, - "mail_count": {"readonly": True}, - "is_volume_anomaly": {"readonly": True}, - "source": {"readonly": True}, - "cluster_source_identifier": {"readonly": True}, - "cluster_source_type": {"readonly": True}, - "cluster_query_start_time": {"readonly": True}, - "cluster_query_end_time": {"readonly": True}, - "cluster_group": {"readonly": True}, + _attribute_map = { + "email": {"key": "email", "type": "str"}, + "assigned_to": {"key": "assignedTo", "type": "str"}, + "object_id": {"key": "objectId", "type": "str"}, + "user_principal_name": {"key": "userPrincipalName", "type": "str"}, + "owner_type": {"key": "ownerType", "type": "str"}, } + def __init__( + self, + *, + email: Optional[str] = None, + assigned_to: Optional[str] = None, + object_id: Optional[str] = None, + user_principal_name: Optional[str] = None, + owner_type: Optional[Union[str, "_models.OwnerType"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword email: The email of the user the incident is assigned to. + :paramtype email: str + :keyword assigned_to: The name of the user the incident is assigned to. + :paramtype assigned_to: str + :keyword object_id: The object id of the user the incident is assigned to. + :paramtype object_id: str + :keyword user_principal_name: The user principal name of the user the incident is assigned to. + :paramtype user_principal_name: str + :keyword owner_type: The type of the owner the incident is assigned to. Known values are: + "Unknown", "User", and "Group". + :paramtype owner_type: str or ~azure.mgmt.securityinsight.models.OwnerType + """ + super().__init__(**kwargs) + self.email = email + self.assigned_to = assigned_to + self.object_id = object_id + self.user_principal_name = user_principal_name + self.owner_type = owner_type + + +class IncidentPropertiesAction(_serialization.Model): + """IncidentPropertiesAction. + + :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :ivar status: The status of the incident. Known values are: "New", "Active", and "Closed". + :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus + :ivar classification: The reason the incident was closed. Known values are: "Undetermined", + "TruePositive", "BenignPositive", and "FalsePositive". + :vartype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification + :ivar classification_reason: The classification reason the incident was closed with. Known + values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and + "InaccurateData". + :vartype classification_reason: str or + ~azure.mgmt.securityinsight.models.IncidentClassificationReason + :ivar classification_comment: Describes the reason the incident was closed. + :vartype classification_comment: str + :ivar owner: Information on the user an incident is assigned to. + :vartype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo + :ivar labels: List of labels to add to the incident. + :vartype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + """ + _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "network_message_ids": {"key": "networkMessageIds", "type": "[str]"}, - "count_by_delivery_status": {"key": "countByDeliveryStatus", "type": "object"}, - "count_by_threat_type": {"key": "countByThreatType", "type": "object"}, - "count_by_protection_status": {"key": "countByProtectionStatus", "type": "object"}, - "threats": {"key": "threats", "type": "[str]"}, - "query": {"key": "query", "type": "str"}, - "query_time": {"key": "queryTime", "type": "iso-8601"}, - "mail_count": {"key": "mailCount", "type": "int"}, - "is_volume_anomaly": {"key": "isVolumeAnomaly", "type": "bool"}, - "source": {"key": "source", "type": "str"}, - "cluster_source_identifier": {"key": "clusterSourceIdentifier", "type": "str"}, - "cluster_source_type": {"key": "clusterSourceType", "type": "str"}, - "cluster_query_start_time": {"key": "clusterQueryStartTime", "type": "iso-8601"}, - "cluster_query_end_time": {"key": "clusterQueryEndTime", "type": "iso-8601"}, - "cluster_group": {"key": "clusterGroup", "type": "str"}, + "severity": {"key": "severity", "type": "str"}, + "status": {"key": "status", "type": "str"}, + "classification": {"key": "classification", "type": "str"}, + "classification_reason": {"key": "classificationReason", "type": "str"}, + "classification_comment": {"key": "classificationComment", "type": "str"}, + "owner": {"key": "owner", "type": "IncidentOwnerInfo"}, + "labels": {"key": "labels", "type": "[IncidentLabel]"}, } - def __init__(self, **kwargs): - """ """ + def __init__( + self, + *, + severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, + status: Optional[Union[str, "_models.IncidentStatus"]] = None, + classification: Optional[Union[str, "_models.IncidentClassification"]] = None, + classification_reason: Optional[Union[str, "_models.IncidentClassificationReason"]] = None, + classification_comment: Optional[str] = None, + owner: Optional["_models.IncidentOwnerInfo"] = None, + labels: Optional[List["_models.IncidentLabel"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :keyword status: The status of the incident. Known values are: "New", "Active", and "Closed". + :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus + :keyword classification: The reason the incident was closed. Known values are: "Undetermined", + "TruePositive", "BenignPositive", and "FalsePositive". + :paramtype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification + :keyword classification_reason: The classification reason the incident was closed with. Known + values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and + "InaccurateData". + :paramtype classification_reason: str or + ~azure.mgmt.securityinsight.models.IncidentClassificationReason + :keyword classification_comment: Describes the reason the incident was closed. + :paramtype classification_comment: str + :keyword owner: Information on the user an incident is assigned to. + :paramtype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo + :keyword labels: List of labels to add to the incident. + :paramtype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + """ super().__init__(**kwargs) - self.network_message_ids = None - self.count_by_delivery_status = None - self.count_by_threat_type = None - self.count_by_protection_status = None - self.threats = None - self.query = None - self.query_time = None - self.mail_count = None - self.is_volume_anomaly = None - self.source = None - self.cluster_source_identifier = None - self.cluster_source_type = None - self.cluster_query_start_time = None - self.cluster_query_end_time = None - self.cluster_group = None + self.severity = severity + self.status = status + self.classification = classification + self.classification_reason = classification_reason + self.classification_comment = classification_comment + self.owner = owner + self.labels = labels -class MailMessageEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a mail message entity. +class IncidentTask(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """IncidentTask. Variables are only populated by the server, and will be ignored when sending a request. @@ -12513,100 +12460,33 @@ class MailMessageEntity(Entity): # pylint: disable=too-many-instance-attributes :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar file_entity_ids: The File entity ids of this mail message's attachments. - :vartype file_entity_ids: list[str] - :ivar recipient: The recipient of this mail message. Note that in case of multiple recipients - the mail message is forked and each copy has one recipient. - :vartype recipient: str - :ivar urls: The Urls contained in this mail message. - :vartype urls: list[str] - :ivar threats: The threats of this mail message. - :vartype threats: list[str] - :ivar p1_sender: The p1 sender's email address. - :vartype p1_sender: str - :ivar p1_sender_display_name: The p1 sender's display name. - :vartype p1_sender_display_name: str - :ivar p1_sender_domain: The p1 sender's domain. - :vartype p1_sender_domain: str - :ivar sender_ip: The sender's IP address. - :vartype sender_ip: str - :ivar p2_sender: The p2 sender's email address. - :vartype p2_sender: str - :ivar p2_sender_display_name: The p2 sender's display name. - :vartype p2_sender_display_name: str - :ivar p2_sender_domain: The p2 sender's domain. - :vartype p2_sender_domain: str - :ivar receive_date: The receive date of this message. - :vartype receive_date: ~datetime.datetime - :ivar network_message_id: The network message id of this mail message. - :vartype network_message_id: str - :ivar internet_message_id: The internet message id of this mail message. - :vartype internet_message_id: str - :ivar subject: The subject of this mail message. - :vartype subject: str - :ivar language: The language of this mail message. - :vartype language: str - :ivar threat_detection_methods: The threat detection methods. - :vartype threat_detection_methods: list[str] - :ivar body_fingerprint_bin1: The bodyFingerprintBin1. - :vartype body_fingerprint_bin1: int - :ivar body_fingerprint_bin2: The bodyFingerprintBin2. - :vartype body_fingerprint_bin2: int - :ivar body_fingerprint_bin3: The bodyFingerprintBin3. - :vartype body_fingerprint_bin3: int - :ivar body_fingerprint_bin4: The bodyFingerprintBin4. - :vartype body_fingerprint_bin4: int - :ivar body_fingerprint_bin5: The bodyFingerprintBin5. - :vartype body_fingerprint_bin5: int - :ivar antispam_direction: The directionality of this mail message. Known values are: "Unknown", - "Inbound", "Outbound", and "Intraorg". - :vartype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection - :ivar delivery_action: The delivery action of this mail message like Delivered, Blocked, - Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and - "Replaced". - :vartype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction - :ivar delivery_location: The delivery location of this mail message like Inbox, JunkFolder etc. - Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", "External", - "Failed", "Dropped", and "Forwarded". - :vartype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "file_entity_ids": {"readonly": True}, - "recipient": {"readonly": True}, - "urls": {"readonly": True}, - "threats": {"readonly": True}, - "p1_sender": {"readonly": True}, - "p1_sender_display_name": {"readonly": True}, - "p1_sender_domain": {"readonly": True}, - "sender_ip": {"readonly": True}, - "p2_sender": {"readonly": True}, - "p2_sender_display_name": {"readonly": True}, - "p2_sender_domain": {"readonly": True}, - "receive_date": {"readonly": True}, - "network_message_id": {"readonly": True}, - "internet_message_id": {"readonly": True}, - "subject": {"readonly": True}, - "language": {"readonly": True}, - "threat_detection_methods": {"readonly": True}, + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar title: The title of the task. Required. + :vartype title: str + :ivar description: The description of the task. + :vartype description: str + :ivar status: Required. Known values are: "New" and "Completed". + :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentTaskStatus + :ivar created_time_utc: The time the task was created. + :vartype created_time_utc: ~datetime.datetime + :ivar last_modified_time_utc: The last time the task was updated. + :vartype last_modified_time_utc: ~datetime.datetime + :ivar created_by: Information on the client (user or application) that made some action. + :vartype created_by: ~azure.mgmt.securityinsight.models.ClientInfo + :ivar last_modified_by: Information on the client (user or application) that made some action. + :vartype last_modified_by: ~azure.mgmt.securityinsight.models.ClientInfo + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "title": {"required": True}, + "status": {"required": True}, + "created_time_utc": {"readonly": True}, + "last_modified_time_utc": {"readonly": True}, } _attribute_map = { @@ -12614,998 +12494,757 @@ class MailMessageEntity(Entity): # pylint: disable=too-many-instance-attributes "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "file_entity_ids": {"key": "properties.fileEntityIds", "type": "[str]"}, - "recipient": {"key": "properties.recipient", "type": "str"}, - "urls": {"key": "properties.urls", "type": "[str]"}, - "threats": {"key": "properties.threats", "type": "[str]"}, - "p1_sender": {"key": "properties.p1Sender", "type": "str"}, - "p1_sender_display_name": {"key": "properties.p1SenderDisplayName", "type": "str"}, - "p1_sender_domain": {"key": "properties.p1SenderDomain", "type": "str"}, - "sender_ip": {"key": "properties.senderIP", "type": "str"}, - "p2_sender": {"key": "properties.p2Sender", "type": "str"}, - "p2_sender_display_name": {"key": "properties.p2SenderDisplayName", "type": "str"}, - "p2_sender_domain": {"key": "properties.p2SenderDomain", "type": "str"}, - "receive_date": {"key": "properties.receiveDate", "type": "iso-8601"}, - "network_message_id": {"key": "properties.networkMessageId", "type": "str"}, - "internet_message_id": {"key": "properties.internetMessageId", "type": "str"}, - "subject": {"key": "properties.subject", "type": "str"}, - "language": {"key": "properties.language", "type": "str"}, - "threat_detection_methods": {"key": "properties.threatDetectionMethods", "type": "[str]"}, - "body_fingerprint_bin1": {"key": "properties.bodyFingerprintBin1", "type": "int"}, - "body_fingerprint_bin2": {"key": "properties.bodyFingerprintBin2", "type": "int"}, - "body_fingerprint_bin3": {"key": "properties.bodyFingerprintBin3", "type": "int"}, - "body_fingerprint_bin4": {"key": "properties.bodyFingerprintBin4", "type": "int"}, - "body_fingerprint_bin5": {"key": "properties.bodyFingerprintBin5", "type": "int"}, - "antispam_direction": {"key": "properties.antispamDirection", "type": "str"}, - "delivery_action": {"key": "properties.deliveryAction", "type": "str"}, - "delivery_location": {"key": "properties.deliveryLocation", "type": "str"}, + "etag": {"key": "etag", "type": "str"}, + "title": {"key": "properties.title", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "status": {"key": "properties.status", "type": "str"}, + "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, + "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, + "created_by": {"key": "properties.createdBy", "type": "ClientInfo"}, + "last_modified_by": {"key": "properties.lastModifiedBy", "type": "ClientInfo"}, } - def __init__( # pylint: disable=too-many-locals + def __init__( self, *, - body_fingerprint_bin1: Optional[int] = None, - body_fingerprint_bin2: Optional[int] = None, - body_fingerprint_bin3: Optional[int] = None, - body_fingerprint_bin4: Optional[int] = None, - body_fingerprint_bin5: Optional[int] = None, - antispam_direction: Optional[Union[str, "_models.AntispamMailDirection"]] = None, - delivery_action: Optional[Union[str, "_models.DeliveryAction"]] = None, - delivery_location: Optional[Union[str, "_models.DeliveryLocation"]] = None, - **kwargs - ): + title: str, + status: Union[str, "_models.IncidentTaskStatus"], + etag: Optional[str] = None, + description: Optional[str] = None, + created_by: Optional["_models.ClientInfo"] = None, + last_modified_by: Optional["_models.ClientInfo"] = None, + **kwargs: Any + ) -> None: """ - :keyword body_fingerprint_bin1: The bodyFingerprintBin1. - :paramtype body_fingerprint_bin1: int - :keyword body_fingerprint_bin2: The bodyFingerprintBin2. - :paramtype body_fingerprint_bin2: int - :keyword body_fingerprint_bin3: The bodyFingerprintBin3. - :paramtype body_fingerprint_bin3: int - :keyword body_fingerprint_bin4: The bodyFingerprintBin4. - :paramtype body_fingerprint_bin4: int - :keyword body_fingerprint_bin5: The bodyFingerprintBin5. - :paramtype body_fingerprint_bin5: int - :keyword antispam_direction: The directionality of this mail message. Known values are: - "Unknown", "Inbound", "Outbound", and "Intraorg". - :paramtype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection - :keyword delivery_action: The delivery action of this mail message like Delivered, Blocked, - Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and - "Replaced". - :paramtype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction - :keyword delivery_location: The delivery location of this mail message like Inbox, JunkFolder - etc. Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", - "External", "Failed", "Dropped", and "Forwarded". - :paramtype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword title: The title of the task. Required. + :paramtype title: str + :keyword description: The description of the task. + :paramtype description: str + :keyword status: Required. Known values are: "New" and "Completed". + :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentTaskStatus + :keyword created_by: Information on the client (user or application) that made some action. + :paramtype created_by: ~azure.mgmt.securityinsight.models.ClientInfo + :keyword last_modified_by: Information on the client (user or application) that made some + action. + :paramtype last_modified_by: ~azure.mgmt.securityinsight.models.ClientInfo + """ + super().__init__(etag=etag, **kwargs) + self.title = title + self.description = description + self.status = status + self.created_time_utc = None + self.last_modified_time_utc = None + self.created_by = created_by + self.last_modified_by = last_modified_by + + +class IncidentTaskList(_serialization.Model): + """IncidentTaskList. + + :ivar value: + :vartype value: list[~azure.mgmt.securityinsight.models.IncidentTask] + :ivar next_link: + :vartype next_link: str + """ + + _attribute_map = { + "value": {"key": "value", "type": "[IncidentTask]"}, + "next_link": {"key": "nextLink", "type": "str"}, + } + + def __init__( + self, *, value: Optional[List["_models.IncidentTask"]] = None, next_link: Optional[str] = None, **kwargs: Any + ) -> None: + """ + :keyword value: + :paramtype value: list[~azure.mgmt.securityinsight.models.IncidentTask] + :keyword next_link: + :paramtype next_link: str """ super().__init__(**kwargs) - self.kind: str = "MailMessage" - self.additional_data = None - self.friendly_name = None - self.file_entity_ids = None - self.recipient = None - self.urls = None - self.threats = None - self.p1_sender = None - self.p1_sender_display_name = None - self.p1_sender_domain = None - self.sender_ip = None - self.p2_sender = None - self.p2_sender_display_name = None - self.p2_sender_domain = None - self.receive_date = None - self.network_message_id = None - self.internet_message_id = None - self.subject = None - self.language = None - self.threat_detection_methods = None - self.body_fingerprint_bin1 = body_fingerprint_bin1 - self.body_fingerprint_bin2 = body_fingerprint_bin2 - self.body_fingerprint_bin3 = body_fingerprint_bin3 - self.body_fingerprint_bin4 = body_fingerprint_bin4 - self.body_fingerprint_bin5 = body_fingerprint_bin5 - self.antispam_direction = antispam_direction - self.delivery_action = delivery_action - self.delivery_location = delivery_location + self.value = value + self.next_link = next_link -class MailMessageEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """Mail message entity property bag. +class InsightQueryItem(EntityQueryItem): + """Represents Insight Query. Variables are only populated by the server, and will be ignored when sending a request. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar file_entity_ids: The File entity ids of this mail message's attachments. - :vartype file_entity_ids: list[str] - :ivar recipient: The recipient of this mail message. Note that in case of multiple recipients - the mail message is forked and each copy has one recipient. - :vartype recipient: str - :ivar urls: The Urls contained in this mail message. - :vartype urls: list[str] - :ivar threats: The threats of this mail message. - :vartype threats: list[str] - :ivar p1_sender: The p1 sender's email address. - :vartype p1_sender: str - :ivar p1_sender_display_name: The p1 sender's display name. - :vartype p1_sender_display_name: str - :ivar p1_sender_domain: The p1 sender's domain. - :vartype p1_sender_domain: str - :ivar sender_ip: The sender's IP address. - :vartype sender_ip: str - :ivar p2_sender: The p2 sender's email address. - :vartype p2_sender: str - :ivar p2_sender_display_name: The p2 sender's display name. - :vartype p2_sender_display_name: str - :ivar p2_sender_domain: The p2 sender's domain. - :vartype p2_sender_domain: str - :ivar receive_date: The receive date of this message. - :vartype receive_date: ~datetime.datetime - :ivar network_message_id: The network message id of this mail message. - :vartype network_message_id: str - :ivar internet_message_id: The internet message id of this mail message. - :vartype internet_message_id: str - :ivar subject: The subject of this mail message. - :vartype subject: str - :ivar language: The language of this mail message. - :vartype language: str - :ivar threat_detection_methods: The threat detection methods. - :vartype threat_detection_methods: list[str] - :ivar body_fingerprint_bin1: The bodyFingerprintBin1. - :vartype body_fingerprint_bin1: int - :ivar body_fingerprint_bin2: The bodyFingerprintBin2. - :vartype body_fingerprint_bin2: int - :ivar body_fingerprint_bin3: The bodyFingerprintBin3. - :vartype body_fingerprint_bin3: int - :ivar body_fingerprint_bin4: The bodyFingerprintBin4. - :vartype body_fingerprint_bin4: int - :ivar body_fingerprint_bin5: The bodyFingerprintBin5. - :vartype body_fingerprint_bin5: int - :ivar antispam_direction: The directionality of this mail message. Known values are: "Unknown", - "Inbound", "Outbound", and "Intraorg". - :vartype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection - :ivar delivery_action: The delivery action of this mail message like Delivered, Blocked, - Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and - "Replaced". - :vartype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction - :ivar delivery_location: The delivery location of this mail message like Inbox, JunkFolder etc. - Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", "External", - "Failed", "Dropped", and "Forwarded". - :vartype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation - """ + All required parameters must be populated in order to send to Azure. - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "file_entity_ids": {"readonly": True}, - "recipient": {"readonly": True}, - "urls": {"readonly": True}, - "threats": {"readonly": True}, - "p1_sender": {"readonly": True}, - "p1_sender_display_name": {"readonly": True}, - "p1_sender_domain": {"readonly": True}, - "sender_ip": {"readonly": True}, - "p2_sender": {"readonly": True}, - "p2_sender_display_name": {"readonly": True}, - "p2_sender_domain": {"readonly": True}, - "receive_date": {"readonly": True}, - "network_message_id": {"readonly": True}, - "internet_message_id": {"readonly": True}, - "subject": {"readonly": True}, - "language": {"readonly": True}, - "threat_detection_methods": {"readonly": True}, - } - - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "file_entity_ids": {"key": "fileEntityIds", "type": "[str]"}, - "recipient": {"key": "recipient", "type": "str"}, - "urls": {"key": "urls", "type": "[str]"}, - "threats": {"key": "threats", "type": "[str]"}, - "p1_sender": {"key": "p1Sender", "type": "str"}, - "p1_sender_display_name": {"key": "p1SenderDisplayName", "type": "str"}, - "p1_sender_domain": {"key": "p1SenderDomain", "type": "str"}, - "sender_ip": {"key": "senderIP", "type": "str"}, - "p2_sender": {"key": "p2Sender", "type": "str"}, - "p2_sender_display_name": {"key": "p2SenderDisplayName", "type": "str"}, - "p2_sender_domain": {"key": "p2SenderDomain", "type": "str"}, - "receive_date": {"key": "receiveDate", "type": "iso-8601"}, - "network_message_id": {"key": "networkMessageId", "type": "str"}, - "internet_message_id": {"key": "internetMessageId", "type": "str"}, - "subject": {"key": "subject", "type": "str"}, - "language": {"key": "language", "type": "str"}, - "threat_detection_methods": {"key": "threatDetectionMethods", "type": "[str]"}, - "body_fingerprint_bin1": {"key": "bodyFingerprintBin1", "type": "int"}, - "body_fingerprint_bin2": {"key": "bodyFingerprintBin2", "type": "int"}, - "body_fingerprint_bin3": {"key": "bodyFingerprintBin3", "type": "int"}, - "body_fingerprint_bin4": {"key": "bodyFingerprintBin4", "type": "int"}, - "body_fingerprint_bin5": {"key": "bodyFingerprintBin5", "type": "int"}, - "antispam_direction": {"key": "antispamDirection", "type": "str"}, - "delivery_action": {"key": "deliveryAction", "type": "str"}, - "delivery_location": {"key": "deliveryLocation", "type": "str"}, - } - - def __init__( # pylint: disable=too-many-locals - self, - *, - body_fingerprint_bin1: Optional[int] = None, - body_fingerprint_bin2: Optional[int] = None, - body_fingerprint_bin3: Optional[int] = None, - body_fingerprint_bin4: Optional[int] = None, - body_fingerprint_bin5: Optional[int] = None, - antispam_direction: Optional[Union[str, "_models.AntispamMailDirection"]] = None, - delivery_action: Optional[Union[str, "_models.DeliveryAction"]] = None, - delivery_location: Optional[Union[str, "_models.DeliveryLocation"]] = None, - **kwargs - ): - """ - :keyword body_fingerprint_bin1: The bodyFingerprintBin1. - :paramtype body_fingerprint_bin1: int - :keyword body_fingerprint_bin2: The bodyFingerprintBin2. - :paramtype body_fingerprint_bin2: int - :keyword body_fingerprint_bin3: The bodyFingerprintBin3. - :paramtype body_fingerprint_bin3: int - :keyword body_fingerprint_bin4: The bodyFingerprintBin4. - :paramtype body_fingerprint_bin4: int - :keyword body_fingerprint_bin5: The bodyFingerprintBin5. - :paramtype body_fingerprint_bin5: int - :keyword antispam_direction: The directionality of this mail message. Known values are: - "Unknown", "Inbound", "Outbound", and "Intraorg". - :paramtype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection - :keyword delivery_action: The delivery action of this mail message like Delivered, Blocked, - Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and - "Replaced". - :paramtype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction - :keyword delivery_location: The delivery location of this mail message like Inbox, JunkFolder - etc. Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", - "External", "Failed", "Dropped", and "Forwarded". - :paramtype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation - """ - super().__init__(**kwargs) - self.file_entity_ids = None - self.recipient = None - self.urls = None - self.threats = None - self.p1_sender = None - self.p1_sender_display_name = None - self.p1_sender_domain = None - self.sender_ip = None - self.p2_sender = None - self.p2_sender_display_name = None - self.p2_sender_domain = None - self.receive_date = None - self.network_message_id = None - self.internet_message_id = None - self.subject = None - self.language = None - self.threat_detection_methods = None - self.body_fingerprint_bin1 = body_fingerprint_bin1 - self.body_fingerprint_bin2 = body_fingerprint_bin2 - self.body_fingerprint_bin3 = body_fingerprint_bin3 - self.body_fingerprint_bin4 = body_fingerprint_bin4 - self.body_fingerprint_bin5 = body_fingerprint_bin5 - self.antispam_direction = antispam_direction - self.delivery_action = delivery_action - self.delivery_location = delivery_location - - -class MalwareEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a malware entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :ivar id: Query Template ARM ID. :vartype id: str - :ivar name: The name of the resource. + :ivar name: Query Template ARM Name. :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". + :ivar type: ARM Type. :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar category: The malware category by the vendor, e.g. Trojan. - :vartype category: str - :ivar file_entity_ids: List of linked file entity identifiers on which the malware was found. - :vartype file_entity_ids: list[str] - :ivar malware_name: The malware name by the vendor, e.g. Win32/Toga!rfn. - :vartype malware_name: str - :ivar process_entity_ids: List of linked process entity identifiers on which the malware was - found. - :vartype process_entity_ids: list[str] + :ivar kind: The kind of the entity query. Required. Known values are: "Expansion", "Insight", + and "Activity". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind + :ivar properties: Properties bag for InsightQueryItem. + :vartype properties: ~azure.mgmt.securityinsight.models.InsightQueryItemProperties """ _validation = { "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "category": {"readonly": True}, - "file_entity_ids": {"readonly": True}, - "malware_name": {"readonly": True}, - "process_entity_ids": {"readonly": True}, } _attribute_map = { "id": {"key": "id", "type": "str"}, "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "category": {"key": "properties.category", "type": "str"}, - "file_entity_ids": {"key": "properties.fileEntityIds", "type": "[str]"}, - "malware_name": {"key": "properties.malwareName", "type": "str"}, - "process_entity_ids": {"key": "properties.processEntityIds", "type": "[str]"}, + "properties": {"key": "properties", "type": "InsightQueryItemProperties"}, } - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: str = "Malware" - self.additional_data = None - self.friendly_name = None - self.category = None - self.file_entity_ids = None - self.malware_name = None - self.process_entity_ids = None - + def __init__( + self, + *, + name: Optional[str] = None, + type: Optional[str] = None, + properties: Optional["_models.InsightQueryItemProperties"] = None, + **kwargs: Any + ) -> None: + """ + :keyword name: Query Template ARM Name. + :paramtype name: str + :keyword type: ARM Type. + :paramtype type: str + :keyword properties: Properties bag for InsightQueryItem. + :paramtype properties: ~azure.mgmt.securityinsight.models.InsightQueryItemProperties + """ + super().__init__(name=name, type=type, **kwargs) + self.kind: str = "Insight" + self.properties = properties -class MalwareEntityProperties(EntityCommonProperties): - """Malware entity property bag. - Variables are only populated by the server, and will be ignored when sending a request. +class InsightQueryItemProperties(EntityQueryItemProperties): # pylint: disable=too-many-instance-attributes + """Represents Insight Query. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar category: The malware category by the vendor, e.g. Trojan. - :vartype category: str - :ivar file_entity_ids: List of linked file entity identifiers on which the malware was found. - :vartype file_entity_ids: list[str] - :ivar malware_name: The malware name by the vendor, e.g. Win32/Toga!rfn. - :vartype malware_name: str - :ivar process_entity_ids: List of linked process entity identifiers on which the malware was - found. - :vartype process_entity_ids: list[str] + :ivar data_types: Data types for template. + :vartype data_types: + list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] + :ivar input_entity_type: The type of the entity. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", + "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :ivar required_input_fields_sets: Data types for template. + :vartype required_input_fields_sets: list[list[str]] + :ivar entities_filter: The query applied only to entities matching to all filters. + :vartype entities_filter: JSON + :ivar display_name: The insight display name. + :vartype display_name: str + :ivar description: The insight description. + :vartype description: str + :ivar base_query: The base query of the insight. + :vartype base_query: str + :ivar table_query: The insight table query. + :vartype table_query: ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQuery + :ivar chart_query: The insight chart query. + :vartype chart_query: JSON + :ivar additional_query: The activity query definitions. + :vartype additional_query: + ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesAdditionalQuery + :ivar default_time_range: The insight chart query. + :vartype default_time_range: + ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesDefaultTimeRange + :ivar reference_time_range: The insight chart query. + :vartype reference_time_range: + ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesReferenceTimeRange """ - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "category": {"readonly": True}, - "file_entity_ids": {"readonly": True}, - "malware_name": {"readonly": True}, - "process_entity_ids": {"readonly": True}, - } - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "category": {"key": "category", "type": "str"}, - "file_entity_ids": {"key": "fileEntityIds", "type": "[str]"}, - "malware_name": {"key": "malwareName", "type": "str"}, - "process_entity_ids": {"key": "processEntityIds", "type": "[str]"}, + "data_types": {"key": "dataTypes", "type": "[EntityQueryItemPropertiesDataTypesItem]"}, + "input_entity_type": {"key": "inputEntityType", "type": "str"}, + "required_input_fields_sets": {"key": "requiredInputFieldsSets", "type": "[[str]]"}, + "entities_filter": {"key": "entitiesFilter", "type": "object"}, + "display_name": {"key": "displayName", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "base_query": {"key": "baseQuery", "type": "str"}, + "table_query": {"key": "tableQuery", "type": "InsightQueryItemPropertiesTableQuery"}, + "chart_query": {"key": "chartQuery", "type": "object"}, + "additional_query": {"key": "additionalQuery", "type": "InsightQueryItemPropertiesAdditionalQuery"}, + "default_time_range": {"key": "defaultTimeRange", "type": "InsightQueryItemPropertiesDefaultTimeRange"}, + "reference_time_range": {"key": "referenceTimeRange", "type": "InsightQueryItemPropertiesReferenceTimeRange"}, } - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.category = None - self.file_entity_ids = None - self.malware_name = None - self.process_entity_ids = None - + def __init__( + self, + *, + data_types: Optional[List["_models.EntityQueryItemPropertiesDataTypesItem"]] = None, + input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, + required_input_fields_sets: Optional[List[List[str]]] = None, + entities_filter: Optional[JSON] = None, + display_name: Optional[str] = None, + description: Optional[str] = None, + base_query: Optional[str] = None, + table_query: Optional["_models.InsightQueryItemPropertiesTableQuery"] = None, + chart_query: Optional[JSON] = None, + additional_query: Optional["_models.InsightQueryItemPropertiesAdditionalQuery"] = None, + default_time_range: Optional["_models.InsightQueryItemPropertiesDefaultTimeRange"] = None, + reference_time_range: Optional["_models.InsightQueryItemPropertiesReferenceTimeRange"] = None, + **kwargs: Any + ) -> None: + """ + :keyword data_types: Data types for template. + :paramtype data_types: + list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] + :keyword input_entity_type: The type of the entity. Known values are: "Account", "Host", + "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", + "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :keyword required_input_fields_sets: Data types for template. + :paramtype required_input_fields_sets: list[list[str]] + :keyword entities_filter: The query applied only to entities matching to all filters. + :paramtype entities_filter: JSON + :keyword display_name: The insight display name. + :paramtype display_name: str + :keyword description: The insight description. + :paramtype description: str + :keyword base_query: The base query of the insight. + :paramtype base_query: str + :keyword table_query: The insight table query. + :paramtype table_query: ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQuery + :keyword chart_query: The insight chart query. + :paramtype chart_query: JSON + :keyword additional_query: The activity query definitions. + :paramtype additional_query: + ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesAdditionalQuery + :keyword default_time_range: The insight chart query. + :paramtype default_time_range: + ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesDefaultTimeRange + :keyword reference_time_range: The insight chart query. + :paramtype reference_time_range: + ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesReferenceTimeRange + """ + super().__init__( + data_types=data_types, + input_entity_type=input_entity_type, + required_input_fields_sets=required_input_fields_sets, + entities_filter=entities_filter, + **kwargs + ) + self.display_name = display_name + self.description = description + self.base_query = base_query + self.table_query = table_query + self.chart_query = chart_query + self.additional_query = additional_query + self.default_time_range = default_time_range + self.reference_time_range = reference_time_range -class ManualTriggerRequestBody(_serialization.Model): - """ManualTriggerRequestBody. - All required parameters must be populated in order to send to Azure. +class InsightQueryItemPropertiesAdditionalQuery(_serialization.Model): + """The activity query definitions. - :ivar tenant_id: - :vartype tenant_id: str - :ivar logic_apps_resource_id: Required. - :vartype logic_apps_resource_id: str + :ivar query: The insight query. + :vartype query: str + :ivar text: The insight text. + :vartype text: str """ - _validation = { - "logic_apps_resource_id": {"required": True}, - } - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "logic_apps_resource_id": {"key": "logicAppsResourceId", "type": "str"}, + "query": {"key": "query", "type": "str"}, + "text": {"key": "text", "type": "str"}, } - def __init__(self, *, logic_apps_resource_id: str, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, query: Optional[str] = None, text: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword tenant_id: - :paramtype tenant_id: str - :keyword logic_apps_resource_id: Required. - :paramtype logic_apps_resource_id: str + :keyword query: The insight query. + :paramtype query: str + :keyword text: The insight text. + :paramtype text: str """ super().__init__(**kwargs) - self.tenant_id = tenant_id - self.logic_apps_resource_id = logic_apps_resource_id - + self.query = query + self.text = text -class MCASCheckRequirements(DataConnectorsCheckRequirements): - """Represents MCAS (Microsoft Cloud App Security) requirements check request. - All required parameters must be populated in order to send to Azure. +class InsightQueryItemPropertiesDefaultTimeRange(_serialization.Model): + """The insight chart query. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str + :ivar before_range: The padding for the start time of the query. + :vartype before_range: str + :ivar after_range: The padding for the end time of the query. + :vartype after_range: str """ - _validation = { - "kind": {"required": True}, - } - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "before_range": {"key": "beforeRange", "type": "str"}, + "after_range": {"key": "afterRange", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, before_range: Optional[str] = None, after_range: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str + :keyword before_range: The padding for the start time of the query. + :paramtype before_range: str + :keyword after_range: The padding for the end time of the query. + :paramtype after_range: str """ super().__init__(**kwargs) - self.kind: str = "MicrosoftCloudAppSecurity" - self.tenant_id = tenant_id - + self.before_range = before_range + self.after_range = after_range -class MCASCheckRequirementsProperties(DataConnectorTenantId): - """MCAS (Microsoft Cloud App Security) requirements check properties. - All required parameters must be populated in order to send to Azure. +class InsightQueryItemPropertiesReferenceTimeRange(_serialization.Model): + """The insight chart query. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str + :ivar before_range: Additional query time for looking back. + :vartype before_range: str """ - _validation = { - "tenant_id": {"required": True}, - } - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, + "before_range": {"key": "beforeRange", "type": "str"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__(self, *, before_range: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str + :keyword before_range: Additional query time for looking back. + :paramtype before_range: str """ - super().__init__(tenant_id=tenant_id, **kwargs) - - -class MCASDataConnector(DataConnector): - """Represents MCAS (Microsoft Cloud App Security) data connector. + super().__init__(**kwargs) + self.before_range = before_range - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class InsightQueryItemPropertiesTableQuery(_serialization.Model): + """The insight table query. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes + :ivar columns_definitions: List of insight column definitions. + :vartype columns_definitions: + list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem] + :ivar queries_definitions: List of insight queries definitions. + :vartype queries_definitions: + list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem] """ - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "MCASDataConnectorDataTypes"}, + "columns_definitions": { + "key": "columnsDefinitions", + "type": "[InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem]", + }, + "queries_definitions": { + "key": "queriesDefinitions", + "type": "[InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem]", + }, } def __init__( self, *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.MCASDataConnectorDataTypes"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes + columns_definitions: Optional[ + List["_models.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem"] + ] = None, + queries_definitions: Optional[ + List["_models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem"] + ] = None, + **kwargs: Any + ) -> None: """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "MicrosoftCloudAppSecurity" - self.tenant_id = tenant_id - self.data_types = data_types - + :keyword columns_definitions: List of insight column definitions. + :paramtype columns_definitions: + list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem] + :keyword queries_definitions: List of insight queries definitions. + :paramtype queries_definitions: + list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem] + """ + super().__init__(**kwargs) + self.columns_definitions = columns_definitions + self.queries_definitions = queries_definitions -class MCASDataConnectorDataTypes(AlertsDataTypeOfDataConnector): - """The available data types for MCAS (Microsoft Cloud App Security) data connector. - All required parameters must be populated in order to send to Azure. +class InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem(_serialization.Model): + """InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem. - :ivar alerts: Alerts data type connection. Required. - :vartype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon - :ivar discovery_logs: Discovery log data type connection. - :vartype discovery_logs: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + :ivar header: Insight column header. + :vartype header: str + :ivar output_type: Insights Column type. Known values are: "Number", "String", "Date", and + "Entity". + :vartype output_type: str or ~azure.mgmt.securityinsight.models.OutputType + :ivar support_deep_link: Is query supports deep-link. + :vartype support_deep_link: bool """ - _validation = { - "alerts": {"required": True}, - } - _attribute_map = { - "alerts": {"key": "alerts", "type": "DataConnectorDataTypeCommon"}, - "discovery_logs": {"key": "discoveryLogs", "type": "DataConnectorDataTypeCommon"}, + "header": {"key": "header", "type": "str"}, + "output_type": {"key": "outputType", "type": "str"}, + "support_deep_link": {"key": "supportDeepLink", "type": "bool"}, } def __init__( self, *, - alerts: "_models.DataConnectorDataTypeCommon", - discovery_logs: Optional["_models.DataConnectorDataTypeCommon"] = None, - **kwargs - ): + header: Optional[str] = None, + output_type: Optional[Union[str, "_models.OutputType"]] = None, + support_deep_link: Optional[bool] = None, + **kwargs: Any + ) -> None: """ - :keyword alerts: Alerts data type connection. Required. - :paramtype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon - :keyword discovery_logs: Discovery log data type connection. - :paramtype discovery_logs: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + :keyword header: Insight column header. + :paramtype header: str + :keyword output_type: Insights Column type. Known values are: "Number", "String", "Date", and + "Entity". + :paramtype output_type: str or ~azure.mgmt.securityinsight.models.OutputType + :keyword support_deep_link: Is query supports deep-link. + :paramtype support_deep_link: bool """ - super().__init__(alerts=alerts, **kwargs) - self.discovery_logs = discovery_logs - + super().__init__(**kwargs) + self.header = header + self.output_type = output_type + self.support_deep_link = support_deep_link -class MCASDataConnectorProperties(DataConnectorTenantId): - """MCAS (Microsoft Cloud App Security) data connector properties. - All required parameters must be populated in order to send to Azure. +class InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem(_serialization.Model): + """InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes + :ivar filter: Insight column header. + :vartype filter: str + :ivar summarize: Insight column header. + :vartype summarize: str + :ivar project: Insight column header. + :vartype project: str + :ivar link_columns_definitions: Insight column header. + :vartype link_columns_definitions: + list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem] """ - _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, - } - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "MCASDataConnectorDataTypes"}, + "filter": {"key": "filter", "type": "str"}, + "summarize": {"key": "summarize", "type": "str"}, + "project": {"key": "project", "type": "str"}, + "link_columns_definitions": { + "key": "linkColumnsDefinitions", + "type": "[InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem]", + }, } - def __init__(self, *, tenant_id: str, data_types: "_models.MCASDataConnectorDataTypes", **kwargs): + def __init__( + self, + *, + filter: Optional[str] = None, # pylint: disable=redefined-builtin + summarize: Optional[str] = None, + project: Optional[str] = None, + link_columns_definitions: Optional[ + List["_models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem"] + ] = None, + **kwargs: Any + ) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes + :keyword filter: Insight column header. + :paramtype filter: str + :keyword summarize: Insight column header. + :paramtype summarize: str + :keyword project: Insight column header. + :paramtype project: str + :keyword link_columns_definitions: Insight column header. + :paramtype link_columns_definitions: + list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem] """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.data_types = data_types - + super().__init__(**kwargs) + self.filter = filter + self.summarize = summarize + self.project = project + self.link_columns_definitions = link_columns_definitions -class MDATPCheckRequirements(DataConnectorsCheckRequirements): - """Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request. - All required parameters must be populated in order to send to Azure. +class InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem(_serialization.Model): + """InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str + :ivar projected_name: Insight Link Definition Projected Name. + :vartype projected_name: str + :ivar query: Insight Link Definition Query. + :vartype query: str """ - _validation = { - "kind": {"required": True}, - } - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "projected_name": {"key": "projectedName", "type": "str"}, + "query": {"key": "Query", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, projected_name: Optional[str] = None, query: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str + :keyword projected_name: Insight Link Definition Projected Name. + :paramtype projected_name: str + :keyword query: Insight Link Definition Query. + :paramtype query: str """ super().__init__(**kwargs) - self.kind: str = "MicrosoftDefenderAdvancedThreatProtection" - self.tenant_id = tenant_id - + self.projected_name = projected_name + self.query = query -class MDATPCheckRequirementsProperties(DataConnectorTenantId): - """MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. - All required parameters must be populated in order to send to Azure. +class InsightsTableResult(_serialization.Model): + """Query results for table insights query. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str + :ivar columns: Columns Metadata of the table. + :vartype columns: list[~azure.mgmt.securityinsight.models.InsightsTableResultColumnsItem] + :ivar rows: Rows data of the table. + :vartype rows: list[list[str]] """ - _validation = { - "tenant_id": {"required": True}, + _attribute_map = { + "columns": {"key": "columns", "type": "[InsightsTableResultColumnsItem]"}, + "rows": {"key": "rows", "type": "[[str]]"}, } + def __init__( + self, + *, + columns: Optional[List["_models.InsightsTableResultColumnsItem"]] = None, + rows: Optional[List[List[str]]] = None, + **kwargs: Any + ) -> None: + """ + :keyword columns: Columns Metadata of the table. + :paramtype columns: list[~azure.mgmt.securityinsight.models.InsightsTableResultColumnsItem] + :keyword rows: Rows data of the table. + :paramtype rows: list[list[str]] + """ + super().__init__(**kwargs) + self.columns = columns + self.rows = rows + + +class InsightsTableResultColumnsItem(_serialization.Model): + """InsightsTableResultColumnsItem. + + :ivar type: the type of the colum. + :vartype type: str + :ivar name: the name of the colum. + :vartype name: str + """ + _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "name": {"key": "name", "type": "str"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__(self, *, type: Optional[str] = None, name: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str + :keyword type: the type of the colum. + :paramtype type: str + :keyword name: the name of the colum. + :paramtype name: str """ - super().__init__(tenant_id=tenant_id, **kwargs) - + super().__init__(**kwargs) + self.type = type + self.name = name -class MDATPDataConnector(DataConnector): - """Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. - Variables are only populated by the server, and will be ignored when sending a request. +class Instructions(_serialization.Model): + """Instructions section of a recommendation. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar actions_to_be_performed: What actions should be taken to complete the recommendation. + Required. + :vartype actions_to_be_performed: str + :ivar recommendation_importance: Explains why the recommendation is important. Required. + :vartype recommendation_importance: str + :ivar how_to_perform_action_details: How should the user complete the recommendation. + :vartype how_to_perform_action_details: str """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, + "actions_to_be_performed": {"required": True}, + "recommendation_importance": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "actions_to_be_performed": {"key": "actionsToBePerformed", "type": "str"}, + "recommendation_importance": {"key": "recommendationImportance", "type": "str"}, + "how_to_perform_action_details": {"key": "howToPerformActionDetails", "type": "str"}, } def __init__( self, *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - **kwargs - ): + actions_to_be_performed: str, + recommendation_importance: str, + how_to_perform_action_details: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword actions_to_be_performed: What actions should be taken to complete the recommendation. + Required. + :paramtype actions_to_be_performed: str + :keyword recommendation_importance: Explains why the recommendation is important. Required. + :paramtype recommendation_importance: str + :keyword how_to_perform_action_details: How should the user complete the recommendation. + :paramtype how_to_perform_action_details: str """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "MicrosoftDefenderAdvancedThreatProtection" - self.tenant_id = tenant_id - self.data_types = data_types - + super().__init__(**kwargs) + self.actions_to_be_performed = actions_to_be_performed + self.recommendation_importance = recommendation_importance + self.how_to_perform_action_details = how_to_perform_action_details -class MDATPDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): - """MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. - All required parameters must be populated in order to send to Azure. +class InstructionStep(_serialization.Model): + """Instruction steps to enable the connector. - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str + :ivar title: Gets or sets the instruction step title. + :vartype title: str + :ivar description: Gets or sets the instruction step description. + :vartype description: str + :ivar instructions: Gets or sets the instruction step details. + :vartype instructions: list[~azure.mgmt.securityinsight.models.InstructionStepDetails] + :ivar inner_steps: Gets or sets the inner instruction steps details. + Foe Example: instruction step 1 might contain inner instruction steps: [instruction step 1.1, + instruction step 1.2]. + :vartype inner_steps: list[~azure.mgmt.securityinsight.models.InstructionStep] """ - _validation = { - "tenant_id": {"required": True}, - } - _attribute_map = { - "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, - "tenant_id": {"key": "tenantId", "type": "str"}, + "title": {"key": "title", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "instructions": {"key": "instructions", "type": "[InstructionStepDetails]"}, + "inner_steps": {"key": "innerSteps", "type": "[InstructionStep]"}, } def __init__( - self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs - ): + self, + *, + title: Optional[str] = None, + description: Optional[str] = None, + instructions: Optional[List["_models.InstructionStepDetails"]] = None, + inner_steps: Optional[List["_models.InstructionStep"]] = None, + **kwargs: Any + ) -> None: """ - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str + :keyword title: Gets or sets the instruction step title. + :paramtype title: str + :keyword description: Gets or sets the instruction step description. + :paramtype description: str + :keyword instructions: Gets or sets the instruction step details. + :paramtype instructions: list[~azure.mgmt.securityinsight.models.InstructionStepDetails] + :keyword inner_steps: Gets or sets the inner instruction steps details. + Foe Example: instruction step 1 might contain inner instruction steps: [instruction step 1.1, + instruction step 1.2]. + :paramtype inner_steps: list[~azure.mgmt.securityinsight.models.InstructionStep] """ - super().__init__(tenant_id=tenant_id, data_types=data_types, **kwargs) - self.data_types = data_types - self.tenant_id = tenant_id + super().__init__(**kwargs) + self.title = title + self.description = description + self.instructions = instructions + self.inner_steps = inner_steps -class MetadataAuthor(_serialization.Model): - """Publisher or creator of the content item. +class InstructionStepDetails(_serialization.Model): + """Instruction step details, to be displayed in the Instructions steps section in the connector's + page in Sentinel Portal. - :ivar name: Name of the author. Company or person. - :vartype name: str - :ivar email: Email of author contact. - :vartype email: str - :ivar link: Link for author/vendor page. - :vartype link: str + All required parameters must be populated in order to send to Azure. + + :ivar parameters: Gets or sets the instruction type parameters settings. Required. + :vartype parameters: JSON + :ivar type: Gets or sets the instruction type name. Required. + :vartype type: str """ - _attribute_map = { - "name": {"key": "name", "type": "str"}, - "email": {"key": "email", "type": "str"}, - "link": {"key": "link", "type": "str"}, + _validation = { + "parameters": {"required": True}, + "type": {"required": True}, } - def __init__( - self, *, name: Optional[str] = None, email: Optional[str] = None, link: Optional[str] = None, **kwargs - ): - """ - :keyword name: Name of the author. Company or person. - :paramtype name: str - :keyword email: Email of author contact. - :paramtype email: str - :keyword link: Link for author/vendor page. - :paramtype link: str - """ - super().__init__(**kwargs) - self.name = name - self.email = email - self.link = link - - -class MetadataCategories(_serialization.Model): - """ies for the solution content item. - - :ivar domains: domain for the solution content item. - :vartype domains: list[str] - :ivar verticals: Industry verticals for the solution content item. - :vartype verticals: list[str] - """ - _attribute_map = { - "domains": {"key": "domains", "type": "[str]"}, - "verticals": {"key": "verticals", "type": "[str]"}, + "parameters": {"key": "parameters", "type": "object"}, + "type": {"key": "type", "type": "str"}, } - def __init__(self, *, domains: Optional[List[str]] = None, verticals: Optional[List[str]] = None, **kwargs): + def __init__(self, *, parameters: JSON, type: str, **kwargs: Any) -> None: """ - :keyword domains: domain for the solution content item. - :paramtype domains: list[str] - :keyword verticals: Industry verticals for the solution content item. - :paramtype verticals: list[str] + :keyword parameters: Gets or sets the instruction type parameters settings. Required. + :paramtype parameters: JSON + :keyword type: Gets or sets the instruction type name. Required. + :paramtype type: str """ super().__init__(**kwargs) - self.domains = domains - self.verticals = verticals + self.parameters = parameters + self.type = type -class MetadataDependencies(_serialization.Model): - """Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies. +class InstructionStepsInstructionsItem(ConnectorInstructionModelBase): + """InstructionStepsInstructionsItem. - :ivar content_id: Id of the content item we depend on. - :vartype content_id: str - :ivar kind: Type of the content item we depend on. Known values are: "DataConnector", - "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", - "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", - "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and - "AutomationRule". - :vartype kind: str or ~azure.mgmt.securityinsight.models.Kind - :ivar version: Version of the the content item we depend on. Can be blank, * or missing to - indicate any version fulfills the dependency. If version does not match our defined numeric - format then an exact match is required. - :vartype version: str - :ivar name: Name of the content item. - :vartype name: str - :ivar operator: Operator used for list of dependencies in criteria array. Known values are: - "AND" and "OR". - :vartype operator: str or ~azure.mgmt.securityinsight.models.Operator - :ivar criteria: This is the list of dependencies we must fulfill, according to the AND/OR - operator. - :vartype criteria: list[~azure.mgmt.securityinsight.models.MetadataDependencies] + All required parameters must be populated in order to send to Azure. + + :ivar parameters: The parameters for the setting. + :vartype parameters: JSON + :ivar type: The kind of the setting. Required. Known values are: "CopyableLabel", + "InstructionStepsGroup", and "InfoMessage". + :vartype type: str or ~azure.mgmt.securityinsight.models.SettingType """ + _validation = { + "type": {"required": True}, + } + _attribute_map = { - "content_id": {"key": "contentId", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "version": {"key": "version", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "operator": {"key": "operator", "type": "str"}, - "criteria": {"key": "criteria", "type": "[MetadataDependencies]"}, + "parameters": {"key": "parameters", "type": "object"}, + "type": {"key": "type", "type": "str"}, } def __init__( - self, - *, - content_id: Optional[str] = None, - kind: Optional[Union[str, "_models.Kind"]] = None, - version: Optional[str] = None, - name: Optional[str] = None, - operator: Optional[Union[str, "_models.Operator"]] = None, - criteria: Optional[List["_models.MetadataDependencies"]] = None, - **kwargs - ): + self, *, type: Union[str, "_models.SettingType"], parameters: Optional[JSON] = None, **kwargs: Any + ) -> None: """ - :keyword content_id: Id of the content item we depend on. - :paramtype content_id: str - :keyword kind: Type of the content item we depend on. Known values are: "DataConnector", - "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", - "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", - "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and - "AutomationRule". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.Kind - :keyword version: Version of the the content item we depend on. Can be blank, * or missing to - indicate any version fulfills the dependency. If version does not match our defined numeric - format then an exact match is required. - :paramtype version: str - :keyword name: Name of the content item. - :paramtype name: str - :keyword operator: Operator used for list of dependencies in criteria array. Known values are: - "AND" and "OR". - :paramtype operator: str or ~azure.mgmt.securityinsight.models.Operator - :keyword criteria: This is the list of dependencies we must fulfill, according to the AND/OR - operator. - :paramtype criteria: list[~azure.mgmt.securityinsight.models.MetadataDependencies] + :keyword parameters: The parameters for the setting. + :paramtype parameters: JSON + :keyword type: The kind of the setting. Required. Known values are: "CopyableLabel", + "InstructionStepsGroup", and "InfoMessage". + :paramtype type: str or ~azure.mgmt.securityinsight.models.SettingType """ - super().__init__(**kwargs) - self.content_id = content_id - self.kind = kind - self.version = version - self.name = name - self.operator = operator - self.criteria = criteria - + super().__init__(parameters=parameters, type=type, **kwargs) -class MetadataList(_serialization.Model): - """List of all the metadata. - Variables are only populated by the server, and will be ignored when sending a request. +class IoTCheckRequirements(DataConnectorsCheckRequirements): + """Represents IoT requirements check request. All required parameters must be populated in order to send to Azure. - :ivar value: Array of metadata. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.MetadataModel] - :ivar next_link: URL to fetch the next page of metadata. - :vartype next_link: str + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar subscription_id: The subscription id to connect to, and get the data from. + :vartype subscription_id: str """ _validation = { - "value": {"required": True}, - "next_link": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - "value": {"key": "value", "type": "[MetadataModel]"}, - "next_link": {"key": "nextLink", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, } - def __init__(self, *, value: List["_models.MetadataModel"], **kwargs): + def __init__(self, *, subscription_id: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword value: Array of metadata. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.MetadataModel] + :keyword subscription_id: The subscription id to connect to, and get the data from. + :paramtype subscription_id: str """ super().__init__(**kwargs) - self.value = value - self.next_link = None + self.kind: str = "IOT" + self.subscription_id = subscription_id -class MetadataModel(ResourceWithEtag): # pylint: disable=too-many-instance-attributes - """Metadata resource definition. +class IoTDataConnector(DataConnector): + """Represents IoT data connector. Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. + :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -13619,59 +13258,18 @@ class MetadataModel(ResourceWithEtag): # pylint: disable=too-many-instance-attr :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar content_id: Static ID for the content. Used to identify dependencies and content from - solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic - for user-created. This is the resource name. - :vartype content_id: str - :ivar parent_id: Full parent resource ID of the content item the metadata is for. This is the - full resource ID including the scope (subscription and resource group). - :vartype parent_id: str - :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, - 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we - cannot guarantee any version checks. - :vartype version: str - :ivar kind: The kind of content the metadata is for. Known values are: "DataConnector", - "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", - "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", - "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and - "AutomationRule". - :vartype kind: str or ~azure.mgmt.securityinsight.models.Kind - :ivar source: Source of the content. This is where/how it was created. - :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource - :ivar author: The creator of the content item. - :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor - :ivar support: Support information for the metadata - type, name, contact information. - :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport - :ivar dependencies: Dependencies for the content item, what other content items it requires to - work. Can describe more complex dependencies using a recursive/nested structure. For a single - dependency an id/kind/version can be supplied or operator/criteria for complex formats. - :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies - :ivar categories: Categories for the solution content item. - :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories - :ivar providers: Providers for the solution content item. - :vartype providers: list[str] - :ivar first_publish_date: first publish date solution content item. - :vartype first_publish_date: ~datetime.date - :ivar last_publish_date: last publish date for the solution content item. - :vartype last_publish_date: ~datetime.date - :ivar custom_version: The custom version of the content. A optional free text. - :vartype custom_version: str - :ivar content_schema_version: Schema version of the content. Can be used to distinguish between - different flow based on the schema version. - :vartype content_schema_version: str - :ivar icon: the icon identifier. this id can later be fetched from the solution template. - :vartype icon: str - :ivar threat_analysis_tactics: the tactics the resource covers. - :vartype threat_analysis_tactics: list[str] - :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned - with the tactics being used. - :vartype threat_analysis_techniques: list[str] - :ivar preview_images: preview image file names. These will be taken from the solution - artifacts. - :vartype preview_images: list[str] - :ivar preview_images_dark: preview image file names. These will be taken from the solution - artifacts. used for dark theme support. - :vartype preview_images_dark: list[str] + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar subscription_id: The subscription id to connect to, and get the data from. + :vartype subscription_id: str """ _validation = { @@ -13679,6 +13277,7 @@ class MetadataModel(ResourceWithEtag): # pylint: disable=too-many-instance-attr "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { @@ -13687,136 +13286,71 @@ class MetadataModel(ResourceWithEtag): # pylint: disable=too-many-instance-attr "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, - "content_id": {"key": "properties.contentId", "type": "str"}, - "parent_id": {"key": "properties.parentId", "type": "str"}, - "version": {"key": "properties.version", "type": "str"}, - "kind": {"key": "properties.kind", "type": "str"}, - "source": {"key": "properties.source", "type": "MetadataSource"}, - "author": {"key": "properties.author", "type": "MetadataAuthor"}, - "support": {"key": "properties.support", "type": "MetadataSupport"}, - "dependencies": {"key": "properties.dependencies", "type": "MetadataDependencies"}, - "categories": {"key": "properties.categories", "type": "MetadataCategories"}, - "providers": {"key": "properties.providers", "type": "[str]"}, - "first_publish_date": {"key": "properties.firstPublishDate", "type": "date"}, - "last_publish_date": {"key": "properties.lastPublishDate", "type": "date"}, - "custom_version": {"key": "properties.customVersion", "type": "str"}, - "content_schema_version": {"key": "properties.contentSchemaVersion", "type": "str"}, - "icon": {"key": "properties.icon", "type": "str"}, - "threat_analysis_tactics": {"key": "properties.threatAnalysisTactics", "type": "[str]"}, - "threat_analysis_techniques": {"key": "properties.threatAnalysisTechniques", "type": "[str]"}, - "preview_images": {"key": "properties.previewImages", "type": "[str]"}, - "preview_images_dark": {"key": "properties.previewImagesDark", "type": "[str]"}, + "kind": {"key": "kind", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, } - def __init__( # pylint: disable=too-many-locals + def __init__( self, *, etag: Optional[str] = None, - content_id: Optional[str] = None, - parent_id: Optional[str] = None, - version: Optional[str] = None, - kind: Optional[Union[str, "_models.Kind"]] = None, - source: Optional["_models.MetadataSource"] = None, - author: Optional["_models.MetadataAuthor"] = None, - support: Optional["_models.MetadataSupport"] = None, - dependencies: Optional["_models.MetadataDependencies"] = None, - categories: Optional["_models.MetadataCategories"] = None, - providers: Optional[List[str]] = None, - first_publish_date: Optional[datetime.date] = None, - last_publish_date: Optional[datetime.date] = None, - custom_version: Optional[str] = None, - content_schema_version: Optional[str] = None, - icon: Optional[str] = None, - threat_analysis_tactics: Optional[List[str]] = None, - threat_analysis_techniques: Optional[List[str]] = None, - preview_images: Optional[List[str]] = None, - preview_images_dark: Optional[List[str]] = None, - **kwargs - ): + data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, + subscription_id: Optional[str] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword content_id: Static ID for the content. Used to identify dependencies and content from - solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic - for user-created. This is the resource name. - :paramtype content_id: str - :keyword parent_id: Full parent resource ID of the content item the metadata is for. This is - the full resource ID including the scope (subscription and resource group). - :paramtype parent_id: str - :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, - 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then - we cannot guarantee any version checks. - :paramtype version: str - :keyword kind: The kind of content the metadata is for. Known values are: "DataConnector", - "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", - "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", - "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and - "AutomationRule". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.Kind - :keyword source: Source of the content. This is where/how it was created. - :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource - :keyword author: The creator of the content item. - :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor - :keyword support: Support information for the metadata - type, name, contact information. - :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport - :keyword dependencies: Dependencies for the content item, what other content items it requires - to work. Can describe more complex dependencies using a recursive/nested structure. For a - single dependency an id/kind/version can be supplied or operator/criteria for complex formats. - :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies - :keyword categories: Categories for the solution content item. - :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories - :keyword providers: Providers for the solution content item. - :paramtype providers: list[str] - :keyword first_publish_date: first publish date solution content item. - :paramtype first_publish_date: ~datetime.date - :keyword last_publish_date: last publish date for the solution content item. - :paramtype last_publish_date: ~datetime.date - :keyword custom_version: The custom version of the content. A optional free text. - :paramtype custom_version: str - :keyword content_schema_version: Schema version of the content. Can be used to distinguish - between different flow based on the schema version. - :paramtype content_schema_version: str - :keyword icon: the icon identifier. this id can later be fetched from the solution template. - :paramtype icon: str - :keyword threat_analysis_tactics: the tactics the resource covers. - :paramtype threat_analysis_tactics: list[str] - :keyword threat_analysis_techniques: the techniques the resource covers, these have to be - aligned with the tactics being used. - :paramtype threat_analysis_techniques: list[str] - :keyword preview_images: preview image file names. These will be taken from the solution - artifacts. - :paramtype preview_images: list[str] - :keyword preview_images_dark: preview image file names. These will be taken from the solution - artifacts. used for dark theme support. - :paramtype preview_images_dark: list[str] + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword subscription_id: The subscription id to connect to, and get the data from. + :paramtype subscription_id: str """ super().__init__(etag=etag, **kwargs) - self.content_id = content_id - self.parent_id = parent_id - self.version = version - self.kind = kind - self.source = source - self.author = author - self.support = support - self.dependencies = dependencies - self.categories = categories - self.providers = providers - self.first_publish_date = first_publish_date - self.last_publish_date = last_publish_date - self.custom_version = custom_version - self.content_schema_version = content_schema_version - self.icon = icon - self.threat_analysis_tactics = threat_analysis_tactics - self.threat_analysis_techniques = threat_analysis_techniques - self.preview_images = preview_images - self.preview_images_dark = preview_images_dark + self.kind: str = "IOT" + self.data_types = data_types + self.subscription_id = subscription_id -class MetadataPatch(ResourceWithEtag): # pylint: disable=too-many-instance-attributes - """Metadata patch request body. +class IoTDataConnectorProperties(DataConnectorWithAlertsProperties): + """IoT data connector properties. + + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar subscription_id: The subscription id to connect to, and get the data from. + :vartype subscription_id: str + """ + + _attribute_map = { + "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "subscription_id": {"key": "subscriptionId", "type": "str"}, + } + + def __init__( + self, + *, + data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, + subscription_id: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword subscription_id: The subscription id to connect to, and get the data from. + :paramtype subscription_id: str + """ + super().__init__(data_types=data_types, **kwargs) + self.subscription_id = subscription_id + + +class IoTDeviceEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents an IoT device entity. Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. + :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -13828,61 +13362,74 @@ class MetadataPatch(ResourceWithEtag): # pylint: disable=too-many-instance-attr :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar content_id: Static ID for the content. Used to identify dependencies and content from - solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic - for user-created. This is the resource name. - :vartype content_id: str - :ivar parent_id: Full parent resource ID of the content item the metadata is for. This is the - full resource ID including the scope (subscription and resource group). - :vartype parent_id: str - :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, - 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we - cannot guarantee any version checks. - :vartype version: str - :ivar kind: The kind of content the metadata is for. Known values are: "DataConnector", - "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", - "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", - "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and - "AutomationRule". - :vartype kind: str or ~azure.mgmt.securityinsight.models.Kind - :ivar source: Source of the content. This is where/how it was created. - :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource - :ivar author: The creator of the content item. - :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor - :ivar support: Support information for the metadata - type, name, contact information. - :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport - :ivar dependencies: Dependencies for the content item, what other content items it requires to - work. Can describe more complex dependencies using a recursive/nested structure. For a single - dependency an id/kind/version can be supplied or operator/criteria for complex formats. - :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies - :ivar categories: Categories for the solution content item. - :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories - :ivar providers: Providers for the solution content item. - :vartype providers: list[str] - :ivar first_publish_date: first publish date solution content item. - :vartype first_publish_date: ~datetime.date - :ivar last_publish_date: last publish date for the solution content item. - :vartype last_publish_date: ~datetime.date - :ivar custom_version: The custom version of the content. A optional free text. - :vartype custom_version: str - :ivar content_schema_version: Schema version of the content. Can be used to distinguish between - different flow based on the schema version. - :vartype content_schema_version: str - :ivar icon: the icon identifier. this id can later be fetched from the solution template. - :vartype icon: str - :ivar threat_analysis_tactics: the tactics the resource covers. - :vartype threat_analysis_tactics: list[str] - :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned - with the tactics being used. - :vartype threat_analysis_techniques: list[str] - :ivar preview_images: preview image file names. These will be taken from the solution - artifacts. - :vartype preview_images: list[str] - :ivar preview_images_dark: preview image file names. These will be taken from the solution - artifacts. used for dark theme support. - :vartype preview_images_dark: list[str] + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar device_id: The ID of the IoT Device in the IoT Hub. + :vartype device_id: str + :ivar device_name: The friendly name of the device. + :vartype device_name: str + :ivar source: The source of the device. + :vartype source: str + :ivar iot_security_agent_id: The ID of the security agent running on the device. + :vartype iot_security_agent_id: str + :ivar device_type: The type of the device. + :vartype device_type: str + :ivar vendor: The vendor of the device. + :vartype vendor: str + :ivar edge_id: The ID of the edge device. + :vartype edge_id: str + :ivar mac_address: The MAC address of the device. + :vartype mac_address: str + :ivar model: The model of the device. + :vartype model: str + :ivar serial_number: The serial number of the device. + :vartype serial_number: str + :ivar firmware_version: The firmware version of the device. + :vartype firmware_version: str + :ivar operating_system: The operating system of the device. + :vartype operating_system: str + :ivar iot_hub_entity_id: The AzureResource entity id of the IoT Hub. + :vartype iot_hub_entity_id: str + :ivar host_entity_id: The Host entity id of this device. + :vartype host_entity_id: str + :ivar ip_address_entity_id: The IP entity if of this device. + :vartype ip_address_entity_id: str + :ivar threat_intelligence: A list of TI contexts attached to the IoTDevice entity. + :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + :ivar protocols: A list of protocols of the IoTDevice entity. + :vartype protocols: list[str] + :ivar owners: A list of owners of the IoTDevice entity. + :vartype owners: list[str] + :ivar nic_entity_ids: A list of Nic entity ids of the IoTDevice entity. + :vartype nic_entity_ids: list[str] + :ivar site: The site of the device. + :vartype site: str + :ivar zone: The zone location of the device within a site. + :vartype zone: str + :ivar sensor: The sensor the device is monitored by. + :vartype sensor: str + :ivar device_sub_type: The subType of the device ('PLC', 'HMI', 'EWS', etc.). + :vartype device_sub_type: str + :ivar importance: Device importance, determines if the device classified as 'crown jewel'. + Known values are: "Unknown", "Low", "Normal", and "High". + :vartype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance + :ivar purdue_layer: The Purdue Layer of the device. + :vartype purdue_layer: str + :ivar is_authorized: Determines whether the device classified as authorized device. + :vartype is_authorized: bool + :ivar is_programming: Determines whether the device classified as programming device. + :vartype is_programming: bool + :ivar is_scanner: Is the device classified as a scanner device. + :vartype is_scanner: bool """ _validation = { @@ -13890,6 +13437,36 @@ class MetadataPatch(ResourceWithEtag): # pylint: disable=too-many-instance-attr "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "device_id": {"readonly": True}, + "device_name": {"readonly": True}, + "source": {"readonly": True}, + "iot_security_agent_id": {"readonly": True}, + "device_type": {"readonly": True}, + "vendor": {"readonly": True}, + "edge_id": {"readonly": True}, + "mac_address": {"readonly": True}, + "model": {"readonly": True}, + "serial_number": {"readonly": True}, + "firmware_version": {"readonly": True}, + "operating_system": {"readonly": True}, + "iot_hub_entity_id": {"readonly": True}, + "host_entity_id": {"readonly": True}, + "ip_address_entity_id": {"readonly": True}, + "threat_intelligence": {"readonly": True}, + "protocols": {"readonly": True}, + "owners": {"readonly": True}, + "nic_entity_ids": {"readonly": True}, + "site": {"readonly": True}, + "zone": {"readonly": True}, + "sensor": {"readonly": True}, + "device_sub_type": {"readonly": True}, + "purdue_layer": {"readonly": True}, + "is_authorized": {"readonly": True}, + "is_programming": {"readonly": True}, + "is_scanner": {"readonly": True}, } _attribute_map = { @@ -13897,240 +13474,376 @@ class MetadataPatch(ResourceWithEtag): # pylint: disable=too-many-instance-attr "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "content_id": {"key": "properties.contentId", "type": "str"}, - "parent_id": {"key": "properties.parentId", "type": "str"}, - "version": {"key": "properties.version", "type": "str"}, - "kind": {"key": "properties.kind", "type": "str"}, - "source": {"key": "properties.source", "type": "MetadataSource"}, - "author": {"key": "properties.author", "type": "MetadataAuthor"}, - "support": {"key": "properties.support", "type": "MetadataSupport"}, - "dependencies": {"key": "properties.dependencies", "type": "MetadataDependencies"}, - "categories": {"key": "properties.categories", "type": "MetadataCategories"}, - "providers": {"key": "properties.providers", "type": "[str]"}, - "first_publish_date": {"key": "properties.firstPublishDate", "type": "date"}, - "last_publish_date": {"key": "properties.lastPublishDate", "type": "date"}, - "custom_version": {"key": "properties.customVersion", "type": "str"}, - "content_schema_version": {"key": "properties.contentSchemaVersion", "type": "str"}, - "icon": {"key": "properties.icon", "type": "str"}, - "threat_analysis_tactics": {"key": "properties.threatAnalysisTactics", "type": "[str]"}, - "threat_analysis_techniques": {"key": "properties.threatAnalysisTechniques", "type": "[str]"}, - "preview_images": {"key": "properties.previewImages", "type": "[str]"}, - "preview_images_dark": {"key": "properties.previewImagesDark", "type": "[str]"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "device_id": {"key": "properties.deviceId", "type": "str"}, + "device_name": {"key": "properties.deviceName", "type": "str"}, + "source": {"key": "properties.source", "type": "str"}, + "iot_security_agent_id": {"key": "properties.iotSecurityAgentId", "type": "str"}, + "device_type": {"key": "properties.deviceType", "type": "str"}, + "vendor": {"key": "properties.vendor", "type": "str"}, + "edge_id": {"key": "properties.edgeId", "type": "str"}, + "mac_address": {"key": "properties.macAddress", "type": "str"}, + "model": {"key": "properties.model", "type": "str"}, + "serial_number": {"key": "properties.serialNumber", "type": "str"}, + "firmware_version": {"key": "properties.firmwareVersion", "type": "str"}, + "operating_system": {"key": "properties.operatingSystem", "type": "str"}, + "iot_hub_entity_id": {"key": "properties.iotHubEntityId", "type": "str"}, + "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, + "ip_address_entity_id": {"key": "properties.ipAddressEntityId", "type": "str"}, + "threat_intelligence": {"key": "properties.threatIntelligence", "type": "[ThreatIntelligence]"}, + "protocols": {"key": "properties.protocols", "type": "[str]"}, + "owners": {"key": "properties.owners", "type": "[str]"}, + "nic_entity_ids": {"key": "properties.nicEntityIds", "type": "[str]"}, + "site": {"key": "properties.site", "type": "str"}, + "zone": {"key": "properties.zone", "type": "str"}, + "sensor": {"key": "properties.sensor", "type": "str"}, + "device_sub_type": {"key": "properties.deviceSubType", "type": "str"}, + "importance": {"key": "properties.importance", "type": "str"}, + "purdue_layer": {"key": "properties.purdueLayer", "type": "str"}, + "is_authorized": {"key": "properties.isAuthorized", "type": "bool"}, + "is_programming": {"key": "properties.isProgramming", "type": "bool"}, + "is_scanner": {"key": "properties.isScanner", "type": "bool"}, } def __init__( # pylint: disable=too-many-locals - self, - *, - etag: Optional[str] = None, - content_id: Optional[str] = None, - parent_id: Optional[str] = None, - version: Optional[str] = None, - kind: Optional[Union[str, "_models.Kind"]] = None, - source: Optional["_models.MetadataSource"] = None, - author: Optional["_models.MetadataAuthor"] = None, - support: Optional["_models.MetadataSupport"] = None, - dependencies: Optional["_models.MetadataDependencies"] = None, - categories: Optional["_models.MetadataCategories"] = None, - providers: Optional[List[str]] = None, - first_publish_date: Optional[datetime.date] = None, - last_publish_date: Optional[datetime.date] = None, - custom_version: Optional[str] = None, - content_schema_version: Optional[str] = None, - icon: Optional[str] = None, - threat_analysis_tactics: Optional[List[str]] = None, - threat_analysis_techniques: Optional[List[str]] = None, - preview_images: Optional[List[str]] = None, - preview_images_dark: Optional[List[str]] = None, - **kwargs - ): + self, *, importance: Optional[Union[str, "_models.DeviceImportance"]] = None, **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword content_id: Static ID for the content. Used to identify dependencies and content from - solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic - for user-created. This is the resource name. - :paramtype content_id: str - :keyword parent_id: Full parent resource ID of the content item the metadata is for. This is - the full resource ID including the scope (subscription and resource group). - :paramtype parent_id: str - :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, - 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then - we cannot guarantee any version checks. - :paramtype version: str - :keyword kind: The kind of content the metadata is for. Known values are: "DataConnector", - "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", - "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", - "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and - "AutomationRule". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.Kind - :keyword source: Source of the content. This is where/how it was created. - :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource - :keyword author: The creator of the content item. - :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor - :keyword support: Support information for the metadata - type, name, contact information. - :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport - :keyword dependencies: Dependencies for the content item, what other content items it requires - to work. Can describe more complex dependencies using a recursive/nested structure. For a - single dependency an id/kind/version can be supplied or operator/criteria for complex formats. - :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies - :keyword categories: Categories for the solution content item. - :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories - :keyword providers: Providers for the solution content item. - :paramtype providers: list[str] - :keyword first_publish_date: first publish date solution content item. - :paramtype first_publish_date: ~datetime.date - :keyword last_publish_date: last publish date for the solution content item. - :paramtype last_publish_date: ~datetime.date - :keyword custom_version: The custom version of the content. A optional free text. - :paramtype custom_version: str - :keyword content_schema_version: Schema version of the content. Can be used to distinguish - between different flow based on the schema version. - :paramtype content_schema_version: str - :keyword icon: the icon identifier. this id can later be fetched from the solution template. - :paramtype icon: str - :keyword threat_analysis_tactics: the tactics the resource covers. - :paramtype threat_analysis_tactics: list[str] - :keyword threat_analysis_techniques: the techniques the resource covers, these have to be - aligned with the tactics being used. - :paramtype threat_analysis_techniques: list[str] - :keyword preview_images: preview image file names. These will be taken from the solution - artifacts. - :paramtype preview_images: list[str] - :keyword preview_images_dark: preview image file names. These will be taken from the solution - artifacts. used for dark theme support. - :paramtype preview_images_dark: list[str] + :keyword importance: Device importance, determines if the device classified as 'crown jewel'. + Known values are: "Unknown", "Low", "Normal", and "High". + :paramtype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance """ - super().__init__(etag=etag, **kwargs) - self.content_id = content_id - self.parent_id = parent_id - self.version = version - self.kind = kind - self.source = source - self.author = author - self.support = support - self.dependencies = dependencies - self.categories = categories - self.providers = providers - self.first_publish_date = first_publish_date - self.last_publish_date = last_publish_date - self.custom_version = custom_version - self.content_schema_version = content_schema_version - self.icon = icon - self.threat_analysis_tactics = threat_analysis_tactics - self.threat_analysis_techniques = threat_analysis_techniques - self.preview_images = preview_images - self.preview_images_dark = preview_images_dark - - -class MetadataSource(_serialization.Model): - """The original source of the content item, where it comes from. + super().__init__(**kwargs) + self.kind: str = "IoTDevice" + self.additional_data = None + self.friendly_name = None + self.device_id = None + self.device_name = None + self.source = None + self.iot_security_agent_id = None + self.device_type = None + self.vendor = None + self.edge_id = None + self.mac_address = None + self.model = None + self.serial_number = None + self.firmware_version = None + self.operating_system = None + self.iot_hub_entity_id = None + self.host_entity_id = None + self.ip_address_entity_id = None + self.threat_intelligence = None + self.protocols = None + self.owners = None + self.nic_entity_ids = None + self.site = None + self.zone = None + self.sensor = None + self.device_sub_type = None + self.importance = importance + self.purdue_layer = None + self.is_authorized = None + self.is_programming = None + self.is_scanner = None - All required parameters must be populated in order to send to Azure. - :ivar kind: Source type of the content. Required. Known values are: "LocalWorkspace", - "Community", "Solution", and "SourceRepository". - :vartype kind: str or ~azure.mgmt.securityinsight.models.SourceKind - :ivar name: Name of the content source. The repo name, solution name, LA workspace name etc. - :vartype name: str - :ivar source_id: ID of the content source. The solution ID, workspace ID, etc. - :vartype source_id: str +class IoTDeviceEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """IoTDevice entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar device_id: The ID of the IoT Device in the IoT Hub. + :vartype device_id: str + :ivar device_name: The friendly name of the device. + :vartype device_name: str + :ivar source: The source of the device. + :vartype source: str + :ivar iot_security_agent_id: The ID of the security agent running on the device. + :vartype iot_security_agent_id: str + :ivar device_type: The type of the device. + :vartype device_type: str + :ivar vendor: The vendor of the device. + :vartype vendor: str + :ivar edge_id: The ID of the edge device. + :vartype edge_id: str + :ivar mac_address: The MAC address of the device. + :vartype mac_address: str + :ivar model: The model of the device. + :vartype model: str + :ivar serial_number: The serial number of the device. + :vartype serial_number: str + :ivar firmware_version: The firmware version of the device. + :vartype firmware_version: str + :ivar operating_system: The operating system of the device. + :vartype operating_system: str + :ivar iot_hub_entity_id: The AzureResource entity id of the IoT Hub. + :vartype iot_hub_entity_id: str + :ivar host_entity_id: The Host entity id of this device. + :vartype host_entity_id: str + :ivar ip_address_entity_id: The IP entity if of this device. + :vartype ip_address_entity_id: str + :ivar threat_intelligence: A list of TI contexts attached to the IoTDevice entity. + :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + :ivar protocols: A list of protocols of the IoTDevice entity. + :vartype protocols: list[str] + :ivar owners: A list of owners of the IoTDevice entity. + :vartype owners: list[str] + :ivar nic_entity_ids: A list of Nic entity ids of the IoTDevice entity. + :vartype nic_entity_ids: list[str] + :ivar site: The site of the device. + :vartype site: str + :ivar zone: The zone location of the device within a site. + :vartype zone: str + :ivar sensor: The sensor the device is monitored by. + :vartype sensor: str + :ivar device_sub_type: The subType of the device ('PLC', 'HMI', 'EWS', etc.). + :vartype device_sub_type: str + :ivar importance: Device importance, determines if the device classified as 'crown jewel'. + Known values are: "Unknown", "Low", "Normal", and "High". + :vartype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance + :ivar purdue_layer: The Purdue Layer of the device. + :vartype purdue_layer: str + :ivar is_authorized: Determines whether the device classified as authorized device. + :vartype is_authorized: bool + :ivar is_programming: Determines whether the device classified as programming device. + :vartype is_programming: bool + :ivar is_scanner: Is the device classified as a scanner device. + :vartype is_scanner: bool """ _validation = { - "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "device_id": {"readonly": True}, + "device_name": {"readonly": True}, + "source": {"readonly": True}, + "iot_security_agent_id": {"readonly": True}, + "device_type": {"readonly": True}, + "vendor": {"readonly": True}, + "edge_id": {"readonly": True}, + "mac_address": {"readonly": True}, + "model": {"readonly": True}, + "serial_number": {"readonly": True}, + "firmware_version": {"readonly": True}, + "operating_system": {"readonly": True}, + "iot_hub_entity_id": {"readonly": True}, + "host_entity_id": {"readonly": True}, + "ip_address_entity_id": {"readonly": True}, + "threat_intelligence": {"readonly": True}, + "protocols": {"readonly": True}, + "owners": {"readonly": True}, + "nic_entity_ids": {"readonly": True}, + "site": {"readonly": True}, + "zone": {"readonly": True}, + "sensor": {"readonly": True}, + "device_sub_type": {"readonly": True}, + "purdue_layer": {"readonly": True}, + "is_authorized": {"readonly": True}, + "is_programming": {"readonly": True}, + "is_scanner": {"readonly": True}, } _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "source_id": {"key": "sourceId", "type": "str"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "device_id": {"key": "deviceId", "type": "str"}, + "device_name": {"key": "deviceName", "type": "str"}, + "source": {"key": "source", "type": "str"}, + "iot_security_agent_id": {"key": "iotSecurityAgentId", "type": "str"}, + "device_type": {"key": "deviceType", "type": "str"}, + "vendor": {"key": "vendor", "type": "str"}, + "edge_id": {"key": "edgeId", "type": "str"}, + "mac_address": {"key": "macAddress", "type": "str"}, + "model": {"key": "model", "type": "str"}, + "serial_number": {"key": "serialNumber", "type": "str"}, + "firmware_version": {"key": "firmwareVersion", "type": "str"}, + "operating_system": {"key": "operatingSystem", "type": "str"}, + "iot_hub_entity_id": {"key": "iotHubEntityId", "type": "str"}, + "host_entity_id": {"key": "hostEntityId", "type": "str"}, + "ip_address_entity_id": {"key": "ipAddressEntityId", "type": "str"}, + "threat_intelligence": {"key": "threatIntelligence", "type": "[ThreatIntelligence]"}, + "protocols": {"key": "protocols", "type": "[str]"}, + "owners": {"key": "owners", "type": "[str]"}, + "nic_entity_ids": {"key": "nicEntityIds", "type": "[str]"}, + "site": {"key": "site", "type": "str"}, + "zone": {"key": "zone", "type": "str"}, + "sensor": {"key": "sensor", "type": "str"}, + "device_sub_type": {"key": "deviceSubType", "type": "str"}, + "importance": {"key": "importance", "type": "str"}, + "purdue_layer": {"key": "purdueLayer", "type": "str"}, + "is_authorized": {"key": "isAuthorized", "type": "bool"}, + "is_programming": {"key": "isProgramming", "type": "bool"}, + "is_scanner": {"key": "isScanner", "type": "bool"}, } - def __init__( - self, - *, - kind: Union[str, "_models.SourceKind"], - name: Optional[str] = None, - source_id: Optional[str] = None, - **kwargs - ): + def __init__( # pylint: disable=too-many-locals + self, *, importance: Optional[Union[str, "_models.DeviceImportance"]] = None, **kwargs: Any + ) -> None: """ - :keyword kind: Source type of the content. Required. Known values are: "LocalWorkspace", - "Community", "Solution", and "SourceRepository". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.SourceKind - :keyword name: Name of the content source. The repo name, solution name, LA workspace name - etc. - :paramtype name: str - :keyword source_id: ID of the content source. The solution ID, workspace ID, etc. - :paramtype source_id: str + :keyword importance: Device importance, determines if the device classified as 'crown jewel'. + Known values are: "Unknown", "Low", "Normal", and "High". + :paramtype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance """ super().__init__(**kwargs) - self.kind = kind - self.name = name - self.source_id = source_id + self.device_id = None + self.device_name = None + self.source = None + self.iot_security_agent_id = None + self.device_type = None + self.vendor = None + self.edge_id = None + self.mac_address = None + self.model = None + self.serial_number = None + self.firmware_version = None + self.operating_system = None + self.iot_hub_entity_id = None + self.host_entity_id = None + self.ip_address_entity_id = None + self.threat_intelligence = None + self.protocols = None + self.owners = None + self.nic_entity_ids = None + self.site = None + self.zone = None + self.sensor = None + self.device_sub_type = None + self.importance = importance + self.purdue_layer = None + self.is_authorized = None + self.is_programming = None + self.is_scanner = None -class MetadataSupport(_serialization.Model): - """Support information for the content item. +class IpEntity(Entity): + """Represents an ip entity. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar tier: Type of support for content item. Required. Known values are: "Microsoft", - "Partner", and "Community". - :vartype tier: str or ~azure.mgmt.securityinsight.models.SupportTier - :ivar name: Name of the support contact. Company or person. + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. :vartype name: str - :ivar email: Email of support contact. - :vartype email: str - :ivar link: Link for support help, like to support page to open a ticket etc. - :vartype link: str - """ - - _validation = { - "tier": {"required": True}, - } - - _attribute_map = { - "tier": {"key": "tier", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "email": {"key": "email", "type": "str"}, - "link": {"key": "link", "type": "str"}, - } - - def __init__( - self, - *, - tier: Union[str, "_models.SupportTier"], - name: Optional[str] = None, - email: Optional[str] = None, - link: Optional[str] = None, - **kwargs - ): - """ - :keyword tier: Type of support for content item. Required. Known values are: "Microsoft", - "Partner", and "Community". - :paramtype tier: str or ~azure.mgmt.securityinsight.models.SupportTier - :keyword name: Name of the support contact. Company or person. - :paramtype name: str - :keyword email: Email of support contact. - :paramtype email: str - :keyword link: Link for support help, like to support page to open a ticket etc. - :paramtype link: str - """ + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar address: The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6). + :vartype address: str + :ivar location: The geo-location context attached to the ip entity. + :vartype location: ~azure.mgmt.securityinsight.models.GeoLocation + :ivar threat_intelligence: A list of TI contexts attached to the ip entity. + :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "address": {"readonly": True}, + "location": {"readonly": True}, + "threat_intelligence": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "address": {"key": "properties.address", "type": "str"}, + "location": {"key": "properties.location", "type": "GeoLocation"}, + "threat_intelligence": {"key": "properties.threatIntelligence", "type": "[ThreatIntelligence]"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.tier = tier - self.name = name - self.email = email - self.link = link + self.kind: str = "Ip" + self.additional_data = None + self.friendly_name = None + self.address = None + self.location = None + self.threat_intelligence = None -class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes - """Represents MicrosoftSecurityIncidentCreation rule. +class IpEntityProperties(EntityCommonProperties): + """Ip entity property bag. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar address: The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6). + :vartype address: str + :ivar location: The geo-location context attached to the ip entity. + :vartype location: ~azure.mgmt.securityinsight.models.GeoLocation + :ivar threat_intelligence: A list of TI contexts attached to the ip entity. + :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "address": {"readonly": True}, + "location": {"readonly": True}, + "threat_intelligence": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "address": {"key": "address", "type": "str"}, + "location": {"key": "location", "type": "GeoLocation"}, + "threat_intelligence": {"key": "threatIntelligence", "type": "[ThreatIntelligence]"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.address = None + self.location = None + self.threat_intelligence = None + + +class Job(ResourceWithEtag): + """The assignment job. + + Variables are only populated by the server, and will be ignored when sending a request. :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. @@ -14145,32 +13858,17 @@ class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): # pylint: disable= :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. - :vartype display_names_filter: list[str] - :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :vartype display_names_exclude_filter: list[str] - :ivar product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", - "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". - :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :ivar severities_filter: the alerts' severities on which the cases will be generated. - :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. - :vartype alert_rule_template_name: str - :ivar description: The description of the alert rule. - :vartype description: str - :ivar display_name: The display name for alerts created by this alert rule. - :vartype display_name: str - :ivar enabled: Determines whether this alert rule is enabled or disabled. - :vartype enabled: bool - :ivar last_modified_utc: The last time that this alert has been modified. - :vartype last_modified_utc: ~datetime.datetime + :ivar end_time: The time the job completed. + :vartype end_time: ~datetime.datetime + :ivar items: List of items published by the job. + :vartype items: list[~azure.mgmt.securityinsight.models.JobItem] + :ivar provisioning_state: State of the job. Known values are: "Accepted", "InProgress", + "Succeeded", "Failed", and "Canceled". + :vartype provisioning_state: str or ~azure.mgmt.securityinsight.models.ProvisioningState + :ivar start_time: The time the job started. + :vartype start_time: ~datetime.datetime + :ivar error_message: Message to describe error, if an error exists. + :vartype error_message: str """ _validation = { @@ -14178,8 +13876,10 @@ class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): # pylint: disable= "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, - "kind": {"required": True}, - "last_modified_utc": {"readonly": True}, + "end_time": {"readonly": True}, + "provisioning_state": {"readonly": True}, + "start_time": {"readonly": True}, + "error_message": {"readonly": True}, } _attribute_map = { @@ -14188,241 +13888,109 @@ class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): # pylint: disable= "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "display_names_filter": {"key": "properties.displayNamesFilter", "type": "[str]"}, - "display_names_exclude_filter": {"key": "properties.displayNamesExcludeFilter", "type": "[str]"}, - "product_filter": {"key": "properties.productFilter", "type": "str"}, - "severities_filter": {"key": "properties.severitiesFilter", "type": "[str]"}, - "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "enabled": {"key": "properties.enabled", "type": "bool"}, - "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, + "end_time": {"key": "properties.endTime", "type": "iso-8601"}, + "items": {"key": "properties.items", "type": "[JobItem]"}, + "provisioning_state": {"key": "properties.provisioningState", "type": "str"}, + "start_time": {"key": "properties.startTime", "type": "iso-8601"}, + "error_message": {"key": "properties.errorMessage", "type": "str"}, } def __init__( - self, - *, - etag: Optional[str] = None, - display_names_filter: Optional[List[str]] = None, - display_names_exclude_filter: Optional[List[str]] = None, - product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, - severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - alert_rule_template_name: Optional[str] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - enabled: Optional[bool] = None, - **kwargs - ): + self, *, etag: Optional[str] = None, items: Optional[List["_models.JobItem"]] = None, **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. - :paramtype display_names_filter: list[str] - :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :paramtype display_names_exclude_filter: list[str] - :keyword product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", - "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". - :paramtype product_filter: str or - ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :keyword severities_filter: the alerts' severities on which the cases will be generated. - :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - :keyword alert_rule_template_name: The Name of the alert rule template used to create this - rule. - :paramtype alert_rule_template_name: str - :keyword description: The description of the alert rule. - :paramtype description: str - :keyword display_name: The display name for alerts created by this alert rule. - :paramtype display_name: str - :keyword enabled: Determines whether this alert rule is enabled or disabled. - :paramtype enabled: bool + :keyword items: List of items published by the job. + :paramtype items: list[~azure.mgmt.securityinsight.models.JobItem] """ super().__init__(etag=etag, **kwargs) - self.kind: str = "MicrosoftSecurityIncidentCreation" - self.display_names_filter = display_names_filter - self.display_names_exclude_filter = display_names_exclude_filter - self.product_filter = product_filter - self.severities_filter = severities_filter - self.alert_rule_template_name = alert_rule_template_name - self.description = description - self.display_name = display_name - self.enabled = enabled - self.last_modified_utc = None + self.end_time = None + self.items = items + self.provisioning_state = None + self.start_time = None + self.error_message = None -class MicrosoftSecurityIncidentCreationAlertRuleCommonProperties(_serialization.Model): - """MicrosoftSecurityIncidentCreation rule common property bag. +class JobItem(_serialization.Model): + """An entity describing the publish status of a content item. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. - :vartype display_names_filter: list[str] - :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :vartype display_names_exclude_filter: list[str] - :ivar product_filter: The alerts' productName on which the cases will be generated. Required. - Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced - Threat Protection", "Azure Active Directory Identity Protection", "Azure Security Center for - IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat - Protection". - :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :ivar severities_filter: the alerts' severities on which the cases will be generated. - :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :ivar resource_id: The resource id of the content item. + :vartype resource_id: str + :ivar status: Status of the item publication. Known values are: "New", "Active", "Closed", + "Backlog", "Approved", "Succeeded", "Failed", and "InProgress". + :vartype status: str or ~azure.mgmt.securityinsight.models.Status + :ivar execution_time: The time the item publishing was completed. + :vartype execution_time: ~datetime.datetime + :ivar errors: The list of error descriptions if the item publication fails. + :vartype errors: list[~azure.mgmt.securityinsight.models.Error] """ _validation = { - "product_filter": {"required": True}, + "status": {"readonly": True}, + "execution_time": {"readonly": True}, } _attribute_map = { - "display_names_filter": {"key": "displayNamesFilter", "type": "[str]"}, - "display_names_exclude_filter": {"key": "displayNamesExcludeFilter", "type": "[str]"}, - "product_filter": {"key": "productFilter", "type": "str"}, - "severities_filter": {"key": "severitiesFilter", "type": "[str]"}, + "resource_id": {"key": "resourceId", "type": "str"}, + "status": {"key": "status", "type": "str"}, + "execution_time": {"key": "executionTime", "type": "iso-8601"}, + "errors": {"key": "errors", "type": "[Error]"}, } def __init__( - self, - *, - product_filter: Union[str, "_models.MicrosoftSecurityProductName"], - display_names_filter: Optional[List[str]] = None, - display_names_exclude_filter: Optional[List[str]] = None, - severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - **kwargs - ): + self, *, resource_id: Optional[str] = None, errors: Optional[List["_models.Error"]] = None, **kwargs: Any + ) -> None: """ - :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. - :paramtype display_names_filter: list[str] - :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :paramtype display_names_exclude_filter: list[str] - :keyword product_filter: The alerts' productName on which the cases will be generated. - Required. Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure - Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security - Center for IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced - Threat Protection". - :paramtype product_filter: str or - ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :keyword severities_filter: the alerts' severities on which the cases will be generated. - :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :keyword resource_id: The resource id of the content item. + :paramtype resource_id: str + :keyword errors: The list of error descriptions if the item publication fails. + :paramtype errors: list[~azure.mgmt.securityinsight.models.Error] """ super().__init__(**kwargs) - self.display_names_filter = display_names_filter - self.display_names_exclude_filter = display_names_exclude_filter - self.product_filter = product_filter - self.severities_filter = severities_filter - + self.resource_id = resource_id + self.status = None + self.execution_time = None + self.errors = errors -class MicrosoftSecurityIncidentCreationAlertRuleProperties(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties): - """MicrosoftSecurityIncidentCreation rule property bag. + +class JobList(_serialization.Model): + """List of all the jobs. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. - :vartype display_names_filter: list[str] - :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :vartype display_names_exclude_filter: list[str] - :ivar product_filter: The alerts' productName on which the cases will be generated. Required. - Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced - Threat Protection", "Azure Active Directory Identity Protection", "Azure Security Center for - IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat - Protection". - :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :ivar severities_filter: the alerts' severities on which the cases will be generated. - :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. - :vartype alert_rule_template_name: str - :ivar description: The description of the alert rule. - :vartype description: str - :ivar display_name: The display name for alerts created by this alert rule. Required. - :vartype display_name: str - :ivar enabled: Determines whether this alert rule is enabled or disabled. Required. - :vartype enabled: bool - :ivar last_modified_utc: The last time that this alert has been modified. - :vartype last_modified_utc: ~datetime.datetime + :ivar next_link: URL to fetch the next set of jobs. + :vartype next_link: str + :ivar value: Array of jobs. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Job] """ _validation = { - "product_filter": {"required": True}, - "display_name": {"required": True}, - "enabled": {"required": True}, - "last_modified_utc": {"readonly": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "display_names_filter": {"key": "displayNamesFilter", "type": "[str]"}, - "display_names_exclude_filter": {"key": "displayNamesExcludeFilter", "type": "[str]"}, - "product_filter": {"key": "productFilter", "type": "str"}, - "severities_filter": {"key": "severitiesFilter", "type": "[str]"}, - "alert_rule_template_name": {"key": "alertRuleTemplateName", "type": "str"}, - "description": {"key": "description", "type": "str"}, - "display_name": {"key": "displayName", "type": "str"}, - "enabled": {"key": "enabled", "type": "bool"}, - "last_modified_utc": {"key": "lastModifiedUtc", "type": "iso-8601"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Job]"}, } - def __init__( - self, - *, - product_filter: Union[str, "_models.MicrosoftSecurityProductName"], - display_name: str, - enabled: bool, - display_names_filter: Optional[List[str]] = None, - display_names_exclude_filter: Optional[List[str]] = None, - severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - alert_rule_template_name: Optional[str] = None, - description: Optional[str] = None, - **kwargs - ): + def __init__(self, *, value: List["_models.Job"], **kwargs: Any) -> None: """ - :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. - :paramtype display_names_filter: list[str] - :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :paramtype display_names_exclude_filter: list[str] - :keyword product_filter: The alerts' productName on which the cases will be generated. - Required. Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure - Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security - Center for IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced - Threat Protection". - :paramtype product_filter: str or - ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :keyword severities_filter: the alerts' severities on which the cases will be generated. - :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - :keyword alert_rule_template_name: The Name of the alert rule template used to create this - rule. - :paramtype alert_rule_template_name: str - :keyword description: The description of the alert rule. - :paramtype description: str - :keyword display_name: The display name for alerts created by this alert rule. Required. - :paramtype display_name: str - :keyword enabled: Determines whether this alert rule is enabled or disabled. Required. - :paramtype enabled: bool + :keyword value: Array of jobs. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Job] """ - super().__init__( - display_names_filter=display_names_filter, - display_names_exclude_filter=display_names_exclude_filter, - product_filter=product_filter, - severities_filter=severities_filter, - **kwargs - ) - self.alert_rule_template_name = alert_rule_template_name - self.description = description - self.display_name = display_name - self.enabled = enabled - self.last_modified_utc = None + super().__init__(**kwargs) + self.next_link = None + self.value = value -class MicrosoftSecurityIncidentCreationAlertRuleTemplate( - AlertRuleTemplate -): # pylint: disable=too-many-instance-attributes - """Represents MicrosoftSecurityIncidentCreation rule template. +class MailboxEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a mailbox entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -14439,39 +14007,26 @@ class MicrosoftSecurityIncidentCreationAlertRuleTemplate( :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar mailbox_primary_address: The mailbox's primary address. + :vartype mailbox_primary_address: str + :ivar display_name: The mailbox's display name. :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. - :vartype display_names_filter: list[str] - :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :vartype display_names_exclude_filter: list[str] - :ivar product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", - "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". - :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :ivar severities_filter: the alerts' severities on which the cases will be generated. - :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :ivar upn: The mailbox's UPN. + :vartype upn: str + :ivar external_directory_object_id: The AzureAD identifier of mailbox. Similar to AadUserId in + account entity but this property is specific to mailbox object on office side. + :vartype external_directory_object_id: str """ _validation = { @@ -14480,8 +14035,12 @@ class MicrosoftSecurityIncidentCreationAlertRuleTemplate( "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "mailbox_primary_address": {"readonly": True}, + "display_name": {"readonly": True}, + "upn": {"readonly": True}, + "external_directory_object_id": {"readonly": True}, } _attribute_map = { @@ -14490,194 +14049,77 @@ class MicrosoftSecurityIncidentCreationAlertRuleTemplate( "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "kind": {"key": "kind", "type": "str"}, - "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, - "description": {"key": "properties.description", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "mailbox_primary_address": {"key": "properties.mailboxPrimaryAddress", "type": "str"}, "display_name": {"key": "properties.displayName", "type": "str"}, - "required_data_connectors": { - "key": "properties.requiredDataConnectors", - "type": "[AlertRuleTemplateDataSource]", - }, - "status": {"key": "properties.status", "type": "str"}, - "display_names_filter": {"key": "properties.displayNamesFilter", "type": "[str]"}, - "display_names_exclude_filter": {"key": "properties.displayNamesExcludeFilter", "type": "[str]"}, - "product_filter": {"key": "properties.productFilter", "type": "str"}, - "severities_filter": {"key": "properties.severitiesFilter", "type": "[str]"}, + "upn": {"key": "properties.upn", "type": "str"}, + "external_directory_object_id": {"key": "properties.externalDirectoryObjectId", "type": "str"}, } - def __init__( - self, - *, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - display_names_filter: Optional[List[str]] = None, - display_names_exclude_filter: Optional[List[str]] = None, - product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, - severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - **kwargs - ): - """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. - :paramtype display_names_filter: list[str] - :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :paramtype display_names_exclude_filter: list[str] - :keyword product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", - "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". - :paramtype product_filter: str or - ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :keyword severities_filter: the alerts' severities on which the cases will be generated. - :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.kind: str = "MicrosoftSecurityIncidentCreation" - self.alert_rules_created_by_template_count = alert_rules_created_by_template_count - self.last_updated_date_utc = None - self.created_date_utc = None - self.description = description - self.display_name = display_name - self.required_data_connectors = required_data_connectors - self.status = status - self.display_names_filter = display_names_filter - self.display_names_exclude_filter = display_names_exclude_filter - self.product_filter = product_filter - self.severities_filter = severities_filter + self.kind: str = "Mailbox" + self.additional_data = None + self.friendly_name = None + self.mailbox_primary_address = None + self.display_name = None + self.upn = None + self.external_directory_object_id = None -class MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties( - AlertRuleTemplatePropertiesBase -): # pylint: disable=too-many-instance-attributes - """MicrosoftSecurityIncidentCreation rule template properties. +class MailboxEntityProperties(EntityCommonProperties): + """Mailbox entity property bag. Variables are only populated by the server, and will be ignored when sending a request. - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. - :vartype display_names_filter: list[str] - :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :vartype display_names_exclude_filter: list[str] - :ivar product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", - "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". - :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :ivar severities_filter: the alerts' severities on which the cases will be generated. - :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar mailbox_primary_address: The mailbox's primary address. + :vartype mailbox_primary_address: str + :ivar display_name: The mailbox's display name. + :vartype display_name: str + :ivar upn: The mailbox's UPN. + :vartype upn: str + :ivar external_directory_object_id: The AzureAD identifier of mailbox. Similar to AadUserId in + account entity but this property is specific to mailbox object on office side. + :vartype external_directory_object_id: str """ _validation = { - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "mailbox_primary_address": {"readonly": True}, + "display_name": {"readonly": True}, + "upn": {"readonly": True}, + "external_directory_object_id": {"readonly": True}, } _attribute_map = { - "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, - "description": {"key": "description", "type": "str"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "mailbox_primary_address": {"key": "mailboxPrimaryAddress", "type": "str"}, "display_name": {"key": "displayName", "type": "str"}, - "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, - "status": {"key": "status", "type": "str"}, - "display_names_filter": {"key": "displayNamesFilter", "type": "[str]"}, - "display_names_exclude_filter": {"key": "displayNamesExcludeFilter", "type": "[str]"}, - "product_filter": {"key": "productFilter", "type": "str"}, - "severities_filter": {"key": "severitiesFilter", "type": "[str]"}, + "upn": {"key": "upn", "type": "str"}, + "external_directory_object_id": {"key": "externalDirectoryObjectId", "type": "str"}, } - def __init__( - self, - *, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - display_names_filter: Optional[List[str]] = None, - display_names_exclude_filter: Optional[List[str]] = None, - product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, - severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - **kwargs - ): - """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. - :paramtype display_names_filter: list[str] - :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :paramtype display_names_exclude_filter: list[str] - :keyword product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", - "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". - :paramtype product_filter: str or - ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :keyword severities_filter: the alerts' severities on which the cases will be generated. - :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - """ - super().__init__( - alert_rules_created_by_template_count=alert_rules_created_by_template_count, - description=description, - display_name=display_name, - required_data_connectors=required_data_connectors, - status=status, - **kwargs - ) - self.display_names_filter = display_names_filter - self.display_names_exclude_filter = display_names_exclude_filter - self.product_filter = product_filter - self.severities_filter = severities_filter + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.mailbox_primary_address = None + self.display_name = None + self.upn = None + self.external_directory_object_id = None -class MLBehaviorAnalyticsAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes - """Represents MLBehaviorAnalytics alert rule. +class MailClusterEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a mail cluster entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -14694,29 +14136,48 @@ class MLBehaviorAnalyticsAlertRule(AlertRule): # pylint: disable=too-many-insta :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. - :vartype alert_rule_template_name: str - :ivar description: The description of the alert rule. - :vartype description: str - :ivar display_name: The display name for alerts created by this alert rule. - :vartype display_name: str - :ivar enabled: Determines whether this alert rule is enabled or disabled. - :vartype enabled: bool - :ivar last_modified_utc: The last time that this alert rule has been modified. - :vartype last_modified_utc: ~datetime.datetime - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar network_message_ids: The mail message IDs that are part of the mail cluster. + :vartype network_message_ids: list[str] + :ivar count_by_delivery_status: Count of mail messages by DeliveryStatus string representation. + :vartype count_by_delivery_status: JSON + :ivar count_by_threat_type: Count of mail messages by ThreatType string representation. + :vartype count_by_threat_type: JSON + :ivar count_by_protection_status: Count of mail messages by ProtectionStatus string + representation. + :vartype count_by_protection_status: JSON + :ivar threats: The threats of mail messages that are part of the mail cluster. + :vartype threats: list[str] + :ivar query: The query that was used to identify the messages of the mail cluster. + :vartype query: str + :ivar query_time: The query time. + :vartype query_time: ~datetime.datetime + :ivar mail_count: The number of mail messages that are part of the mail cluster. + :vartype mail_count: int + :ivar is_volume_anomaly: Is this a volume anomaly mail cluster. + :vartype is_volume_anomaly: bool + :ivar source: The source of the mail cluster (default is 'O365 ATP'). + :vartype source: str + :ivar cluster_source_identifier: The id of the cluster source. + :vartype cluster_source_identifier: str + :ivar cluster_source_type: The type of the cluster source. + :vartype cluster_source_type: str + :ivar cluster_query_start_time: The cluster query start time. + :vartype cluster_query_start_time: ~datetime.datetime + :ivar cluster_query_end_time: The cluster query end time. + :vartype cluster_query_end_time: ~datetime.datetime + :ivar cluster_group: The cluster group. + :vartype cluster_group: str """ _validation = { @@ -14725,12 +14186,23 @@ class MLBehaviorAnalyticsAlertRule(AlertRule): # pylint: disable=too-many-insta "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "description": {"readonly": True}, - "display_name": {"readonly": True}, - "last_modified_utc": {"readonly": True}, - "severity": {"readonly": True}, - "tactics": {"readonly": True}, - "techniques": {"readonly": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "network_message_ids": {"readonly": True}, + "count_by_delivery_status": {"readonly": True}, + "count_by_threat_type": {"readonly": True}, + "count_by_protection_status": {"readonly": True}, + "threats": {"readonly": True}, + "query": {"readonly": True}, + "query_time": {"readonly": True}, + "mail_count": {"readonly": True}, + "is_volume_anomaly": {"readonly": True}, + "source": {"readonly": True}, + "cluster_source_identifier": {"readonly": True}, + "cluster_source_type": {"readonly": True}, + "cluster_query_start_time": {"readonly": True}, + "cluster_query_end_time": {"readonly": True}, + "cluster_group": {"readonly": True}, } _attribute_map = { @@ -14738,49 +14210,155 @@ class MLBehaviorAnalyticsAlertRule(AlertRule): # pylint: disable=too-many-insta "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "enabled": {"key": "properties.enabled", "type": "bool"}, - "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, - "severity": {"key": "properties.severity", "type": "str"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "network_message_ids": {"key": "properties.networkMessageIds", "type": "[str]"}, + "count_by_delivery_status": {"key": "properties.countByDeliveryStatus", "type": "object"}, + "count_by_threat_type": {"key": "properties.countByThreatType", "type": "object"}, + "count_by_protection_status": {"key": "properties.countByProtectionStatus", "type": "object"}, + "threats": {"key": "properties.threats", "type": "[str]"}, + "query": {"key": "properties.query", "type": "str"}, + "query_time": {"key": "properties.queryTime", "type": "iso-8601"}, + "mail_count": {"key": "properties.mailCount", "type": "int"}, + "is_volume_anomaly": {"key": "properties.isVolumeAnomaly", "type": "bool"}, + "source": {"key": "properties.source", "type": "str"}, + "cluster_source_identifier": {"key": "properties.clusterSourceIdentifier", "type": "str"}, + "cluster_source_type": {"key": "properties.clusterSourceType", "type": "str"}, + "cluster_query_start_time": {"key": "properties.clusterQueryStartTime", "type": "iso-8601"}, + "cluster_query_end_time": {"key": "properties.clusterQueryEndTime", "type": "iso-8601"}, + "cluster_group": {"key": "properties.clusterGroup", "type": "str"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - alert_rule_template_name: Optional[str] = None, - enabled: Optional[bool] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword alert_rule_template_name: The Name of the alert rule template used to create this - rule. - :paramtype alert_rule_template_name: str - :keyword enabled: Determines whether this alert rule is enabled or disabled. - :paramtype enabled: bool - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "MLBehaviorAnalytics" - self.alert_rule_template_name = alert_rule_template_name - self.description = None - self.display_name = None - self.enabled = enabled - self.last_modified_utc = None - self.severity = None - self.tactics = None - self.techniques = None - - -class MLBehaviorAnalyticsAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes - """Represents MLBehaviorAnalytics alert rule template. + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.kind: str = "MailCluster" + self.additional_data = None + self.friendly_name = None + self.network_message_ids = None + self.count_by_delivery_status = None + self.count_by_threat_type = None + self.count_by_protection_status = None + self.threats = None + self.query = None + self.query_time = None + self.mail_count = None + self.is_volume_anomaly = None + self.source = None + self.cluster_source_identifier = None + self.cluster_source_type = None + self.cluster_query_start_time = None + self.cluster_query_end_time = None + self.cluster_group = None + + +class MailClusterEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Mail cluster entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar network_message_ids: The mail message IDs that are part of the mail cluster. + :vartype network_message_ids: list[str] + :ivar count_by_delivery_status: Count of mail messages by DeliveryStatus string representation. + :vartype count_by_delivery_status: JSON + :ivar count_by_threat_type: Count of mail messages by ThreatType string representation. + :vartype count_by_threat_type: JSON + :ivar count_by_protection_status: Count of mail messages by ProtectionStatus string + representation. + :vartype count_by_protection_status: JSON + :ivar threats: The threats of mail messages that are part of the mail cluster. + :vartype threats: list[str] + :ivar query: The query that was used to identify the messages of the mail cluster. + :vartype query: str + :ivar query_time: The query time. + :vartype query_time: ~datetime.datetime + :ivar mail_count: The number of mail messages that are part of the mail cluster. + :vartype mail_count: int + :ivar is_volume_anomaly: Is this a volume anomaly mail cluster. + :vartype is_volume_anomaly: bool + :ivar source: The source of the mail cluster (default is 'O365 ATP'). + :vartype source: str + :ivar cluster_source_identifier: The id of the cluster source. + :vartype cluster_source_identifier: str + :ivar cluster_source_type: The type of the cluster source. + :vartype cluster_source_type: str + :ivar cluster_query_start_time: The cluster query start time. + :vartype cluster_query_start_time: ~datetime.datetime + :ivar cluster_query_end_time: The cluster query end time. + :vartype cluster_query_end_time: ~datetime.datetime + :ivar cluster_group: The cluster group. + :vartype cluster_group: str + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "network_message_ids": {"readonly": True}, + "count_by_delivery_status": {"readonly": True}, + "count_by_threat_type": {"readonly": True}, + "count_by_protection_status": {"readonly": True}, + "threats": {"readonly": True}, + "query": {"readonly": True}, + "query_time": {"readonly": True}, + "mail_count": {"readonly": True}, + "is_volume_anomaly": {"readonly": True}, + "source": {"readonly": True}, + "cluster_source_identifier": {"readonly": True}, + "cluster_source_type": {"readonly": True}, + "cluster_query_start_time": {"readonly": True}, + "cluster_query_end_time": {"readonly": True}, + "cluster_group": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "network_message_ids": {"key": "networkMessageIds", "type": "[str]"}, + "count_by_delivery_status": {"key": "countByDeliveryStatus", "type": "object"}, + "count_by_threat_type": {"key": "countByThreatType", "type": "object"}, + "count_by_protection_status": {"key": "countByProtectionStatus", "type": "object"}, + "threats": {"key": "threats", "type": "[str]"}, + "query": {"key": "query", "type": "str"}, + "query_time": {"key": "queryTime", "type": "iso-8601"}, + "mail_count": {"key": "mailCount", "type": "int"}, + "is_volume_anomaly": {"key": "isVolumeAnomaly", "type": "bool"}, + "source": {"key": "source", "type": "str"}, + "cluster_source_identifier": {"key": "clusterSourceIdentifier", "type": "str"}, + "cluster_source_type": {"key": "clusterSourceType", "type": "str"}, + "cluster_query_start_time": {"key": "clusterQueryStartTime", "type": "iso-8601"}, + "cluster_query_end_time": {"key": "clusterQueryEndTime", "type": "iso-8601"}, + "cluster_group": {"key": "clusterGroup", "type": "str"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.network_message_ids = None + self.count_by_delivery_status = None + self.count_by_threat_type = None + self.count_by_protection_status = None + self.threats = None + self.query = None + self.query_time = None + self.mail_count = None + self.is_volume_anomaly = None + self.source = None + self.cluster_source_identifier = None + self.cluster_source_type = None + self.cluster_query_start_time = None + self.cluster_query_end_time = None + self.cluster_group = None + + +class MailMessageEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a mail message entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -14797,34 +14375,73 @@ class MLBehaviorAnalyticsAlertRuleTemplate(AlertRuleTemplate): # pylint: disabl :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar file_entity_ids: The File entity ids of this mail message's attachments. + :vartype file_entity_ids: list[str] + :ivar recipient: The recipient of this mail message. Note that in case of multiple recipients + the mail message is forked and each copy has one recipient. + :vartype recipient: str + :ivar urls: The Urls contained in this mail message. + :vartype urls: list[str] + :ivar threats: The threats of this mail message. + :vartype threats: list[str] + :ivar p1_sender: The p1 sender's email address. + :vartype p1_sender: str + :ivar p1_sender_display_name: The p1 sender's display name. + :vartype p1_sender_display_name: str + :ivar p1_sender_domain: The p1 sender's domain. + :vartype p1_sender_domain: str + :ivar sender_ip: The sender's IP address. + :vartype sender_ip: str + :ivar p2_sender: The p2 sender's email address. + :vartype p2_sender: str + :ivar p2_sender_display_name: The p2 sender's display name. + :vartype p2_sender_display_name: str + :ivar p2_sender_domain: The p2 sender's domain. + :vartype p2_sender_domain: str + :ivar receive_date: The receive date of this message. + :vartype receive_date: ~datetime.datetime + :ivar network_message_id: The network message id of this mail message. + :vartype network_message_id: str + :ivar internet_message_id: The internet message id of this mail message. + :vartype internet_message_id: str + :ivar subject: The subject of this mail message. + :vartype subject: str + :ivar language: The language of this mail message. + :vartype language: str + :ivar threat_detection_methods: The threat detection methods. + :vartype threat_detection_methods: list[str] + :ivar body_fingerprint_bin1: The bodyFingerprintBin1. + :vartype body_fingerprint_bin1: int + :ivar body_fingerprint_bin2: The bodyFingerprintBin2. + :vartype body_fingerprint_bin2: int + :ivar body_fingerprint_bin3: The bodyFingerprintBin3. + :vartype body_fingerprint_bin3: int + :ivar body_fingerprint_bin4: The bodyFingerprintBin4. + :vartype body_fingerprint_bin4: int + :ivar body_fingerprint_bin5: The bodyFingerprintBin5. + :vartype body_fingerprint_bin5: int + :ivar antispam_direction: The directionality of this mail message. Known values are: "Unknown", + "Inbound", "Outbound", and "Intraorg". + :vartype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection + :ivar delivery_action: The delivery action of this mail message like Delivered, Blocked, + Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and + "Replaced". + :vartype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction + :ivar delivery_location: The delivery location of this mail message like Inbox, JunkFolder etc. + Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", "External", + "Failed", "Dropped", and "Forwarded". + :vartype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation """ _validation = { @@ -14833,8 +14450,25 @@ class MLBehaviorAnalyticsAlertRuleTemplate(AlertRuleTemplate): # pylint: disabl "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "file_entity_ids": {"readonly": True}, + "recipient": {"readonly": True}, + "urls": {"readonly": True}, + "threats": {"readonly": True}, + "p1_sender": {"readonly": True}, + "p1_sender_display_name": {"readonly": True}, + "p1_sender_domain": {"readonly": True}, + "sender_ip": {"readonly": True}, + "p2_sender": {"readonly": True}, + "p2_sender_display_name": {"readonly": True}, + "p2_sender_domain": {"readonly": True}, + "receive_date": {"readonly": True}, + "network_message_id": {"readonly": True}, + "internet_message_id": {"readonly": True}, + "subject": {"readonly": True}, + "language": {"readonly": True}, + "threat_detection_methods": {"readonly": True}, } _attribute_map = { @@ -14843,18 +14477,2472 @@ class MLBehaviorAnalyticsAlertRuleTemplate(AlertRuleTemplate): # pylint: disabl "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "kind": {"key": "kind", "type": "str"}, - "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "required_data_connectors": { - "key": "properties.requiredDataConnectors", - "type": "[AlertRuleTemplateDataSource]", - }, - "status": {"key": "properties.status", "type": "str"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "file_entity_ids": {"key": "properties.fileEntityIds", "type": "[str]"}, + "recipient": {"key": "properties.recipient", "type": "str"}, + "urls": {"key": "properties.urls", "type": "[str]"}, + "threats": {"key": "properties.threats", "type": "[str]"}, + "p1_sender": {"key": "properties.p1Sender", "type": "str"}, + "p1_sender_display_name": {"key": "properties.p1SenderDisplayName", "type": "str"}, + "p1_sender_domain": {"key": "properties.p1SenderDomain", "type": "str"}, + "sender_ip": {"key": "properties.senderIP", "type": "str"}, + "p2_sender": {"key": "properties.p2Sender", "type": "str"}, + "p2_sender_display_name": {"key": "properties.p2SenderDisplayName", "type": "str"}, + "p2_sender_domain": {"key": "properties.p2SenderDomain", "type": "str"}, + "receive_date": {"key": "properties.receiveDate", "type": "iso-8601"}, + "network_message_id": {"key": "properties.networkMessageId", "type": "str"}, + "internet_message_id": {"key": "properties.internetMessageId", "type": "str"}, + "subject": {"key": "properties.subject", "type": "str"}, + "language": {"key": "properties.language", "type": "str"}, + "threat_detection_methods": {"key": "properties.threatDetectionMethods", "type": "[str]"}, + "body_fingerprint_bin1": {"key": "properties.bodyFingerprintBin1", "type": "int"}, + "body_fingerprint_bin2": {"key": "properties.bodyFingerprintBin2", "type": "int"}, + "body_fingerprint_bin3": {"key": "properties.bodyFingerprintBin3", "type": "int"}, + "body_fingerprint_bin4": {"key": "properties.bodyFingerprintBin4", "type": "int"}, + "body_fingerprint_bin5": {"key": "properties.bodyFingerprintBin5", "type": "int"}, + "antispam_direction": {"key": "properties.antispamDirection", "type": "str"}, + "delivery_action": {"key": "properties.deliveryAction", "type": "str"}, + "delivery_location": {"key": "properties.deliveryLocation", "type": "str"}, + } + + def __init__( # pylint: disable=too-many-locals + self, + *, + body_fingerprint_bin1: Optional[int] = None, + body_fingerprint_bin2: Optional[int] = None, + body_fingerprint_bin3: Optional[int] = None, + body_fingerprint_bin4: Optional[int] = None, + body_fingerprint_bin5: Optional[int] = None, + antispam_direction: Optional[Union[str, "_models.AntispamMailDirection"]] = None, + delivery_action: Optional[Union[str, "_models.DeliveryAction"]] = None, + delivery_location: Optional[Union[str, "_models.DeliveryLocation"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword body_fingerprint_bin1: The bodyFingerprintBin1. + :paramtype body_fingerprint_bin1: int + :keyword body_fingerprint_bin2: The bodyFingerprintBin2. + :paramtype body_fingerprint_bin2: int + :keyword body_fingerprint_bin3: The bodyFingerprintBin3. + :paramtype body_fingerprint_bin3: int + :keyword body_fingerprint_bin4: The bodyFingerprintBin4. + :paramtype body_fingerprint_bin4: int + :keyword body_fingerprint_bin5: The bodyFingerprintBin5. + :paramtype body_fingerprint_bin5: int + :keyword antispam_direction: The directionality of this mail message. Known values are: + "Unknown", "Inbound", "Outbound", and "Intraorg". + :paramtype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection + :keyword delivery_action: The delivery action of this mail message like Delivered, Blocked, + Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and + "Replaced". + :paramtype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction + :keyword delivery_location: The delivery location of this mail message like Inbox, JunkFolder + etc. Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", + "External", "Failed", "Dropped", and "Forwarded". + :paramtype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation + """ + super().__init__(**kwargs) + self.kind: str = "MailMessage" + self.additional_data = None + self.friendly_name = None + self.file_entity_ids = None + self.recipient = None + self.urls = None + self.threats = None + self.p1_sender = None + self.p1_sender_display_name = None + self.p1_sender_domain = None + self.sender_ip = None + self.p2_sender = None + self.p2_sender_display_name = None + self.p2_sender_domain = None + self.receive_date = None + self.network_message_id = None + self.internet_message_id = None + self.subject = None + self.language = None + self.threat_detection_methods = None + self.body_fingerprint_bin1 = body_fingerprint_bin1 + self.body_fingerprint_bin2 = body_fingerprint_bin2 + self.body_fingerprint_bin3 = body_fingerprint_bin3 + self.body_fingerprint_bin4 = body_fingerprint_bin4 + self.body_fingerprint_bin5 = body_fingerprint_bin5 + self.antispam_direction = antispam_direction + self.delivery_action = delivery_action + self.delivery_location = delivery_location + + +class MailMessageEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Mail message entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar file_entity_ids: The File entity ids of this mail message's attachments. + :vartype file_entity_ids: list[str] + :ivar recipient: The recipient of this mail message. Note that in case of multiple recipients + the mail message is forked and each copy has one recipient. + :vartype recipient: str + :ivar urls: The Urls contained in this mail message. + :vartype urls: list[str] + :ivar threats: The threats of this mail message. + :vartype threats: list[str] + :ivar p1_sender: The p1 sender's email address. + :vartype p1_sender: str + :ivar p1_sender_display_name: The p1 sender's display name. + :vartype p1_sender_display_name: str + :ivar p1_sender_domain: The p1 sender's domain. + :vartype p1_sender_domain: str + :ivar sender_ip: The sender's IP address. + :vartype sender_ip: str + :ivar p2_sender: The p2 sender's email address. + :vartype p2_sender: str + :ivar p2_sender_display_name: The p2 sender's display name. + :vartype p2_sender_display_name: str + :ivar p2_sender_domain: The p2 sender's domain. + :vartype p2_sender_domain: str + :ivar receive_date: The receive date of this message. + :vartype receive_date: ~datetime.datetime + :ivar network_message_id: The network message id of this mail message. + :vartype network_message_id: str + :ivar internet_message_id: The internet message id of this mail message. + :vartype internet_message_id: str + :ivar subject: The subject of this mail message. + :vartype subject: str + :ivar language: The language of this mail message. + :vartype language: str + :ivar threat_detection_methods: The threat detection methods. + :vartype threat_detection_methods: list[str] + :ivar body_fingerprint_bin1: The bodyFingerprintBin1. + :vartype body_fingerprint_bin1: int + :ivar body_fingerprint_bin2: The bodyFingerprintBin2. + :vartype body_fingerprint_bin2: int + :ivar body_fingerprint_bin3: The bodyFingerprintBin3. + :vartype body_fingerprint_bin3: int + :ivar body_fingerprint_bin4: The bodyFingerprintBin4. + :vartype body_fingerprint_bin4: int + :ivar body_fingerprint_bin5: The bodyFingerprintBin5. + :vartype body_fingerprint_bin5: int + :ivar antispam_direction: The directionality of this mail message. Known values are: "Unknown", + "Inbound", "Outbound", and "Intraorg". + :vartype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection + :ivar delivery_action: The delivery action of this mail message like Delivered, Blocked, + Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and + "Replaced". + :vartype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction + :ivar delivery_location: The delivery location of this mail message like Inbox, JunkFolder etc. + Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", "External", + "Failed", "Dropped", and "Forwarded". + :vartype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "file_entity_ids": {"readonly": True}, + "recipient": {"readonly": True}, + "urls": {"readonly": True}, + "threats": {"readonly": True}, + "p1_sender": {"readonly": True}, + "p1_sender_display_name": {"readonly": True}, + "p1_sender_domain": {"readonly": True}, + "sender_ip": {"readonly": True}, + "p2_sender": {"readonly": True}, + "p2_sender_display_name": {"readonly": True}, + "p2_sender_domain": {"readonly": True}, + "receive_date": {"readonly": True}, + "network_message_id": {"readonly": True}, + "internet_message_id": {"readonly": True}, + "subject": {"readonly": True}, + "language": {"readonly": True}, + "threat_detection_methods": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "file_entity_ids": {"key": "fileEntityIds", "type": "[str]"}, + "recipient": {"key": "recipient", "type": "str"}, + "urls": {"key": "urls", "type": "[str]"}, + "threats": {"key": "threats", "type": "[str]"}, + "p1_sender": {"key": "p1Sender", "type": "str"}, + "p1_sender_display_name": {"key": "p1SenderDisplayName", "type": "str"}, + "p1_sender_domain": {"key": "p1SenderDomain", "type": "str"}, + "sender_ip": {"key": "senderIP", "type": "str"}, + "p2_sender": {"key": "p2Sender", "type": "str"}, + "p2_sender_display_name": {"key": "p2SenderDisplayName", "type": "str"}, + "p2_sender_domain": {"key": "p2SenderDomain", "type": "str"}, + "receive_date": {"key": "receiveDate", "type": "iso-8601"}, + "network_message_id": {"key": "networkMessageId", "type": "str"}, + "internet_message_id": {"key": "internetMessageId", "type": "str"}, + "subject": {"key": "subject", "type": "str"}, + "language": {"key": "language", "type": "str"}, + "threat_detection_methods": {"key": "threatDetectionMethods", "type": "[str]"}, + "body_fingerprint_bin1": {"key": "bodyFingerprintBin1", "type": "int"}, + "body_fingerprint_bin2": {"key": "bodyFingerprintBin2", "type": "int"}, + "body_fingerprint_bin3": {"key": "bodyFingerprintBin3", "type": "int"}, + "body_fingerprint_bin4": {"key": "bodyFingerprintBin4", "type": "int"}, + "body_fingerprint_bin5": {"key": "bodyFingerprintBin5", "type": "int"}, + "antispam_direction": {"key": "antispamDirection", "type": "str"}, + "delivery_action": {"key": "deliveryAction", "type": "str"}, + "delivery_location": {"key": "deliveryLocation", "type": "str"}, + } + + def __init__( # pylint: disable=too-many-locals + self, + *, + body_fingerprint_bin1: Optional[int] = None, + body_fingerprint_bin2: Optional[int] = None, + body_fingerprint_bin3: Optional[int] = None, + body_fingerprint_bin4: Optional[int] = None, + body_fingerprint_bin5: Optional[int] = None, + antispam_direction: Optional[Union[str, "_models.AntispamMailDirection"]] = None, + delivery_action: Optional[Union[str, "_models.DeliveryAction"]] = None, + delivery_location: Optional[Union[str, "_models.DeliveryLocation"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword body_fingerprint_bin1: The bodyFingerprintBin1. + :paramtype body_fingerprint_bin1: int + :keyword body_fingerprint_bin2: The bodyFingerprintBin2. + :paramtype body_fingerprint_bin2: int + :keyword body_fingerprint_bin3: The bodyFingerprintBin3. + :paramtype body_fingerprint_bin3: int + :keyword body_fingerprint_bin4: The bodyFingerprintBin4. + :paramtype body_fingerprint_bin4: int + :keyword body_fingerprint_bin5: The bodyFingerprintBin5. + :paramtype body_fingerprint_bin5: int + :keyword antispam_direction: The directionality of this mail message. Known values are: + "Unknown", "Inbound", "Outbound", and "Intraorg". + :paramtype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection + :keyword delivery_action: The delivery action of this mail message like Delivered, Blocked, + Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and + "Replaced". + :paramtype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction + :keyword delivery_location: The delivery location of this mail message like Inbox, JunkFolder + etc. Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", + "External", "Failed", "Dropped", and "Forwarded". + :paramtype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation + """ + super().__init__(**kwargs) + self.file_entity_ids = None + self.recipient = None + self.urls = None + self.threats = None + self.p1_sender = None + self.p1_sender_display_name = None + self.p1_sender_domain = None + self.sender_ip = None + self.p2_sender = None + self.p2_sender_display_name = None + self.p2_sender_domain = None + self.receive_date = None + self.network_message_id = None + self.internet_message_id = None + self.subject = None + self.language = None + self.threat_detection_methods = None + self.body_fingerprint_bin1 = body_fingerprint_bin1 + self.body_fingerprint_bin2 = body_fingerprint_bin2 + self.body_fingerprint_bin3 = body_fingerprint_bin3 + self.body_fingerprint_bin4 = body_fingerprint_bin4 + self.body_fingerprint_bin5 = body_fingerprint_bin5 + self.antispam_direction = antispam_direction + self.delivery_action = delivery_action + self.delivery_location = delivery_location + + +class MalwareEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a malware entity. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar category: The malware category by the vendor, e.g. Trojan. + :vartype category: str + :ivar file_entity_ids: List of linked file entity identifiers on which the malware was found. + :vartype file_entity_ids: list[str] + :ivar malware_name: The malware name by the vendor, e.g. Win32/Toga!rfn. + :vartype malware_name: str + :ivar process_entity_ids: List of linked process entity identifiers on which the malware was + found. + :vartype process_entity_ids: list[str] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "category": {"readonly": True}, + "file_entity_ids": {"readonly": True}, + "malware_name": {"readonly": True}, + "process_entity_ids": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "category": {"key": "properties.category", "type": "str"}, + "file_entity_ids": {"key": "properties.fileEntityIds", "type": "[str]"}, + "malware_name": {"key": "properties.malwareName", "type": "str"}, + "process_entity_ids": {"key": "properties.processEntityIds", "type": "[str]"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.kind: str = "Malware" + self.additional_data = None + self.friendly_name = None + self.category = None + self.file_entity_ids = None + self.malware_name = None + self.process_entity_ids = None + + +class MalwareEntityProperties(EntityCommonProperties): + """Malware entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar category: The malware category by the vendor, e.g. Trojan. + :vartype category: str + :ivar file_entity_ids: List of linked file entity identifiers on which the malware was found. + :vartype file_entity_ids: list[str] + :ivar malware_name: The malware name by the vendor, e.g. Win32/Toga!rfn. + :vartype malware_name: str + :ivar process_entity_ids: List of linked process entity identifiers on which the malware was + found. + :vartype process_entity_ids: list[str] + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "category": {"readonly": True}, + "file_entity_ids": {"readonly": True}, + "malware_name": {"readonly": True}, + "process_entity_ids": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "category": {"key": "category", "type": "str"}, + "file_entity_ids": {"key": "fileEntityIds", "type": "[str]"}, + "malware_name": {"key": "malwareName", "type": "str"}, + "process_entity_ids": {"key": "processEntityIds", "type": "[str]"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.category = None + self.file_entity_ids = None + self.malware_name = None + self.process_entity_ids = None + + +class ManualTriggerRequestBody(_serialization.Model): + """ManualTriggerRequestBody. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: + :vartype tenant_id: str + :ivar logic_apps_resource_id: Required. + :vartype logic_apps_resource_id: str + """ + + _validation = { + "logic_apps_resource_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + "logic_apps_resource_id": {"key": "logicAppsResourceId", "type": "str"}, + } + + def __init__(self, *, logic_apps_resource_id: str, tenant_id: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword tenant_id: + :paramtype tenant_id: str + :keyword logic_apps_resource_id: Required. + :paramtype logic_apps_resource_id: str + """ + super().__init__(**kwargs) + self.tenant_id = tenant_id + self.logic_apps_resource_id = logic_apps_resource_id + + +class MCASCheckRequirements(DataConnectorsCheckRequirements): + """Represents MCAS (Microsoft Cloud App Security) requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind: str = "MicrosoftCloudAppSecurity" + self.tenant_id = tenant_id + + +class MCASCheckRequirementsProperties(DataConnectorTenantId): + """MCAS (Microsoft Cloud App Security) requirements check properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class MCASDataConnector(DataConnector): + """Represents MCAS (Microsoft Cloud App Security) data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "MCASDataConnectorDataTypes"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.MCASDataConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes + """ + super().__init__(etag=etag, **kwargs) + self.kind: str = "MicrosoftCloudAppSecurity" + self.tenant_id = tenant_id + self.data_types = data_types + + +class MCASDataConnectorDataTypes(AlertsDataTypeOfDataConnector): + """The available data types for MCAS (Microsoft Cloud App Security) data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar alerts: Alerts data type connection. Required. + :vartype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + :ivar discovery_logs: Discovery log data type connection. + :vartype discovery_logs: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + """ + + _validation = { + "alerts": {"required": True}, + } + + _attribute_map = { + "alerts": {"key": "alerts", "type": "DataConnectorDataTypeCommon"}, + "discovery_logs": {"key": "discoveryLogs", "type": "DataConnectorDataTypeCommon"}, + } + + def __init__( + self, + *, + alerts: "_models.DataConnectorDataTypeCommon", + discovery_logs: Optional["_models.DataConnectorDataTypeCommon"] = None, + **kwargs: Any + ) -> None: + """ + :keyword alerts: Alerts data type connection. Required. + :paramtype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + :keyword discovery_logs: Discovery log data type connection. + :paramtype discovery_logs: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + """ + super().__init__(alerts=alerts, **kwargs) + self.discovery_logs = discovery_logs + + +class MCASDataConnectorProperties(DataConnectorTenantId): + """MCAS (Microsoft Cloud App Security) data connector properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes + """ + + _validation = { + "tenant_id": {"required": True}, + "data_types": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "MCASDataConnectorDataTypes"}, + } + + def __init__(self, *, tenant_id: str, data_types: "_models.MCASDataConnectorDataTypes", **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes + """ + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types + + +class MDATPCheckRequirements(DataConnectorsCheckRequirements): + """Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind: str = "MicrosoftDefenderAdvancedThreatProtection" + self.tenant_id = tenant_id + + +class MDATPCheckRequirementsProperties(DataConnectorTenantId): + """MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class MDATPDataConnector(DataConnector): + """Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + super().__init__(etag=etag, **kwargs) + self.kind: str = "MicrosoftDefenderAdvancedThreatProtection" + self.tenant_id = tenant_id + self.data_types = data_types + + +class MDATPDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): + """MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. + + All required parameters must be populated in order to send to Azure. + + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__( + self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs: Any + ) -> None: + """ + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, data_types=data_types, **kwargs) + self.data_types = data_types + self.tenant_id = tenant_id + + +class MetadataAuthor(_serialization.Model): + """Publisher or creator of the content item. + + :ivar name: Name of the author. Company or person. + :vartype name: str + :ivar email: Email of author contact. + :vartype email: str + :ivar link: Link for author/vendor page. + :vartype link: str + """ + + _attribute_map = { + "name": {"key": "name", "type": "str"}, + "email": {"key": "email", "type": "str"}, + "link": {"key": "link", "type": "str"}, + } + + def __init__( + self, *, name: Optional[str] = None, email: Optional[str] = None, link: Optional[str] = None, **kwargs: Any + ) -> None: + """ + :keyword name: Name of the author. Company or person. + :paramtype name: str + :keyword email: Email of author contact. + :paramtype email: str + :keyword link: Link for author/vendor page. + :paramtype link: str + """ + super().__init__(**kwargs) + self.name = name + self.email = email + self.link = link + + +class MetadataCategories(_serialization.Model): + """ies for the solution content item. + + :ivar domains: domain for the solution content item. + :vartype domains: list[str] + :ivar verticals: Industry verticals for the solution content item. + :vartype verticals: list[str] + """ + + _attribute_map = { + "domains": {"key": "domains", "type": "[str]"}, + "verticals": {"key": "verticals", "type": "[str]"}, + } + + def __init__( + self, *, domains: Optional[List[str]] = None, verticals: Optional[List[str]] = None, **kwargs: Any + ) -> None: + """ + :keyword domains: domain for the solution content item. + :paramtype domains: list[str] + :keyword verticals: Industry verticals for the solution content item. + :paramtype verticals: list[str] + """ + super().__init__(**kwargs) + self.domains = domains + self.verticals = verticals + + +class MetadataDependencies(_serialization.Model): + """Dependencies for the content item, what other content items it requires to work. Can describe + more complex dependencies using a recursive/nested structure. For a single dependency an + id/kind/version can be supplied or operator/criteria for complex dependencies. + + :ivar content_id: Id of the content item we depend on. + :vartype content_id: str + :ivar kind: Type of the content item we depend on. Known values are: "DataConnector", + "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :vartype kind: str or ~azure.mgmt.securityinsight.models.Kind + :ivar version: Version of the the content item we depend on. Can be blank, * or missing to + indicate any version fulfills the dependency. If version does not match our defined numeric + format then an exact match is required. + :vartype version: str + :ivar name: Name of the content item. + :vartype name: str + :ivar operator: Operator used for list of dependencies in criteria array. Known values are: + "AND", "OR", "AND", and "OR". + :vartype operator: str or ~azure.mgmt.securityinsight.models.Operator + :ivar criteria: This is the list of dependencies we must fulfill, according to the AND/OR + operator. + :vartype criteria: list[~azure.mgmt.securityinsight.models.MetadataDependencies] + """ + + _attribute_map = { + "content_id": {"key": "contentId", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "operator": {"key": "operator", "type": "str"}, + "criteria": {"key": "criteria", "type": "[MetadataDependencies]"}, + } + + def __init__( + self, + *, + content_id: Optional[str] = None, + kind: Optional[Union[str, "_models.Kind"]] = None, + version: Optional[str] = None, + name: Optional[str] = None, + operator: Optional[Union[str, "_models.Operator"]] = None, + criteria: Optional[List["_models.MetadataDependencies"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword content_id: Id of the content item we depend on. + :paramtype content_id: str + :keyword kind: Type of the content item we depend on. Known values are: "DataConnector", + "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :paramtype kind: str or ~azure.mgmt.securityinsight.models.Kind + :keyword version: Version of the the content item we depend on. Can be blank, * or missing to + indicate any version fulfills the dependency. If version does not match our defined numeric + format then an exact match is required. + :paramtype version: str + :keyword name: Name of the content item. + :paramtype name: str + :keyword operator: Operator used for list of dependencies in criteria array. Known values are: + "AND", "OR", "AND", and "OR". + :paramtype operator: str or ~azure.mgmt.securityinsight.models.Operator + :keyword criteria: This is the list of dependencies we must fulfill, according to the AND/OR + operator. + :paramtype criteria: list[~azure.mgmt.securityinsight.models.MetadataDependencies] + """ + super().__init__(**kwargs) + self.content_id = content_id + self.kind = kind + self.version = version + self.name = name + self.operator = operator + self.criteria = criteria + + +class MetadataList(_serialization.Model): + """List of all the metadata. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar value: Array of metadata. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.MetadataModel] + :ivar next_link: URL to fetch the next page of metadata. + :vartype next_link: str + """ + + _validation = { + "value": {"required": True}, + "next_link": {"readonly": True}, + } + + _attribute_map = { + "value": {"key": "value", "type": "[MetadataModel]"}, + "next_link": {"key": "nextLink", "type": "str"}, + } + + def __init__(self, *, value: List["_models.MetadataModel"], **kwargs: Any) -> None: + """ + :keyword value: Array of metadata. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.MetadataModel] + """ + super().__init__(**kwargs) + self.value = value + self.next_link = None + + +class MetadataModel(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Metadata resource definition. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :vartype content_id: str + :ivar parent_id: Full parent resource ID of the content item the metadata is for. This is the + full resource ID including the scope (subscription and resource group). + :vartype parent_id: str + :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, + 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we + cannot guarantee any version checks. + :vartype version: str + :ivar kind: The kind of content the metadata is for. + :vartype kind: str + :ivar source: Source of the content. This is where/how it was created. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The creator of the content item. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: Support information for the metadata - type, name, contact information. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: Dependencies for the content item, what other content items it requires to + work. Can describe more complex dependencies using a recursive/nested structure. For a single + dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar categories: Categories for the solution content item. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar providers: Providers for the solution content item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date solution content item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the solution content item. + :vartype last_publish_date: ~datetime.date + :ivar custom_version: The custom version of the content. A optional free text. + :vartype custom_version: str + :ivar content_schema_version: Schema version of the content. Can be used to distinguish between + different flow based on the schema version. + :vartype content_schema_version: str + :ivar icon: the icon identifier. this id can later be fetched from the solution template. + :vartype icon: str + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar preview_images: preview image file names. These will be taken from the solution + artifacts. + :vartype preview_images: list[str] + :ivar preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :vartype preview_images_dark: list[str] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "content_id": {"key": "properties.contentId", "type": "str"}, + "parent_id": {"key": "properties.parentId", "type": "str"}, + "version": {"key": "properties.version", "type": "str"}, + "kind": {"key": "properties.kind", "type": "str"}, + "source": {"key": "properties.source", "type": "MetadataSource"}, + "author": {"key": "properties.author", "type": "MetadataAuthor"}, + "support": {"key": "properties.support", "type": "MetadataSupport"}, + "dependencies": {"key": "properties.dependencies", "type": "MetadataDependencies"}, + "categories": {"key": "properties.categories", "type": "MetadataCategories"}, + "providers": {"key": "properties.providers", "type": "[str]"}, + "first_publish_date": {"key": "properties.firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "properties.lastPublishDate", "type": "date"}, + "custom_version": {"key": "properties.customVersion", "type": "str"}, + "content_schema_version": {"key": "properties.contentSchemaVersion", "type": "str"}, + "icon": {"key": "properties.icon", "type": "str"}, + "threat_analysis_tactics": {"key": "properties.threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "properties.threatAnalysisTechniques", "type": "[str]"}, + "preview_images": {"key": "properties.previewImages", "type": "[str]"}, + "preview_images_dark": {"key": "properties.previewImagesDark", "type": "[str]"}, + } + + def __init__( # pylint: disable=too-many-locals + self, + *, + etag: Optional[str] = None, + content_id: Optional[str] = None, + parent_id: Optional[str] = None, + version: Optional[str] = None, + kind: Optional[str] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + categories: Optional["_models.MetadataCategories"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + custom_version: Optional[str] = None, + content_schema_version: Optional[str] = None, + icon: Optional[str] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + preview_images: Optional[List[str]] = None, + preview_images_dark: Optional[List[str]] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :paramtype content_id: str + :keyword parent_id: Full parent resource ID of the content item the metadata is for. This is + the full resource ID including the scope (subscription and resource group). + :paramtype parent_id: str + :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, + 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then + we cannot guarantee any version checks. + :paramtype version: str + :keyword kind: The kind of content the metadata is for. + :paramtype kind: str + :keyword source: Source of the content. This is where/how it was created. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The creator of the content item. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: Support information for the metadata - type, name, contact information. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: Dependencies for the content item, what other content items it requires + to work. Can describe more complex dependencies using a recursive/nested structure. For a + single dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword categories: Categories for the solution content item. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword providers: Providers for the solution content item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date solution content item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the solution content item. + :paramtype last_publish_date: ~datetime.date + :keyword custom_version: The custom version of the content. A optional free text. + :paramtype custom_version: str + :keyword content_schema_version: Schema version of the content. Can be used to distinguish + between different flow based on the schema version. + :paramtype content_schema_version: str + :keyword icon: the icon identifier. this id can later be fetched from the solution template. + :paramtype icon: str + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword preview_images: preview image file names. These will be taken from the solution + artifacts. + :paramtype preview_images: list[str] + :keyword preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :paramtype preview_images_dark: list[str] + """ + super().__init__(etag=etag, **kwargs) + self.content_id = content_id + self.parent_id = parent_id + self.version = version + self.kind = kind + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.categories = categories + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.custom_version = custom_version + self.content_schema_version = content_schema_version + self.icon = icon + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.preview_images = preview_images + self.preview_images_dark = preview_images_dark + + +class MetadataPatch(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Metadata patch request body. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :vartype content_id: str + :ivar parent_id: Full parent resource ID of the content item the metadata is for. This is the + full resource ID including the scope (subscription and resource group). + :vartype parent_id: str + :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, + 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we + cannot guarantee any version checks. + :vartype version: str + :ivar kind: The kind of content the metadata is for. + :vartype kind: str + :ivar source: Source of the content. This is where/how it was created. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The creator of the content item. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: Support information for the metadata - type, name, contact information. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: Dependencies for the content item, what other content items it requires to + work. Can describe more complex dependencies using a recursive/nested structure. For a single + dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar categories: Categories for the solution content item. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar providers: Providers for the solution content item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date solution content item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the solution content item. + :vartype last_publish_date: ~datetime.date + :ivar custom_version: The custom version of the content. A optional free text. + :vartype custom_version: str + :ivar content_schema_version: Schema version of the content. Can be used to distinguish between + different flow based on the schema version. + :vartype content_schema_version: str + :ivar icon: the icon identifier. this id can later be fetched from the solution template. + :vartype icon: str + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar preview_images: preview image file names. These will be taken from the solution + artifacts. + :vartype preview_images: list[str] + :ivar preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :vartype preview_images_dark: list[str] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "content_id": {"key": "properties.contentId", "type": "str"}, + "parent_id": {"key": "properties.parentId", "type": "str"}, + "version": {"key": "properties.version", "type": "str"}, + "kind": {"key": "properties.kind", "type": "str"}, + "source": {"key": "properties.source", "type": "MetadataSource"}, + "author": {"key": "properties.author", "type": "MetadataAuthor"}, + "support": {"key": "properties.support", "type": "MetadataSupport"}, + "dependencies": {"key": "properties.dependencies", "type": "MetadataDependencies"}, + "categories": {"key": "properties.categories", "type": "MetadataCategories"}, + "providers": {"key": "properties.providers", "type": "[str]"}, + "first_publish_date": {"key": "properties.firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "properties.lastPublishDate", "type": "date"}, + "custom_version": {"key": "properties.customVersion", "type": "str"}, + "content_schema_version": {"key": "properties.contentSchemaVersion", "type": "str"}, + "icon": {"key": "properties.icon", "type": "str"}, + "threat_analysis_tactics": {"key": "properties.threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "properties.threatAnalysisTechniques", "type": "[str]"}, + "preview_images": {"key": "properties.previewImages", "type": "[str]"}, + "preview_images_dark": {"key": "properties.previewImagesDark", "type": "[str]"}, + } + + def __init__( # pylint: disable=too-many-locals + self, + *, + etag: Optional[str] = None, + content_id: Optional[str] = None, + parent_id: Optional[str] = None, + version: Optional[str] = None, + kind: Optional[str] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + categories: Optional["_models.MetadataCategories"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + custom_version: Optional[str] = None, + content_schema_version: Optional[str] = None, + icon: Optional[str] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + preview_images: Optional[List[str]] = None, + preview_images_dark: Optional[List[str]] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :paramtype content_id: str + :keyword parent_id: Full parent resource ID of the content item the metadata is for. This is + the full resource ID including the scope (subscription and resource group). + :paramtype parent_id: str + :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, + 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then + we cannot guarantee any version checks. + :paramtype version: str + :keyword kind: The kind of content the metadata is for. + :paramtype kind: str + :keyword source: Source of the content. This is where/how it was created. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The creator of the content item. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: Support information for the metadata - type, name, contact information. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: Dependencies for the content item, what other content items it requires + to work. Can describe more complex dependencies using a recursive/nested structure. For a + single dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword categories: Categories for the solution content item. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword providers: Providers for the solution content item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date solution content item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the solution content item. + :paramtype last_publish_date: ~datetime.date + :keyword custom_version: The custom version of the content. A optional free text. + :paramtype custom_version: str + :keyword content_schema_version: Schema version of the content. Can be used to distinguish + between different flow based on the schema version. + :paramtype content_schema_version: str + :keyword icon: the icon identifier. this id can later be fetched from the solution template. + :paramtype icon: str + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword preview_images: preview image file names. These will be taken from the solution + artifacts. + :paramtype preview_images: list[str] + :keyword preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :paramtype preview_images_dark: list[str] + """ + super().__init__(etag=etag, **kwargs) + self.content_id = content_id + self.parent_id = parent_id + self.version = version + self.kind = kind + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.categories = categories + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.custom_version = custom_version + self.content_schema_version = content_schema_version + self.icon = icon + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.preview_images = preview_images + self.preview_images_dark = preview_images_dark + + +class MetadataSource(_serialization.Model): + """The original source of the content item, where it comes from. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Source type of the content. Required. Known values are: "LocalWorkspace", + "Community", "Solution", and "SourceRepository". + :vartype kind: str or ~azure.mgmt.securityinsight.models.SourceKind + :ivar name: Name of the content source. The repo name, solution name, LA workspace name etc. + :vartype name: str + :ivar source_id: ID of the content source. The solution ID, workspace ID, etc. + :vartype source_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "source_id": {"key": "sourceId", "type": "str"}, + } + + def __init__( + self, + *, + kind: Union[str, "_models.SourceKind"], + name: Optional[str] = None, + source_id: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword kind: Source type of the content. Required. Known values are: "LocalWorkspace", + "Community", "Solution", and "SourceRepository". + :paramtype kind: str or ~azure.mgmt.securityinsight.models.SourceKind + :keyword name: Name of the content source. The repo name, solution name, LA workspace name + etc. + :paramtype name: str + :keyword source_id: ID of the content source. The solution ID, workspace ID, etc. + :paramtype source_id: str + """ + super().__init__(**kwargs) + self.kind = kind + self.name = name + self.source_id = source_id + + +class MetadataSupport(_serialization.Model): + """Support information for the content item. + + All required parameters must be populated in order to send to Azure. + + :ivar tier: Type of support for content item. Required. Known values are: "Microsoft", + "Partner", and "Community". + :vartype tier: str or ~azure.mgmt.securityinsight.models.SupportTier + :ivar name: Name of the support contact. Company or person. + :vartype name: str + :ivar email: Email of support contact. + :vartype email: str + :ivar link: Link for support help, like to support page to open a ticket etc. + :vartype link: str + """ + + _validation = { + "tier": {"required": True}, + } + + _attribute_map = { + "tier": {"key": "tier", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "email": {"key": "email", "type": "str"}, + "link": {"key": "link", "type": "str"}, + } + + def __init__( + self, + *, + tier: Union[str, "_models.SupportTier"], + name: Optional[str] = None, + email: Optional[str] = None, + link: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword tier: Type of support for content item. Required. Known values are: "Microsoft", + "Partner", and "Community". + :paramtype tier: str or ~azure.mgmt.securityinsight.models.SupportTier + :keyword name: Name of the support contact. Company or person. + :paramtype name: str + :keyword email: Email of support contact. + :paramtype email: str + :keyword link: Link for support help, like to support page to open a ticket etc. + :paramtype link: str + """ + super().__init__(**kwargs) + self.tier = tier + self.name = name + self.email = email + self.link = link + + +class MicrosoftPurviewInformationProtectionCheckRequirements(DataConnectorsCheckRequirements): + """Represents MicrosoftPurviewInformationProtection requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind: str = "MicrosoftPurviewInformationProtection" + self.tenant_id = tenant_id + + +class MicrosoftPurviewInformationProtectionCheckRequirementsProperties(DataConnectorTenantId): + """MicrosoftPurviewInformationProtection requirements check properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class MicrosoftPurviewInformationProtectionConnectorDataTypes(_serialization.Model): + """The available data types for Microsoft Purview Information Protection data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar logs: Logs data type. Required. + :vartype logs: + ~azure.mgmt.securityinsight.models.MicrosoftPurviewInformationProtectionConnectorDataTypesLogs + """ + + _validation = { + "logs": {"required": True}, + } + + _attribute_map = { + "logs": {"key": "logs", "type": "MicrosoftPurviewInformationProtectionConnectorDataTypesLogs"}, + } + + def __init__( + self, *, logs: "_models.MicrosoftPurviewInformationProtectionConnectorDataTypesLogs", **kwargs: Any + ) -> None: + """ + :keyword logs: Logs data type. Required. + :paramtype logs: + ~azure.mgmt.securityinsight.models.MicrosoftPurviewInformationProtectionConnectorDataTypesLogs + """ + super().__init__(**kwargs) + self.logs = logs + + +class MicrosoftPurviewInformationProtectionConnectorDataTypesLogs(DataConnectorDataTypeCommon): + """Logs data type. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class MicrosoftPurviewInformationProtectionDataConnector(DataConnector): + """Represents Microsoft Purview Information Protection data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: + ~azure.mgmt.securityinsight.models.MicrosoftPurviewInformationProtectionConnectorDataTypes + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": { + "key": "properties.dataTypes", + "type": "MicrosoftPurviewInformationProtectionConnectorDataTypes", + }, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.MicrosoftPurviewInformationProtectionConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: + ~azure.mgmt.securityinsight.models.MicrosoftPurviewInformationProtectionConnectorDataTypes + """ + super().__init__(etag=etag, **kwargs) + self.kind: str = "MicrosoftPurviewInformationProtection" + self.tenant_id = tenant_id + self.data_types = data_types + + +class MicrosoftPurviewInformationProtectionDataConnectorProperties(DataConnectorTenantId): + """Microsoft Purview Information Protection data connector properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: + ~azure.mgmt.securityinsight.models.MicrosoftPurviewInformationProtectionConnectorDataTypes + """ + + _validation = { + "tenant_id": {"required": True}, + "data_types": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "MicrosoftPurviewInformationProtectionConnectorDataTypes"}, + } + + def __init__( + self, + *, + tenant_id: str, + data_types: "_models.MicrosoftPurviewInformationProtectionConnectorDataTypes", + **kwargs: Any + ) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: + ~azure.mgmt.securityinsight.models.MicrosoftPurviewInformationProtectionConnectorDataTypes + """ + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types + + +class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes + """Represents MicrosoftSecurityIncidentCreation rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. + :vartype display_names_filter: list[str] + :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :vartype display_names_exclude_filter: list[str] + :ivar product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". + :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :ivar severities_filter: the alerts' severities on which the cases will be generated. + :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. + :vartype alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. + :vartype display_name: str + :ivar enabled: Determines whether this alert rule is enabled or disabled. + :vartype enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "last_modified_utc": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "display_names_filter": {"key": "properties.displayNamesFilter", "type": "[str]"}, + "display_names_exclude_filter": {"key": "properties.displayNamesExcludeFilter", "type": "[str]"}, + "product_filter": {"key": "properties.productFilter", "type": "str"}, + "severities_filter": {"key": "properties.severitiesFilter", "type": "[str]"}, + "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "enabled": {"key": "properties.enabled", "type": "bool"}, + "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, + severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + alert_rule_template_name: Optional[str] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + enabled: Optional[bool] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. + :paramtype display_names_filter: list[str] + :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :paramtype display_names_exclude_filter: list[str] + :keyword product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". + :paramtype product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :keyword severities_filter: the alerts' severities on which the cases will be generated. + :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :keyword alert_rule_template_name: The Name of the alert rule template used to create this + rule. + :paramtype alert_rule_template_name: str + :keyword description: The description of the alert rule. + :paramtype description: str + :keyword display_name: The display name for alerts created by this alert rule. + :paramtype display_name: str + :keyword enabled: Determines whether this alert rule is enabled or disabled. + :paramtype enabled: bool + """ + super().__init__(etag=etag, **kwargs) + self.kind: str = "MicrosoftSecurityIncidentCreation" + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter + self.alert_rule_template_name = alert_rule_template_name + self.description = description + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None + + +class MicrosoftSecurityIncidentCreationAlertRuleCommonProperties(_serialization.Model): + """MicrosoftSecurityIncidentCreation rule common property bag. + + All required parameters must be populated in order to send to Azure. + + :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. + :vartype display_names_filter: list[str] + :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :vartype display_names_exclude_filter: list[str] + :ivar product_filter: The alerts' productName on which the cases will be generated. Required. + Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced + Threat Protection", "Azure Active Directory Identity Protection", "Azure Security Center for + IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat + Protection". + :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :ivar severities_filter: the alerts' severities on which the cases will be generated. + :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + + _validation = { + "product_filter": {"required": True}, + } + + _attribute_map = { + "display_names_filter": {"key": "displayNamesFilter", "type": "[str]"}, + "display_names_exclude_filter": {"key": "displayNamesExcludeFilter", "type": "[str]"}, + "product_filter": {"key": "productFilter", "type": "str"}, + "severities_filter": {"key": "severitiesFilter", "type": "[str]"}, + } + + def __init__( + self, + *, + product_filter: Union[str, "_models.MicrosoftSecurityProductName"], + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + **kwargs: Any + ) -> None: + """ + :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. + :paramtype display_names_filter: list[str] + :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :paramtype display_names_exclude_filter: list[str] + :keyword product_filter: The alerts' productName on which the cases will be generated. + Required. Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure + Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security + Center for IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced + Threat Protection". + :paramtype product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :keyword severities_filter: the alerts' severities on which the cases will be generated. + :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + super().__init__(**kwargs) + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter + + +class MicrosoftSecurityIncidentCreationAlertRuleProperties(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties): + """MicrosoftSecurityIncidentCreation rule property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. + :vartype display_names_filter: list[str] + :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :vartype display_names_exclude_filter: list[str] + :ivar product_filter: The alerts' productName on which the cases will be generated. Required. + Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced + Threat Protection", "Azure Active Directory Identity Protection", "Azure Security Center for + IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat + Protection". + :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :ivar severities_filter: the alerts' severities on which the cases will be generated. + :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. + :vartype alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. Required. + :vartype display_name: str + :ivar enabled: Determines whether this alert rule is enabled or disabled. Required. + :vartype enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + """ + + _validation = { + "product_filter": {"required": True}, + "display_name": {"required": True}, + "enabled": {"required": True}, + "last_modified_utc": {"readonly": True}, + } + + _attribute_map = { + "display_names_filter": {"key": "displayNamesFilter", "type": "[str]"}, + "display_names_exclude_filter": {"key": "displayNamesExcludeFilter", "type": "[str]"}, + "product_filter": {"key": "productFilter", "type": "str"}, + "severities_filter": {"key": "severitiesFilter", "type": "[str]"}, + "alert_rule_template_name": {"key": "alertRuleTemplateName", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "enabled": {"key": "enabled", "type": "bool"}, + "last_modified_utc": {"key": "lastModifiedUtc", "type": "iso-8601"}, + } + + def __init__( + self, + *, + product_filter: Union[str, "_models.MicrosoftSecurityProductName"], + display_name: str, + enabled: bool, + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + alert_rule_template_name: Optional[str] = None, + description: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. + :paramtype display_names_filter: list[str] + :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :paramtype display_names_exclude_filter: list[str] + :keyword product_filter: The alerts' productName on which the cases will be generated. + Required. Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure + Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security + Center for IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced + Threat Protection". + :paramtype product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :keyword severities_filter: the alerts' severities on which the cases will be generated. + :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :keyword alert_rule_template_name: The Name of the alert rule template used to create this + rule. + :paramtype alert_rule_template_name: str + :keyword description: The description of the alert rule. + :paramtype description: str + :keyword display_name: The display name for alerts created by this alert rule. Required. + :paramtype display_name: str + :keyword enabled: Determines whether this alert rule is enabled or disabled. Required. + :paramtype enabled: bool + """ + super().__init__( + display_names_filter=display_names_filter, + display_names_exclude_filter=display_names_exclude_filter, + product_filter=product_filter, + severities_filter=severities_filter, + **kwargs + ) + self.alert_rule_template_name = alert_rule_template_name + self.description = description + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None + + +class MicrosoftSecurityIncidentCreationAlertRuleTemplate( + AlertRuleTemplate +): # pylint: disable=too-many-instance-attributes + """Represents MicrosoftSecurityIncidentCreation rule template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. + :vartype display_names_filter: list[str] + :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :vartype display_names_exclude_filter: list[str] + :ivar product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". + :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :ivar severities_filter: the alerts' severities on which the cases will be generated. + :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "required_data_connectors": { + "key": "properties.requiredDataConnectors", + "type": "[AlertRuleTemplateDataSource]", + }, + "status": {"key": "properties.status", "type": "str"}, + "display_names_filter": {"key": "properties.displayNamesFilter", "type": "[str]"}, + "display_names_exclude_filter": {"key": "properties.displayNamesExcludeFilter", "type": "[str]"}, + "product_filter": {"key": "properties.productFilter", "type": "str"}, + "severities_filter": {"key": "properties.severitiesFilter", "type": "[str]"}, + } + + def __init__( + self, + *, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, + severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + **kwargs: Any + ) -> None: + """ + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. + :paramtype display_names_filter: list[str] + :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :paramtype display_names_exclude_filter: list[str] + :keyword product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". + :paramtype product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :keyword severities_filter: the alerts' severities on which the cases will be generated. + :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + super().__init__(**kwargs) + self.kind: str = "MicrosoftSecurityIncidentCreation" + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.last_updated_date_utc = None + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter + + +class MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties( + AlertRuleTemplatePropertiesBase +): # pylint: disable=too-many-instance-attributes + """MicrosoftSecurityIncidentCreation rule template properties. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. + :vartype display_names_filter: list[str] + :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :vartype display_names_exclude_filter: list[str] + :ivar product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". + :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :ivar severities_filter: the alerts' severities on which the cases will be generated. + :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + + _validation = { + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, + } + + _attribute_map = { + "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, + "description": {"key": "description", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, + "status": {"key": "status", "type": "str"}, + "display_names_filter": {"key": "displayNamesFilter", "type": "[str]"}, + "display_names_exclude_filter": {"key": "displayNamesExcludeFilter", "type": "[str]"}, + "product_filter": {"key": "productFilter", "type": "str"}, + "severities_filter": {"key": "severitiesFilter", "type": "[str]"}, + } + + def __init__( + self, + *, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, + severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + **kwargs: Any + ) -> None: + """ + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. + :paramtype display_names_filter: list[str] + :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :paramtype display_names_exclude_filter: list[str] + :keyword product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". + :paramtype product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :keyword severities_filter: the alerts' severities on which the cases will be generated. + :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + super().__init__( + alert_rules_created_by_template_count=alert_rules_created_by_template_count, + description=description, + display_name=display_name, + required_data_connectors=required_data_connectors, + status=status, + **kwargs + ) + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter + + +class MLBehaviorAnalyticsAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes + """Represents MLBehaviorAnalytics alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. + :vartype alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. + :vartype display_name: str + :ivar enabled: Determines whether this alert rule is enabled or disabled. + :vartype enabled: bool + :ivar last_modified_utc: The last time that this alert rule has been modified. + :vartype last_modified_utc: ~datetime.datetime + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "description": {"readonly": True}, + "display_name": {"readonly": True}, + "last_modified_utc": {"readonly": True}, + "severity": {"readonly": True}, + "tactics": {"readonly": True}, + "techniques": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "enabled": {"key": "properties.enabled", "type": "bool"}, + "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, + "severity": {"key": "properties.severity", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + alert_rule_template_name: Optional[str] = None, + enabled: Optional[bool] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword alert_rule_template_name: The Name of the alert rule template used to create this + rule. + :paramtype alert_rule_template_name: str + :keyword enabled: Determines whether this alert rule is enabled or disabled. + :paramtype enabled: bool + """ + super().__init__(etag=etag, **kwargs) + self.kind: str = "MLBehaviorAnalytics" + self.alert_rule_template_name = alert_rule_template_name + self.description = None + self.display_name = None + self.enabled = enabled + self.last_modified_utc = None + self.severity = None + self.tactics = None + self.techniques = None + + +class MLBehaviorAnalyticsAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes + """Represents MLBehaviorAnalytics alert rule template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "required_data_connectors": { + "key": "properties.requiredDataConnectors", + "type": "[AlertRuleTemplateDataSource]", + }, + "status": {"key": "properties.status", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, "severity": {"key": "properties.severity", "type": "str"}, } @@ -14868,9 +16956,110 @@ def __init__( status: Optional[Union[str, "_models.TemplateStatus"]] = None, tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, techniques: Optional[List[str]] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - **kwargs - ): + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword tactics: The tactics of the alert rule. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + """ + super().__init__(**kwargs) + self.kind: str = "MLBehaviorAnalytics" + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.last_updated_date_utc = None + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.tactics = tactics + self.techniques = techniques + self.severity = severity + + +class MLBehaviorAnalyticsAlertRuleTemplateProperties(AlertRuleTemplateWithMitreProperties): + """MLBehaviorAnalytics alert rule template properties. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + :ivar severity: The severity for alerts created by this alert rule. Required. Known values are: + "High", "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + """ + + _validation = { + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, + "severity": {"required": True}, + } + + _attribute_map = { + "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, + "description": {"key": "description", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, + "status": {"key": "status", "type": "str"}, + "tactics": {"key": "tactics", "type": "[str]"}, + "techniques": {"key": "techniques", "type": "[str]"}, + "severity": {"key": "severity", "type": "str"}, + } + + def __init__( + self, + *, + severity: Union[str, "_models.AlertSeverity"], + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + **kwargs: Any + ) -> None: """ :keyword alert_rules_created_by_template_count: the number of alert rules that were created by this template. @@ -14889,136 +17078,275 @@ def __init__( :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] :keyword techniques: The techniques of the alert rule. :paramtype techniques: list[str] - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". + :keyword severity: The severity for alerts created by this alert rule. Required. Known values + are: "High", "Medium", "Low", and "Informational". :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity """ - super().__init__(**kwargs) - self.kind: str = "MLBehaviorAnalytics" - self.alert_rules_created_by_template_count = alert_rules_created_by_template_count - self.last_updated_date_utc = None - self.created_date_utc = None - self.description = description - self.display_name = display_name - self.required_data_connectors = required_data_connectors - self.status = status - self.tactics = tactics - self.techniques = techniques + super().__init__( + alert_rules_created_by_template_count=alert_rules_created_by_template_count, + description=description, + display_name=display_name, + required_data_connectors=required_data_connectors, + status=status, + tactics=tactics, + techniques=techniques, + **kwargs + ) self.severity = severity -class MLBehaviorAnalyticsAlertRuleTemplateProperties(AlertRuleTemplateWithMitreProperties): - """MLBehaviorAnalytics alert rule template properties. +class MSTICheckRequirements(DataConnectorsCheckRequirements): + """Represents Microsoft Threat Intelligence requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind: str = "MicrosoftThreatIntelligence" + self.tenant_id = tenant_id + + +class MSTICheckRequirementsProperties(DataConnectorTenantId): + """Microsoft Threat Intelligence requirements check properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class MSTIDataConnector(DataConnector): + """Represents Microsoft Threat Intelligence data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "MSTIDataConnectorDataTypes"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.MSTIDataConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes + """ + super().__init__(etag=etag, **kwargs) + self.kind: str = "MicrosoftThreatIntelligence" + self.tenant_id = tenant_id + self.data_types = data_types + + +class MSTIDataConnectorDataTypes(_serialization.Model): + """The available data types for Microsoft Threat Intelligence Platforms data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar microsoft_emerging_threat_feed: Data type for Microsoft Threat Intelligence Platforms + data connector. Required. + :vartype microsoft_emerging_threat_feed: + ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed + """ + + _validation = { + "microsoft_emerging_threat_feed": {"required": True}, + } + + _attribute_map = { + "microsoft_emerging_threat_feed": { + "key": "microsoftEmergingThreatFeed", + "type": "MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed", + }, + } + + def __init__( + self, + *, + microsoft_emerging_threat_feed: "_models.MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed", + **kwargs: Any + ) -> None: + """ + :keyword microsoft_emerging_threat_feed: Data type for Microsoft Threat Intelligence Platforms + data connector. Required. + :paramtype microsoft_emerging_threat_feed: + ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed + """ + super().__init__(**kwargs) + self.microsoft_emerging_threat_feed = microsoft_emerging_threat_feed + + +class MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed(DataConnectorDataTypeCommon): + """Data type for Microsoft Threat Intelligence Platforms data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :ivar lookback_period: The lookback period for the feed to be imported. Required. + :vartype lookback_period: str + """ + + _validation = { + "state": {"required": True}, + "lookback_period": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + "lookback_period": {"key": "lookbackPeriod", "type": "str"}, + } - Variables are only populated by the server, and will be ignored when sending a request. + def __init__(self, *, state: Union[str, "_models.DataTypeState"], lookback_period: str, **kwargs: Any) -> None: + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword lookback_period: The lookback period for the feed to be imported. Required. + :paramtype lookback_period: str + """ + super().__init__(state=state, **kwargs) + self.lookback_period = lookback_period + + +class MSTIDataConnectorProperties(DataConnectorTenantId): + """Microsoft Threat Intelligence data connector properties. All required parameters must be populated in order to send to Azure. - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - :ivar severity: The severity for alerts created by this alert rule. Required. Known values are: - "High", "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes """ _validation = { - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, - "severity": {"required": True}, + "tenant_id": {"required": True}, + "data_types": {"required": True}, } _attribute_map = { - "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, - "description": {"key": "description", "type": "str"}, - "display_name": {"key": "displayName", "type": "str"}, - "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, - "status": {"key": "status", "type": "str"}, - "tactics": {"key": "tactics", "type": "[str]"}, - "techniques": {"key": "techniques", "type": "[str]"}, - "severity": {"key": "severity", "type": "str"}, + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "MSTIDataConnectorDataTypes"}, } - def __init__( - self, - *, - severity: Union[str, "_models.AlertSeverity"], - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - **kwargs - ): + def __init__(self, *, tenant_id: str, data_types: "_models.MSTIDataConnectorDataTypes", **kwargs: Any) -> None: """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword tactics: The tactics of the alert rule. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] - :keyword severity: The severity for alerts created by this alert rule. Required. Known values - are: "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes """ - super().__init__( - alert_rules_created_by_template_count=alert_rules_created_by_template_count, - description=description, - display_name=display_name, - required_data_connectors=required_data_connectors, - status=status, - tactics=tactics, - techniques=techniques, - **kwargs - ) - self.severity = severity + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types -class MSTICheckRequirements(DataConnectorsCheckRequirements): - """Represents Microsoft Threat Intelligence requirements check request. +class MtpCheckRequirements(DataConnectorsCheckRequirements): + """Represents MTP (Microsoft Threat Protection) requirements check request. All required parameters must be populated in order to send to Azure. :ivar kind: Describes the kind of connector to be checked. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str @@ -15033,18 +17361,18 @@ class MSTICheckRequirements(DataConnectorsCheckRequirements): "tenant_id": {"key": "properties.tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str """ super().__init__(**kwargs) - self.kind: str = "MicrosoftThreatIntelligence" + self.kind: str = "MicrosoftThreatProtection" self.tenant_id = tenant_id -class MSTICheckRequirementsProperties(DataConnectorTenantId): - """Microsoft Threat Intelligence requirements check properties. +class MTPCheckRequirementsProperties(DataConnectorTenantId): + """MTP (Microsoft Threat Protection) requirements check properties. All required parameters must be populated in order to send to Azure. @@ -15060,7 +17388,7 @@ class MSTICheckRequirementsProperties(DataConnectorTenantId): "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. Required. :paramtype tenant_id: str @@ -15068,8 +17396,8 @@ def __init__(self, *, tenant_id: str, **kwargs): super().__init__(tenant_id=tenant_id, **kwargs) -class MSTIDataConnector(DataConnector): - """Represents Microsoft Threat Intelligence data connector. +class MTPDataConnector(DataConnector): + """Represents MTP (Microsoft Threat Protection) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -15091,15 +17419,17 @@ class MSTIDataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes + :vartype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes + :ivar filtered_providers: The available filtered providers for the connector. + :vartype filtered_providers: ~azure.mgmt.securityinsight.models.MtpFilteredProviders """ _validation = { @@ -15118,7 +17448,8 @@ class MSTIDataConnector(DataConnector): "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "MSTIDataConnectorDataTypes"}, + "data_types": {"key": "properties.dataTypes", "type": "MTPDataConnectorDataTypes"}, + "filtered_providers": {"key": "properties.filteredProviders", "type": "MtpFilteredProviders"}, } def __init__( @@ -15126,239 +17457,511 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - data_types: Optional["_models.MSTIDataConnectorDataTypes"] = None, - **kwargs - ): + data_types: Optional["_models.MTPDataConnectorDataTypes"] = None, + filtered_providers: Optional["_models.MtpFilteredProviders"] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes + :paramtype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes + :keyword filtered_providers: The available filtered providers for the connector. + :paramtype filtered_providers: ~azure.mgmt.securityinsight.models.MtpFilteredProviders """ super().__init__(etag=etag, **kwargs) - self.kind: str = "MicrosoftThreatIntelligence" + self.kind: str = "MicrosoftThreatProtection" self.tenant_id = tenant_id self.data_types = data_types + self.filtered_providers = filtered_providers -class MSTIDataConnectorDataTypes(_serialization.Model): - """The available data types for Microsoft Threat Intelligence Platforms data connector. +class MTPDataConnectorDataTypes(_serialization.Model): + """The available data types for Microsoft Threat Protection Platforms data connector. All required parameters must be populated in order to send to Azure. - :ivar bing_safety_phishing_url: Data type for Microsoft Threat Intelligence Platforms data - connector. Required. - :vartype bing_safety_phishing_url: - ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypesBingSafetyPhishingURL - :ivar microsoft_emerging_threat_feed: Data type for Microsoft Threat Intelligence Platforms - data connector. Required. - :vartype microsoft_emerging_threat_feed: - ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed + :ivar incidents: Incidents data type for Microsoft Threat Protection Platforms data connector. + Required. + :vartype incidents: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypesIncidents + :ivar alerts: Alerts data type for Microsoft Threat Protection Platforms data connector. + :vartype alerts: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypesAlerts """ _validation = { - "bing_safety_phishing_url": {"required": True}, - "microsoft_emerging_threat_feed": {"required": True}, + "incidents": {"required": True}, } _attribute_map = { - "bing_safety_phishing_url": { - "key": "bingSafetyPhishingURL", - "type": "MSTIDataConnectorDataTypesBingSafetyPhishingURL", - }, - "microsoft_emerging_threat_feed": { - "key": "microsoftEmergingThreatFeed", - "type": "MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed", - }, + "incidents": {"key": "incidents", "type": "MTPDataConnectorDataTypesIncidents"}, + "alerts": {"key": "alerts", "type": "MTPDataConnectorDataTypesAlerts"}, } def __init__( self, *, - bing_safety_phishing_url: "_models.MSTIDataConnectorDataTypesBingSafetyPhishingURL", - microsoft_emerging_threat_feed: "_models.MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed", - **kwargs - ): + incidents: "_models.MTPDataConnectorDataTypesIncidents", + alerts: Optional["_models.MTPDataConnectorDataTypesAlerts"] = None, + **kwargs: Any + ) -> None: """ - :keyword bing_safety_phishing_url: Data type for Microsoft Threat Intelligence Platforms data + :keyword incidents: Incidents data type for Microsoft Threat Protection Platforms data connector. Required. - :paramtype bing_safety_phishing_url: - ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypesBingSafetyPhishingURL - :keyword microsoft_emerging_threat_feed: Data type for Microsoft Threat Intelligence Platforms - data connector. Required. - :paramtype microsoft_emerging_threat_feed: - ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed + :paramtype incidents: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypesIncidents + :keyword alerts: Alerts data type for Microsoft Threat Protection Platforms data connector. + :paramtype alerts: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypesAlerts """ super().__init__(**kwargs) - self.bing_safety_phishing_url = bing_safety_phishing_url - self.microsoft_emerging_threat_feed = microsoft_emerging_threat_feed + self.incidents = incidents + self.alerts = alerts -class MSTIDataConnectorDataTypesBingSafetyPhishingURL(DataConnectorDataTypeCommon): - """Data type for Microsoft Threat Intelligence Platforms data connector. +class MTPDataConnectorDataTypesAlerts(DataConnectorDataTypeCommon): + """Alerts data type for Microsoft Threat Protection Platforms data connector. All required parameters must be populated in order to send to Azure. :ivar state: Describe whether this data type connection is enabled or not. Required. Known values are: "Enabled" and "Disabled". :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - :ivar lookback_period: lookback period. Required. - :vartype lookback_period: str """ _validation = { "state": {"required": True}, - "lookback_period": {"required": True}, } _attribute_map = { "state": {"key": "state", "type": "str"}, - "lookback_period": {"key": "lookbackPeriod", "type": "str"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], lookback_period: str, **kwargs): + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: """ :keyword state: Describe whether this data type connection is enabled or not. Required. Known values are: "Enabled" and "Disabled". :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - :keyword lookback_period: lookback period. Required. - :paramtype lookback_period: str """ super().__init__(state=state, **kwargs) - self.lookback_period = lookback_period -class MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed(DataConnectorDataTypeCommon): - """Data type for Microsoft Threat Intelligence Platforms data connector. +class MTPDataConnectorDataTypesIncidents(DataConnectorDataTypeCommon): + """Incidents data type for Microsoft Threat Protection Platforms data connector. All required parameters must be populated in order to send to Azure. :ivar state: Describe whether this data type connection is enabled or not. Required. Known values are: "Enabled" and "Disabled". :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - :ivar lookback_period: lookback period. Required. - :vartype lookback_period: str """ _validation = { "state": {"required": True}, - "lookback_period": {"required": True}, } _attribute_map = { "state": {"key": "state", "type": "str"}, - "lookback_period": {"key": "lookbackPeriod", "type": "str"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], lookback_period: str, **kwargs): + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: """ :keyword state: Describe whether this data type connection is enabled or not. Required. Known values are: "Enabled" and "Disabled". :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - :keyword lookback_period: lookback period. Required. - :paramtype lookback_period: str """ super().__init__(state=state, **kwargs) - self.lookback_period = lookback_period -class MSTIDataConnectorProperties(DataConnectorTenantId): - """Microsoft Threat Intelligence data connector properties. +class MTPDataConnectorProperties(DataConnectorTenantId): + """MTP (Microsoft Threat Protection) data connector properties. All required parameters must be populated in order to send to Azure. :ivar tenant_id: The tenant id to connect to, and get the data from. Required. :vartype tenant_id: str :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes + :vartype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes + :ivar filtered_providers: The available filtered providers for the connector. + :vartype filtered_providers: ~azure.mgmt.securityinsight.models.MtpFilteredProviders + """ + + _validation = { + "tenant_id": {"required": True}, + "data_types": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "MTPDataConnectorDataTypes"}, + "filtered_providers": {"key": "filteredProviders", "type": "MtpFilteredProviders"}, + } + + def __init__( + self, + *, + tenant_id: str, + data_types: "_models.MTPDataConnectorDataTypes", + filtered_providers: Optional["_models.MtpFilteredProviders"] = None, + **kwargs: Any + ) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes + :keyword filtered_providers: The available filtered providers for the connector. + :paramtype filtered_providers: ~azure.mgmt.securityinsight.models.MtpFilteredProviders + """ + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types + self.filtered_providers = filtered_providers + + +class MtpFilteredProviders(_serialization.Model): + """Represents the connector's Filtered providers. + + All required parameters must be populated in order to send to Azure. + + :ivar alerts: Alerts filtered providers. When filters are not applied, all alerts will stream + through the MTP pipeline, still in private preview for all products EXCEPT MDA and MDI, which + are in GA state. Required. + :vartype alerts: list[str or ~azure.mgmt.securityinsight.models.MtpProvider] + """ + + _validation = { + "alerts": {"required": True}, + } + + _attribute_map = { + "alerts": {"key": "alerts", "type": "[str]"}, + } + + def __init__(self, *, alerts: List[Union[str, "_models.MtpProvider"]], **kwargs: Any) -> None: + """ + :keyword alerts: Alerts filtered providers. When filters are not applied, all alerts will + stream through the MTP pipeline, still in private preview for all products EXCEPT MDA and MDI, + which are in GA state. Required. + :paramtype alerts: list[str or ~azure.mgmt.securityinsight.models.MtpProvider] + """ + super().__init__(**kwargs) + self.alerts = alerts + + +class NicEntity(Entity): + """Represents an network interface entity. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar mac_address: The MAC address of this network interface. + :vartype mac_address: str + :ivar ip_address_entity_id: The IP entity id of this network interface. + :vartype ip_address_entity_id: str + :ivar vlans: A list of VLANs of the network interface entity. + :vartype vlans: list[str] """ _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "mac_address": {"readonly": True}, + "ip_address_entity_id": {"readonly": True}, + "vlans": {"readonly": True}, } _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "MSTIDataConnectorDataTypes"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "mac_address": {"key": "properties.macAddress", "type": "str"}, + "ip_address_entity_id": {"key": "properties.ipAddressEntityId", "type": "str"}, + "vlans": {"key": "properties.vlans", "type": "[str]"}, } - def __init__(self, *, tenant_id: str, data_types: "_models.MSTIDataConnectorDataTypes", **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes - """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.data_types = data_types + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.kind: str = "Nic" + self.additional_data = None + self.friendly_name = None + self.mac_address = None + self.ip_address_entity_id = None + self.vlans = None -class MtpCheckRequirements(DataConnectorsCheckRequirements): - """Represents MTP (Microsoft Threat Protection) requirements check request. +class NicEntityProperties(EntityCommonProperties): + """Nic entity property bag. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar mac_address: The MAC address of this network interface. + :vartype mac_address: str + :ivar ip_address_entity_id: The IP entity id of this network interface. + :vartype ip_address_entity_id: str + :ivar vlans: A list of VLANs of the network interface entity. + :vartype vlans: list[str] """ _validation = { - "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "mac_address": {"readonly": True}, + "ip_address_entity_id": {"readonly": True}, + "vlans": {"readonly": True}, } _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "mac_address": {"key": "macAddress", "type": "str"}, + "ip_address_entity_id": {"key": "ipAddressEntityId", "type": "str"}, + "vlans": {"key": "vlans", "type": "[str]"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.kind: str = "MicrosoftThreatProtection" - self.tenant_id = tenant_id + self.mac_address = None + self.ip_address_entity_id = None + self.vlans = None -class MTPCheckRequirementsProperties(DataConnectorTenantId): - """MTP (Microsoft Threat Protection) requirements check properties. +class NrtAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes + """Represents NRT alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. + :vartype alert_rule_template_name: str + :ivar template_version: The version of the alert rule template used to create this rule - in + format , where all are numbers, for example 0 <1.0.2>. + :vartype template_version: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar query: The query that creates alerts for this rule. + :vartype query: str + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + :ivar display_name: The display name for alerts created by this alert rule. + :vartype display_name: str + :ivar enabled: Determines whether this alert rule is enabled or disabled. + :vartype enabled: bool + :ivar last_modified_utc: The last time that this alert rule has been modified. + :vartype last_modified_utc: ~datetime.datetime + :ivar suppression_duration: The suppression (in ISO 8601 duration format) to wait since last + time this alert rule been triggered. + :vartype suppression_duration: ~datetime.timedelta + :ivar suppression_enabled: Determines whether the suppression for this alert rule is enabled or + disabled. + :vartype suppression_enabled: bool + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar incident_configuration: The settings of the incidents that created from alerts triggered + by this analytics rule. + :vartype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration + :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :vartype custom_details: dict[str, str] + :ivar entity_mappings: Array of the entity mappings of the alert rule. + :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :ivar alert_details_override: The alert details override settings. + :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :ivar event_grouping_settings: The event grouping settings. + :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. + :vartype sentinel_entities_mappings: + list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] """ _validation = { - "tenant_id": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "last_modified_utc": {"readonly": True}, } _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, + "template_version": {"key": "properties.templateVersion", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "query": {"key": "properties.query", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "enabled": {"key": "properties.enabled", "type": "bool"}, + "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, + "suppression_duration": {"key": "properties.suppressionDuration", "type": "duration"}, + "suppression_enabled": {"key": "properties.suppressionEnabled", "type": "bool"}, + "severity": {"key": "properties.severity", "type": "str"}, + "incident_configuration": {"key": "properties.incidentConfiguration", "type": "IncidentConfiguration"}, + "custom_details": {"key": "properties.customDetails", "type": "{str}"}, + "entity_mappings": {"key": "properties.entityMappings", "type": "[EntityMapping]"}, + "alert_details_override": {"key": "properties.alertDetailsOverride", "type": "AlertDetailsOverride"}, + "event_grouping_settings": {"key": "properties.eventGroupingSettings", "type": "EventGroupingSettings"}, + "sentinel_entities_mappings": {"key": "properties.sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__( # pylint: disable=too-many-locals + self, + *, + etag: Optional[str] = None, + alert_rule_template_name: Optional[str] = None, + template_version: Optional[str] = None, + description: Optional[str] = None, + query: Optional[str] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + display_name: Optional[str] = None, + enabled: Optional[bool] = None, + suppression_duration: Optional[datetime.timedelta] = None, + suppression_enabled: Optional[bool] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + incident_configuration: Optional["_models.IncidentConfiguration"] = None, + custom_details: Optional[Dict[str, str]] = None, + entity_mappings: Optional[List["_models.EntityMapping"]] = None, + alert_details_override: Optional["_models.AlertDetailsOverride"] = None, + event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, + sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, + **kwargs: Any + ) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword alert_rule_template_name: The Name of the alert rule template used to create this + rule. + :paramtype alert_rule_template_name: str + :keyword template_version: The version of the alert rule template used to create this rule - in + format , where all are numbers, for example 0 <1.0.2>. + :paramtype template_version: str + :keyword description: The description of the alert rule. + :paramtype description: str + :keyword query: The query that creates alerts for this rule. + :paramtype query: str + :keyword tactics: The tactics of the alert rule. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + :keyword display_name: The display name for alerts created by this alert rule. + :paramtype display_name: str + :keyword enabled: Determines whether this alert rule is enabled or disabled. + :paramtype enabled: bool + :keyword suppression_duration: The suppression (in ISO 8601 duration format) to wait since last + time this alert rule been triggered. + :paramtype suppression_duration: ~datetime.timedelta + :keyword suppression_enabled: Determines whether the suppression for this alert rule is enabled + or disabled. + :paramtype suppression_enabled: bool + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword incident_configuration: The settings of the incidents that created from alerts + triggered by this analytics rule. + :paramtype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration + :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :paramtype custom_details: dict[str, str] + :keyword entity_mappings: Array of the entity mappings of the alert rule. + :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :keyword alert_details_override: The alert details override settings. + :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :keyword event_grouping_settings: The event grouping settings. + :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. + :paramtype sentinel_entities_mappings: + list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] """ - super().__init__(tenant_id=tenant_id, **kwargs) + super().__init__(etag=etag, **kwargs) + self.kind: str = "NRT" + self.alert_rule_template_name = alert_rule_template_name + self.template_version = template_version + self.description = description + self.query = query + self.tactics = tactics + self.techniques = techniques + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None + self.suppression_duration = suppression_duration + self.suppression_enabled = suppression_enabled + self.severity = severity + self.incident_configuration = incident_configuration + self.custom_details = custom_details + self.entity_mappings = entity_mappings + self.alert_details_override = alert_details_override + self.event_grouping_settings = event_grouping_settings + self.sentinel_entities_mappings = sentinel_entities_mappings -class MTPDataConnector(DataConnector): - """Represents MTP (Microsoft Threat Protection) data connector. +class NrtAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes + """Represents NRT alert rule template. Variables are only populated by the server, and will be ignored when sending a request. @@ -15375,20 +17978,51 @@ class MTPDataConnector(DataConnector): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + :ivar query: The query that creates alerts for this rule. + :vartype query: str + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar version: The version of this template - in format , where all are numbers. For + example <1.0.2>. + :vartype version: str + :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :vartype custom_details: dict[str, str] + :ivar entity_mappings: Array of the entity mappings of the alert rule. + :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :ivar alert_details_override: The alert details override settings. + :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :ivar event_grouping_settings: The event grouping settings. + :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. + :vartype sentinel_entities_mappings: + list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] """ _validation = { @@ -15397,6 +18031,8 @@ class MTPDataConnector(DataConnector): "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, } _attribute_map = { @@ -15404,435 +18040,478 @@ class MTPDataConnector(DataConnector): "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "MTPDataConnectorDataTypes"}, + "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "required_data_connectors": { + "key": "properties.requiredDataConnectors", + "type": "[AlertRuleTemplateDataSource]", + }, + "status": {"key": "properties.status", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + "query": {"key": "properties.query", "type": "str"}, + "severity": {"key": "properties.severity", "type": "str"}, + "version": {"key": "properties.version", "type": "str"}, + "custom_details": {"key": "properties.customDetails", "type": "{str}"}, + "entity_mappings": {"key": "properties.entityMappings", "type": "[EntityMapping]"}, + "alert_details_override": {"key": "properties.alertDetailsOverride", "type": "AlertDetailsOverride"}, + "event_grouping_settings": {"key": "properties.eventGroupingSettings", "type": "EventGroupingSettings"}, + "sentinel_entities_mappings": {"key": "properties.sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, } def __init__( self, *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.MTPDataConnectorDataTypes"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "MicrosoftThreatProtection" - self.tenant_id = tenant_id - self.data_types = data_types - - -class MTPDataConnectorDataTypes(_serialization.Model): - """The available data types for Microsoft Threat Protection Platforms data connector. - - All required parameters must be populated in order to send to Azure. - - :ivar incidents: Data type for Microsoft Threat Protection Platforms data connector. Required. - :vartype incidents: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypesIncidents - """ - - _validation = { - "incidents": {"required": True}, - } - - _attribute_map = { - "incidents": {"key": "incidents", "type": "MTPDataConnectorDataTypesIncidents"}, - } - - def __init__(self, *, incidents: "_models.MTPDataConnectorDataTypesIncidents", **kwargs): + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + query: Optional[str] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + version: Optional[str] = None, + custom_details: Optional[Dict[str, str]] = None, + entity_mappings: Optional[List["_models.EntityMapping"]] = None, + alert_details_override: Optional["_models.AlertDetailsOverride"] = None, + event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, + sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, + **kwargs: Any + ) -> None: """ - :keyword incidents: Data type for Microsoft Threat Protection Platforms data connector. - Required. - :paramtype incidents: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypesIncidents + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword tactics: The tactics of the alert rule. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + :keyword query: The query that creates alerts for this rule. + :paramtype query: str + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword version: The version of this template - in format , where all are numbers. For + example <1.0.2>. + :paramtype version: str + :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :paramtype custom_details: dict[str, str] + :keyword entity_mappings: Array of the entity mappings of the alert rule. + :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :keyword alert_details_override: The alert details override settings. + :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :keyword event_grouping_settings: The event grouping settings. + :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. + :paramtype sentinel_entities_mappings: + list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] """ super().__init__(**kwargs) - self.incidents = incidents - + self.kind: str = "NRT" + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.last_updated_date_utc = None + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.tactics = tactics + self.techniques = techniques + self.query = query + self.severity = severity + self.version = version + self.custom_details = custom_details + self.entity_mappings = entity_mappings + self.alert_details_override = alert_details_override + self.event_grouping_settings = event_grouping_settings + self.sentinel_entities_mappings = sentinel_entities_mappings -class MTPDataConnectorDataTypesIncidents(DataConnectorDataTypeCommon): - """Data type for Microsoft Threat Protection Platforms data connector. - All required parameters must be populated in order to send to Azure. +class QueryBasedAlertRuleTemplateProperties(_serialization.Model): + """Query based alert rule template base property bag. - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :ivar query: The query that creates alerts for this rule. + :vartype query: str + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar version: The version of this template - in format , where all are numbers. For + example <1.0.2>. + :vartype version: str + :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :vartype custom_details: dict[str, str] + :ivar entity_mappings: Array of the entity mappings of the alert rule. + :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :ivar alert_details_override: The alert details override settings. + :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :ivar event_grouping_settings: The event grouping settings. + :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. + :vartype sentinel_entities_mappings: + list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] """ - _validation = { - "state": {"required": True}, - } - _attribute_map = { - "state": {"key": "state", "type": "str"}, + "query": {"key": "query", "type": "str"}, + "severity": {"key": "severity", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "custom_details": {"key": "customDetails", "type": "{str}"}, + "entity_mappings": {"key": "entityMappings", "type": "[EntityMapping]"}, + "alert_details_override": {"key": "alertDetailsOverride", "type": "AlertDetailsOverride"}, + "event_grouping_settings": {"key": "eventGroupingSettings", "type": "EventGroupingSettings"}, + "sentinel_entities_mappings": {"key": "sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__( + self, + *, + query: Optional[str] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + version: Optional[str] = None, + custom_details: Optional[Dict[str, str]] = None, + entity_mappings: Optional[List["_models.EntityMapping"]] = None, + alert_details_override: Optional["_models.AlertDetailsOverride"] = None, + event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, + sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, + **kwargs: Any + ) -> None: """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword query: The query that creates alerts for this rule. + :paramtype query: str + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword version: The version of this template - in format , where all are numbers. For + example <1.0.2>. + :paramtype version: str + :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :paramtype custom_details: dict[str, str] + :keyword entity_mappings: Array of the entity mappings of the alert rule. + :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :keyword alert_details_override: The alert details override settings. + :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :keyword event_grouping_settings: The event grouping settings. + :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. + :paramtype sentinel_entities_mappings: + list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] """ - super().__init__(state=state, **kwargs) + super().__init__(**kwargs) + self.query = query + self.severity = severity + self.version = version + self.custom_details = custom_details + self.entity_mappings = entity_mappings + self.alert_details_override = alert_details_override + self.event_grouping_settings = event_grouping_settings + self.sentinel_entities_mappings = sentinel_entities_mappings -class MTPDataConnectorProperties(DataConnectorTenantId): - """MTP (Microsoft Threat Protection) data connector properties. +class NrtAlertRuleTemplateProperties( + AlertRuleTemplateWithMitreProperties, QueryBasedAlertRuleTemplateProperties +): # pylint: disable=too-many-instance-attributes + """NRT alert rule template properties. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes + :ivar query: The query that creates alerts for this rule. + :vartype query: str + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar version: The version of this template - in format , where all are numbers. For + example <1.0.2>. + :vartype version: str + :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :vartype custom_details: dict[str, str] + :ivar entity_mappings: Array of the entity mappings of the alert rule. + :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :ivar alert_details_override: The alert details override settings. + :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :ivar event_grouping_settings: The event grouping settings. + :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. + :vartype sentinel_entities_mappings: + list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] """ _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, } _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "MTPDataConnectorDataTypes"}, + "query": {"key": "query", "type": "str"}, + "severity": {"key": "severity", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "custom_details": {"key": "customDetails", "type": "{str}"}, + "entity_mappings": {"key": "entityMappings", "type": "[EntityMapping]"}, + "alert_details_override": {"key": "alertDetailsOverride", "type": "AlertDetailsOverride"}, + "event_grouping_settings": {"key": "eventGroupingSettings", "type": "EventGroupingSettings"}, + "sentinel_entities_mappings": {"key": "sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, + "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, + "description": {"key": "description", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, + "status": {"key": "status", "type": "str"}, + "tactics": {"key": "tactics", "type": "[str]"}, + "techniques": {"key": "techniques", "type": "[str]"}, } - def __init__(self, *, tenant_id: str, data_types: "_models.MTPDataConnectorDataTypes", **kwargs): + def __init__( + self, + *, + query: Optional[str] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + version: Optional[str] = None, + custom_details: Optional[Dict[str, str]] = None, + entity_mappings: Optional[List["_models.EntityMapping"]] = None, + alert_details_override: Optional["_models.AlertDetailsOverride"] = None, + event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, + sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + **kwargs: Any + ) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes + :keyword query: The query that creates alerts for this rule. + :paramtype query: str + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword version: The version of this template - in format , where all are numbers. For + example <1.0.2>. + :paramtype version: str + :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :paramtype custom_details: dict[str, str] + :keyword entity_mappings: Array of the entity mappings of the alert rule. + :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :keyword alert_details_override: The alert details override settings. + :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :keyword event_grouping_settings: The event grouping settings. + :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. + :paramtype sentinel_entities_mappings: + list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword tactics: The tactics of the alert rule. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.data_types = data_types - + super().__init__( + alert_rules_created_by_template_count=alert_rules_created_by_template_count, + description=description, + display_name=display_name, + required_data_connectors=required_data_connectors, + status=status, + tactics=tactics, + techniques=techniques, + query=query, + severity=severity, + version=version, + custom_details=custom_details, + entity_mappings=entity_mappings, + alert_details_override=alert_details_override, + event_grouping_settings=event_grouping_settings, + sentinel_entities_mappings=sentinel_entities_mappings, + **kwargs + ) + self.query = query + self.severity = severity + self.version = version + self.custom_details = custom_details + self.entity_mappings = entity_mappings + self.alert_details_override = alert_details_override + self.event_grouping_settings = event_grouping_settings + self.sentinel_entities_mappings = sentinel_entities_mappings + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.last_updated_date_utc = None + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.tactics = tactics + self.techniques = techniques -class NicEntity(Entity): - """Represents an network interface entity. - Variables are only populated by the server, and will be ignored when sending a request. +class Office365ProjectCheckRequirements(DataConnectorsCheckRequirements): + """Represents Office365 Project requirements check request. All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar mac_address: The MAC address of this network interface. - :vartype mac_address: str - :ivar ip_address_entity_id: The IP entity id of this network interface. - :vartype ip_address_entity_id: str - :ivar vlans: A list of VLANs of the network interface entity. - :vartype vlans: list[str] + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "mac_address": {"readonly": True}, - "ip_address_entity_id": {"readonly": True}, - "vlans": {"readonly": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "mac_address": {"key": "properties.macAddress", "type": "str"}, - "ip_address_entity_id": {"key": "properties.ipAddressEntityId", "type": "str"}, - "vlans": {"key": "properties.vlans", "type": "[str]"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, } - def __init__(self, **kwargs): - """ """ + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ super().__init__(**kwargs) - self.kind: str = "Nic" - self.additional_data = None - self.friendly_name = None - self.mac_address = None - self.ip_address_entity_id = None - self.vlans = None + self.kind: str = "Office365Project" + self.tenant_id = tenant_id -class NicEntityProperties(EntityCommonProperties): - """Nic entity property bag. +class Office365ProjectCheckRequirementsProperties(DataConnectorTenantId): + """Office365 Project requirements check properties. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar mac_address: The MAC address of this network interface. - :vartype mac_address: str - :ivar ip_address_entity_id: The IP entity id of this network interface. - :vartype ip_address_entity_id: str - :ivar vlans: A list of VLANs of the network interface entity. - :vartype vlans: list[str] + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str """ _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "mac_address": {"readonly": True}, - "ip_address_entity_id": {"readonly": True}, - "vlans": {"readonly": True}, + "tenant_id": {"required": True}, } _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "mac_address": {"key": "macAddress", "type": "str"}, - "ip_address_entity_id": {"key": "ipAddressEntityId", "type": "str"}, - "vlans": {"key": "vlans", "type": "[str]"}, + "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.mac_address = None - self.ip_address_entity_id = None - self.vlans = None - + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) -class NrtAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes - """Represents NRT alert rule. - Variables are only populated by the server, and will be ignored when sending a request. +class Office365ProjectConnectorDataTypes(_serialization.Model): + """The available data types for Office Microsoft Project data connector. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. - :vartype alert_rule_template_name: str - :ivar template_version: The version of the alert rule template used to create this rule - in - format , where all are numbers, for example 0 <1.0.2>. - :vartype template_version: str - :ivar description: The description of the alert rule. - :vartype description: str - :ivar query: The query that creates alerts for this rule. - :vartype query: str - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - :ivar display_name: The display name for alerts created by this alert rule. - :vartype display_name: str - :ivar enabled: Determines whether this alert rule is enabled or disabled. - :vartype enabled: bool - :ivar last_modified_utc: The last time that this alert rule has been modified. - :vartype last_modified_utc: ~datetime.datetime - :ivar suppression_duration: The suppression (in ISO 8601 duration format) to wait since last - time this alert rule been triggered. - :vartype suppression_duration: ~datetime.timedelta - :ivar suppression_enabled: Determines whether the suppression for this alert rule is enabled or - disabled. - :vartype suppression_enabled: bool - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar incident_configuration: The settings of the incidents that created from alerts triggered - by this analytics rule. - :vartype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration - :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :vartype custom_details: dict[str, str] - :ivar entity_mappings: Array of the entity mappings of the alert rule. - :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :ivar alert_details_override: The alert details override settings. - :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :ivar event_grouping_settings: The event grouping settings. - :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :vartype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + :ivar logs: Logs data type. Required. + :vartype logs: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypesLogs """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "last_modified_utc": {"readonly": True}, + "logs": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, - "template_version": {"key": "properties.templateVersion", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "query": {"key": "properties.query", "type": "str"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "enabled": {"key": "properties.enabled", "type": "bool"}, - "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, - "suppression_duration": {"key": "properties.suppressionDuration", "type": "duration"}, - "suppression_enabled": {"key": "properties.suppressionEnabled", "type": "bool"}, - "severity": {"key": "properties.severity", "type": "str"}, - "incident_configuration": {"key": "properties.incidentConfiguration", "type": "IncidentConfiguration"}, - "custom_details": {"key": "properties.customDetails", "type": "{str}"}, - "entity_mappings": {"key": "properties.entityMappings", "type": "[EntityMapping]"}, - "alert_details_override": {"key": "properties.alertDetailsOverride", "type": "AlertDetailsOverride"}, - "event_grouping_settings": {"key": "properties.eventGroupingSettings", "type": "EventGroupingSettings"}, - "sentinel_entities_mappings": {"key": "properties.sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, + "logs": {"key": "logs", "type": "Office365ProjectConnectorDataTypesLogs"}, } - def __init__( # pylint: disable=too-many-locals - self, - *, - etag: Optional[str] = None, - alert_rule_template_name: Optional[str] = None, - template_version: Optional[str] = None, - description: Optional[str] = None, - query: Optional[str] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - display_name: Optional[str] = None, - enabled: Optional[bool] = None, - suppression_duration: Optional[datetime.timedelta] = None, - suppression_enabled: Optional[bool] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - incident_configuration: Optional["_models.IncidentConfiguration"] = None, - custom_details: Optional[Dict[str, str]] = None, - entity_mappings: Optional[List["_models.EntityMapping"]] = None, - alert_details_override: Optional["_models.AlertDetailsOverride"] = None, - event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, - sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, - **kwargs - ): + def __init__(self, *, logs: "_models.Office365ProjectConnectorDataTypesLogs", **kwargs: Any) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword alert_rule_template_name: The Name of the alert rule template used to create this - rule. - :paramtype alert_rule_template_name: str - :keyword template_version: The version of the alert rule template used to create this rule - in - format , where all are numbers, for example 0 <1.0.2>. - :paramtype template_version: str - :keyword description: The description of the alert rule. - :paramtype description: str - :keyword query: The query that creates alerts for this rule. - :paramtype query: str - :keyword tactics: The tactics of the alert rule. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] - :keyword display_name: The display name for alerts created by this alert rule. - :paramtype display_name: str - :keyword enabled: Determines whether this alert rule is enabled or disabled. - :paramtype enabled: bool - :keyword suppression_duration: The suppression (in ISO 8601 duration format) to wait since last - time this alert rule been triggered. - :paramtype suppression_duration: ~datetime.timedelta - :keyword suppression_enabled: Determines whether the suppression for this alert rule is enabled - or disabled. - :paramtype suppression_enabled: bool - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword incident_configuration: The settings of the incidents that created from alerts - triggered by this analytics rule. - :paramtype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration - :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :paramtype custom_details: dict[str, str] - :keyword entity_mappings: Array of the entity mappings of the alert rule. - :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :keyword alert_details_override: The alert details override settings. - :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :keyword event_grouping_settings: The event grouping settings. - :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :paramtype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + :keyword logs: Logs data type. Required. + :paramtype logs: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypesLogs + """ + super().__init__(**kwargs) + self.logs = logs + + +class Office365ProjectConnectorDataTypesLogs(DataConnectorDataTypeCommon): + """Logs data type. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "NRT" - self.alert_rule_template_name = alert_rule_template_name - self.template_version = template_version - self.description = description - self.query = query - self.tactics = tactics - self.techniques = techniques - self.display_name = display_name - self.enabled = enabled - self.last_modified_utc = None - self.suppression_duration = suppression_duration - self.suppression_enabled = suppression_enabled - self.severity = severity - self.incident_configuration = incident_configuration - self.custom_details = custom_details - self.entity_mappings = entity_mappings - self.alert_details_override = alert_details_override - self.event_grouping_settings = event_grouping_settings - self.sentinel_entities_mappings = sentinel_entities_mappings + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) -class NrtAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes - """Represents NRT alert rule template. +class Office365ProjectDataConnector(DataConnector): + """Represents Office Microsoft Project data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -15849,51 +18528,20 @@ class NrtAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-insta :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - :ivar query: The query that creates alerts for this rule. - :vartype query: str - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar version: The version of this template - in format , where all are numbers. For - example <1.0.2>. - :vartype version: str - :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :vartype custom_details: dict[str, str] - :ivar entity_mappings: Array of the entity mappings of the alert rule. - :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :ivar alert_details_override: The alert details override settings. - :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :ivar event_grouping_settings: The event grouping settings. - :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :vartype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes """ _validation = { @@ -15902,8 +18550,6 @@ class NrtAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-insta "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, } _attribute_map = { @@ -15911,403 +18557,211 @@ class NrtAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-insta "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "required_data_connectors": { - "key": "properties.requiredDataConnectors", - "type": "[AlertRuleTemplateDataSource]", - }, - "status": {"key": "properties.status", "type": "str"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, - "query": {"key": "properties.query", "type": "str"}, - "severity": {"key": "properties.severity", "type": "str"}, - "version": {"key": "properties.version", "type": "str"}, - "custom_details": {"key": "properties.customDetails", "type": "{str}"}, - "entity_mappings": {"key": "properties.entityMappings", "type": "[EntityMapping]"}, - "alert_details_override": {"key": "properties.alertDetailsOverride", "type": "AlertDetailsOverride"}, - "event_grouping_settings": {"key": "properties.eventGroupingSettings", "type": "EventGroupingSettings"}, - "sentinel_entities_mappings": {"key": "properties.sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "Office365ProjectConnectorDataTypes"}, } def __init__( self, *, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - query: Optional[str] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - version: Optional[str] = None, - custom_details: Optional[Dict[str, str]] = None, - entity_mappings: Optional[List["_models.EntityMapping"]] = None, - alert_details_override: Optional["_models.AlertDetailsOverride"] = None, - event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, - sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, - **kwargs - ): + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.Office365ProjectConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword tactics: The tactics of the alert rule. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] - :keyword query: The query that creates alerts for this rule. - :paramtype query: str - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword version: The version of this template - in format , where all are numbers. For - example <1.0.2>. - :paramtype version: str - :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :paramtype custom_details: dict[str, str] - :keyword entity_mappings: Array of the entity mappings of the alert rule. - :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :keyword alert_details_override: The alert details override settings. - :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :keyword event_grouping_settings: The event grouping settings. - :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :paramtype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes """ - super().__init__(**kwargs) - self.kind: str = "NRT" - self.alert_rules_created_by_template_count = alert_rules_created_by_template_count - self.last_updated_date_utc = None - self.created_date_utc = None - self.description = description - self.display_name = display_name - self.required_data_connectors = required_data_connectors - self.status = status - self.tactics = tactics - self.techniques = techniques - self.query = query - self.severity = severity - self.version = version - self.custom_details = custom_details - self.entity_mappings = entity_mappings - self.alert_details_override = alert_details_override - self.event_grouping_settings = event_grouping_settings - self.sentinel_entities_mappings = sentinel_entities_mappings + super().__init__(etag=etag, **kwargs) + self.kind: str = "Office365Project" + self.tenant_id = tenant_id + self.data_types = data_types -class QueryBasedAlertRuleTemplateProperties(_serialization.Model): - """Query based alert rule template base property bag. +class Office365ProjectDataConnectorProperties(DataConnectorTenantId): + """Office Microsoft Project data connector properties. - :ivar query: The query that creates alerts for this rule. - :vartype query: str - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar version: The version of this template - in format , where all are numbers. For - example <1.0.2>. - :vartype version: str - :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :vartype custom_details: dict[str, str] - :ivar entity_mappings: Array of the entity mappings of the alert rule. - :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :ivar alert_details_override: The alert details override settings. - :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :ivar event_grouping_settings: The event grouping settings. - :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :vartype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes + """ + + _validation = { + "tenant_id": {"required": True}, + "data_types": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "Office365ProjectConnectorDataTypes"}, + } + + def __init__( + self, *, tenant_id: str, data_types: "_models.Office365ProjectConnectorDataTypes", **kwargs: Any + ) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes + """ + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types + + +class OfficeATPCheckRequirements(DataConnectorsCheckRequirements): + """Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str """ + _validation = { + "kind": {"required": True}, + } + _attribute_map = { - "query": {"key": "query", "type": "str"}, - "severity": {"key": "severity", "type": "str"}, - "version": {"key": "version", "type": "str"}, - "custom_details": {"key": "customDetails", "type": "{str}"}, - "entity_mappings": {"key": "entityMappings", "type": "[EntityMapping]"}, - "alert_details_override": {"key": "alertDetailsOverride", "type": "AlertDetailsOverride"}, - "event_grouping_settings": {"key": "eventGroupingSettings", "type": "EventGroupingSettings"}, - "sentinel_entities_mappings": {"key": "sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, } - def __init__( - self, - *, - query: Optional[str] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - version: Optional[str] = None, - custom_details: Optional[Dict[str, str]] = None, - entity_mappings: Optional[List["_models.EntityMapping"]] = None, - alert_details_override: Optional["_models.AlertDetailsOverride"] = None, - event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, - sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, - **kwargs - ): + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword query: The query that creates alerts for this rule. - :paramtype query: str - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword version: The version of this template - in format , where all are numbers. For - example <1.0.2>. - :paramtype version: str - :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :paramtype custom_details: dict[str, str] - :keyword entity_mappings: Array of the entity mappings of the alert rule. - :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :keyword alert_details_override: The alert details override settings. - :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :keyword event_grouping_settings: The event grouping settings. - :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :paramtype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str """ super().__init__(**kwargs) - self.query = query - self.severity = severity - self.version = version - self.custom_details = custom_details - self.entity_mappings = entity_mappings - self.alert_details_override = alert_details_override - self.event_grouping_settings = event_grouping_settings - self.sentinel_entities_mappings = sentinel_entities_mappings + self.kind: str = "OfficeATP" + self.tenant_id = tenant_id -class NrtAlertRuleTemplateProperties( - AlertRuleTemplateWithMitreProperties, QueryBasedAlertRuleTemplateProperties -): # pylint: disable=too-many-instance-attributes - """NRT alert rule template properties. +class OfficeATPCheckRequirementsProperties(DataConnectorTenantId): + """OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. - :ivar query: The query that creates alerts for this rule. - :vartype query: str - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar version: The version of this template - in format , where all are numbers. For - example <1.0.2>. - :vartype version: str - :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :vartype custom_details: dict[str, str] - :ivar entity_mappings: Array of the entity mappings of the alert rule. - :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :ivar alert_details_override: The alert details override settings. - :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :ivar event_grouping_settings: The event grouping settings. - :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :vartype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str """ _validation = { - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, + "tenant_id": {"required": True}, } _attribute_map = { - "query": {"key": "query", "type": "str"}, - "severity": {"key": "severity", "type": "str"}, - "version": {"key": "version", "type": "str"}, - "custom_details": {"key": "customDetails", "type": "{str}"}, - "entity_mappings": {"key": "entityMappings", "type": "[EntityMapping]"}, - "alert_details_override": {"key": "alertDetailsOverride", "type": "AlertDetailsOverride"}, - "event_grouping_settings": {"key": "eventGroupingSettings", "type": "EventGroupingSettings"}, - "sentinel_entities_mappings": {"key": "sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, - "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, - "description": {"key": "description", "type": "str"}, - "display_name": {"key": "displayName", "type": "str"}, - "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, - "status": {"key": "status", "type": "str"}, - "tactics": {"key": "tactics", "type": "[str]"}, - "techniques": {"key": "techniques", "type": "[str]"}, + "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__( - self, - *, - query: Optional[str] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - version: Optional[str] = None, - custom_details: Optional[Dict[str, str]] = None, - entity_mappings: Optional[List["_models.EntityMapping"]] = None, - alert_details_override: Optional["_models.AlertDetailsOverride"] = None, - event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, - sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - **kwargs - ): + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: """ - :keyword query: The query that creates alerts for this rule. - :paramtype query: str - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword version: The version of this template - in format , where all are numbers. For - example <1.0.2>. - :paramtype version: str - :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :paramtype custom_details: dict[str, str] - :keyword entity_mappings: Array of the entity mappings of the alert rule. - :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :keyword alert_details_override: The alert details override settings. - :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :keyword event_grouping_settings: The event grouping settings. - :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :paramtype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword tactics: The tactics of the alert rule. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str """ - super().__init__( - alert_rules_created_by_template_count=alert_rules_created_by_template_count, - description=description, - display_name=display_name, - required_data_connectors=required_data_connectors, - status=status, - tactics=tactics, - techniques=techniques, - query=query, - severity=severity, - version=version, - custom_details=custom_details, - entity_mappings=entity_mappings, - alert_details_override=alert_details_override, - event_grouping_settings=event_grouping_settings, - sentinel_entities_mappings=sentinel_entities_mappings, - **kwargs - ) - self.query = query - self.severity = severity - self.version = version - self.custom_details = custom_details - self.entity_mappings = entity_mappings - self.alert_details_override = alert_details_override - self.event_grouping_settings = event_grouping_settings - self.sentinel_entities_mappings = sentinel_entities_mappings - self.alert_rules_created_by_template_count = alert_rules_created_by_template_count - self.last_updated_date_utc = None - self.created_date_utc = None - self.description = description - self.display_name = display_name - self.required_data_connectors = required_data_connectors - self.status = status - self.tactics = tactics - self.techniques = techniques + super().__init__(tenant_id=tenant_id, **kwargs) -class Office365ProjectCheckRequirements(DataConnectorsCheckRequirements): - """Represents Office365 Project requirements check request. +class OfficeATPDataConnector(DataConnector): + """Represents OfficeATP (Office 365 Advanced Threat Protection) data connector. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector """ _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, "kind": {"required": True}, } _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, + **kwargs: Any + ) -> None: """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector """ - super().__init__(**kwargs) - self.kind: str = "Office365Project" + super().__init__(etag=etag, **kwargs) + self.kind: str = "OfficeATP" self.tenant_id = tenant_id + self.data_types = data_types -class Office365ProjectCheckRequirementsProperties(DataConnectorTenantId): - """Office365 Project requirements check properties. +class OfficeATPDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): + """OfficeATP (Office 365 Advanced Threat Protection) data connector properties. All required parameters must be populated in order to send to Azure. + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector :ivar tenant_id: The tenant id to connect to, and get the data from. Required. :vartype tenant_id: str """ @@ -16317,72 +18771,109 @@ class Office365ProjectCheckRequirementsProperties(DataConnectorTenantId): } _attribute_map = { + "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__( + self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs: Any + ) -> None: """ + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector :keyword tenant_id: The tenant id to connect to, and get the data from. Required. :paramtype tenant_id: str """ - super().__init__(tenant_id=tenant_id, **kwargs) + super().__init__(tenant_id=tenant_id, data_types=data_types, **kwargs) + self.data_types = data_types + self.tenant_id = tenant_id -class Office365ProjectConnectorDataTypes(_serialization.Model): - """The available data types for Office Microsoft Project data connector. +class OfficeConsent(Resource): + """Consent for Office365 tenant that already made. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar logs: Logs data type. Required. - :vartype logs: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypesLogs + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar tenant_id: The tenantId of the Office365 with the consent. + :vartype tenant_id: str + :ivar consent_id: Help to easily cascade among the data layers. + :vartype consent_id: str """ _validation = { - "logs": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, } _attribute_map = { - "logs": {"key": "logs", "type": "Office365ProjectConnectorDataTypesLogs"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "consent_id": {"key": "properties.consentId", "type": "str"}, } - def __init__(self, *, logs: "_models.Office365ProjectConnectorDataTypesLogs", **kwargs): + def __init__(self, *, tenant_id: Optional[str] = None, consent_id: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword logs: Logs data type. Required. - :paramtype logs: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypesLogs + :keyword tenant_id: The tenantId of the Office365 with the consent. + :paramtype tenant_id: str + :keyword consent_id: Help to easily cascade among the data layers. + :paramtype consent_id: str """ super().__init__(**kwargs) - self.logs = logs + self.tenant_id = tenant_id + self.consent_id = consent_id -class Office365ProjectConnectorDataTypesLogs(DataConnectorDataTypeCommon): - """Logs data type. +class OfficeConsentList(_serialization.Model): + """List of all the office365 consents. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :ivar next_link: URL to fetch the next set of office consents. + :vartype next_link: str + :ivar value: Array of the consents. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.OfficeConsent] """ _validation = { - "state": {"required": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "state": {"key": "state", "type": "str"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[OfficeConsent]"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__(self, *, value: List["_models.OfficeConsent"], **kwargs: Any) -> None: """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword value: Array of the consents. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.OfficeConsent] """ - super().__init__(state=state, **kwargs) + super().__init__(**kwargs) + self.next_link = None + self.value = value -class Office365ProjectDataConnector(DataConnector): - """Represents Office Microsoft Project data connector. +class OfficeDataConnector(DataConnector): + """Represents office data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -16404,15 +18895,15 @@ class Office365ProjectDataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes + :vartype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes """ _validation = { @@ -16431,7 +18922,7 @@ class Office365ProjectDataConnector(DataConnector): "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "Office365ProjectConnectorDataTypes"}, + "data_types": {"key": "properties.dataTypes", "type": "OfficeDataConnectorDataTypes"}, } def __init__( @@ -16439,32 +18930,161 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - data_types: Optional["_models.Office365ProjectConnectorDataTypes"] = None, - **kwargs - ): + data_types: Optional["_models.OfficeDataConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes + """ + super().__init__(etag=etag, **kwargs) + self.kind: str = "Office365" + self.tenant_id = tenant_id + self.data_types = data_types + + +class OfficeDataConnectorDataTypes(_serialization.Model): + """The available data types for office data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar exchange: Exchange data type connection. Required. + :vartype exchange: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesExchange + :ivar share_point: SharePoint data type connection. Required. + :vartype share_point: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesSharePoint + :ivar teams: Teams data type connection. Required. + :vartype teams: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesTeams + """ + + _validation = { + "exchange": {"required": True}, + "share_point": {"required": True}, + "teams": {"required": True}, + } + + _attribute_map = { + "exchange": {"key": "exchange", "type": "OfficeDataConnectorDataTypesExchange"}, + "share_point": {"key": "sharePoint", "type": "OfficeDataConnectorDataTypesSharePoint"}, + "teams": {"key": "teams", "type": "OfficeDataConnectorDataTypesTeams"}, + } + + def __init__( + self, + *, + exchange: "_models.OfficeDataConnectorDataTypesExchange", + share_point: "_models.OfficeDataConnectorDataTypesSharePoint", + teams: "_models.OfficeDataConnectorDataTypesTeams", + **kwargs: Any + ) -> None: + """ + :keyword exchange: Exchange data type connection. Required. + :paramtype exchange: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesExchange + :keyword share_point: SharePoint data type connection. Required. + :paramtype share_point: + ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesSharePoint + :keyword teams: Teams data type connection. Required. + :paramtype teams: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesTeams + """ + super().__init__(**kwargs) + self.exchange = exchange + self.share_point = share_point + self.teams = teams + + +class OfficeDataConnectorDataTypesExchange(DataConnectorDataTypeCommon): + """Exchange data type connection. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class OfficeDataConnectorDataTypesSharePoint(DataConnectorDataTypeCommon): + """SharePoint data type connection. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class OfficeDataConnectorDataTypesTeams(DataConnectorDataTypeCommon): + """Teams data type connection. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "Office365Project" - self.tenant_id = tenant_id - self.data_types = data_types + super().__init__(state=state, **kwargs) -class Office365ProjectDataConnectorProperties(DataConnectorTenantId): - """Office Microsoft Project data connector properties. +class OfficeDataConnectorProperties(DataConnectorTenantId): + """Office data connector properties. All required parameters must be populated in order to send to Azure. :ivar tenant_id: The tenant id to connect to, and get the data from. Required. :vartype tenant_id: str :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes + :vartype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes """ _validation = { @@ -16474,32 +19094,32 @@ class Office365ProjectDataConnectorProperties(DataConnectorTenantId): _attribute_map = { "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "Office365ProjectConnectorDataTypes"}, + "data_types": {"key": "dataTypes", "type": "OfficeDataConnectorDataTypes"}, } - def __init__(self, *, tenant_id: str, data_types: "_models.Office365ProjectConnectorDataTypes", **kwargs): + def __init__(self, *, tenant_id: str, data_types: "_models.OfficeDataConnectorDataTypes", **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. Required. :paramtype tenant_id: str :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes + :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes """ super().__init__(tenant_id=tenant_id, **kwargs) self.data_types = data_types -class OfficeATPCheckRequirements(DataConnectorsCheckRequirements): - """Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request. +class OfficeIRMCheckRequirements(DataConnectorsCheckRequirements): + """Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request. All required parameters must be populated in order to send to Azure. :ivar kind: Describes the kind of connector to be checked. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str @@ -16514,18 +19134,18 @@ class OfficeATPCheckRequirements(DataConnectorsCheckRequirements): "tenant_id": {"key": "properties.tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str """ super().__init__(**kwargs) - self.kind: str = "OfficeATP" + self.kind: str = "OfficeIRM" self.tenant_id = tenant_id -class OfficeATPCheckRequirementsProperties(DataConnectorTenantId): - """OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. +class OfficeIRMCheckRequirementsProperties(DataConnectorTenantId): + """OfficeIRM (Microsoft Insider Risk Management) requirements check properties. All required parameters must be populated in order to send to Azure. @@ -16541,7 +19161,7 @@ class OfficeATPCheckRequirementsProperties(DataConnectorTenantId): "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. Required. :paramtype tenant_id: str @@ -16549,8 +19169,8 @@ def __init__(self, *, tenant_id: str, **kwargs): super().__init__(tenant_id=tenant_id, **kwargs) -class OfficeATPDataConnector(DataConnector): - """Represents OfficeATP (Office 365 Advanced Threat Protection) data connector. +class OfficeIRMDataConnector(DataConnector): + """Represents OfficeIRM (Microsoft Insider Risk Management) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -16572,10 +19192,10 @@ class OfficeATPDataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str @@ -16608,8 +19228,8 @@ def __init__( etag: Optional[str] = None, tenant_id: Optional[str] = None, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -16619,13 +19239,13 @@ def __init__( :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector """ super().__init__(etag=etag, **kwargs) - self.kind: str = "OfficeATP" + self.kind: str = "OfficeIRM" self.tenant_id = tenant_id self.data_types = data_types -class OfficeATPDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): - """OfficeATP (Office 365 Advanced Threat Protection) data connector properties. +class OfficeIRMDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): + """OfficeIRM (Microsoft Insider Risk Management) data connector properties. All required parameters must be populated in order to send to Azure. @@ -16645,8 +19265,8 @@ class OfficeATPDataConnectorProperties(DataConnectorTenantId, DataConnectorWithA } def __init__( - self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs - ): + self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs: Any + ) -> None: """ :keyword data_types: The available data types for the connector. :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector @@ -16658,91 +19278,122 @@ def __init__( self.tenant_id = tenant_id -class OfficeConsent(Resource): - """Consent for Office365 tenant that already made. +class OfficePowerBICheckRequirements(DataConnectorsCheckRequirements): + """Represents Office PowerBI requirements check request. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar tenant_id: The tenantId of the Office365 with the consent. + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str - :ivar consent_id: Help to easily cascade among the data layers. - :vartype consent_id: str """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "consent_id": {"key": "properties.consentId", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, consent_id: Optional[str] = None, **kwargs): + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword tenant_id: The tenantId of the Office365 with the consent. + :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str - :keyword consent_id: Help to easily cascade among the data layers. - :paramtype consent_id: str """ super().__init__(**kwargs) + self.kind: str = "OfficePowerBI" self.tenant_id = tenant_id - self.consent_id = consent_id -class OfficeConsentList(_serialization.Model): - """List of all the office365 consents. +class OfficePowerBICheckRequirementsProperties(DataConnectorTenantId): + """Office PowerBI requirements check properties. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class OfficePowerBIConnectorDataTypes(_serialization.Model): + """The available data types for Office Microsoft PowerBI data connector. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of office consents. - :vartype next_link: str - :ivar value: Array of the consents. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.OfficeConsent] + :ivar logs: Logs data type. Required. + :vartype logs: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypesLogs """ _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, + "logs": {"required": True}, } _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[OfficeConsent]"}, + "logs": {"key": "logs", "type": "OfficePowerBIConnectorDataTypesLogs"}, } - def __init__(self, *, value: List["_models.OfficeConsent"], **kwargs): + def __init__(self, *, logs: "_models.OfficePowerBIConnectorDataTypesLogs", **kwargs: Any) -> None: """ - :keyword value: Array of the consents. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.OfficeConsent] + :keyword logs: Logs data type. Required. + :paramtype logs: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypesLogs """ super().__init__(**kwargs) - self.next_link = None - self.value = value + self.logs = logs -class OfficeDataConnector(DataConnector): - """Represents office data connector. +class OfficePowerBIConnectorDataTypesLogs(DataConnectorDataTypeCommon): + """Logs data type. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class OfficePowerBIDataConnector(DataConnector): + """Represents Office Microsoft PowerBI data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -16764,15 +19415,15 @@ class OfficeDataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes + :vartype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes """ _validation = { @@ -16791,7 +19442,7 @@ class OfficeDataConnector(DataConnector): "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "OfficeDataConnectorDataTypes"}, + "data_types": {"key": "properties.dataTypes", "type": "OfficePowerBIConnectorDataTypes"}, } def __init__( @@ -16799,252 +19450,409 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - data_types: Optional["_models.OfficeDataConnectorDataTypes"] = None, - **kwargs - ): + data_types: Optional["_models.OfficePowerBIConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes + :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes """ super().__init__(etag=etag, **kwargs) - self.kind: str = "Office365" + self.kind: str = "OfficePowerBI" self.tenant_id = tenant_id self.data_types = data_types -class OfficeDataConnectorDataTypes(_serialization.Model): - """The available data types for office data connector. - - All required parameters must be populated in order to send to Azure. - - :ivar exchange: Exchange data type connection. Required. - :vartype exchange: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesExchange - :ivar share_point: SharePoint data type connection. Required. - :vartype share_point: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesSharePoint - :ivar teams: Teams data type connection. Required. - :vartype teams: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesTeams - """ - - _validation = { - "exchange": {"required": True}, - "share_point": {"required": True}, - "teams": {"required": True}, - } - - _attribute_map = { - "exchange": {"key": "exchange", "type": "OfficeDataConnectorDataTypesExchange"}, - "share_point": {"key": "sharePoint", "type": "OfficeDataConnectorDataTypesSharePoint"}, - "teams": {"key": "teams", "type": "OfficeDataConnectorDataTypesTeams"}, - } - - def __init__( - self, - *, - exchange: "_models.OfficeDataConnectorDataTypesExchange", - share_point: "_models.OfficeDataConnectorDataTypesSharePoint", - teams: "_models.OfficeDataConnectorDataTypesTeams", - **kwargs - ): - """ - :keyword exchange: Exchange data type connection. Required. - :paramtype exchange: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesExchange - :keyword share_point: SharePoint data type connection. Required. - :paramtype share_point: - ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesSharePoint - :keyword teams: Teams data type connection. Required. - :paramtype teams: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesTeams - """ - super().__init__(**kwargs) - self.exchange = exchange - self.share_point = share_point - self.teams = teams - - -class OfficeDataConnectorDataTypesExchange(DataConnectorDataTypeCommon): - """Exchange data type connection. +class OfficePowerBIDataConnectorProperties(DataConnectorTenantId): + """Office Microsoft PowerBI data connector properties. All required parameters must be populated in order to send to Azure. - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes """ _validation = { - "state": {"required": True}, + "tenant_id": {"required": True}, + "data_types": {"required": True}, } _attribute_map = { - "state": {"key": "state", "type": "str"}, + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "OfficePowerBIConnectorDataTypes"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__(self, *, tenant_id: str, data_types: "_models.OfficePowerBIConnectorDataTypes", **kwargs: Any) -> None: """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes """ - super().__init__(state=state, **kwargs) - + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types -class OfficeDataConnectorDataTypesSharePoint(DataConnectorDataTypeCommon): - """SharePoint data type connection. - All required parameters must be populated in order to send to Azure. +class Operation(_serialization.Model): + """Operation provided by provider. - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :ivar display: Properties of the operation. + :vartype display: ~azure.mgmt.securityinsight.models.OperationDisplay + :ivar name: Name of the operation. + :vartype name: str + :ivar origin: The origin of the operation. + :vartype origin: str + :ivar is_data_action: Indicates whether the operation is a data action. + :vartype is_data_action: bool """ - _validation = { - "state": {"required": True}, - } - _attribute_map = { - "state": {"key": "state", "type": "str"}, + "display": {"key": "display", "type": "OperationDisplay"}, + "name": {"key": "name", "type": "str"}, + "origin": {"key": "origin", "type": "str"}, + "is_data_action": {"key": "isDataAction", "type": "bool"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__( + self, + *, + display: Optional["_models.OperationDisplay"] = None, + name: Optional[str] = None, + origin: Optional[str] = None, + is_data_action: Optional[bool] = None, + **kwargs: Any + ) -> None: """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword display: Properties of the operation. + :paramtype display: ~azure.mgmt.securityinsight.models.OperationDisplay + :keyword name: Name of the operation. + :paramtype name: str + :keyword origin: The origin of the operation. + :paramtype origin: str + :keyword is_data_action: Indicates whether the operation is a data action. + :paramtype is_data_action: bool """ - super().__init__(state=state, **kwargs) - + super().__init__(**kwargs) + self.display = display + self.name = name + self.origin = origin + self.is_data_action = is_data_action -class OfficeDataConnectorDataTypesTeams(DataConnectorDataTypeCommon): - """Teams data type connection. - All required parameters must be populated in order to send to Azure. +class OperationDisplay(_serialization.Model): + """Properties of the operation. - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :ivar description: Description of the operation. + :vartype description: str + :ivar operation: Operation name. + :vartype operation: str + :ivar provider: Provider name. + :vartype provider: str + :ivar resource: Resource name. + :vartype resource: str """ - _validation = { - "state": {"required": True}, - } - _attribute_map = { - "state": {"key": "state", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "operation": {"key": "operation", "type": "str"}, + "provider": {"key": "provider", "type": "str"}, + "resource": {"key": "resource", "type": "str"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__( + self, + *, + description: Optional[str] = None, + operation: Optional[str] = None, + provider: Optional[str] = None, + resource: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword description: Description of the operation. + :paramtype description: str + :keyword operation: Operation name. + :paramtype operation: str + :keyword provider: Provider name. + :paramtype provider: str + :keyword resource: Resource name. + :paramtype resource: str """ - super().__init__(state=state, **kwargs) + super().__init__(**kwargs) + self.description = description + self.operation = operation + self.provider = provider + self.resource = resource -class OfficeDataConnectorProperties(DataConnectorTenantId): - """Office data connector properties. +class OperationsList(_serialization.Model): + """Lists the operations available in the SecurityInsights RP. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes + :ivar next_link: URL to fetch the next set of operations. + :vartype next_link: str + :ivar value: Array of operations. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Operation] """ _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "OfficeDataConnectorDataTypes"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Operation]"}, } - def __init__(self, *, tenant_id: str, data_types: "_models.OfficeDataConnectorDataTypes", **kwargs): + def __init__(self, *, value: List["_models.Operation"], **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes + :keyword value: Array of operations. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Operation] """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.data_types = data_types - + super().__init__(**kwargs) + self.next_link = None + self.value = value -class OfficeIRMCheckRequirements(DataConnectorsCheckRequirements): - """Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request. - All required parameters must be populated in order to send to Azure. +class PackageBaseProperties(_serialization.Model): # pylint: disable=too-many-instance-attributes + """Describes package properties. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str + :ivar content_id: The content id of the package. + :vartype content_id: str + :ivar content_product_id: Unique ID for the content. It should be generated based on the + contentId, contentKind and the contentVersion of the package. + :vartype content_product_id: str + :ivar content_kind: The package kind. Known values are: "Solution" and "Standalone". + :vartype content_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :ivar content_schema_version: The version of the content schema. + :vartype content_schema_version: str + :ivar is_new: Flag indicates if this is a newly published package. Known values are: "true" and + "false". + :vartype is_new: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_preview: Flag indicates if this package is in preview. Known values are: "true" and + "false". + :vartype is_preview: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_featured: Flag indicates if this package is among the featured list. Known values are: + "true" and "false". + :vartype is_featured: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_deprecated: Flag indicates if this template is deprecated. Known values are: "true" + and "false". + :vartype is_deprecated: str or ~azure.mgmt.securityinsight.models.Flag + :ivar version: the latest version number of the package. + :vartype version: str + :ivar display_name: The display name of the package. + :vartype display_name: str + :ivar description: The description of the package. + :vartype description: str + :ivar publisher_display_name: The publisher display name of the package. + :vartype publisher_display_name: str + :ivar source: The source of the package. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The author of the package. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: The support tier of the package. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: The support tier of the package. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar providers: Providers for the package item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date package item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the package item. + :vartype last_publish_date: ~datetime.date + :ivar categories: The categories of the package. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar icon: the icon identifier. this id can later be fetched from the content metadata. + :vartype icon: str """ - _validation = { - "kind": {"required": True}, - } - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "content_id": {"key": "contentId", "type": "str"}, + "content_product_id": {"key": "contentProductId", "type": "str"}, + "content_kind": {"key": "contentKind", "type": "str"}, + "content_schema_version": {"key": "contentSchemaVersion", "type": "str"}, + "is_new": {"key": "isNew", "type": "str"}, + "is_preview": {"key": "isPreview", "type": "str"}, + "is_featured": {"key": "isFeatured", "type": "str"}, + "is_deprecated": {"key": "isDeprecated", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "publisher_display_name": {"key": "publisherDisplayName", "type": "str"}, + "source": {"key": "source", "type": "MetadataSource"}, + "author": {"key": "author", "type": "MetadataAuthor"}, + "support": {"key": "support", "type": "MetadataSupport"}, + "dependencies": {"key": "dependencies", "type": "MetadataDependencies"}, + "providers": {"key": "providers", "type": "[str]"}, + "first_publish_date": {"key": "firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "lastPublishDate", "type": "date"}, + "categories": {"key": "categories", "type": "MetadataCategories"}, + "threat_analysis_tactics": {"key": "threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "threatAnalysisTechniques", "type": "[str]"}, + "icon": {"key": "icon", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__( + self, + *, + content_id: Optional[str] = None, + content_product_id: Optional[str] = None, + content_kind: Optional[Union[str, "_models.PackageKind"]] = None, + content_schema_version: Optional[str] = None, + is_new: Optional[Union[str, "_models.Flag"]] = None, + is_preview: Optional[Union[str, "_models.Flag"]] = None, + is_featured: Optional[Union[str, "_models.Flag"]] = None, + is_deprecated: Optional[Union[str, "_models.Flag"]] = None, + version: Optional[str] = None, + display_name: Optional[str] = None, + description: Optional[str] = None, + publisher_display_name: Optional[str] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + categories: Optional["_models.MetadataCategories"] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + icon: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str + :keyword content_id: The content id of the package. + :paramtype content_id: str + :keyword content_product_id: Unique ID for the content. It should be generated based on the + contentId, contentKind and the contentVersion of the package. + :paramtype content_product_id: str + :keyword content_kind: The package kind. Known values are: "Solution" and "Standalone". + :paramtype content_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :keyword content_schema_version: The version of the content schema. + :paramtype content_schema_version: str + :keyword is_new: Flag indicates if this is a newly published package. Known values are: "true" + and "false". + :paramtype is_new: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_preview: Flag indicates if this package is in preview. Known values are: "true" and + "false". + :paramtype is_preview: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_featured: Flag indicates if this package is among the featured list. Known values + are: "true" and "false". + :paramtype is_featured: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_deprecated: Flag indicates if this template is deprecated. Known values are: "true" + and "false". + :paramtype is_deprecated: str or ~azure.mgmt.securityinsight.models.Flag + :keyword version: the latest version number of the package. + :paramtype version: str + :keyword display_name: The display name of the package. + :paramtype display_name: str + :keyword description: The description of the package. + :paramtype description: str + :keyword publisher_display_name: The publisher display name of the package. + :paramtype publisher_display_name: str + :keyword source: The source of the package. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The author of the package. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: The support tier of the package. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: The support tier of the package. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword providers: Providers for the package item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date package item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the package item. + :paramtype last_publish_date: ~datetime.date + :keyword categories: The categories of the package. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword icon: the icon identifier. this id can later be fetched from the content metadata. + :paramtype icon: str """ super().__init__(**kwargs) - self.kind: str = "OfficeIRM" - self.tenant_id = tenant_id + self.content_id = content_id + self.content_product_id = content_product_id + self.content_kind = content_kind + self.content_schema_version = content_schema_version + self.is_new = is_new + self.is_preview = is_preview + self.is_featured = is_featured + self.is_deprecated = is_deprecated + self.version = version + self.display_name = display_name + self.description = description + self.publisher_display_name = publisher_display_name + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.categories = categories + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.icon = icon -class OfficeIRMCheckRequirementsProperties(DataConnectorTenantId): - """OfficeIRM (Microsoft Insider Risk Management) requirements check properties. +class PackageList(_serialization.Model): + """List available packages. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str + :ivar next_link: URL to fetch the next set of packages. + :vartype next_link: str + :ivar value: Array of packages. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.PackageModel] """ _validation = { - "tenant_id": {"required": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[PackageModel]"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__(self, *, value: List["_models.PackageModel"], **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str + :keyword value: Array of packages. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.PackageModel] """ - super().__init__(tenant_id=tenant_id, **kwargs) + super().__init__(**kwargs) + self.next_link = None + self.value = value -class OfficeIRMDataConnector(DataConnector): - """Represents OfficeIRM (Microsoft Insider Risk Management) data connector. +class PackageModel(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Represents a Package in Azure Security Insights. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -17058,18 +19866,58 @@ class OfficeIRMDataConnector(DataConnector): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar content_id: The content id of the package. + :vartype content_id: str + :ivar content_product_id: Unique ID for the content. It should be generated based on the + contentId, contentKind and the contentVersion of the package. + :vartype content_product_id: str + :ivar content_kind: The package kind. Known values are: "Solution" and "Standalone". + :vartype content_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :ivar content_schema_version: The version of the content schema. + :vartype content_schema_version: str + :ivar is_new: Flag indicates if this is a newly published package. Known values are: "true" and + "false". + :vartype is_new: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_preview: Flag indicates if this package is in preview. Known values are: "true" and + "false". + :vartype is_preview: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_featured: Flag indicates if this package is among the featured list. Known values are: + "true" and "false". + :vartype is_featured: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_deprecated: Flag indicates if this template is deprecated. Known values are: "true" + and "false". + :vartype is_deprecated: str or ~azure.mgmt.securityinsight.models.Flag + :ivar version: the latest version number of the package. + :vartype version: str + :ivar display_name: The display name of the package. + :vartype display_name: str + :ivar description: The description of the package. + :vartype description: str + :ivar publisher_display_name: The publisher display name of the package. + :vartype publisher_display_name: str + :ivar source: The source of the package. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The author of the package. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: The support tier of the package. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: The support tier of the package. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar providers: Providers for the package item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date package item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the package item. + :vartype last_publish_date: ~datetime.date + :ivar categories: The categories of the package. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar icon: the icon identifier. this id can later be fetched from the content metadata. + :vartype icon: str """ _validation = { @@ -17077,7 +19925,6 @@ class OfficeIRMDataConnector(DataConnector): "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, - "kind": {"required": True}, } _attribute_map = { @@ -17086,183 +19933,555 @@ class OfficeIRMDataConnector(DataConnector): "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "content_id": {"key": "properties.contentId", "type": "str"}, + "content_product_id": {"key": "properties.contentProductId", "type": "str"}, + "content_kind": {"key": "properties.contentKind", "type": "str"}, + "content_schema_version": {"key": "properties.contentSchemaVersion", "type": "str"}, + "is_new": {"key": "properties.isNew", "type": "str"}, + "is_preview": {"key": "properties.isPreview", "type": "str"}, + "is_featured": {"key": "properties.isFeatured", "type": "str"}, + "is_deprecated": {"key": "properties.isDeprecated", "type": "str"}, + "version": {"key": "properties.version", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "publisher_display_name": {"key": "properties.publisherDisplayName", "type": "str"}, + "source": {"key": "properties.source", "type": "MetadataSource"}, + "author": {"key": "properties.author", "type": "MetadataAuthor"}, + "support": {"key": "properties.support", "type": "MetadataSupport"}, + "dependencies": {"key": "properties.dependencies", "type": "MetadataDependencies"}, + "providers": {"key": "properties.providers", "type": "[str]"}, + "first_publish_date": {"key": "properties.firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "properties.lastPublishDate", "type": "date"}, + "categories": {"key": "properties.categories", "type": "MetadataCategories"}, + "threat_analysis_tactics": {"key": "properties.threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "properties.threatAnalysisTechniques", "type": "[str]"}, + "icon": {"key": "properties.icon", "type": "str"}, } - def __init__( + def __init__( # pylint: disable=too-many-locals self, *, etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - **kwargs - ): + content_id: Optional[str] = None, + content_product_id: Optional[str] = None, + content_kind: Optional[Union[str, "_models.PackageKind"]] = None, + content_schema_version: Optional[str] = None, + is_new: Optional[Union[str, "_models.Flag"]] = None, + is_preview: Optional[Union[str, "_models.Flag"]] = None, + is_featured: Optional[Union[str, "_models.Flag"]] = None, + is_deprecated: Optional[Union[str, "_models.Flag"]] = None, + version: Optional[str] = None, + display_name: Optional[str] = None, + description: Optional[str] = None, + publisher_display_name: Optional[str] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + categories: Optional["_models.MetadataCategories"] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + icon: Optional[str] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword content_id: The content id of the package. + :paramtype content_id: str + :keyword content_product_id: Unique ID for the content. It should be generated based on the + contentId, contentKind and the contentVersion of the package. + :paramtype content_product_id: str + :keyword content_kind: The package kind. Known values are: "Solution" and "Standalone". + :paramtype content_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :keyword content_schema_version: The version of the content schema. + :paramtype content_schema_version: str + :keyword is_new: Flag indicates if this is a newly published package. Known values are: "true" + and "false". + :paramtype is_new: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_preview: Flag indicates if this package is in preview. Known values are: "true" and + "false". + :paramtype is_preview: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_featured: Flag indicates if this package is among the featured list. Known values + are: "true" and "false". + :paramtype is_featured: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_deprecated: Flag indicates if this template is deprecated. Known values are: "true" + and "false". + :paramtype is_deprecated: str or ~azure.mgmt.securityinsight.models.Flag + :keyword version: the latest version number of the package. + :paramtype version: str + :keyword display_name: The display name of the package. + :paramtype display_name: str + :keyword description: The description of the package. + :paramtype description: str + :keyword publisher_display_name: The publisher display name of the package. + :paramtype publisher_display_name: str + :keyword source: The source of the package. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The author of the package. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: The support tier of the package. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: The support tier of the package. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword providers: Providers for the package item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date package item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the package item. + :paramtype last_publish_date: ~datetime.date + :keyword categories: The categories of the package. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword icon: the icon identifier. this id can later be fetched from the content metadata. + :paramtype icon: str """ super().__init__(etag=etag, **kwargs) - self.kind: str = "OfficeIRM" - self.tenant_id = tenant_id - self.data_types = data_types - + self.content_id = content_id + self.content_product_id = content_product_id + self.content_kind = content_kind + self.content_schema_version = content_schema_version + self.is_new = is_new + self.is_preview = is_preview + self.is_featured = is_featured + self.is_deprecated = is_deprecated + self.version = version + self.display_name = display_name + self.description = description + self.publisher_display_name = publisher_display_name + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.categories = categories + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.icon = icon -class OfficeIRMDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): - """OfficeIRM (Microsoft Insider Risk Management) data connector properties. - All required parameters must be populated in order to send to Azure. +class PackageProperties(PackageBaseProperties): # pylint: disable=too-many-instance-attributes + """Describes package properties. - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str + :ivar content_id: The content id of the package. + :vartype content_id: str + :ivar content_product_id: Unique ID for the content. It should be generated based on the + contentId, contentKind and the contentVersion of the package. + :vartype content_product_id: str + :ivar content_kind: The package kind. Known values are: "Solution" and "Standalone". + :vartype content_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :ivar content_schema_version: The version of the content schema. + :vartype content_schema_version: str + :ivar is_new: Flag indicates if this is a newly published package. Known values are: "true" and + "false". + :vartype is_new: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_preview: Flag indicates if this package is in preview. Known values are: "true" and + "false". + :vartype is_preview: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_featured: Flag indicates if this package is among the featured list. Known values are: + "true" and "false". + :vartype is_featured: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_deprecated: Flag indicates if this template is deprecated. Known values are: "true" + and "false". + :vartype is_deprecated: str or ~azure.mgmt.securityinsight.models.Flag + :ivar version: the latest version number of the package. + :vartype version: str + :ivar display_name: The display name of the package. + :vartype display_name: str + :ivar description: The description of the package. + :vartype description: str + :ivar publisher_display_name: The publisher display name of the package. + :vartype publisher_display_name: str + :ivar source: The source of the package. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The author of the package. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: The support tier of the package. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: The support tier of the package. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar providers: Providers for the package item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date package item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the package item. + :vartype last_publish_date: ~datetime.date + :ivar categories: The categories of the package. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar icon: the icon identifier. this id can later be fetched from the content metadata. + :vartype icon: str """ - _validation = { - "tenant_id": {"required": True}, - } - _attribute_map = { - "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, - "tenant_id": {"key": "tenantId", "type": "str"}, + "content_id": {"key": "contentId", "type": "str"}, + "content_product_id": {"key": "contentProductId", "type": "str"}, + "content_kind": {"key": "contentKind", "type": "str"}, + "content_schema_version": {"key": "contentSchemaVersion", "type": "str"}, + "is_new": {"key": "isNew", "type": "str"}, + "is_preview": {"key": "isPreview", "type": "str"}, + "is_featured": {"key": "isFeatured", "type": "str"}, + "is_deprecated": {"key": "isDeprecated", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "publisher_display_name": {"key": "publisherDisplayName", "type": "str"}, + "source": {"key": "source", "type": "MetadataSource"}, + "author": {"key": "author", "type": "MetadataAuthor"}, + "support": {"key": "support", "type": "MetadataSupport"}, + "dependencies": {"key": "dependencies", "type": "MetadataDependencies"}, + "providers": {"key": "providers", "type": "[str]"}, + "first_publish_date": {"key": "firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "lastPublishDate", "type": "date"}, + "categories": {"key": "categories", "type": "MetadataCategories"}, + "threat_analysis_tactics": {"key": "threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "threatAnalysisTechniques", "type": "[str]"}, + "icon": {"key": "icon", "type": "str"}, } def __init__( - self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs - ): + self, + *, + content_id: Optional[str] = None, + content_product_id: Optional[str] = None, + content_kind: Optional[Union[str, "_models.PackageKind"]] = None, + content_schema_version: Optional[str] = None, + is_new: Optional[Union[str, "_models.Flag"]] = None, + is_preview: Optional[Union[str, "_models.Flag"]] = None, + is_featured: Optional[Union[str, "_models.Flag"]] = None, + is_deprecated: Optional[Union[str, "_models.Flag"]] = None, + version: Optional[str] = None, + display_name: Optional[str] = None, + description: Optional[str] = None, + publisher_display_name: Optional[str] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + categories: Optional["_models.MetadataCategories"] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + icon: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str + :keyword content_id: The content id of the package. + :paramtype content_id: str + :keyword content_product_id: Unique ID for the content. It should be generated based on the + contentId, contentKind and the contentVersion of the package. + :paramtype content_product_id: str + :keyword content_kind: The package kind. Known values are: "Solution" and "Standalone". + :paramtype content_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :keyword content_schema_version: The version of the content schema. + :paramtype content_schema_version: str + :keyword is_new: Flag indicates if this is a newly published package. Known values are: "true" + and "false". + :paramtype is_new: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_preview: Flag indicates if this package is in preview. Known values are: "true" and + "false". + :paramtype is_preview: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_featured: Flag indicates if this package is among the featured list. Known values + are: "true" and "false". + :paramtype is_featured: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_deprecated: Flag indicates if this template is deprecated. Known values are: "true" + and "false". + :paramtype is_deprecated: str or ~azure.mgmt.securityinsight.models.Flag + :keyword version: the latest version number of the package. + :paramtype version: str + :keyword display_name: The display name of the package. + :paramtype display_name: str + :keyword description: The description of the package. + :paramtype description: str + :keyword publisher_display_name: The publisher display name of the package. + :paramtype publisher_display_name: str + :keyword source: The source of the package. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The author of the package. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: The support tier of the package. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: The support tier of the package. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword providers: Providers for the package item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date package item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the package item. + :paramtype last_publish_date: ~datetime.date + :keyword categories: The categories of the package. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword icon: the icon identifier. this id can later be fetched from the content metadata. + :paramtype icon: str """ - super().__init__(tenant_id=tenant_id, data_types=data_types, **kwargs) - self.data_types = data_types - self.tenant_id = tenant_id - + super().__init__( + content_id=content_id, + content_product_id=content_product_id, + content_kind=content_kind, + content_schema_version=content_schema_version, + is_new=is_new, + is_preview=is_preview, + is_featured=is_featured, + is_deprecated=is_deprecated, + version=version, + display_name=display_name, + description=description, + publisher_display_name=publisher_display_name, + source=source, + author=author, + support=support, + dependencies=dependencies, + providers=providers, + first_publish_date=first_publish_date, + last_publish_date=last_publish_date, + categories=categories, + threat_analysis_tactics=threat_analysis_tactics, + threat_analysis_techniques=threat_analysis_techniques, + icon=icon, + **kwargs + ) -class OfficePowerBICheckRequirements(DataConnectorsCheckRequirements): - """Represents Office PowerBI requirements check request. - All required parameters must be populated in order to send to Azure. +class Permissions(_serialization.Model): + """Permissions required for the connector. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str + :ivar resource_provider: Resource provider permissions required for the connector. + :vartype resource_provider: + list[~azure.mgmt.securityinsight.models.PermissionsResourceProviderItem] + :ivar customs: Customs permissions required for the connector. + :vartype customs: list[~azure.mgmt.securityinsight.models.PermissionsCustomsItem] """ - _validation = { - "kind": {"required": True}, - } - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "resource_provider": {"key": "resourceProvider", "type": "[PermissionsResourceProviderItem]"}, + "customs": {"key": "customs", "type": "[PermissionsCustomsItem]"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__( + self, + *, + resource_provider: Optional[List["_models.PermissionsResourceProviderItem"]] = None, + customs: Optional[List["_models.PermissionsCustomsItem"]] = None, + **kwargs: Any + ) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str + :keyword resource_provider: Resource provider permissions required for the connector. + :paramtype resource_provider: + list[~azure.mgmt.securityinsight.models.PermissionsResourceProviderItem] + :keyword customs: Customs permissions required for the connector. + :paramtype customs: list[~azure.mgmt.securityinsight.models.PermissionsCustomsItem] """ super().__init__(**kwargs) - self.kind: str = "OfficePowerBI" - self.tenant_id = tenant_id + self.resource_provider = resource_provider + self.customs = customs -class OfficePowerBICheckRequirementsProperties(DataConnectorTenantId): - """Office PowerBI requirements check properties. +class PermissionsCustomsItem(Customs): + """PermissionsCustomsItem. - All required parameters must be populated in order to send to Azure. + :ivar name: Customs permissions name. + :vartype name: str + :ivar description: Customs permissions description. + :vartype description: str + """ + + _attribute_map = { + "name": {"key": "name", "type": "str"}, + "description": {"key": "description", "type": "str"}, + } + + def __init__(self, *, name: Optional[str] = None, description: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword name: Customs permissions name. + :paramtype name: str + :keyword description: Customs permissions description. + :paramtype description: str + """ + super().__init__(name=name, description=description, **kwargs) + + +class ResourceProvider(_serialization.Model): + """Resource provider permissions required for the connector. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str + :ivar provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", + "Microsoft.OperationalInsights/workspaces", + "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", + "Microsoft.OperationalInsights/workspaces/sharedKeys", and + "Microsoft.Authorization/policyAssignments". + :vartype provider: str or ~azure.mgmt.securityinsight.models.ProviderName + :ivar permissions_display_text: Permission description text. + :vartype permissions_display_text: str + :ivar provider_display_name: Permission provider display name. + :vartype provider_display_name: str + :ivar scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", and + "Workspace". + :vartype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope + :ivar required_permissions: Required permissions for the connector. + :vartype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions """ - _validation = { - "tenant_id": {"required": True}, - } - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, + "provider": {"key": "provider", "type": "str"}, + "permissions_display_text": {"key": "permissionsDisplayText", "type": "str"}, + "provider_display_name": {"key": "providerDisplayName", "type": "str"}, + "scope": {"key": "scope", "type": "str"}, + "required_permissions": {"key": "requiredPermissions", "type": "RequiredPermissions"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__( + self, + *, + provider: Optional[Union[str, "_models.ProviderName"]] = None, + permissions_display_text: Optional[str] = None, + provider_display_name: Optional[str] = None, + scope: Optional[Union[str, "_models.PermissionProviderScope"]] = None, + required_permissions: Optional["_models.RequiredPermissions"] = None, + **kwargs: Any + ) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str + :keyword provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", + "Microsoft.OperationalInsights/workspaces", + "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", + "Microsoft.OperationalInsights/workspaces/sharedKeys", and + "Microsoft.Authorization/policyAssignments". + :paramtype provider: str or ~azure.mgmt.securityinsight.models.ProviderName + :keyword permissions_display_text: Permission description text. + :paramtype permissions_display_text: str + :keyword provider_display_name: Permission provider display name. + :paramtype provider_display_name: str + :keyword scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", + and "Workspace". + :paramtype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope + :keyword required_permissions: Required permissions for the connector. + :paramtype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions """ - super().__init__(tenant_id=tenant_id, **kwargs) - + super().__init__(**kwargs) + self.provider = provider + self.permissions_display_text = permissions_display_text + self.provider_display_name = provider_display_name + self.scope = scope + self.required_permissions = required_permissions -class OfficePowerBIConnectorDataTypes(_serialization.Model): - """The available data types for Office Microsoft PowerBI data connector. - All required parameters must be populated in order to send to Azure. +class PermissionsResourceProviderItem(ResourceProvider): + """PermissionsResourceProviderItem. - :ivar logs: Logs data type. Required. - :vartype logs: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypesLogs + :ivar provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", + "Microsoft.OperationalInsights/workspaces", + "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", + "Microsoft.OperationalInsights/workspaces/sharedKeys", and + "Microsoft.Authorization/policyAssignments". + :vartype provider: str or ~azure.mgmt.securityinsight.models.ProviderName + :ivar permissions_display_text: Permission description text. + :vartype permissions_display_text: str + :ivar provider_display_name: Permission provider display name. + :vartype provider_display_name: str + :ivar scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", and + "Workspace". + :vartype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope + :ivar required_permissions: Required permissions for the connector. + :vartype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions """ - _validation = { - "logs": {"required": True}, - } - _attribute_map = { - "logs": {"key": "logs", "type": "OfficePowerBIConnectorDataTypesLogs"}, + "provider": {"key": "provider", "type": "str"}, + "permissions_display_text": {"key": "permissionsDisplayText", "type": "str"}, + "provider_display_name": {"key": "providerDisplayName", "type": "str"}, + "scope": {"key": "scope", "type": "str"}, + "required_permissions": {"key": "requiredPermissions", "type": "RequiredPermissions"}, } - def __init__(self, *, logs: "_models.OfficePowerBIConnectorDataTypesLogs", **kwargs): + def __init__( + self, + *, + provider: Optional[Union[str, "_models.ProviderName"]] = None, + permissions_display_text: Optional[str] = None, + provider_display_name: Optional[str] = None, + scope: Optional[Union[str, "_models.PermissionProviderScope"]] = None, + required_permissions: Optional["_models.RequiredPermissions"] = None, + **kwargs: Any + ) -> None: """ - :keyword logs: Logs data type. Required. - :paramtype logs: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypesLogs + :keyword provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", + "Microsoft.OperationalInsights/workspaces", + "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", + "Microsoft.OperationalInsights/workspaces/sharedKeys", and + "Microsoft.Authorization/policyAssignments". + :paramtype provider: str or ~azure.mgmt.securityinsight.models.ProviderName + :keyword permissions_display_text: Permission description text. + :paramtype permissions_display_text: str + :keyword provider_display_name: Permission provider display name. + :paramtype provider_display_name: str + :keyword scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", + and "Workspace". + :paramtype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope + :keyword required_permissions: Required permissions for the connector. + :paramtype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions """ - super().__init__(**kwargs) - self.logs = logs + super().__init__( + provider=provider, + permissions_display_text=permissions_display_text, + provider_display_name=provider_display_name, + scope=scope, + required_permissions=required_permissions, + **kwargs + ) -class OfficePowerBIConnectorDataTypesLogs(DataConnectorDataTypeCommon): - """Logs data type. +class PlaybookActionProperties(_serialization.Model): + """PlaybookActionProperties. All required parameters must be populated in order to send to Azure. - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :ivar logic_app_resource_id: The resource id of the playbook resource. Required. + :vartype logic_app_resource_id: str + :ivar tenant_id: The tenant id of the playbook resource. + :vartype tenant_id: str """ _validation = { - "state": {"required": True}, + "logic_app_resource_id": {"required": True}, } _attribute_map = { - "state": {"key": "state", "type": "str"}, + "logic_app_resource_id": {"key": "logicAppResourceId", "type": "str"}, + "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__(self, *, logic_app_resource_id: str, tenant_id: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword logic_app_resource_id: The resource id of the playbook resource. Required. + :paramtype logic_app_resource_id: str + :keyword tenant_id: The tenant id of the playbook resource. + :paramtype tenant_id: str """ - super().__init__(state=state, **kwargs) + super().__init__(**kwargs) + self.logic_app_resource_id = logic_app_resource_id + self.tenant_id = tenant_id -class OfficePowerBIDataConnector(DataConnector): - """Represents Office Microsoft PowerBI data connector. +class ProcessEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a process entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -17279,20 +20498,36 @@ class OfficePowerBIDataConnector(DataConnector): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar account_entity_id: The account entity id running the processes. + :vartype account_entity_id: str + :ivar command_line: The command line used to create the process. + :vartype command_line: str + :ivar creation_time_utc: The time when the process started to run. + :vartype creation_time_utc: ~datetime.datetime + :ivar elevation_token: The elevation token associated with the process. Known values are: + "Default", "Full", and "Limited". + :vartype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken + :ivar host_entity_id: The host entity id on which the process was running. + :vartype host_entity_id: str + :ivar host_logon_session_entity_id: The session entity id in which the process was running. + :vartype host_logon_session_entity_id: str + :ivar image_file_entity_id: Image file entity id. + :vartype image_file_entity_id: str + :ivar parent_process_entity_id: The parent process entity id. + :vartype parent_process_entity_id: str + :ivar process_id: The process ID. + :vartype process_id: str """ _validation = { @@ -17301,6 +20536,16 @@ class OfficePowerBIDataConnector(DataConnector): "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "account_entity_id": {"readonly": True}, + "command_line": {"readonly": True}, + "creation_time_utc": {"readonly": True}, + "host_entity_id": {"readonly": True}, + "host_logon_session_entity_id": {"readonly": True}, + "image_file_entity_id": {"readonly": True}, + "parent_process_entity_id": {"readonly": True}, + "process_id": {"readonly": True}, } _attribute_map = { @@ -17308,169 +20553,174 @@ class OfficePowerBIDataConnector(DataConnector): "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "OfficePowerBIConnectorDataTypes"}, - } - - def __init__( - self, - *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.OfficePowerBIConnectorDataTypes"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "OfficePowerBI" - self.tenant_id = tenant_id - self.data_types = data_types - - -class OfficePowerBIDataConnectorProperties(DataConnectorTenantId): - """Office Microsoft PowerBI data connector properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes - """ - - _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "OfficePowerBIConnectorDataTypes"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "account_entity_id": {"key": "properties.accountEntityId", "type": "str"}, + "command_line": {"key": "properties.commandLine", "type": "str"}, + "creation_time_utc": {"key": "properties.creationTimeUtc", "type": "iso-8601"}, + "elevation_token": {"key": "properties.elevationToken", "type": "str"}, + "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, + "host_logon_session_entity_id": {"key": "properties.hostLogonSessionEntityId", "type": "str"}, + "image_file_entity_id": {"key": "properties.imageFileEntityId", "type": "str"}, + "parent_process_entity_id": {"key": "properties.parentProcessEntityId", "type": "str"}, + "process_id": {"key": "properties.processId", "type": "str"}, } - def __init__(self, *, tenant_id: str, data_types: "_models.OfficePowerBIConnectorDataTypes", **kwargs): + def __init__( + self, *, elevation_token: Optional[Union[str, "_models.ElevationToken"]] = None, **kwargs: Any + ) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes + :keyword elevation_token: The elevation token associated with the process. Known values are: + "Default", "Full", and "Limited". + :paramtype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.data_types = data_types + super().__init__(**kwargs) + self.kind: str = "Process" + self.additional_data = None + self.friendly_name = None + self.account_entity_id = None + self.command_line = None + self.creation_time_utc = None + self.elevation_token = elevation_token + self.host_entity_id = None + self.host_logon_session_entity_id = None + self.image_file_entity_id = None + self.parent_process_entity_id = None + self.process_id = None -class Operation(_serialization.Model): - """Operation provided by provider. +class ProcessEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Process entity property bag. - :ivar display: Properties of the operation. - :vartype display: ~azure.mgmt.securityinsight.models.OperationDisplay - :ivar name: Name of the operation. - :vartype name: str - :ivar origin: The origin of the operation. - :vartype origin: str - :ivar is_data_action: Indicates whether the operation is a data action. - :vartype is_data_action: bool + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar account_entity_id: The account entity id running the processes. + :vartype account_entity_id: str + :ivar command_line: The command line used to create the process. + :vartype command_line: str + :ivar creation_time_utc: The time when the process started to run. + :vartype creation_time_utc: ~datetime.datetime + :ivar elevation_token: The elevation token associated with the process. Known values are: + "Default", "Full", and "Limited". + :vartype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken + :ivar host_entity_id: The host entity id on which the process was running. + :vartype host_entity_id: str + :ivar host_logon_session_entity_id: The session entity id in which the process was running. + :vartype host_logon_session_entity_id: str + :ivar image_file_entity_id: Image file entity id. + :vartype image_file_entity_id: str + :ivar parent_process_entity_id: The parent process entity id. + :vartype parent_process_entity_id: str + :ivar process_id: The process ID. + :vartype process_id: str """ + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "account_entity_id": {"readonly": True}, + "command_line": {"readonly": True}, + "creation_time_utc": {"readonly": True}, + "host_entity_id": {"readonly": True}, + "host_logon_session_entity_id": {"readonly": True}, + "image_file_entity_id": {"readonly": True}, + "parent_process_entity_id": {"readonly": True}, + "process_id": {"readonly": True}, + } + _attribute_map = { - "display": {"key": "display", "type": "OperationDisplay"}, - "name": {"key": "name", "type": "str"}, - "origin": {"key": "origin", "type": "str"}, - "is_data_action": {"key": "isDataAction", "type": "bool"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "account_entity_id": {"key": "accountEntityId", "type": "str"}, + "command_line": {"key": "commandLine", "type": "str"}, + "creation_time_utc": {"key": "creationTimeUtc", "type": "iso-8601"}, + "elevation_token": {"key": "elevationToken", "type": "str"}, + "host_entity_id": {"key": "hostEntityId", "type": "str"}, + "host_logon_session_entity_id": {"key": "hostLogonSessionEntityId", "type": "str"}, + "image_file_entity_id": {"key": "imageFileEntityId", "type": "str"}, + "parent_process_entity_id": {"key": "parentProcessEntityId", "type": "str"}, + "process_id": {"key": "processId", "type": "str"}, } def __init__( - self, - *, - display: Optional["_models.OperationDisplay"] = None, - name: Optional[str] = None, - origin: Optional[str] = None, - is_data_action: Optional[bool] = None, - **kwargs - ): + self, *, elevation_token: Optional[Union[str, "_models.ElevationToken"]] = None, **kwargs: Any + ) -> None: """ - :keyword display: Properties of the operation. - :paramtype display: ~azure.mgmt.securityinsight.models.OperationDisplay - :keyword name: Name of the operation. - :paramtype name: str - :keyword origin: The origin of the operation. - :paramtype origin: str - :keyword is_data_action: Indicates whether the operation is a data action. - :paramtype is_data_action: bool + :keyword elevation_token: The elevation token associated with the process. Known values are: + "Default", "Full", and "Limited". + :paramtype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken """ super().__init__(**kwargs) - self.display = display - self.name = name - self.origin = origin - self.is_data_action = is_data_action + self.account_entity_id = None + self.command_line = None + self.creation_time_utc = None + self.elevation_token = elevation_token + self.host_entity_id = None + self.host_logon_session_entity_id = None + self.image_file_entity_id = None + self.parent_process_entity_id = None + self.process_id = None -class OperationDisplay(_serialization.Model): - """Properties of the operation. +class ProductPackageAdditionalProperties(_serialization.Model): + """product package additional properties. - :ivar description: Description of the operation. - :vartype description: str - :ivar operation: Operation name. - :vartype operation: str - :ivar provider: Provider name. - :vartype provider: str - :ivar resource: Resource name. - :vartype resource: str + :ivar installed_version: The version of the installed package, null or absent means not + installed. + :vartype installed_version: str + :ivar resource_id: The metadata resource id. + :vartype resource_id: str + :ivar packaged_content: The json to deploy. Expandable. + :vartype packaged_content: JSON """ _attribute_map = { - "description": {"key": "description", "type": "str"}, - "operation": {"key": "operation", "type": "str"}, - "provider": {"key": "provider", "type": "str"}, - "resource": {"key": "resource", "type": "str"}, + "installed_version": {"key": "installedVersion", "type": "str"}, + "resource_id": {"key": "resourceId", "type": "str"}, + "packaged_content": {"key": "packagedContent", "type": "object"}, } def __init__( self, *, - description: Optional[str] = None, - operation: Optional[str] = None, - provider: Optional[str] = None, - resource: Optional[str] = None, - **kwargs - ): - """ - :keyword description: Description of the operation. - :paramtype description: str - :keyword operation: Operation name. - :paramtype operation: str - :keyword provider: Provider name. - :paramtype provider: str - :keyword resource: Resource name. - :paramtype resource: str + installed_version: Optional[str] = None, + resource_id: Optional[str] = None, + packaged_content: Optional[JSON] = None, + **kwargs: Any + ) -> None: + """ + :keyword installed_version: The version of the installed package, null or absent means not + installed. + :paramtype installed_version: str + :keyword resource_id: The metadata resource id. + :paramtype resource_id: str + :keyword packaged_content: The json to deploy. Expandable. + :paramtype packaged_content: JSON """ super().__init__(**kwargs) - self.description = description - self.operation = operation - self.provider = provider - self.resource = resource + self.installed_version = installed_version + self.resource_id = resource_id + self.packaged_content = packaged_content -class OperationsList(_serialization.Model): - """Lists the operations available in the SecurityInsights RP. +class ProductPackageList(_serialization.Model): + """List available packages. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of operations. + :ivar next_link: URL to fetch the next set of packages. :vartype next_link: str - :ivar value: Array of operations. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.Operation] + :ivar value: Array of packages. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.ProductPackageModel] """ _validation = { @@ -17480,238 +20730,565 @@ class OperationsList(_serialization.Model): _attribute_map = { "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[Operation]"}, + "value": {"key": "value", "type": "[ProductPackageModel]"}, } - def __init__(self, *, value: List["_models.Operation"], **kwargs): + def __init__(self, *, value: List["_models.ProductPackageModel"], **kwargs: Any) -> None: """ - :keyword value: Array of operations. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.Operation] + :keyword value: Array of packages. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.ProductPackageModel] """ super().__init__(**kwargs) self.next_link = None self.value = value -class Permissions(_serialization.Model): - """Permissions required for the connector. - - :ivar resource_provider: Resource provider permissions required for the connector. - :vartype resource_provider: - list[~azure.mgmt.securityinsight.models.PermissionsResourceProviderItem] - :ivar customs: Customs permissions required for the connector. - :vartype customs: list[~azure.mgmt.securityinsight.models.PermissionsCustomsItem] - """ - - _attribute_map = { - "resource_provider": {"key": "resourceProvider", "type": "[PermissionsResourceProviderItem]"}, - "customs": {"key": "customs", "type": "[PermissionsCustomsItem]"}, - } - - def __init__( - self, - *, - resource_provider: Optional[List["_models.PermissionsResourceProviderItem"]] = None, - customs: Optional[List["_models.PermissionsCustomsItem"]] = None, - **kwargs - ): - """ - :keyword resource_provider: Resource provider permissions required for the connector. - :paramtype resource_provider: - list[~azure.mgmt.securityinsight.models.PermissionsResourceProviderItem] - :keyword customs: Customs permissions required for the connector. - :paramtype customs: list[~azure.mgmt.securityinsight.models.PermissionsCustomsItem] - """ - super().__init__(**kwargs) - self.resource_provider = resource_provider - self.customs = customs - +class ProductPackageModel(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Represents a Package in Azure Security Insights. -class PermissionsCustomsItem(Customs): - """PermissionsCustomsItem. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar name: Customs permissions name. + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. :vartype name: str - :ivar description: Customs permissions description. + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar content_id: The content id of the package. + :vartype content_id: str + :ivar content_product_id: Unique ID for the content. It should be generated based on the + contentId, contentKind and the contentVersion of the package. + :vartype content_product_id: str + :ivar content_kind: The package kind. Known values are: "Solution" and "Standalone". + :vartype content_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :ivar content_schema_version: The version of the content schema. + :vartype content_schema_version: str + :ivar is_new: Flag indicates if this is a newly published package. Known values are: "true" and + "false". + :vartype is_new: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_preview: Flag indicates if this package is in preview. Known values are: "true" and + "false". + :vartype is_preview: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_featured: Flag indicates if this package is among the featured list. Known values are: + "true" and "false". + :vartype is_featured: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_deprecated: Flag indicates if this template is deprecated. Known values are: "true" + and "false". + :vartype is_deprecated: str or ~azure.mgmt.securityinsight.models.Flag + :ivar version: the latest version number of the package. + :vartype version: str + :ivar display_name: The display name of the package. + :vartype display_name: str + :ivar description: The description of the package. :vartype description: str + :ivar publisher_display_name: The publisher display name of the package. + :vartype publisher_display_name: str + :ivar source: The source of the package. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The author of the package. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: The support tier of the package. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: The support tier of the package. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar providers: Providers for the package item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date package item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the package item. + :vartype last_publish_date: ~datetime.date + :ivar categories: The categories of the package. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar icon: the icon identifier. this id can later be fetched from the content metadata. + :vartype icon: str + :ivar installed_version: The version of the installed package, null or absent means not + installed. + :vartype installed_version: str + :ivar resource_id: The metadata resource id. + :vartype resource_id: str + :ivar packaged_content: The json to deploy. Expandable. + :vartype packaged_content: JSON """ + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + } + _attribute_map = { - "name": {"key": "name", "type": "str"}, - "description": {"key": "description", "type": "str"}, - } - - def __init__(self, *, name: Optional[str] = None, description: Optional[str] = None, **kwargs): - """ - :keyword name: Customs permissions name. - :paramtype name: str - :keyword description: Customs permissions description. - :paramtype description: str - """ - super().__init__(name=name, description=description, **kwargs) - - -class ResourceProvider(_serialization.Model): - """Resource provider permissions required for the connector. - - :ivar provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", - "Microsoft.OperationalInsights/workspaces", - "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", - "Microsoft.OperationalInsights/workspaces/sharedKeys", and - "Microsoft.Authorization/policyAssignments". - :vartype provider: str or ~azure.mgmt.securityinsight.models.ProviderName - :ivar permissions_display_text: Permission description text. - :vartype permissions_display_text: str - :ivar provider_display_name: Permission provider display name. - :vartype provider_display_name: str - :ivar scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", and - "Workspace". - :vartype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope - :ivar required_permissions: Required permissions for the connector. - :vartype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions - """ - - _attribute_map = { - "provider": {"key": "provider", "type": "str"}, - "permissions_display_text": {"key": "permissionsDisplayText", "type": "str"}, - "provider_display_name": {"key": "providerDisplayName", "type": "str"}, - "scope": {"key": "scope", "type": "str"}, - "required_permissions": {"key": "requiredPermissions", "type": "RequiredPermissions"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "content_id": {"key": "properties.contentId", "type": "str"}, + "content_product_id": {"key": "properties.contentProductId", "type": "str"}, + "content_kind": {"key": "properties.contentKind", "type": "str"}, + "content_schema_version": {"key": "properties.contentSchemaVersion", "type": "str"}, + "is_new": {"key": "properties.isNew", "type": "str"}, + "is_preview": {"key": "properties.isPreview", "type": "str"}, + "is_featured": {"key": "properties.isFeatured", "type": "str"}, + "is_deprecated": {"key": "properties.isDeprecated", "type": "str"}, + "version": {"key": "properties.version", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "publisher_display_name": {"key": "properties.publisherDisplayName", "type": "str"}, + "source": {"key": "properties.source", "type": "MetadataSource"}, + "author": {"key": "properties.author", "type": "MetadataAuthor"}, + "support": {"key": "properties.support", "type": "MetadataSupport"}, + "dependencies": {"key": "properties.dependencies", "type": "MetadataDependencies"}, + "providers": {"key": "properties.providers", "type": "[str]"}, + "first_publish_date": {"key": "properties.firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "properties.lastPublishDate", "type": "date"}, + "categories": {"key": "properties.categories", "type": "MetadataCategories"}, + "threat_analysis_tactics": {"key": "properties.threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "properties.threatAnalysisTechniques", "type": "[str]"}, + "icon": {"key": "properties.icon", "type": "str"}, + "installed_version": {"key": "properties.installedVersion", "type": "str"}, + "resource_id": {"key": "properties.resourceId", "type": "str"}, + "packaged_content": {"key": "properties.packagedContent", "type": "object"}, } - def __init__( + def __init__( # pylint: disable=too-many-locals self, *, - provider: Optional[Union[str, "_models.ProviderName"]] = None, - permissions_display_text: Optional[str] = None, - provider_display_name: Optional[str] = None, - scope: Optional[Union[str, "_models.PermissionProviderScope"]] = None, - required_permissions: Optional["_models.RequiredPermissions"] = None, - **kwargs - ): + etag: Optional[str] = None, + content_id: Optional[str] = None, + content_product_id: Optional[str] = None, + content_kind: Optional[Union[str, "_models.PackageKind"]] = None, + content_schema_version: Optional[str] = None, + is_new: Optional[Union[str, "_models.Flag"]] = None, + is_preview: Optional[Union[str, "_models.Flag"]] = None, + is_featured: Optional[Union[str, "_models.Flag"]] = None, + is_deprecated: Optional[Union[str, "_models.Flag"]] = None, + version: Optional[str] = None, + display_name: Optional[str] = None, + description: Optional[str] = None, + publisher_display_name: Optional[str] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + categories: Optional["_models.MetadataCategories"] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + icon: Optional[str] = None, + installed_version: Optional[str] = None, + resource_id: Optional[str] = None, + packaged_content: Optional[JSON] = None, + **kwargs: Any + ) -> None: """ - :keyword provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", - "Microsoft.OperationalInsights/workspaces", - "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", - "Microsoft.OperationalInsights/workspaces/sharedKeys", and - "Microsoft.Authorization/policyAssignments". - :paramtype provider: str or ~azure.mgmt.securityinsight.models.ProviderName - :keyword permissions_display_text: Permission description text. - :paramtype permissions_display_text: str - :keyword provider_display_name: Permission provider display name. - :paramtype provider_display_name: str - :keyword scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", - and "Workspace". - :paramtype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope - :keyword required_permissions: Required permissions for the connector. - :paramtype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword content_id: The content id of the package. + :paramtype content_id: str + :keyword content_product_id: Unique ID for the content. It should be generated based on the + contentId, contentKind and the contentVersion of the package. + :paramtype content_product_id: str + :keyword content_kind: The package kind. Known values are: "Solution" and "Standalone". + :paramtype content_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :keyword content_schema_version: The version of the content schema. + :paramtype content_schema_version: str + :keyword is_new: Flag indicates if this is a newly published package. Known values are: "true" + and "false". + :paramtype is_new: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_preview: Flag indicates if this package is in preview. Known values are: "true" and + "false". + :paramtype is_preview: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_featured: Flag indicates if this package is among the featured list. Known values + are: "true" and "false". + :paramtype is_featured: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_deprecated: Flag indicates if this template is deprecated. Known values are: "true" + and "false". + :paramtype is_deprecated: str or ~azure.mgmt.securityinsight.models.Flag + :keyword version: the latest version number of the package. + :paramtype version: str + :keyword display_name: The display name of the package. + :paramtype display_name: str + :keyword description: The description of the package. + :paramtype description: str + :keyword publisher_display_name: The publisher display name of the package. + :paramtype publisher_display_name: str + :keyword source: The source of the package. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The author of the package. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: The support tier of the package. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: The support tier of the package. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword providers: Providers for the package item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date package item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the package item. + :paramtype last_publish_date: ~datetime.date + :keyword categories: The categories of the package. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword icon: the icon identifier. this id can later be fetched from the content metadata. + :paramtype icon: str + :keyword installed_version: The version of the installed package, null or absent means not + installed. + :paramtype installed_version: str + :keyword resource_id: The metadata resource id. + :paramtype resource_id: str + :keyword packaged_content: The json to deploy. Expandable. + :paramtype packaged_content: JSON """ - super().__init__(**kwargs) - self.provider = provider - self.permissions_display_text = permissions_display_text - self.provider_display_name = provider_display_name - self.scope = scope - self.required_permissions = required_permissions + super().__init__(etag=etag, **kwargs) + self.content_id = content_id + self.content_product_id = content_product_id + self.content_kind = content_kind + self.content_schema_version = content_schema_version + self.is_new = is_new + self.is_preview = is_preview + self.is_featured = is_featured + self.is_deprecated = is_deprecated + self.version = version + self.display_name = display_name + self.description = description + self.publisher_display_name = publisher_display_name + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.categories = categories + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.icon = icon + self.installed_version = installed_version + self.resource_id = resource_id + self.packaged_content = packaged_content -class PermissionsResourceProviderItem(ResourceProvider): - """PermissionsResourceProviderItem. +class ProductPackageProperties( + PackageBaseProperties, ProductPackageAdditionalProperties +): # pylint: disable=too-many-instance-attributes + """Describes package properties. - :ivar provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", - "Microsoft.OperationalInsights/workspaces", - "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", - "Microsoft.OperationalInsights/workspaces/sharedKeys", and - "Microsoft.Authorization/policyAssignments". - :vartype provider: str or ~azure.mgmt.securityinsight.models.ProviderName - :ivar permissions_display_text: Permission description text. - :vartype permissions_display_text: str - :ivar provider_display_name: Permission provider display name. - :vartype provider_display_name: str - :ivar scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", and - "Workspace". - :vartype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope - :ivar required_permissions: Required permissions for the connector. - :vartype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions + :ivar installed_version: The version of the installed package, null or absent means not + installed. + :vartype installed_version: str + :ivar resource_id: The metadata resource id. + :vartype resource_id: str + :ivar packaged_content: The json to deploy. Expandable. + :vartype packaged_content: JSON + :ivar content_id: The content id of the package. + :vartype content_id: str + :ivar content_product_id: Unique ID for the content. It should be generated based on the + contentId, contentKind and the contentVersion of the package. + :vartype content_product_id: str + :ivar content_kind: The package kind. Known values are: "Solution" and "Standalone". + :vartype content_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :ivar content_schema_version: The version of the content schema. + :vartype content_schema_version: str + :ivar is_new: Flag indicates if this is a newly published package. Known values are: "true" and + "false". + :vartype is_new: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_preview: Flag indicates if this package is in preview. Known values are: "true" and + "false". + :vartype is_preview: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_featured: Flag indicates if this package is among the featured list. Known values are: + "true" and "false". + :vartype is_featured: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_deprecated: Flag indicates if this template is deprecated. Known values are: "true" + and "false". + :vartype is_deprecated: str or ~azure.mgmt.securityinsight.models.Flag + :ivar version: the latest version number of the package. + :vartype version: str + :ivar display_name: The display name of the package. + :vartype display_name: str + :ivar description: The description of the package. + :vartype description: str + :ivar publisher_display_name: The publisher display name of the package. + :vartype publisher_display_name: str + :ivar source: The source of the package. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The author of the package. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: The support tier of the package. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: The support tier of the package. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar providers: Providers for the package item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date package item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the package item. + :vartype last_publish_date: ~datetime.date + :ivar categories: The categories of the package. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar icon: the icon identifier. this id can later be fetched from the content metadata. + :vartype icon: str """ _attribute_map = { - "provider": {"key": "provider", "type": "str"}, - "permissions_display_text": {"key": "permissionsDisplayText", "type": "str"}, - "provider_display_name": {"key": "providerDisplayName", "type": "str"}, - "scope": {"key": "scope", "type": "str"}, - "required_permissions": {"key": "requiredPermissions", "type": "RequiredPermissions"}, + "installed_version": {"key": "installedVersion", "type": "str"}, + "resource_id": {"key": "resourceId", "type": "str"}, + "packaged_content": {"key": "packagedContent", "type": "object"}, + "content_id": {"key": "contentId", "type": "str"}, + "content_product_id": {"key": "contentProductId", "type": "str"}, + "content_kind": {"key": "contentKind", "type": "str"}, + "content_schema_version": {"key": "contentSchemaVersion", "type": "str"}, + "is_new": {"key": "isNew", "type": "str"}, + "is_preview": {"key": "isPreview", "type": "str"}, + "is_featured": {"key": "isFeatured", "type": "str"}, + "is_deprecated": {"key": "isDeprecated", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "publisher_display_name": {"key": "publisherDisplayName", "type": "str"}, + "source": {"key": "source", "type": "MetadataSource"}, + "author": {"key": "author", "type": "MetadataAuthor"}, + "support": {"key": "support", "type": "MetadataSupport"}, + "dependencies": {"key": "dependencies", "type": "MetadataDependencies"}, + "providers": {"key": "providers", "type": "[str]"}, + "first_publish_date": {"key": "firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "lastPublishDate", "type": "date"}, + "categories": {"key": "categories", "type": "MetadataCategories"}, + "threat_analysis_tactics": {"key": "threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "threatAnalysisTechniques", "type": "[str]"}, + "icon": {"key": "icon", "type": "str"}, } - def __init__( + def __init__( # pylint: disable=too-many-locals self, *, - provider: Optional[Union[str, "_models.ProviderName"]] = None, - permissions_display_text: Optional[str] = None, - provider_display_name: Optional[str] = None, - scope: Optional[Union[str, "_models.PermissionProviderScope"]] = None, - required_permissions: Optional["_models.RequiredPermissions"] = None, - **kwargs - ): + installed_version: Optional[str] = None, + resource_id: Optional[str] = None, + packaged_content: Optional[JSON] = None, + content_id: Optional[str] = None, + content_product_id: Optional[str] = None, + content_kind: Optional[Union[str, "_models.PackageKind"]] = None, + content_schema_version: Optional[str] = None, + is_new: Optional[Union[str, "_models.Flag"]] = None, + is_preview: Optional[Union[str, "_models.Flag"]] = None, + is_featured: Optional[Union[str, "_models.Flag"]] = None, + is_deprecated: Optional[Union[str, "_models.Flag"]] = None, + version: Optional[str] = None, + display_name: Optional[str] = None, + description: Optional[str] = None, + publisher_display_name: Optional[str] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + categories: Optional["_models.MetadataCategories"] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + icon: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", - "Microsoft.OperationalInsights/workspaces", - "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", - "Microsoft.OperationalInsights/workspaces/sharedKeys", and - "Microsoft.Authorization/policyAssignments". - :paramtype provider: str or ~azure.mgmt.securityinsight.models.ProviderName - :keyword permissions_display_text: Permission description text. - :paramtype permissions_display_text: str - :keyword provider_display_name: Permission provider display name. - :paramtype provider_display_name: str - :keyword scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", - and "Workspace". - :paramtype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope - :keyword required_permissions: Required permissions for the connector. - :paramtype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions + :keyword installed_version: The version of the installed package, null or absent means not + installed. + :paramtype installed_version: str + :keyword resource_id: The metadata resource id. + :paramtype resource_id: str + :keyword packaged_content: The json to deploy. Expandable. + :paramtype packaged_content: JSON + :keyword content_id: The content id of the package. + :paramtype content_id: str + :keyword content_product_id: Unique ID for the content. It should be generated based on the + contentId, contentKind and the contentVersion of the package. + :paramtype content_product_id: str + :keyword content_kind: The package kind. Known values are: "Solution" and "Standalone". + :paramtype content_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :keyword content_schema_version: The version of the content schema. + :paramtype content_schema_version: str + :keyword is_new: Flag indicates if this is a newly published package. Known values are: "true" + and "false". + :paramtype is_new: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_preview: Flag indicates if this package is in preview. Known values are: "true" and + "false". + :paramtype is_preview: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_featured: Flag indicates if this package is among the featured list. Known values + are: "true" and "false". + :paramtype is_featured: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_deprecated: Flag indicates if this template is deprecated. Known values are: "true" + and "false". + :paramtype is_deprecated: str or ~azure.mgmt.securityinsight.models.Flag + :keyword version: the latest version number of the package. + :paramtype version: str + :keyword display_name: The display name of the package. + :paramtype display_name: str + :keyword description: The description of the package. + :paramtype description: str + :keyword publisher_display_name: The publisher display name of the package. + :paramtype publisher_display_name: str + :keyword source: The source of the package. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The author of the package. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: The support tier of the package. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: The support tier of the package. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword providers: Providers for the package item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date package item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the package item. + :paramtype last_publish_date: ~datetime.date + :keyword categories: The categories of the package. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword icon: the icon identifier. this id can later be fetched from the content metadata. + :paramtype icon: str """ super().__init__( - provider=provider, - permissions_display_text=permissions_display_text, - provider_display_name=provider_display_name, - scope=scope, - required_permissions=required_permissions, + content_id=content_id, + content_product_id=content_product_id, + content_kind=content_kind, + content_schema_version=content_schema_version, + is_new=is_new, + is_preview=is_preview, + is_featured=is_featured, + is_deprecated=is_deprecated, + version=version, + display_name=display_name, + description=description, + publisher_display_name=publisher_display_name, + source=source, + author=author, + support=support, + dependencies=dependencies, + providers=providers, + first_publish_date=first_publish_date, + last_publish_date=last_publish_date, + categories=categories, + threat_analysis_tactics=threat_analysis_tactics, + threat_analysis_techniques=threat_analysis_techniques, + icon=icon, + installed_version=installed_version, + resource_id=resource_id, + packaged_content=packaged_content, **kwargs ) + self.installed_version = installed_version + self.resource_id = resource_id + self.packaged_content = packaged_content + self.content_id = content_id + self.content_product_id = content_product_id + self.content_kind = content_kind + self.content_schema_version = content_schema_version + self.is_new = is_new + self.is_preview = is_preview + self.is_featured = is_featured + self.is_deprecated = is_deprecated + self.version = version + self.display_name = display_name + self.description = description + self.publisher_display_name = publisher_display_name + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.categories = categories + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.icon = icon -class PlaybookActionProperties(_serialization.Model): - """PlaybookActionProperties. +class ProductTemplateAdditionalProperties(_serialization.Model): + """additional properties of product template. - :ivar logic_app_resource_id: The resource id of the playbook resource. - :vartype logic_app_resource_id: str - :ivar tenant_id: The tenant id of the playbook resource. - :vartype tenant_id: str + :ivar packaged_content: the json to deploy. + :vartype packaged_content: JSON """ _attribute_map = { - "logic_app_resource_id": {"key": "logicAppResourceId", "type": "str"}, - "tenant_id": {"key": "tenantId", "type": "str"}, + "packaged_content": {"key": "packagedContent", "type": "object"}, } - def __init__(self, *, logic_app_resource_id: Optional[str] = None, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, packaged_content: Optional[JSON] = None, **kwargs: Any) -> None: """ - :keyword logic_app_resource_id: The resource id of the playbook resource. - :paramtype logic_app_resource_id: str - :keyword tenant_id: The tenant id of the playbook resource. - :paramtype tenant_id: str + :keyword packaged_content: the json to deploy. + :paramtype packaged_content: JSON """ super().__init__(**kwargs) - self.logic_app_resource_id = logic_app_resource_id - self.tenant_id = tenant_id + self.packaged_content = packaged_content -class ProcessEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a process entity. +class ProductTemplateList(_serialization.Model): + """List of all the template. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. + :ivar value: Array of templates. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.ProductTemplateModel] + :ivar next_link: URL to fetch the next page of template. + :vartype next_link: str + """ + + _validation = { + "value": {"required": True}, + "next_link": {"readonly": True}, + } + + _attribute_map = { + "value": {"key": "value", "type": "[ProductTemplateModel]"}, + "next_link": {"key": "nextLink", "type": "str"}, + } + + def __init__(self, *, value: List["_models.ProductTemplateModel"], **kwargs: Any) -> None: + """ + :keyword value: Array of templates. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.ProductTemplateModel] + """ + super().__init__(**kwargs) + self.value = value + self.next_link = None + + +class ProductTemplateModel(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Template resource definition. + + Variables are only populated by the server, and will be ignored when sending a request. + :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -17723,171 +21300,761 @@ class ProcessEntity(Entity): # pylint: disable=too-many-instance-attributes :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar account_entity_id: The account entity id running the processes. - :vartype account_entity_id: str - :ivar command_line: The command line used to create the process. - :vartype command_line: str - :ivar creation_time_utc: The time when the process started to run. - :vartype creation_time_utc: ~datetime.datetime - :ivar elevation_token: The elevation token associated with the process. Known values are: - "Default", "Full", and "Limited". - :vartype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken - :ivar host_entity_id: The host entity id on which the process was running. - :vartype host_entity_id: str - :ivar host_logon_session_entity_id: The session entity id in which the process was running. - :vartype host_logon_session_entity_id: str - :ivar image_file_entity_id: Image file entity id. - :vartype image_file_entity_id: str - :ivar parent_process_entity_id: The parent process entity id. - :vartype parent_process_entity_id: str - :ivar process_id: The process ID. - :vartype process_id: str + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :vartype content_id: str + :ivar content_product_id: Unique ID for the content. It should be generated based on the + contentId of the package, contentId of the template, contentKind of the template and the + contentVersion of the template. + :vartype content_product_id: str + :ivar package_version: Version of the package. Default and recommended format is numeric (e.g. + 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but + then we cannot guarantee any version checks. + :vartype package_version: str + :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, + 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we + cannot guarantee any version checks. + :vartype version: str + :ivar display_name: The display name of the template. + :vartype display_name: str + :ivar content_kind: The kind of content the template is for. Known values are: "DataConnector", + "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :vartype content_kind: str or ~azure.mgmt.securityinsight.models.Kind + :ivar source: Source of the content. This is where/how it was created. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The creator of the content item. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: Support information for the template - type, name, contact information. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: Dependencies for the content item, what other content items it requires to + work. Can describe more complex dependencies using a recursive/nested structure. For a single + dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar categories: Categories for the item. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar providers: Providers for the content item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date content item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the content item. + :vartype last_publish_date: ~datetime.date + :ivar custom_version: The custom version of the content. A optional free text. + :vartype custom_version: str + :ivar content_schema_version: Schema version of the content. Can be used to distinguish between + different flow based on the schema version. + :vartype content_schema_version: str + :ivar icon: the icon identifier. this id can later be fetched from the content metadata. + :vartype icon: str + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar preview_images: preview image file names. These will be taken from the solution + artifacts. + :vartype preview_images: list[str] + :ivar preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :vartype preview_images_dark: list[str] + :ivar package_id: the package Id contains this template. + :vartype package_id: str + :ivar package_kind: the packageKind of the package contains this template. Known values are: + "Solution" and "Standalone". + :vartype package_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :ivar package_name: the name of the package contains this template. + :vartype package_name: str + :ivar is_deprecated: Flag indicates if this template is deprecated. Known values are: "true" + and "false". + :vartype is_deprecated: str or ~azure.mgmt.securityinsight.models.Flag + :ivar packaged_content: the json to deploy. + :vartype packaged_content: JSON + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "is_deprecated": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "content_id": {"key": "properties.contentId", "type": "str"}, + "content_product_id": {"key": "properties.contentProductId", "type": "str"}, + "package_version": {"key": "properties.packageVersion", "type": "str"}, + "version": {"key": "properties.version", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "content_kind": {"key": "properties.contentKind", "type": "str"}, + "source": {"key": "properties.source", "type": "MetadataSource"}, + "author": {"key": "properties.author", "type": "MetadataAuthor"}, + "support": {"key": "properties.support", "type": "MetadataSupport"}, + "dependencies": {"key": "properties.dependencies", "type": "MetadataDependencies"}, + "categories": {"key": "properties.categories", "type": "MetadataCategories"}, + "providers": {"key": "properties.providers", "type": "[str]"}, + "first_publish_date": {"key": "properties.firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "properties.lastPublishDate", "type": "date"}, + "custom_version": {"key": "properties.customVersion", "type": "str"}, + "content_schema_version": {"key": "properties.contentSchemaVersion", "type": "str"}, + "icon": {"key": "properties.icon", "type": "str"}, + "threat_analysis_tactics": {"key": "properties.threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "properties.threatAnalysisTechniques", "type": "[str]"}, + "preview_images": {"key": "properties.previewImages", "type": "[str]"}, + "preview_images_dark": {"key": "properties.previewImagesDark", "type": "[str]"}, + "package_id": {"key": "properties.packageId", "type": "str"}, + "package_kind": {"key": "properties.packageKind", "type": "str"}, + "package_name": {"key": "properties.packageName", "type": "str"}, + "is_deprecated": {"key": "properties.isDeprecated", "type": "str"}, + "packaged_content": {"key": "properties.packagedContent", "type": "object"}, + } + + def __init__( # pylint: disable=too-many-locals + self, + *, + etag: Optional[str] = None, + content_id: Optional[str] = None, + content_product_id: Optional[str] = None, + package_version: Optional[str] = None, + version: Optional[str] = None, + display_name: Optional[str] = None, + content_kind: Optional[Union[str, "_models.Kind"]] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + categories: Optional["_models.MetadataCategories"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + custom_version: Optional[str] = None, + content_schema_version: Optional[str] = None, + icon: Optional[str] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + preview_images: Optional[List[str]] = None, + preview_images_dark: Optional[List[str]] = None, + package_id: Optional[str] = None, + package_kind: Optional[Union[str, "_models.PackageKind"]] = None, + package_name: Optional[str] = None, + packaged_content: Optional[JSON] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :paramtype content_id: str + :keyword content_product_id: Unique ID for the content. It should be generated based on the + contentId of the package, contentId of the template, contentKind of the template and the + contentVersion of the template. + :paramtype content_product_id: str + :keyword package_version: Version of the package. Default and recommended format is numeric + (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, + but then we cannot guarantee any version checks. + :paramtype package_version: str + :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, + 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then + we cannot guarantee any version checks. + :paramtype version: str + :keyword display_name: The display name of the template. + :paramtype display_name: str + :keyword content_kind: The kind of content the template is for. Known values are: + "DataConnector", "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :paramtype content_kind: str or ~azure.mgmt.securityinsight.models.Kind + :keyword source: Source of the content. This is where/how it was created. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The creator of the content item. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: Support information for the template - type, name, contact information. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: Dependencies for the content item, what other content items it requires + to work. Can describe more complex dependencies using a recursive/nested structure. For a + single dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword categories: Categories for the item. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword providers: Providers for the content item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date content item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the content item. + :paramtype last_publish_date: ~datetime.date + :keyword custom_version: The custom version of the content. A optional free text. + :paramtype custom_version: str + :keyword content_schema_version: Schema version of the content. Can be used to distinguish + between different flow based on the schema version. + :paramtype content_schema_version: str + :keyword icon: the icon identifier. this id can later be fetched from the content metadata. + :paramtype icon: str + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword preview_images: preview image file names. These will be taken from the solution + artifacts. + :paramtype preview_images: list[str] + :keyword preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :paramtype preview_images_dark: list[str] + :keyword package_id: the package Id contains this template. + :paramtype package_id: str + :keyword package_kind: the packageKind of the package contains this template. Known values are: + "Solution" and "Standalone". + :paramtype package_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :keyword package_name: the name of the package contains this template. + :paramtype package_name: str + :keyword packaged_content: the json to deploy. + :paramtype packaged_content: JSON + """ + super().__init__(etag=etag, **kwargs) + self.content_id = content_id + self.content_product_id = content_product_id + self.package_version = package_version + self.version = version + self.display_name = display_name + self.content_kind = content_kind + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.categories = categories + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.custom_version = custom_version + self.content_schema_version = content_schema_version + self.icon = icon + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.preview_images = preview_images + self.preview_images_dark = preview_images_dark + self.package_id = package_id + self.package_kind = package_kind + self.package_name = package_name + self.is_deprecated = None + self.packaged_content = packaged_content + + +class TemplateBaseProperties(_serialization.Model): # pylint: disable=too-many-instance-attributes + """Template property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :vartype content_id: str + :ivar content_product_id: Unique ID for the content. It should be generated based on the + contentId of the package, contentId of the template, contentKind of the template and the + contentVersion of the template. + :vartype content_product_id: str + :ivar package_version: Version of the package. Default and recommended format is numeric (e.g. + 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but + then we cannot guarantee any version checks. + :vartype package_version: str + :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, + 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we + cannot guarantee any version checks. + :vartype version: str + :ivar display_name: The display name of the template. + :vartype display_name: str + :ivar content_kind: The kind of content the template is for. Known values are: "DataConnector", + "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :vartype content_kind: str or ~azure.mgmt.securityinsight.models.Kind + :ivar source: Source of the content. This is where/how it was created. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The creator of the content item. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: Support information for the template - type, name, contact information. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: Dependencies for the content item, what other content items it requires to + work. Can describe more complex dependencies using a recursive/nested structure. For a single + dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar categories: Categories for the item. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar providers: Providers for the content item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date content item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the content item. + :vartype last_publish_date: ~datetime.date + :ivar custom_version: The custom version of the content. A optional free text. + :vartype custom_version: str + :ivar content_schema_version: Schema version of the content. Can be used to distinguish between + different flow based on the schema version. + :vartype content_schema_version: str + :ivar icon: the icon identifier. this id can later be fetched from the content metadata. + :vartype icon: str + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar preview_images: preview image file names. These will be taken from the solution + artifacts. + :vartype preview_images: list[str] + :ivar preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :vartype preview_images_dark: list[str] + :ivar package_id: the package Id contains this template. + :vartype package_id: str + :ivar package_kind: the packageKind of the package contains this template. Known values are: + "Solution" and "Standalone". + :vartype package_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :ivar package_name: the name of the package contains this template. + :vartype package_name: str + :ivar is_deprecated: Flag indicates if this template is deprecated. Known values are: "true" + and "false". + :vartype is_deprecated: str or ~azure.mgmt.securityinsight.models.Flag """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "account_entity_id": {"readonly": True}, - "command_line": {"readonly": True}, - "creation_time_utc": {"readonly": True}, - "host_entity_id": {"readonly": True}, - "host_logon_session_entity_id": {"readonly": True}, - "image_file_entity_id": {"readonly": True}, - "parent_process_entity_id": {"readonly": True}, - "process_id": {"readonly": True}, + "is_deprecated": {"readonly": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "account_entity_id": {"key": "properties.accountEntityId", "type": "str"}, - "command_line": {"key": "properties.commandLine", "type": "str"}, - "creation_time_utc": {"key": "properties.creationTimeUtc", "type": "iso-8601"}, - "elevation_token": {"key": "properties.elevationToken", "type": "str"}, - "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, - "host_logon_session_entity_id": {"key": "properties.hostLogonSessionEntityId", "type": "str"}, - "image_file_entity_id": {"key": "properties.imageFileEntityId", "type": "str"}, - "parent_process_entity_id": {"key": "properties.parentProcessEntityId", "type": "str"}, - "process_id": {"key": "properties.processId", "type": "str"}, + "content_id": {"key": "contentId", "type": "str"}, + "content_product_id": {"key": "contentProductId", "type": "str"}, + "package_version": {"key": "packageVersion", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "content_kind": {"key": "contentKind", "type": "str"}, + "source": {"key": "source", "type": "MetadataSource"}, + "author": {"key": "author", "type": "MetadataAuthor"}, + "support": {"key": "support", "type": "MetadataSupport"}, + "dependencies": {"key": "dependencies", "type": "MetadataDependencies"}, + "categories": {"key": "categories", "type": "MetadataCategories"}, + "providers": {"key": "providers", "type": "[str]"}, + "first_publish_date": {"key": "firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "lastPublishDate", "type": "date"}, + "custom_version": {"key": "customVersion", "type": "str"}, + "content_schema_version": {"key": "contentSchemaVersion", "type": "str"}, + "icon": {"key": "icon", "type": "str"}, + "threat_analysis_tactics": {"key": "threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "threatAnalysisTechniques", "type": "[str]"}, + "preview_images": {"key": "previewImages", "type": "[str]"}, + "preview_images_dark": {"key": "previewImagesDark", "type": "[str]"}, + "package_id": {"key": "packageId", "type": "str"}, + "package_kind": {"key": "packageKind", "type": "str"}, + "package_name": {"key": "packageName", "type": "str"}, + "is_deprecated": {"key": "isDeprecated", "type": "str"}, } - def __init__(self, *, elevation_token: Optional[Union[str, "_models.ElevationToken"]] = None, **kwargs): + def __init__( # pylint: disable=too-many-locals + self, + *, + content_id: Optional[str] = None, + content_product_id: Optional[str] = None, + package_version: Optional[str] = None, + version: Optional[str] = None, + display_name: Optional[str] = None, + content_kind: Optional[Union[str, "_models.Kind"]] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + categories: Optional["_models.MetadataCategories"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + custom_version: Optional[str] = None, + content_schema_version: Optional[str] = None, + icon: Optional[str] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + preview_images: Optional[List[str]] = None, + preview_images_dark: Optional[List[str]] = None, + package_id: Optional[str] = None, + package_kind: Optional[Union[str, "_models.PackageKind"]] = None, + package_name: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword elevation_token: The elevation token associated with the process. Known values are: - "Default", "Full", and "Limited". - :paramtype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken + :keyword content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :paramtype content_id: str + :keyword content_product_id: Unique ID for the content. It should be generated based on the + contentId of the package, contentId of the template, contentKind of the template and the + contentVersion of the template. + :paramtype content_product_id: str + :keyword package_version: Version of the package. Default and recommended format is numeric + (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, + but then we cannot guarantee any version checks. + :paramtype package_version: str + :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, + 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then + we cannot guarantee any version checks. + :paramtype version: str + :keyword display_name: The display name of the template. + :paramtype display_name: str + :keyword content_kind: The kind of content the template is for. Known values are: + "DataConnector", "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :paramtype content_kind: str or ~azure.mgmt.securityinsight.models.Kind + :keyword source: Source of the content. This is where/how it was created. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The creator of the content item. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: Support information for the template - type, name, contact information. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: Dependencies for the content item, what other content items it requires + to work. Can describe more complex dependencies using a recursive/nested structure. For a + single dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword categories: Categories for the item. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword providers: Providers for the content item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date content item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the content item. + :paramtype last_publish_date: ~datetime.date + :keyword custom_version: The custom version of the content. A optional free text. + :paramtype custom_version: str + :keyword content_schema_version: Schema version of the content. Can be used to distinguish + between different flow based on the schema version. + :paramtype content_schema_version: str + :keyword icon: the icon identifier. this id can later be fetched from the content metadata. + :paramtype icon: str + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword preview_images: preview image file names. These will be taken from the solution + artifacts. + :paramtype preview_images: list[str] + :keyword preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :paramtype preview_images_dark: list[str] + :keyword package_id: the package Id contains this template. + :paramtype package_id: str + :keyword package_kind: the packageKind of the package contains this template. Known values are: + "Solution" and "Standalone". + :paramtype package_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :keyword package_name: the name of the package contains this template. + :paramtype package_name: str """ super().__init__(**kwargs) - self.kind: str = "Process" - self.additional_data = None - self.friendly_name = None - self.account_entity_id = None - self.command_line = None - self.creation_time_utc = None - self.elevation_token = elevation_token - self.host_entity_id = None - self.host_logon_session_entity_id = None - self.image_file_entity_id = None - self.parent_process_entity_id = None - self.process_id = None + self.content_id = content_id + self.content_product_id = content_product_id + self.package_version = package_version + self.version = version + self.display_name = display_name + self.content_kind = content_kind + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.categories = categories + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.custom_version = custom_version + self.content_schema_version = content_schema_version + self.icon = icon + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.preview_images = preview_images + self.preview_images_dark = preview_images_dark + self.package_id = package_id + self.package_kind = package_kind + self.package_name = package_name + self.is_deprecated = None -class ProcessEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """Process entity property bag. +class ProductTemplateProperties( + TemplateBaseProperties, ProductTemplateAdditionalProperties +): # pylint: disable=too-many-instance-attributes + """Template property bag. Variables are only populated by the server, and will be ignored when sending a request. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar account_entity_id: The account entity id running the processes. - :vartype account_entity_id: str - :ivar command_line: The command line used to create the process. - :vartype command_line: str - :ivar creation_time_utc: The time when the process started to run. - :vartype creation_time_utc: ~datetime.datetime - :ivar elevation_token: The elevation token associated with the process. Known values are: - "Default", "Full", and "Limited". - :vartype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken - :ivar host_entity_id: The host entity id on which the process was running. - :vartype host_entity_id: str - :ivar host_logon_session_entity_id: The session entity id in which the process was running. - :vartype host_logon_session_entity_id: str - :ivar image_file_entity_id: Image file entity id. - :vartype image_file_entity_id: str - :ivar parent_process_entity_id: The parent process entity id. - :vartype parent_process_entity_id: str - :ivar process_id: The process ID. - :vartype process_id: str + :ivar packaged_content: the json to deploy. + :vartype packaged_content: JSON + :ivar content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :vartype content_id: str + :ivar content_product_id: Unique ID for the content. It should be generated based on the + contentId of the package, contentId of the template, contentKind of the template and the + contentVersion of the template. + :vartype content_product_id: str + :ivar package_version: Version of the package. Default and recommended format is numeric (e.g. + 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but + then we cannot guarantee any version checks. + :vartype package_version: str + :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, + 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we + cannot guarantee any version checks. + :vartype version: str + :ivar display_name: The display name of the template. + :vartype display_name: str + :ivar content_kind: The kind of content the template is for. Known values are: "DataConnector", + "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :vartype content_kind: str or ~azure.mgmt.securityinsight.models.Kind + :ivar source: Source of the content. This is where/how it was created. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The creator of the content item. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: Support information for the template - type, name, contact information. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: Dependencies for the content item, what other content items it requires to + work. Can describe more complex dependencies using a recursive/nested structure. For a single + dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar categories: Categories for the item. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar providers: Providers for the content item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date content item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the content item. + :vartype last_publish_date: ~datetime.date + :ivar custom_version: The custom version of the content. A optional free text. + :vartype custom_version: str + :ivar content_schema_version: Schema version of the content. Can be used to distinguish between + different flow based on the schema version. + :vartype content_schema_version: str + :ivar icon: the icon identifier. this id can later be fetched from the content metadata. + :vartype icon: str + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar preview_images: preview image file names. These will be taken from the solution + artifacts. + :vartype preview_images: list[str] + :ivar preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :vartype preview_images_dark: list[str] + :ivar package_id: the package Id contains this template. + :vartype package_id: str + :ivar package_kind: the packageKind of the package contains this template. Known values are: + "Solution" and "Standalone". + :vartype package_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :ivar package_name: the name of the package contains this template. + :vartype package_name: str + :ivar is_deprecated: Flag indicates if this template is deprecated. Known values are: "true" + and "false". + :vartype is_deprecated: str or ~azure.mgmt.securityinsight.models.Flag """ - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "account_entity_id": {"readonly": True}, - "command_line": {"readonly": True}, - "creation_time_utc": {"readonly": True}, - "host_entity_id": {"readonly": True}, - "host_logon_session_entity_id": {"readonly": True}, - "image_file_entity_id": {"readonly": True}, - "parent_process_entity_id": {"readonly": True}, - "process_id": {"readonly": True}, - } - - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "account_entity_id": {"key": "accountEntityId", "type": "str"}, - "command_line": {"key": "commandLine", "type": "str"}, - "creation_time_utc": {"key": "creationTimeUtc", "type": "iso-8601"}, - "elevation_token": {"key": "elevationToken", "type": "str"}, - "host_entity_id": {"key": "hostEntityId", "type": "str"}, - "host_logon_session_entity_id": {"key": "hostLogonSessionEntityId", "type": "str"}, - "image_file_entity_id": {"key": "imageFileEntityId", "type": "str"}, - "parent_process_entity_id": {"key": "parentProcessEntityId", "type": "str"}, - "process_id": {"key": "processId", "type": "str"}, + _validation = { + "is_deprecated": {"readonly": True}, } - def __init__(self, *, elevation_token: Optional[Union[str, "_models.ElevationToken"]] = None, **kwargs): - """ - :keyword elevation_token: The elevation token associated with the process. Known values are: - "Default", "Full", and "Limited". - :paramtype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken + _attribute_map = { + "packaged_content": {"key": "packagedContent", "type": "object"}, + "content_id": {"key": "contentId", "type": "str"}, + "content_product_id": {"key": "contentProductId", "type": "str"}, + "package_version": {"key": "packageVersion", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "content_kind": {"key": "contentKind", "type": "str"}, + "source": {"key": "source", "type": "MetadataSource"}, + "author": {"key": "author", "type": "MetadataAuthor"}, + "support": {"key": "support", "type": "MetadataSupport"}, + "dependencies": {"key": "dependencies", "type": "MetadataDependencies"}, + "categories": {"key": "categories", "type": "MetadataCategories"}, + "providers": {"key": "providers", "type": "[str]"}, + "first_publish_date": {"key": "firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "lastPublishDate", "type": "date"}, + "custom_version": {"key": "customVersion", "type": "str"}, + "content_schema_version": {"key": "contentSchemaVersion", "type": "str"}, + "icon": {"key": "icon", "type": "str"}, + "threat_analysis_tactics": {"key": "threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "threatAnalysisTechniques", "type": "[str]"}, + "preview_images": {"key": "previewImages", "type": "[str]"}, + "preview_images_dark": {"key": "previewImagesDark", "type": "[str]"}, + "package_id": {"key": "packageId", "type": "str"}, + "package_kind": {"key": "packageKind", "type": "str"}, + "package_name": {"key": "packageName", "type": "str"}, + "is_deprecated": {"key": "isDeprecated", "type": "str"}, + } + + def __init__( # pylint: disable=too-many-locals + self, + *, + packaged_content: Optional[JSON] = None, + content_id: Optional[str] = None, + content_product_id: Optional[str] = None, + package_version: Optional[str] = None, + version: Optional[str] = None, + display_name: Optional[str] = None, + content_kind: Optional[Union[str, "_models.Kind"]] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + categories: Optional["_models.MetadataCategories"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + custom_version: Optional[str] = None, + content_schema_version: Optional[str] = None, + icon: Optional[str] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + preview_images: Optional[List[str]] = None, + preview_images_dark: Optional[List[str]] = None, + package_id: Optional[str] = None, + package_kind: Optional[Union[str, "_models.PackageKind"]] = None, + package_name: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword packaged_content: the json to deploy. + :paramtype packaged_content: JSON + :keyword content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :paramtype content_id: str + :keyword content_product_id: Unique ID for the content. It should be generated based on the + contentId of the package, contentId of the template, contentKind of the template and the + contentVersion of the template. + :paramtype content_product_id: str + :keyword package_version: Version of the package. Default and recommended format is numeric + (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, + but then we cannot guarantee any version checks. + :paramtype package_version: str + :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, + 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then + we cannot guarantee any version checks. + :paramtype version: str + :keyword display_name: The display name of the template. + :paramtype display_name: str + :keyword content_kind: The kind of content the template is for. Known values are: + "DataConnector", "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :paramtype content_kind: str or ~azure.mgmt.securityinsight.models.Kind + :keyword source: Source of the content. This is where/how it was created. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The creator of the content item. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: Support information for the template - type, name, contact information. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: Dependencies for the content item, what other content items it requires + to work. Can describe more complex dependencies using a recursive/nested structure. For a + single dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword categories: Categories for the item. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword providers: Providers for the content item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date content item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the content item. + :paramtype last_publish_date: ~datetime.date + :keyword custom_version: The custom version of the content. A optional free text. + :paramtype custom_version: str + :keyword content_schema_version: Schema version of the content. Can be used to distinguish + between different flow based on the schema version. + :paramtype content_schema_version: str + :keyword icon: the icon identifier. this id can later be fetched from the content metadata. + :paramtype icon: str + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword preview_images: preview image file names. These will be taken from the solution + artifacts. + :paramtype preview_images: list[str] + :keyword preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :paramtype preview_images_dark: list[str] + :keyword package_id: the package Id contains this template. + :paramtype package_id: str + :keyword package_kind: the packageKind of the package contains this template. Known values are: + "Solution" and "Standalone". + :paramtype package_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :keyword package_name: the name of the package contains this template. + :paramtype package_name: str """ - super().__init__(**kwargs) - self.account_entity_id = None - self.command_line = None - self.creation_time_utc = None - self.elevation_token = elevation_token - self.host_entity_id = None - self.host_logon_session_entity_id = None - self.image_file_entity_id = None - self.parent_process_entity_id = None - self.process_id = None + super().__init__( + content_id=content_id, + content_product_id=content_product_id, + package_version=package_version, + version=version, + display_name=display_name, + content_kind=content_kind, + source=source, + author=author, + support=support, + dependencies=dependencies, + categories=categories, + providers=providers, + first_publish_date=first_publish_date, + last_publish_date=last_publish_date, + custom_version=custom_version, + content_schema_version=content_schema_version, + icon=icon, + threat_analysis_tactics=threat_analysis_tactics, + threat_analysis_techniques=threat_analysis_techniques, + preview_images=preview_images, + preview_images_dark=preview_images_dark, + package_id=package_id, + package_kind=package_kind, + package_name=package_name, + packaged_content=packaged_content, + **kwargs + ) + self.packaged_content = packaged_content + self.content_id = content_id + self.content_product_id = content_product_id + self.package_version = package_version + self.version = version + self.display_name = display_name + self.content_kind = content_kind + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.categories = categories + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.custom_version = custom_version + self.content_schema_version = content_schema_version + self.icon = icon + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.preview_images = preview_images + self.preview_images_dark = preview_images_dark + self.package_id = package_id + self.package_kind = package_kind + self.package_name = package_name + self.is_deprecated = None class PropertyArrayChangedConditionProperties(AutomationRuleCondition): @@ -17919,8 +22086,8 @@ def __init__( self, *, condition_properties: Optional["_models.AutomationRulePropertyArrayChangedValuesCondition"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword condition_properties: :paramtype condition_properties: @@ -17954,8 +22121,11 @@ class PropertyArrayConditionProperties(AutomationRuleCondition): } def __init__( - self, *, condition_properties: Optional["_models.AutomationRulePropertyArrayValuesCondition"] = None, **kwargs - ): + self, + *, + condition_properties: Optional["_models.AutomationRulePropertyArrayValuesCondition"] = None, + **kwargs: Any + ) -> None: """ :keyword condition_properties: :paramtype condition_properties: @@ -17989,8 +22159,11 @@ class PropertyChangedConditionProperties(AutomationRuleCondition): } def __init__( - self, *, condition_properties: Optional["_models.AutomationRulePropertyValuesChangedCondition"] = None, **kwargs - ): + self, + *, + condition_properties: Optional["_models.AutomationRulePropertyValuesChangedCondition"] = None, + **kwargs: Any + ) -> None: """ :keyword condition_properties: :paramtype condition_properties: @@ -18024,8 +22197,8 @@ class PropertyConditionProperties(AutomationRuleCondition): } def __init__( - self, *, condition_properties: Optional["_models.AutomationRulePropertyValuesCondition"] = None, **kwargs - ): + self, *, condition_properties: Optional["_models.AutomationRulePropertyValuesCondition"] = None, **kwargs: Any + ) -> None: """ :keyword condition_properties: :paramtype condition_properties: @@ -18036,6 +22209,35 @@ def __init__( self.condition_properties = condition_properties +class PullRequest(_serialization.Model): + """Information regarding pull request for protected branches. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar url: URL of pull request. + :vartype url: str + :ivar state: State of the pull request. Known values are: "Active", "Disabled", + "CompletedByUser", "CompletedByAction", and "Hidden". + :vartype state: str or ~azure.mgmt.securityinsight.models.State + """ + + _validation = { + "url": {"readonly": True}, + "state": {"readonly": True}, + } + + _attribute_map = { + "url": {"key": "url", "type": "str"}, + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.url = None + self.state = None + + class Recommendation(_serialization.Model): # pylint: disable=too-many-instance-attributes """Recommendation object. @@ -18148,8 +22350,8 @@ def __init__( hide_until_time_utc: Optional[datetime.datetime] = None, display_until_time_utc: Optional[datetime.datetime] = None, visible: Optional[bool] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword id: id of recommendation. Required. :paramtype id: str @@ -18230,7 +22432,7 @@ class RecommendationList(_serialization.Model): "value": {"key": "value", "type": "[Recommendation]"}, } - def __init__(self, *, value: Optional[List["_models.Recommendation"]] = None, **kwargs): + def __init__(self, *, value: Optional[List["_models.Recommendation"]] = None, **kwargs: Any) -> None: """ :keyword value: An list of recommendations. :paramtype value: list[~azure.mgmt.securityinsight.models.Recommendation] @@ -18260,8 +22462,8 @@ def __init__( *, state: Optional[Union[str, "_models.State"]] = None, hide_until_time_utc: Optional[datetime.datetime] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword state: State of the recommendation. Known values are: "Active", "Disabled", "CompletedByUser", "CompletedByAction", and "Hidden". @@ -18300,8 +22502,8 @@ class RecommendedAction(_serialization.Model): } def __init__( - self, *, link_text: str, link_url: str, state: Optional[Union[str, "_models.Priority"]] = None, **kwargs - ): + self, *, link_text: str, link_url: str, state: Optional[Union[str, "_models.Priority"]] = None, **kwargs: Any + ) -> None: """ :keyword link_text: Text of the link to complete the action. Required. :paramtype link_text: str @@ -18338,7 +22540,7 @@ class RegistryKeyEntity(Entity): "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. :vartype additional_data: dict[str, any] @@ -18378,7 +22580,7 @@ class RegistryKeyEntity(Entity): "key": {"key": "properties.key", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: str = "RegistryKey" @@ -18422,7 +22624,7 @@ class RegistryKeyEntityProperties(EntityCommonProperties): "key": {"key": "key", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.hive = None @@ -18451,7 +22653,7 @@ class RegistryValueEntity(Entity): # pylint: disable=too-many-instance-attribut "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. :vartype additional_data: dict[str, any] @@ -18498,7 +22700,7 @@ class RegistryValueEntity(Entity): # pylint: disable=too-many-instance-attribut "value_type": {"key": "properties.valueType", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: str = "RegistryValue" @@ -18551,7 +22753,7 @@ class RegistryValueEntityProperties(EntityCommonProperties): "value_type": {"key": "valueType", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.key_entity_id = None @@ -18610,7 +22812,7 @@ class Relation(ResourceWithEtag): "related_resource_kind": {"key": "properties.relatedResourceKind", "type": "str"}, } - def __init__(self, *, etag: Optional[str] = None, related_resource_id: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, related_resource_id: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -18647,7 +22849,7 @@ class RelationList(_serialization.Model): "value": {"key": "value", "type": "[Relation]"}, } - def __init__(self, *, value: List["_models.Relation"], **kwargs): + def __init__(self, *, value: List["_models.Relation"], **kwargs: Any) -> None: """ :keyword value: Array of relations. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.Relation] @@ -18664,6 +22866,8 @@ class Repo(_serialization.Model): :vartype url: str :ivar full_name: The name of the repository. :vartype full_name: str + :ivar installation_id: The installation id of the repository. + :vartype installation_id: int :ivar branches: Array of branches. :vartype branches: list[str] """ @@ -18671,6 +22875,7 @@ class Repo(_serialization.Model): _attribute_map = { "url": {"key": "url", "type": "str"}, "full_name": {"key": "fullName", "type": "str"}, + "installation_id": {"key": "installationId", "type": "int"}, "branches": {"key": "branches", "type": "[str]"}, } @@ -18679,20 +22884,24 @@ def __init__( *, url: Optional[str] = None, full_name: Optional[str] = None, + installation_id: Optional[int] = None, branches: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword url: The url to access the repository. :paramtype url: str :keyword full_name: The name of the repository. :paramtype full_name: str + :keyword installation_id: The installation id of the repository. + :paramtype installation_id: int :keyword branches: Array of branches. :paramtype branches: list[str] """ super().__init__(**kwargs) self.url = url self.full_name = full_name + self.installation_id = installation_id self.branches = branches @@ -18719,7 +22928,7 @@ class RepoList(_serialization.Model): "value": {"key": "value", "type": "[Repo]"}, } - def __init__(self, *, value: List["_models.Repo"], **kwargs): + def __init__(self, *, value: List["_models.Repo"], **kwargs: Any) -> None: """ :keyword value: Array of repositories. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.Repo] @@ -18732,59 +22941,194 @@ def __init__(self, *, value: List["_models.Repo"], **kwargs): class Repository(_serialization.Model): """metadata of a repository. - :ivar url: Url of repository. + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar url: Url of repository. Required. :vartype url: str - :ivar branch: Branch name of repository. + :ivar branch: Branch name of repository. Required. :vartype branch: str :ivar display_url: Display url of repository. :vartype display_url: str :ivar deployment_logs_url: Url to access repository action logs. :vartype deployment_logs_url: str - :ivar path_mapping: Dictionary of source control content type and path mapping. - :vartype path_mapping: list[~azure.mgmt.securityinsight.models.ContentPathMap] """ + _validation = { + "url": {"required": True}, + "branch": {"required": True}, + "deployment_logs_url": {"readonly": True}, + } + _attribute_map = { "url": {"key": "url", "type": "str"}, "branch": {"key": "branch", "type": "str"}, "display_url": {"key": "displayUrl", "type": "str"}, "deployment_logs_url": {"key": "deploymentLogsUrl", "type": "str"}, - "path_mapping": {"key": "pathMapping", "type": "[ContentPathMap]"}, } - def __init__( - self, - *, - url: Optional[str] = None, - branch: Optional[str] = None, - display_url: Optional[str] = None, - deployment_logs_url: Optional[str] = None, - path_mapping: Optional[List["_models.ContentPathMap"]] = None, - **kwargs - ): + def __init__(self, *, url: str, branch: str, display_url: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword url: Url of repository. + :keyword url: Url of repository. Required. :paramtype url: str - :keyword branch: Branch name of repository. + :keyword branch: Branch name of repository. Required. :paramtype branch: str :keyword display_url: Display url of repository. :paramtype display_url: str - :keyword deployment_logs_url: Url to access repository action logs. - :paramtype deployment_logs_url: str - :keyword path_mapping: Dictionary of source control content type and path mapping. - :paramtype path_mapping: list[~azure.mgmt.securityinsight.models.ContentPathMap] """ super().__init__(**kwargs) self.url = url self.branch = branch self.display_url = display_url - self.deployment_logs_url = deployment_logs_url - self.path_mapping = path_mapping + self.deployment_logs_url = None + + +class RepositoryAccess(_serialization.Model): + """Credentials to access repository. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: The kind of repository access credentials. Required. Known values are: "OAuth", + "PAT", and "App". + :vartype kind: str or ~azure.mgmt.securityinsight.models.RepositoryAccessKind + :ivar code: OAuth Code. Required when ``kind`` is ``OAuth``. + :vartype code: str + :ivar state: OAuth State. Required when ``kind`` is ``OAuth``. + :vartype state: str + :ivar client_id: OAuth ClientId. Required when ``kind`` is ``OAuth``. + :vartype client_id: str + :ivar token: Personal Access Token. Required when ``kind`` is ``PAT``. + :vartype token: str + :ivar installation_id: Application installation ID. Required when ``kind`` is ``App``. + Supported by ``GitHub`` only. + :vartype installation_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "code": {"key": "code", "type": "str"}, + "state": {"key": "state", "type": "str"}, + "client_id": {"key": "clientId", "type": "str"}, + "token": {"key": "token", "type": "str"}, + "installation_id": {"key": "installationId", "type": "str"}, + } + + def __init__( + self, + *, + kind: Union[str, "_models.RepositoryAccessKind"], + code: Optional[str] = None, + state: Optional[str] = None, + client_id: Optional[str] = None, + token: Optional[str] = None, + installation_id: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword kind: The kind of repository access credentials. Required. Known values are: "OAuth", + "PAT", and "App". + :paramtype kind: str or ~azure.mgmt.securityinsight.models.RepositoryAccessKind + :keyword code: OAuth Code. Required when ``kind`` is ``OAuth``. + :paramtype code: str + :keyword state: OAuth State. Required when ``kind`` is ``OAuth``. + :paramtype state: str + :keyword client_id: OAuth ClientId. Required when ``kind`` is ``OAuth``. + :paramtype client_id: str + :keyword token: Personal Access Token. Required when ``kind`` is ``PAT``. + :paramtype token: str + :keyword installation_id: Application installation ID. Required when ``kind`` is ``App``. + Supported by ``GitHub`` only. + :paramtype installation_id: str + """ + super().__init__(**kwargs) + self.kind = kind + self.code = code + self.state = state + self.client_id = client_id + self.token = token + self.installation_id = installation_id + + +class RepositoryAccessProperties(_serialization.Model): + """Credentials to access repository. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: The kind of repository access credentials. Required. Known values are: "OAuth", + "PAT", and "App". + :vartype kind: str or ~azure.mgmt.securityinsight.models.RepositoryAccessKind + :ivar code: OAuth Code. Required when ``kind`` is ``OAuth``. + :vartype code: str + :ivar state: OAuth State. Required when ``kind`` is ``OAuth``. + :vartype state: str + :ivar client_id: OAuth ClientId. Required when ``kind`` is ``OAuth``. + :vartype client_id: str + :ivar token: Personal Access Token. Required when ``kind`` is ``PAT``. + :vartype token: str + :ivar installation_id: Application installation ID. Required when ``kind`` is ``App``. + Supported by ``GitHub`` only. + :vartype installation_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "properties.repositoryAccess.kind", "type": "str"}, + "code": {"key": "properties.repositoryAccess.code", "type": "str"}, + "state": {"key": "properties.repositoryAccess.state", "type": "str"}, + "client_id": {"key": "properties.repositoryAccess.clientId", "type": "str"}, + "token": {"key": "properties.repositoryAccess.token", "type": "str"}, + "installation_id": {"key": "properties.repositoryAccess.installationId", "type": "str"}, + } + + def __init__( + self, + *, + kind: Union[str, "_models.RepositoryAccessKind"], + code: Optional[str] = None, + state: Optional[str] = None, + client_id: Optional[str] = None, + token: Optional[str] = None, + installation_id: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword kind: The kind of repository access credentials. Required. Known values are: "OAuth", + "PAT", and "App". + :paramtype kind: str or ~azure.mgmt.securityinsight.models.RepositoryAccessKind + :keyword code: OAuth Code. Required when ``kind`` is ``OAuth``. + :paramtype code: str + :keyword state: OAuth State. Required when ``kind`` is ``OAuth``. + :paramtype state: str + :keyword client_id: OAuth ClientId. Required when ``kind`` is ``OAuth``. + :paramtype client_id: str + :keyword token: Personal Access Token. Required when ``kind`` is ``PAT``. + :paramtype token: str + :keyword installation_id: Application installation ID. Required when ``kind`` is ``App``. + Supported by ``GitHub`` only. + :paramtype installation_id: str + """ + super().__init__(**kwargs) + self.kind = kind + self.code = code + self.state = state + self.client_id = client_id + self.token = token + self.installation_id = installation_id class RepositoryResourceInfo(_serialization.Model): """Resources created in user's repository for the source-control. + Variables are only populated by the server, and will be ignored when sending a request. + :ivar webhook: The webhook object created for the source-control. :vartype webhook: ~azure.mgmt.securityinsight.models.Webhook :ivar git_hub_resource_info: Resources created in GitHub for this source-control. @@ -18794,34 +23138,26 @@ class RepositoryResourceInfo(_serialization.Model): ~azure.mgmt.securityinsight.models.AzureDevOpsResourceInfo """ + _validation = { + "git_hub_resource_info": {"readonly": True}, + "azure_dev_ops_resource_info": {"readonly": True}, + } + _attribute_map = { "webhook": {"key": "webhook", "type": "Webhook"}, "git_hub_resource_info": {"key": "gitHubResourceInfo", "type": "GitHubResourceInfo"}, "azure_dev_ops_resource_info": {"key": "azureDevOpsResourceInfo", "type": "AzureDevOpsResourceInfo"}, } - def __init__( - self, - *, - webhook: Optional["_models.Webhook"] = None, - git_hub_resource_info: Optional["_models.GitHubResourceInfo"] = None, - azure_dev_ops_resource_info: Optional["_models.AzureDevOpsResourceInfo"] = None, - **kwargs - ): + def __init__(self, *, webhook: Optional["_models.Webhook"] = None, **kwargs: Any) -> None: """ :keyword webhook: The webhook object created for the source-control. :paramtype webhook: ~azure.mgmt.securityinsight.models.Webhook - :keyword git_hub_resource_info: Resources created in GitHub for this source-control. - :paramtype git_hub_resource_info: ~azure.mgmt.securityinsight.models.GitHubResourceInfo - :keyword azure_dev_ops_resource_info: Resources created in Azure DevOps for this - source-control. - :paramtype azure_dev_ops_resource_info: - ~azure.mgmt.securityinsight.models.AzureDevOpsResourceInfo """ super().__init__(**kwargs) self.webhook = webhook - self.git_hub_resource_info = git_hub_resource_info - self.azure_dev_ops_resource_info = azure_dev_ops_resource_info + self.git_hub_resource_info = None + self.azure_dev_ops_resource_info = None class RequiredPermissions(_serialization.Model): @@ -18833,41 +23169,180 @@ class RequiredPermissions(_serialization.Model): :vartype write: bool :ivar read: read permission. :vartype read: bool - :ivar delete: delete permission. + :ivar delete: delete permission. + :vartype delete: bool + """ + + _attribute_map = { + "action": {"key": "action", "type": "bool"}, + "write": {"key": "write", "type": "bool"}, + "read": {"key": "read", "type": "bool"}, + "delete": {"key": "delete", "type": "bool"}, + } + + def __init__( + self, + *, + action: Optional[bool] = None, + write: Optional[bool] = None, + read: Optional[bool] = None, + delete: Optional[bool] = None, + **kwargs: Any + ) -> None: + """ + :keyword action: action permission. + :paramtype action: bool + :keyword write: write permission. + :paramtype write: bool + :keyword read: read permission. + :paramtype read: bool + :keyword delete: delete permission. + :paramtype delete: bool + """ + super().__init__(**kwargs) + self.action = action + self.write = write + self.read = read + self.delete = delete + + +class ResourceProviderRequiredPermissions(_serialization.Model): + """Required permissions for the connector resource provider that define in ResourceProviders. + For more information about the permissions see :code:`here`. + + :ivar read: Gets or sets a value indicating whether the permission is read action (GET). + :vartype read: bool + :ivar write: Gets or sets a value indicating whether the permission is write action (PUT or + PATCH). + :vartype write: bool + :ivar delete: Gets or sets a value indicating whether the permission is delete action (DELETE). :vartype delete: bool + :ivar action: Gets or sets a value indicating whether the permission is custom actions (POST). + :vartype action: bool """ _attribute_map = { - "action": {"key": "action", "type": "bool"}, - "write": {"key": "write", "type": "bool"}, "read": {"key": "read", "type": "bool"}, + "write": {"key": "write", "type": "bool"}, "delete": {"key": "delete", "type": "bool"}, + "action": {"key": "action", "type": "bool"}, } def __init__( self, *, - action: Optional[bool] = None, - write: Optional[bool] = None, read: Optional[bool] = None, + write: Optional[bool] = None, delete: Optional[bool] = None, - **kwargs - ): + action: Optional[bool] = None, + **kwargs: Any + ) -> None: """ - :keyword action: action permission. - :paramtype action: bool - :keyword write: write permission. - :paramtype write: bool - :keyword read: read permission. + :keyword read: Gets or sets a value indicating whether the permission is read action (GET). :paramtype read: bool - :keyword delete: delete permission. + :keyword write: Gets or sets a value indicating whether the permission is write action (PUT or + PATCH). + :paramtype write: bool + :keyword delete: Gets or sets a value indicating whether the permission is delete action + (DELETE). :paramtype delete: bool + :keyword action: Gets or sets a value indicating whether the permission is custom actions + (POST). + :paramtype action: bool """ super().__init__(**kwargs) - self.action = action - self.write = write self.read = read + self.write = write self.delete = delete + self.action = action + + +class SampleQuery(_serialization.Model): + """The sample queries for the connector. + + All required parameters must be populated in order to send to Azure. + + :ivar description: Gets or sets the sample query description. Required. + :vartype description: str + :ivar query: Gets or sets the KQL sample query. Required. + :vartype query: str + """ + + _validation = { + "description": {"required": True}, + "query": {"required": True}, + } + + _attribute_map = { + "description": {"key": "description", "type": "str"}, + "query": {"key": "query", "type": "str"}, + } + + def __init__(self, *, description: str, query: str, **kwargs: Any) -> None: + """ + :keyword description: Gets or sets the sample query description. Required. + :paramtype description: str + :keyword query: Gets or sets the KQL sample query. Required. + :paramtype query: str + """ + super().__init__(**kwargs) + self.description = description + self.query = query + + +class SapSolutionUsageStatistic(BillingStatistic): + """Billing statistic about the Microsoft Sentinel solution for SAP Usage. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Resource Etag. + :vartype etag: str + :ivar kind: The kind of the billing statistic. Required. "SapSolutionUsage" + :vartype kind: str or ~azure.mgmt.securityinsight.models.BillingStatisticKind + :ivar active_system_id_count: The latest count of active SAP system IDs under the Microsoft + Sentinel solution for SAP Usage. + :vartype active_system_id_count: int + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "etag": {"readonly": True}, + "kind": {"required": True}, + "active_system_id_count": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "active_system_id_count": {"key": "properties.activeSystemIdCount", "type": "int"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.kind: str = "SapSolutionUsage" + self.active_system_id_count = None class ScheduledAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes @@ -19013,8 +23488,8 @@ def __init__( # pylint: disable=too-many-locals tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, techniques: Optional[List[str]] = None, incident_configuration: Optional["_models.IncidentConfiguration"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -19156,8 +23631,8 @@ def __init__( entity_mappings: Optional[List["_models.EntityMapping"]] = None, alert_details_override: Optional["_models.AlertDetailsOverride"] = None, sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword query: The query that creates alerts for this rule. :paramtype query: str @@ -19319,8 +23794,8 @@ def __init__( tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, techniques: Optional[List[str]] = None, incident_configuration: Optional["_models.IncidentConfiguration"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword query: The query that creates alerts for this rule. :paramtype query: str @@ -19540,8 +24015,8 @@ def __init__( # pylint: disable=too-many-locals entity_mappings: Optional[List["_models.EntityMapping"]] = None, alert_details_override: Optional["_models.AlertDetailsOverride"] = None, sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword alert_rules_created_by_template_count: the number of alert rules that were created by this template. @@ -19638,7 +24113,7 @@ class SecurityAlert(Entity): # pylint: disable=too-many-instance-attributes "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. :vartype additional_data: dict[str, any] @@ -19784,8 +24259,8 @@ class SecurityAlert(Entity): # pylint: disable=too-many-instance-attributes } def __init__( # pylint: disable=too-many-locals - self, *, severity: Optional[Union[str, "_models.AlertSeverity"]] = None, **kwargs - ): + self, *, severity: Optional[Union[str, "_models.AlertSeverity"]] = None, **kwargs: Any + ) -> None: """ :keyword severity: The severity of the alert. Known values are: "High", "Medium", "Low", and "Informational". @@ -19959,8 +24434,8 @@ class SecurityAlertProperties(EntityCommonProperties): # pylint: disable=too-ma } def __init__( # pylint: disable=too-many-locals - self, *, severity: Optional[Union[str, "_models.AlertSeverity"]] = None, **kwargs - ): + self, *, severity: Optional[Union[str, "_models.AlertSeverity"]] = None, **kwargs: Any + ) -> None: """ :keyword severity: The severity of the alert. Known values are: "High", "Medium", "Low", and "Informational". @@ -20015,7 +24490,7 @@ class SecurityAlertPropertiesConfidenceReasonsItem(_serialization.Model): "reason_type": {"key": "reasonType", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.reason = None @@ -20100,8 +24575,8 @@ def __init__( product_name: Optional[str] = None, description: Optional[str] = None, techniques: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword azure_resource_id: The alert azure resource id. Required. :paramtype azure_resource_id: str @@ -20162,7 +24637,7 @@ class SecurityGroupEntity(Entity): "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. :vartype additional_data: dict[str, any] @@ -20205,7 +24680,7 @@ class SecurityGroupEntity(Entity): "sid": {"key": "properties.sid", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: str = "SecurityGroup" @@ -20253,7 +24728,7 @@ class SecurityGroupEntityProperties(EntityCommonProperties): "sid": {"key": "sid", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.distinguished_name = None @@ -20275,7 +24750,9 @@ class SecurityMLAnalyticsSettingsDataSource(_serialization.Model): "data_types": {"key": "dataTypes", "type": "[str]"}, } - def __init__(self, *, connector_id: Optional[str] = None, data_types: Optional[List[str]] = None, **kwargs): + def __init__( + self, *, connector_id: Optional[str] = None, data_types: Optional[List[str]] = None, **kwargs: Any + ) -> None: """ :keyword connector_id: The connector id that provides the following data types. :paramtype connector_id: str @@ -20310,7 +24787,7 @@ class SecurityMLAnalyticsSettingsList(_serialization.Model): "value": {"key": "value", "type": "[SecurityMLAnalyticsSetting]"}, } - def __init__(self, *, value: List["_models.SecurityMLAnalyticsSetting"], **kwargs): + def __init__(self, *, value: List["_models.SecurityMLAnalyticsSetting"], **kwargs: Any) -> None: """ :keyword value: Array of SecurityMLAnalyticsSettings. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting] @@ -20331,7 +24808,7 @@ class SentinelEntityMapping(_serialization.Model): "column_name": {"key": "columnName", "type": "str"}, } - def __init__(self, *, column_name: Optional[str] = None, **kwargs): + def __init__(self, *, column_name: Optional[str] = None, **kwargs: Any) -> None: """ :keyword column_name: the column name to be mapped to the SentinelEntities. :paramtype column_name: str @@ -20378,7 +24855,9 @@ class SentinelOnboardingState(ResourceWithEtag): "customer_managed_key": {"key": "properties.customerManagedKey", "type": "bool"}, } - def __init__(self, *, etag: Optional[str] = None, customer_managed_key: Optional[bool] = None, **kwargs): + def __init__( + self, *, etag: Optional[str] = None, customer_managed_key: Optional[bool] = None, **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -20406,7 +24885,7 @@ class SentinelOnboardingStatesList(_serialization.Model): "value": {"key": "value", "type": "[SentinelOnboardingState]"}, } - def __init__(self, *, value: List["_models.SentinelOnboardingState"], **kwargs): + def __init__(self, *, value: List["_models.SentinelOnboardingState"], **kwargs: Any) -> None: """ :keyword value: Array of Sentinel onboarding states. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.SentinelOnboardingState] @@ -20415,6 +24894,46 @@ def __init__(self, *, value: List["_models.SentinelOnboardingState"], **kwargs): self.value = value +class ServicePrincipal(_serialization.Model): + """Service principal metadata. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Id of service principal. + :vartype id: str + :ivar tenant_id: Tenant id of service principal. + :vartype tenant_id: str + :ivar app_id: App id of service principal. + :vartype app_id: str + :ivar credentials_expire_on: Expiration time of service principal credentials. + :vartype credentials_expire_on: ~datetime.datetime + """ + + _validation = { + "id": {"readonly": True}, + "tenant_id": {"readonly": True}, + "app_id": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "tenant_id": {"key": "tenantId", "type": "str"}, + "app_id": {"key": "appId", "type": "str"}, + "credentials_expire_on": {"key": "credentialsExpireOn", "type": "iso-8601"}, + } + + def __init__(self, *, credentials_expire_on: Optional[datetime.datetime] = None, **kwargs: Any) -> None: + """ + :keyword credentials_expire_on: Expiration time of service principal credentials. + :paramtype credentials_expire_on: ~datetime.datetime + """ + super().__init__(**kwargs) + self.id = None + self.tenant_id = None + self.app_id = None + self.credentials_expire_on = credentials_expire_on + + class SettingList(_serialization.Model): """List of all the settings. @@ -20432,7 +24951,7 @@ class SettingList(_serialization.Model): "value": {"key": "value", "type": "[Settings]"}, } - def __init__(self, *, value: List["_models.Settings"], **kwargs): + def __init__(self, *, value: List["_models.Settings"], **kwargs: Any) -> None: """ :keyword value: Array of settings. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.Settings] @@ -20446,6 +24965,8 @@ class SourceControl(ResourceWithEtag): # pylint: disable=too-many-instance-attr Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. + :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -20464,22 +24985,29 @@ class SourceControl(ResourceWithEtag): # pylint: disable=too-many-instance-attr :ivar version: The version number associated with the source control. Known values are: "V1" and "V2". :vartype version: str or ~azure.mgmt.securityinsight.models.Version - :ivar display_name: The display name of the source control. + :ivar display_name: The display name of the source control. Required. :vartype display_name: str :ivar description: A description of the source control. :vartype description: str - :ivar repo_type: The repository type of the source control. Known values are: "Github" and - "DevOps". + :ivar repo_type: The repository type of the source control. Required. Known values are: + "Github" and "AzureDevOps". :vartype repo_type: str or ~azure.mgmt.securityinsight.models.RepoType - :ivar content_types: Array of source control content types. + :ivar content_types: Array of source control content types. Required. :vartype content_types: list[str or ~azure.mgmt.securityinsight.models.ContentType] - :ivar repository: Repository metadata. + :ivar repository: Repository metadata. Required. :vartype repository: ~azure.mgmt.securityinsight.models.Repository + :ivar service_principal: Service principal metadata. + :vartype service_principal: ~azure.mgmt.securityinsight.models.ServicePrincipal + :ivar repository_access: Repository access credentials. This is write-only object and it never + returns back to a user. + :vartype repository_access: ~azure.mgmt.securityinsight.models.RepositoryAccess :ivar repository_resource_info: Information regarding the resources created in user's repository. :vartype repository_resource_info: ~azure.mgmt.securityinsight.models.RepositoryResourceInfo :ivar last_deployment_info: Information regarding the latest deployment for the source control. :vartype last_deployment_info: ~azure.mgmt.securityinsight.models.DeploymentInfo + :ivar pull_request: Information regarding the pull request of the source control. + :vartype pull_request: ~azure.mgmt.securityinsight.models.PullRequest """ _validation = { @@ -20487,6 +25015,14 @@ class SourceControl(ResourceWithEtag): # pylint: disable=too-many-instance-attr "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, + "id_properties_id": {"readonly": True}, + "version": {"readonly": True}, + "display_name": {"required": True}, + "repo_type": {"required": True}, + "content_types": {"required": True}, + "repository": {"required": True}, + "last_deployment_info": {"readonly": True}, + "pull_request": {"readonly": True}, } _attribute_map = { @@ -20502,61 +25038,63 @@ class SourceControl(ResourceWithEtag): # pylint: disable=too-many-instance-attr "repo_type": {"key": "properties.repoType", "type": "str"}, "content_types": {"key": "properties.contentTypes", "type": "[str]"}, "repository": {"key": "properties.repository", "type": "Repository"}, + "service_principal": {"key": "properties.servicePrincipal", "type": "ServicePrincipal"}, + "repository_access": {"key": "properties.repositoryAccess", "type": "RepositoryAccess"}, "repository_resource_info": {"key": "properties.repositoryResourceInfo", "type": "RepositoryResourceInfo"}, "last_deployment_info": {"key": "properties.lastDeploymentInfo", "type": "DeploymentInfo"}, + "pull_request": {"key": "properties.pullRequest", "type": "PullRequest"}, } def __init__( self, *, + display_name: str, + repo_type: Union[str, "_models.RepoType"], + content_types: List[Union[str, "_models.ContentType"]], + repository: "_models.Repository", etag: Optional[str] = None, - id_properties_id: Optional[str] = None, - version: Optional[Union[str, "_models.Version"]] = None, - display_name: Optional[str] = None, description: Optional[str] = None, - repo_type: Optional[Union[str, "_models.RepoType"]] = None, - content_types: Optional[List[Union[str, "_models.ContentType"]]] = None, - repository: Optional["_models.Repository"] = None, + service_principal: Optional["_models.ServicePrincipal"] = None, + repository_access: Optional["_models.RepositoryAccess"] = None, repository_resource_info: Optional["_models.RepositoryResourceInfo"] = None, - last_deployment_info: Optional["_models.DeploymentInfo"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword id_properties_id: The id (a Guid) of the source control. - :paramtype id_properties_id: str - :keyword version: The version number associated with the source control. Known values are: "V1" - and "V2". - :paramtype version: str or ~azure.mgmt.securityinsight.models.Version - :keyword display_name: The display name of the source control. + :keyword display_name: The display name of the source control. Required. :paramtype display_name: str :keyword description: A description of the source control. :paramtype description: str - :keyword repo_type: The repository type of the source control. Known values are: "Github" and - "DevOps". + :keyword repo_type: The repository type of the source control. Required. Known values are: + "Github" and "AzureDevOps". :paramtype repo_type: str or ~azure.mgmt.securityinsight.models.RepoType - :keyword content_types: Array of source control content types. + :keyword content_types: Array of source control content types. Required. :paramtype content_types: list[str or ~azure.mgmt.securityinsight.models.ContentType] - :keyword repository: Repository metadata. + :keyword repository: Repository metadata. Required. :paramtype repository: ~azure.mgmt.securityinsight.models.Repository + :keyword service_principal: Service principal metadata. + :paramtype service_principal: ~azure.mgmt.securityinsight.models.ServicePrincipal + :keyword repository_access: Repository access credentials. This is write-only object and it + never returns back to a user. + :paramtype repository_access: ~azure.mgmt.securityinsight.models.RepositoryAccess :keyword repository_resource_info: Information regarding the resources created in user's repository. :paramtype repository_resource_info: ~azure.mgmt.securityinsight.models.RepositoryResourceInfo - :keyword last_deployment_info: Information regarding the latest deployment for the source - control. - :paramtype last_deployment_info: ~azure.mgmt.securityinsight.models.DeploymentInfo """ super().__init__(etag=etag, **kwargs) - self.id_properties_id = id_properties_id - self.version = version + self.id_properties_id = None + self.version = None self.display_name = display_name self.description = description self.repo_type = repo_type self.content_types = content_types self.repository = repository + self.service_principal = service_principal + self.repository_access = repository_access self.repository_resource_info = repository_resource_info - self.last_deployment_info = last_deployment_info + self.last_deployment_info = None + self.pull_request = None class SourceControlList(_serialization.Model): @@ -20582,7 +25120,7 @@ class SourceControlList(_serialization.Model): "value": {"key": "value", "type": "[SourceControl]"}, } - def __init__(self, *, value: List["_models.SourceControl"], **kwargs): + def __init__(self, *, value: List["_models.SourceControl"], **kwargs: Any) -> None: """ :keyword value: Array of source controls. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.SourceControl] @@ -20614,7 +25152,7 @@ class SubmissionMailEntity(Entity): # pylint: disable=too-many-instance-attribu "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. :vartype additional_data: dict[str, any] @@ -20684,7 +25222,7 @@ class SubmissionMailEntity(Entity): # pylint: disable=too-many-instance-attribu "report_type": {"key": "properties.reportType", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: str = "SubmissionMail" @@ -20766,7 +25304,7 @@ class SubmissionMailEntityProperties(EntityCommonProperties): # pylint: disable "report_type": {"key": "reportType", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.network_message_id = None @@ -20818,8 +25356,8 @@ def __init__( last_modified_by: Optional[str] = None, last_modified_by_type: Optional[Union[str, "_models.CreatedByType"]] = None, last_modified_at: Optional[datetime.datetime] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword created_by: The identity that created the resource. :paramtype created_by: str @@ -20837,107 +25375,718 @@ def __init__( :paramtype last_modified_at: ~datetime.datetime """ super().__init__(**kwargs) - self.created_by = created_by - self.created_by_type = created_by_type - self.created_at = created_at - self.last_modified_by = last_modified_by - self.last_modified_by_type = last_modified_by_type - self.last_modified_at = last_modified_at + self.created_by = created_by + self.created_by_type = created_by_type + self.created_at = created_at + self.last_modified_by = last_modified_by + self.last_modified_by_type = last_modified_by_type + self.last_modified_at = last_modified_at + + +class TeamInformation(_serialization.Model): + """Describes team information. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar team_id: Team ID. + :vartype team_id: str + :ivar primary_channel_url: The primary channel URL of the team. + :vartype primary_channel_url: str + :ivar team_creation_time_utc: The time the team was created. + :vartype team_creation_time_utc: ~datetime.datetime + :ivar name: The name of the team. + :vartype name: str + :ivar description: The description of the team. + :vartype description: str + """ + + _validation = { + "team_id": {"readonly": True}, + "primary_channel_url": {"readonly": True}, + "team_creation_time_utc": {"readonly": True}, + "name": {"readonly": True}, + "description": {"readonly": True}, + } + + _attribute_map = { + "team_id": {"key": "teamId", "type": "str"}, + "primary_channel_url": {"key": "primaryChannelUrl", "type": "str"}, + "team_creation_time_utc": {"key": "teamCreationTimeUtc", "type": "iso-8601"}, + "name": {"key": "name", "type": "str"}, + "description": {"key": "description", "type": "str"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.team_id = None + self.primary_channel_url = None + self.team_creation_time_utc = None + self.name = None + self.description = None + + +class TeamProperties(_serialization.Model): + """Describes team properties. + + All required parameters must be populated in order to send to Azure. + + :ivar team_name: The name of the team. Required. + :vartype team_name: str + :ivar team_description: The description of the team. + :vartype team_description: str + :ivar group_ids: List of group IDs to add their members to the team. + :vartype group_ids: list[str] + :ivar member_ids: List of member IDs to add to the team. + :vartype member_ids: list[str] + """ + + _validation = { + "team_name": {"required": True}, + } + + _attribute_map = { + "team_name": {"key": "teamName", "type": "str"}, + "team_description": {"key": "teamDescription", "type": "str"}, + "group_ids": {"key": "groupIds", "type": "[str]"}, + "member_ids": {"key": "memberIds", "type": "[str]"}, + } + + def __init__( + self, + *, + team_name: str, + team_description: Optional[str] = None, + group_ids: Optional[List[str]] = None, + member_ids: Optional[List[str]] = None, + **kwargs: Any + ) -> None: + """ + :keyword team_name: The name of the team. Required. + :paramtype team_name: str + :keyword team_description: The description of the team. + :paramtype team_description: str + :keyword group_ids: List of group IDs to add their members to the team. + :paramtype group_ids: list[str] + :keyword member_ids: List of member IDs to add to the team. + :paramtype member_ids: list[str] + """ + super().__init__(**kwargs) + self.team_name = team_name + self.team_description = team_description + self.group_ids = group_ids + self.member_ids = member_ids + + +class TemplateAdditionalProperties(_serialization.Model): + """additional properties of product template. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar main_template: The JSON of the ARM template to deploy active content. Expandable. + :vartype main_template: JSON + :ivar dependant_templates: Dependant templates. Expandable. + :vartype dependant_templates: list[~azure.mgmt.securityinsight.models.TemplateProperties] + """ + + _validation = { + "dependant_templates": {"readonly": True}, + } + + _attribute_map = { + "main_template": {"key": "mainTemplate", "type": "object"}, + "dependant_templates": {"key": "dependantTemplates", "type": "[TemplateProperties]"}, + } + + def __init__(self, *, main_template: Optional[JSON] = None, **kwargs: Any) -> None: + """ + :keyword main_template: The JSON of the ARM template to deploy active content. Expandable. + :paramtype main_template: JSON + """ + super().__init__(**kwargs) + self.main_template = main_template + self.dependant_templates = None + + +class TemplateList(_serialization.Model): + """List of all the template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar value: Array of templates. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.TemplateModel] + :ivar next_link: URL to fetch the next page of template. + :vartype next_link: str + """ + + _validation = { + "value": {"required": True}, + "next_link": {"readonly": True}, + } + + _attribute_map = { + "value": {"key": "value", "type": "[TemplateModel]"}, + "next_link": {"key": "nextLink", "type": "str"}, + } + + def __init__(self, *, value: List["_models.TemplateModel"], **kwargs: Any) -> None: + """ + :keyword value: Array of templates. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.TemplateModel] + """ + super().__init__(**kwargs) + self.value = value + self.next_link = None -class TeamInformation(_serialization.Model): - """Describes team information. +class TemplateModel(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Template resource definition. Variables are only populated by the server, and will be ignored when sending a request. - :ivar team_id: Team ID. - :vartype team_id: str - :ivar primary_channel_url: The primary channel URL of the team. - :vartype primary_channel_url: str - :ivar team_creation_time_utc: The time the team was created. - :vartype team_creation_time_utc: ~datetime.datetime - :ivar name: The name of the team. + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. :vartype name: str - :ivar description: The description of the team. - :vartype description: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :vartype content_id: str + :ivar content_product_id: Unique ID for the content. It should be generated based on the + contentId of the package, contentId of the template, contentKind of the template and the + contentVersion of the template. + :vartype content_product_id: str + :ivar package_version: Version of the package. Default and recommended format is numeric (e.g. + 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but + then we cannot guarantee any version checks. + :vartype package_version: str + :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, + 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we + cannot guarantee any version checks. + :vartype version: str + :ivar display_name: The display name of the template. + :vartype display_name: str + :ivar content_kind: The kind of content the template is for. Known values are: "DataConnector", + "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :vartype content_kind: str or ~azure.mgmt.securityinsight.models.Kind + :ivar source: Source of the content. This is where/how it was created. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The creator of the content item. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: Support information for the template - type, name, contact information. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: Dependencies for the content item, what other content items it requires to + work. Can describe more complex dependencies using a recursive/nested structure. For a single + dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar categories: Categories for the item. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar providers: Providers for the content item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date content item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the content item. + :vartype last_publish_date: ~datetime.date + :ivar custom_version: The custom version of the content. A optional free text. + :vartype custom_version: str + :ivar content_schema_version: Schema version of the content. Can be used to distinguish between + different flow based on the schema version. + :vartype content_schema_version: str + :ivar icon: the icon identifier. this id can later be fetched from the content metadata. + :vartype icon: str + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar preview_images: preview image file names. These will be taken from the solution + artifacts. + :vartype preview_images: list[str] + :ivar preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :vartype preview_images_dark: list[str] + :ivar package_id: the package Id contains this template. + :vartype package_id: str + :ivar package_kind: the packageKind of the package contains this template. Known values are: + "Solution" and "Standalone". + :vartype package_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :ivar package_name: the name of the package contains this template. + :vartype package_name: str + :ivar is_deprecated: Flag indicates if this template is deprecated. Known values are: "true" + and "false". + :vartype is_deprecated: str or ~azure.mgmt.securityinsight.models.Flag + :ivar main_template: The JSON of the ARM template to deploy active content. Expandable. + :vartype main_template: JSON + :ivar dependant_templates: Dependant templates. Expandable. + :vartype dependant_templates: list[~azure.mgmt.securityinsight.models.TemplateProperties] """ _validation = { - "team_id": {"readonly": True}, - "primary_channel_url": {"readonly": True}, - "team_creation_time_utc": {"readonly": True}, + "id": {"readonly": True}, "name": {"readonly": True}, - "description": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "is_deprecated": {"readonly": True}, + "dependant_templates": {"readonly": True}, } _attribute_map = { - "team_id": {"key": "teamId", "type": "str"}, - "primary_channel_url": {"key": "primaryChannelUrl", "type": "str"}, - "team_creation_time_utc": {"key": "teamCreationTimeUtc", "type": "iso-8601"}, + "id": {"key": "id", "type": "str"}, "name": {"key": "name", "type": "str"}, - "description": {"key": "description", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "content_id": {"key": "properties.contentId", "type": "str"}, + "content_product_id": {"key": "properties.contentProductId", "type": "str"}, + "package_version": {"key": "properties.packageVersion", "type": "str"}, + "version": {"key": "properties.version", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "content_kind": {"key": "properties.contentKind", "type": "str"}, + "source": {"key": "properties.source", "type": "MetadataSource"}, + "author": {"key": "properties.author", "type": "MetadataAuthor"}, + "support": {"key": "properties.support", "type": "MetadataSupport"}, + "dependencies": {"key": "properties.dependencies", "type": "MetadataDependencies"}, + "categories": {"key": "properties.categories", "type": "MetadataCategories"}, + "providers": {"key": "properties.providers", "type": "[str]"}, + "first_publish_date": {"key": "properties.firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "properties.lastPublishDate", "type": "date"}, + "custom_version": {"key": "properties.customVersion", "type": "str"}, + "content_schema_version": {"key": "properties.contentSchemaVersion", "type": "str"}, + "icon": {"key": "properties.icon", "type": "str"}, + "threat_analysis_tactics": {"key": "properties.threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "properties.threatAnalysisTechniques", "type": "[str]"}, + "preview_images": {"key": "properties.previewImages", "type": "[str]"}, + "preview_images_dark": {"key": "properties.previewImagesDark", "type": "[str]"}, + "package_id": {"key": "properties.packageId", "type": "str"}, + "package_kind": {"key": "properties.packageKind", "type": "str"}, + "package_name": {"key": "properties.packageName", "type": "str"}, + "is_deprecated": {"key": "properties.isDeprecated", "type": "str"}, + "main_template": {"key": "properties.mainTemplate", "type": "object"}, + "dependant_templates": {"key": "properties.dependantTemplates", "type": "[TemplateProperties]"}, } - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.team_id = None - self.primary_channel_url = None - self.team_creation_time_utc = None - self.name = None - self.description = None + def __init__( # pylint: disable=too-many-locals + self, + *, + etag: Optional[str] = None, + content_id: Optional[str] = None, + content_product_id: Optional[str] = None, + package_version: Optional[str] = None, + version: Optional[str] = None, + display_name: Optional[str] = None, + content_kind: Optional[Union[str, "_models.Kind"]] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + categories: Optional["_models.MetadataCategories"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + custom_version: Optional[str] = None, + content_schema_version: Optional[str] = None, + icon: Optional[str] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + preview_images: Optional[List[str]] = None, + preview_images_dark: Optional[List[str]] = None, + package_id: Optional[str] = None, + package_kind: Optional[Union[str, "_models.PackageKind"]] = None, + package_name: Optional[str] = None, + main_template: Optional[JSON] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :paramtype content_id: str + :keyword content_product_id: Unique ID for the content. It should be generated based on the + contentId of the package, contentId of the template, contentKind of the template and the + contentVersion of the template. + :paramtype content_product_id: str + :keyword package_version: Version of the package. Default and recommended format is numeric + (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, + but then we cannot guarantee any version checks. + :paramtype package_version: str + :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, + 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then + we cannot guarantee any version checks. + :paramtype version: str + :keyword display_name: The display name of the template. + :paramtype display_name: str + :keyword content_kind: The kind of content the template is for. Known values are: + "DataConnector", "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :paramtype content_kind: str or ~azure.mgmt.securityinsight.models.Kind + :keyword source: Source of the content. This is where/how it was created. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The creator of the content item. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: Support information for the template - type, name, contact information. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: Dependencies for the content item, what other content items it requires + to work. Can describe more complex dependencies using a recursive/nested structure. For a + single dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword categories: Categories for the item. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword providers: Providers for the content item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date content item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the content item. + :paramtype last_publish_date: ~datetime.date + :keyword custom_version: The custom version of the content. A optional free text. + :paramtype custom_version: str + :keyword content_schema_version: Schema version of the content. Can be used to distinguish + between different flow based on the schema version. + :paramtype content_schema_version: str + :keyword icon: the icon identifier. this id can later be fetched from the content metadata. + :paramtype icon: str + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword preview_images: preview image file names. These will be taken from the solution + artifacts. + :paramtype preview_images: list[str] + :keyword preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :paramtype preview_images_dark: list[str] + :keyword package_id: the package Id contains this template. + :paramtype package_id: str + :keyword package_kind: the packageKind of the package contains this template. Known values are: + "Solution" and "Standalone". + :paramtype package_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :keyword package_name: the name of the package contains this template. + :paramtype package_name: str + :keyword main_template: The JSON of the ARM template to deploy active content. Expandable. + :paramtype main_template: JSON + """ + super().__init__(etag=etag, **kwargs) + self.content_id = content_id + self.content_product_id = content_product_id + self.package_version = package_version + self.version = version + self.display_name = display_name + self.content_kind = content_kind + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.categories = categories + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.custom_version = custom_version + self.content_schema_version = content_schema_version + self.icon = icon + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.preview_images = preview_images + self.preview_images_dark = preview_images_dark + self.package_id = package_id + self.package_kind = package_kind + self.package_name = package_name + self.is_deprecated = None + self.main_template = main_template + self.dependant_templates = None -class TeamProperties(_serialization.Model): - """Describes team properties. +class TemplateProperties( + TemplateBaseProperties, TemplateAdditionalProperties +): # pylint: disable=too-many-instance-attributes + """Template property bag. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar team_name: The name of the team. Required. - :vartype team_name: str - :ivar team_description: The description of the team. - :vartype team_description: str - :ivar group_ids: List of group IDs to add their members to the team. - :vartype group_ids: list[str] - :ivar member_ids: List of member IDs to add to the team. - :vartype member_ids: list[str] + :ivar main_template: The JSON of the ARM template to deploy active content. Expandable. + :vartype main_template: JSON + :ivar dependant_templates: Dependant templates. Expandable. + :vartype dependant_templates: list[~azure.mgmt.securityinsight.models.TemplateProperties] + :ivar content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :vartype content_id: str + :ivar content_product_id: Unique ID for the content. It should be generated based on the + contentId of the package, contentId of the template, contentKind of the template and the + contentVersion of the template. + :vartype content_product_id: str + :ivar package_version: Version of the package. Default and recommended format is numeric (e.g. + 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but + then we cannot guarantee any version checks. + :vartype package_version: str + :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, + 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we + cannot guarantee any version checks. + :vartype version: str + :ivar display_name: The display name of the template. + :vartype display_name: str + :ivar content_kind: The kind of content the template is for. Known values are: "DataConnector", + "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :vartype content_kind: str or ~azure.mgmt.securityinsight.models.Kind + :ivar source: Source of the content. This is where/how it was created. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The creator of the content item. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: Support information for the template - type, name, contact information. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: Dependencies for the content item, what other content items it requires to + work. Can describe more complex dependencies using a recursive/nested structure. For a single + dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar categories: Categories for the item. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar providers: Providers for the content item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date content item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the content item. + :vartype last_publish_date: ~datetime.date + :ivar custom_version: The custom version of the content. A optional free text. + :vartype custom_version: str + :ivar content_schema_version: Schema version of the content. Can be used to distinguish between + different flow based on the schema version. + :vartype content_schema_version: str + :ivar icon: the icon identifier. this id can later be fetched from the content metadata. + :vartype icon: str + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar preview_images: preview image file names. These will be taken from the solution + artifacts. + :vartype preview_images: list[str] + :ivar preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :vartype preview_images_dark: list[str] + :ivar package_id: the package Id contains this template. + :vartype package_id: str + :ivar package_kind: the packageKind of the package contains this template. Known values are: + "Solution" and "Standalone". + :vartype package_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :ivar package_name: the name of the package contains this template. + :vartype package_name: str + :ivar is_deprecated: Flag indicates if this template is deprecated. Known values are: "true" + and "false". + :vartype is_deprecated: str or ~azure.mgmt.securityinsight.models.Flag """ _validation = { - "team_name": {"required": True}, + "dependant_templates": {"readonly": True}, + "is_deprecated": {"readonly": True}, } _attribute_map = { - "team_name": {"key": "teamName", "type": "str"}, - "team_description": {"key": "teamDescription", "type": "str"}, - "group_ids": {"key": "groupIds", "type": "[str]"}, - "member_ids": {"key": "memberIds", "type": "[str]"}, + "main_template": {"key": "mainTemplate", "type": "object"}, + "dependant_templates": {"key": "dependantTemplates", "type": "[TemplateProperties]"}, + "content_id": {"key": "contentId", "type": "str"}, + "content_product_id": {"key": "contentProductId", "type": "str"}, + "package_version": {"key": "packageVersion", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "content_kind": {"key": "contentKind", "type": "str"}, + "source": {"key": "source", "type": "MetadataSource"}, + "author": {"key": "author", "type": "MetadataAuthor"}, + "support": {"key": "support", "type": "MetadataSupport"}, + "dependencies": {"key": "dependencies", "type": "MetadataDependencies"}, + "categories": {"key": "categories", "type": "MetadataCategories"}, + "providers": {"key": "providers", "type": "[str]"}, + "first_publish_date": {"key": "firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "lastPublishDate", "type": "date"}, + "custom_version": {"key": "customVersion", "type": "str"}, + "content_schema_version": {"key": "contentSchemaVersion", "type": "str"}, + "icon": {"key": "icon", "type": "str"}, + "threat_analysis_tactics": {"key": "threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "threatAnalysisTechniques", "type": "[str]"}, + "preview_images": {"key": "previewImages", "type": "[str]"}, + "preview_images_dark": {"key": "previewImagesDark", "type": "[str]"}, + "package_id": {"key": "packageId", "type": "str"}, + "package_kind": {"key": "packageKind", "type": "str"}, + "package_name": {"key": "packageName", "type": "str"}, + "is_deprecated": {"key": "isDeprecated", "type": "str"}, } - def __init__( + def __init__( # pylint: disable=too-many-locals self, *, - team_name: str, - team_description: Optional[str] = None, - group_ids: Optional[List[str]] = None, - member_ids: Optional[List[str]] = None, - **kwargs - ): - """ - :keyword team_name: The name of the team. Required. - :paramtype team_name: str - :keyword team_description: The description of the team. - :paramtype team_description: str - :keyword group_ids: List of group IDs to add their members to the team. - :paramtype group_ids: list[str] - :keyword member_ids: List of member IDs to add to the team. - :paramtype member_ids: list[str] + main_template: Optional[JSON] = None, + content_id: Optional[str] = None, + content_product_id: Optional[str] = None, + package_version: Optional[str] = None, + version: Optional[str] = None, + display_name: Optional[str] = None, + content_kind: Optional[Union[str, "_models.Kind"]] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + categories: Optional["_models.MetadataCategories"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + custom_version: Optional[str] = None, + content_schema_version: Optional[str] = None, + icon: Optional[str] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + preview_images: Optional[List[str]] = None, + preview_images_dark: Optional[List[str]] = None, + package_id: Optional[str] = None, + package_kind: Optional[Union[str, "_models.PackageKind"]] = None, + package_name: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword main_template: The JSON of the ARM template to deploy active content. Expandable. + :paramtype main_template: JSON + :keyword content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :paramtype content_id: str + :keyword content_product_id: Unique ID for the content. It should be generated based on the + contentId of the package, contentId of the template, contentKind of the template and the + contentVersion of the template. + :paramtype content_product_id: str + :keyword package_version: Version of the package. Default and recommended format is numeric + (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, + but then we cannot guarantee any version checks. + :paramtype package_version: str + :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, + 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then + we cannot guarantee any version checks. + :paramtype version: str + :keyword display_name: The display name of the template. + :paramtype display_name: str + :keyword content_kind: The kind of content the template is for. Known values are: + "DataConnector", "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :paramtype content_kind: str or ~azure.mgmt.securityinsight.models.Kind + :keyword source: Source of the content. This is where/how it was created. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The creator of the content item. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: Support information for the template - type, name, contact information. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: Dependencies for the content item, what other content items it requires + to work. Can describe more complex dependencies using a recursive/nested structure. For a + single dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword categories: Categories for the item. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword providers: Providers for the content item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date content item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the content item. + :paramtype last_publish_date: ~datetime.date + :keyword custom_version: The custom version of the content. A optional free text. + :paramtype custom_version: str + :keyword content_schema_version: Schema version of the content. Can be used to distinguish + between different flow based on the schema version. + :paramtype content_schema_version: str + :keyword icon: the icon identifier. this id can later be fetched from the content metadata. + :paramtype icon: str + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword preview_images: preview image file names. These will be taken from the solution + artifacts. + :paramtype preview_images: list[str] + :keyword preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :paramtype preview_images_dark: list[str] + :keyword package_id: the package Id contains this template. + :paramtype package_id: str + :keyword package_kind: the packageKind of the package contains this template. Known values are: + "Solution" and "Standalone". + :paramtype package_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :keyword package_name: the name of the package contains this template. + :paramtype package_name: str """ - super().__init__(**kwargs) - self.team_name = team_name - self.team_description = team_description - self.group_ids = group_ids - self.member_ids = member_ids + super().__init__( + content_id=content_id, + content_product_id=content_product_id, + package_version=package_version, + version=version, + display_name=display_name, + content_kind=content_kind, + source=source, + author=author, + support=support, + dependencies=dependencies, + categories=categories, + providers=providers, + first_publish_date=first_publish_date, + last_publish_date=last_publish_date, + custom_version=custom_version, + content_schema_version=content_schema_version, + icon=icon, + threat_analysis_tactics=threat_analysis_tactics, + threat_analysis_techniques=threat_analysis_techniques, + preview_images=preview_images, + preview_images_dark=preview_images_dark, + package_id=package_id, + package_kind=package_kind, + package_name=package_name, + main_template=main_template, + **kwargs + ) + self.main_template = main_template + self.dependant_templates = None + self.content_id = content_id + self.content_product_id = content_product_id + self.package_version = package_version + self.version = version + self.display_name = display_name + self.content_kind = content_kind + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.categories = categories + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.custom_version = custom_version + self.content_schema_version = content_schema_version + self.icon = icon + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.preview_images = preview_images + self.preview_images_dark = preview_images_dark + self.package_id = package_id + self.package_kind = package_kind + self.package_name = package_name + self.is_deprecated = None class ThreatIntelligence(_serialization.Model): @@ -20978,7 +26127,7 @@ class ThreatIntelligence(_serialization.Model): "threat_type": {"key": "threatType", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.confidence = None @@ -21069,8 +26218,8 @@ def __init__( etag: Optional[str] = None, alert_rule_template_name: Optional[str] = None, enabled: Optional[bool] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -21182,8 +26331,8 @@ def __init__( tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, techniques: Optional[List[str]] = None, severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword alert_rules_created_by_template_count: the number of alert rules that were created by this template. @@ -21283,8 +26432,8 @@ def __init__( status: Optional[Union[str, "_models.TemplateStatus"]] = None, tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, techniques: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword alert_rules_created_by_template_count: the number of alert rules that were created by this template. @@ -21331,7 +26480,7 @@ class ThreatIntelligenceAppendTags(_serialization.Model): "threat_intelligence_tags": {"key": "threatIntelligenceTags", "type": "[str]"}, } - def __init__(self, *, threat_intelligence_tags: Optional[List[str]] = None, **kwargs): + def __init__(self, *, threat_intelligence_tags: Optional[List[str]] = None, **kwargs: Any) -> None: """ :keyword threat_intelligence_tags: List of tags to be appended. :paramtype threat_intelligence_tags: list[str] @@ -21371,8 +26520,8 @@ def __init__( source_name: Optional[str] = None, url: Optional[str] = None, hashes: Optional[Dict[str, str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword description: External reference description. :paramtype description: str @@ -21456,8 +26605,8 @@ def __init__( ids: Optional[List[str]] = None, keywords: Optional[List[str]] = None, skip_token: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword page_size: Page size. :paramtype page_size: int @@ -21525,8 +26674,8 @@ def __init__( language: Optional[str] = None, marking_ref: Optional[int] = None, selectors: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword language: Language granular marking model. :paramtype language: str @@ -21565,7 +26714,7 @@ class ThreatIntelligenceInformation(ResourceWithEtag): :ivar etag: Etag of the azure resource. :vartype etag: str :ivar kind: The kind of the entity. Required. "indicator" - :vartype kind: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceResourceKindEnum + :vartype kind: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceResourceInnerKind """ _validation = { @@ -21587,7 +26736,7 @@ class ThreatIntelligenceInformation(ResourceWithEtag): _subtype_map = {"kind": {"indicator": "ThreatIntelligenceIndicatorModel"}} - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -21617,7 +26766,7 @@ class ThreatIntelligenceIndicatorModel(ThreatIntelligenceInformation): # pylint :ivar etag: Etag of the azure resource. :vartype etag: str :ivar kind: The kind of the entity. Required. "indicator" - :vartype kind: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceResourceKindEnum + :vartype kind: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceResourceInnerKind :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. :vartype additional_data: dict[str, any] @@ -21770,8 +26919,8 @@ def __init__( # pylint: disable=too-many-locals created: Optional[str] = None, modified: Optional[str] = None, extensions: Optional[Dict[str, Any]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -22012,8 +27161,8 @@ def __init__( # pylint: disable=too-many-locals created: Optional[str] = None, modified: Optional[str] = None, extensions: Optional[Dict[str, Any]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword threat_intelligence_tags: List of tags. :paramtype threat_intelligence_tags: list[str] @@ -22107,297 +27256,667 @@ def __init__( # pylint: disable=too-many-locals self.extensions = extensions -class ThreatIntelligenceInformationList(_serialization.Model): - """List of all the threat intelligence information objects. +class ThreatIntelligenceInformationList(_serialization.Model): + """List of all the threat intelligence information objects. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of information objects. + :vartype next_link: str + :ivar value: Array of threat intelligence information objects. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[ThreatIntelligenceInformation]"}, + } + + def __init__(self, *, value: List["_models.ThreatIntelligenceInformation"], **kwargs: Any) -> None: + """ + :keyword value: Array of threat intelligence information objects. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class ThreatIntelligenceKillChainPhase(_serialization.Model): + """Describes threat kill chain phase entity. + + :ivar kill_chain_name: Kill chainName name. + :vartype kill_chain_name: str + :ivar phase_name: Phase name. + :vartype phase_name: str + """ + + _attribute_map = { + "kill_chain_name": {"key": "killChainName", "type": "str"}, + "phase_name": {"key": "phaseName", "type": "str"}, + } + + def __init__( + self, *, kill_chain_name: Optional[str] = None, phase_name: Optional[str] = None, **kwargs: Any + ) -> None: + """ + :keyword kill_chain_name: Kill chainName name. + :paramtype kill_chain_name: str + :keyword phase_name: Phase name. + :paramtype phase_name: str + """ + super().__init__(**kwargs) + self.kill_chain_name = kill_chain_name + self.phase_name = phase_name + + +class ThreatIntelligenceMetric(_serialization.Model): + """Describes threat intelligence metric. + + :ivar last_updated_time_utc: Last updated indicator metric. + :vartype last_updated_time_utc: str + :ivar threat_type_metrics: Threat type metrics. + :vartype threat_type_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :ivar pattern_type_metrics: Pattern type metrics. + :vartype pattern_type_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :ivar source_metrics: Source metrics. + :vartype source_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + """ + + _attribute_map = { + "last_updated_time_utc": {"key": "lastUpdatedTimeUtc", "type": "str"}, + "threat_type_metrics": {"key": "threatTypeMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, + "pattern_type_metrics": {"key": "patternTypeMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, + "source_metrics": {"key": "sourceMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, + } + + def __init__( + self, + *, + last_updated_time_utc: Optional[str] = None, + threat_type_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, + pattern_type_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, + source_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword last_updated_time_utc: Last updated indicator metric. + :paramtype last_updated_time_utc: str + :keyword threat_type_metrics: Threat type metrics. + :paramtype threat_type_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :keyword pattern_type_metrics: Pattern type metrics. + :paramtype pattern_type_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :keyword source_metrics: Source metrics. + :paramtype source_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + """ + super().__init__(**kwargs) + self.last_updated_time_utc = last_updated_time_utc + self.threat_type_metrics = threat_type_metrics + self.pattern_type_metrics = pattern_type_metrics + self.source_metrics = source_metrics + + +class ThreatIntelligenceMetricEntity(_serialization.Model): + """Describes threat intelligence metric entity. + + :ivar metric_name: Metric name. + :vartype metric_name: str + :ivar metric_value: Metric value. + :vartype metric_value: int + """ + + _attribute_map = { + "metric_name": {"key": "metricName", "type": "str"}, + "metric_value": {"key": "metricValue", "type": "int"}, + } + + def __init__(self, *, metric_name: Optional[str] = None, metric_value: Optional[int] = None, **kwargs: Any) -> None: + """ + :keyword metric_name: Metric name. + :paramtype metric_name: str + :keyword metric_value: Metric value. + :paramtype metric_value: int + """ + super().__init__(**kwargs) + self.metric_name = metric_name + self.metric_value = metric_value + + +class ThreatIntelligenceMetrics(_serialization.Model): + """Threat intelligence metrics. + + :ivar properties: Threat intelligence metrics. + :vartype properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceMetric + """ + + _attribute_map = { + "properties": {"key": "properties", "type": "ThreatIntelligenceMetric"}, + } + + def __init__(self, *, properties: Optional["_models.ThreatIntelligenceMetric"] = None, **kwargs: Any) -> None: + """ + :keyword properties: Threat intelligence metrics. + :paramtype properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceMetric + """ + super().__init__(**kwargs) + self.properties = properties + - Variables are only populated by the server, and will be ignored when sending a request. +class ThreatIntelligenceMetricsList(_serialization.Model): + """List of all the threat intelligence metric fields (type/threat type/source). All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of information objects. - :vartype next_link: str - :ivar value: Array of threat intelligence information objects. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] + :ivar value: Array of threat intelligence metric fields (type/threat type/source). Required. + :vartype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetrics] """ _validation = { - "next_link": {"readonly": True}, "value": {"required": True}, } _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[ThreatIntelligenceInformation]"}, + "value": {"key": "value", "type": "[ThreatIntelligenceMetrics]"}, } - def __init__(self, *, value: List["_models.ThreatIntelligenceInformation"], **kwargs): + def __init__(self, *, value: List["_models.ThreatIntelligenceMetrics"], **kwargs: Any) -> None: """ - :keyword value: Array of threat intelligence information objects. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] + :keyword value: Array of threat intelligence metric fields (type/threat type/source). Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetrics] """ super().__init__(**kwargs) - self.next_link = None self.value = value -class ThreatIntelligenceKillChainPhase(_serialization.Model): +class ThreatIntelligenceParsedPattern(_serialization.Model): + """Describes parsed pattern entity. + + :ivar pattern_type_key: Pattern type key. + :vartype pattern_type_key: str + :ivar pattern_type_values: Pattern type keys. + :vartype pattern_type_values: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPatternTypeValue] + """ + + _attribute_map = { + "pattern_type_key": {"key": "patternTypeKey", "type": "str"}, + "pattern_type_values": {"key": "patternTypeValues", "type": "[ThreatIntelligenceParsedPatternTypeValue]"}, + } + + def __init__( + self, + *, + pattern_type_key: Optional[str] = None, + pattern_type_values: Optional[List["_models.ThreatIntelligenceParsedPatternTypeValue"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword pattern_type_key: Pattern type key. + :paramtype pattern_type_key: str + :keyword pattern_type_values: Pattern type keys. + :paramtype pattern_type_values: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPatternTypeValue] + """ + super().__init__(**kwargs) + self.pattern_type_key = pattern_type_key + self.pattern_type_values = pattern_type_values + + +class ThreatIntelligenceParsedPatternTypeValue(_serialization.Model): """Describes threat kill chain phase entity. - :ivar kill_chain_name: Kill chainName name. - :vartype kill_chain_name: str - :ivar phase_name: Phase name. - :vartype phase_name: str + :ivar value_type: Type of the value. + :vartype value_type: str + :ivar value: Value of parsed pattern. + :vartype value: str """ _attribute_map = { - "kill_chain_name": {"key": "killChainName", "type": "str"}, - "phase_name": {"key": "phaseName", "type": "str"}, + "value_type": {"key": "valueType", "type": "str"}, + "value": {"key": "value", "type": "str"}, } - def __init__(self, *, kill_chain_name: Optional[str] = None, phase_name: Optional[str] = None, **kwargs): + def __init__(self, *, value_type: Optional[str] = None, value: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword kill_chain_name: Kill chainName name. - :paramtype kill_chain_name: str - :keyword phase_name: Phase name. - :paramtype phase_name: str + :keyword value_type: Type of the value. + :paramtype value_type: str + :keyword value: Value of parsed pattern. + :paramtype value: str """ super().__init__(**kwargs) - self.kill_chain_name = kill_chain_name - self.phase_name = phase_name + self.value_type = value_type + self.value = value -class ThreatIntelligenceMetric(_serialization.Model): - """Describes threat intelligence metric. +class ThreatIntelligenceSortingCriteria(_serialization.Model): + """List of available columns for sorting. - :ivar last_updated_time_utc: Last updated indicator metric. - :vartype last_updated_time_utc: str - :ivar threat_type_metrics: Threat type metrics. - :vartype threat_type_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] - :ivar pattern_type_metrics: Pattern type metrics. - :vartype pattern_type_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] - :ivar source_metrics: Source metrics. - :vartype source_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :ivar item_key: Column name. + :vartype item_key: str + :ivar sort_order: Sorting order (ascending/descending/unsorted). Known values are: "unsorted", + "ascending", and "descending". + :vartype sort_order: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceSortingOrder """ _attribute_map = { - "last_updated_time_utc": {"key": "lastUpdatedTimeUtc", "type": "str"}, - "threat_type_metrics": {"key": "threatTypeMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, - "pattern_type_metrics": {"key": "patternTypeMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, - "source_metrics": {"key": "sourceMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, + "item_key": {"key": "itemKey", "type": "str"}, + "sort_order": {"key": "sortOrder", "type": "str"}, } def __init__( self, *, - last_updated_time_utc: Optional[str] = None, - threat_type_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, - pattern_type_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, - source_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, - **kwargs - ): + item_key: Optional[str] = None, + sort_order: Optional[Union[str, "_models.ThreatIntelligenceSortingOrder"]] = None, + **kwargs: Any + ) -> None: """ - :keyword last_updated_time_utc: Last updated indicator metric. - :paramtype last_updated_time_utc: str - :keyword threat_type_metrics: Threat type metrics. - :paramtype threat_type_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] - :keyword pattern_type_metrics: Pattern type metrics. - :paramtype pattern_type_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] - :keyword source_metrics: Source metrics. - :paramtype source_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :keyword item_key: Column name. + :paramtype item_key: str + :keyword sort_order: Sorting order (ascending/descending/unsorted). Known values are: + "unsorted", "ascending", and "descending". + :paramtype sort_order: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceSortingOrder """ super().__init__(**kwargs) - self.last_updated_time_utc = last_updated_time_utc - self.threat_type_metrics = threat_type_metrics - self.pattern_type_metrics = pattern_type_metrics - self.source_metrics = source_metrics + self.item_key = item_key + self.sort_order = sort_order + + +class TICheckRequirements(DataConnectorsCheckRequirements): + """Threat Intelligence Platforms data connector check requirements. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind: str = "ThreatIntelligence" + self.tenant_id = tenant_id + + +class TICheckRequirementsProperties(DataConnectorTenantId): + """Threat Intelligence Platforms data connector required properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class TIDataConnector(DataConnector): + """Represents threat intelligence data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar tip_lookback_period: The lookback period for the feed to be imported. + :vartype tip_lookback_period: ~datetime.datetime + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "tip_lookback_period": {"key": "properties.tipLookbackPeriod", "type": "iso-8601"}, + "data_types": {"key": "properties.dataTypes", "type": "TIDataConnectorDataTypes"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + tip_lookback_period: Optional[datetime.datetime] = None, + data_types: Optional["_models.TIDataConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword tip_lookback_period: The lookback period for the feed to be imported. + :paramtype tip_lookback_period: ~datetime.datetime + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes + """ + super().__init__(etag=etag, **kwargs) + self.kind: str = "ThreatIntelligence" + self.tenant_id = tenant_id + self.tip_lookback_period = tip_lookback_period + self.data_types = data_types -class ThreatIntelligenceMetricEntity(_serialization.Model): - """Describes threat intelligence metric entity. +class TIDataConnectorDataTypes(_serialization.Model): + """The available data types for TI (Threat Intelligence) data connector. - :ivar metric_name: Metric name. - :vartype metric_name: str - :ivar metric_value: Metric value. - :vartype metric_value: int + All required parameters must be populated in order to send to Azure. + + :ivar indicators: Data type for indicators connection. Required. + :vartype indicators: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypesIndicators """ + _validation = { + "indicators": {"required": True}, + } + _attribute_map = { - "metric_name": {"key": "metricName", "type": "str"}, - "metric_value": {"key": "metricValue", "type": "int"}, + "indicators": {"key": "indicators", "type": "TIDataConnectorDataTypesIndicators"}, } - def __init__(self, *, metric_name: Optional[str] = None, metric_value: Optional[int] = None, **kwargs): + def __init__(self, *, indicators: "_models.TIDataConnectorDataTypesIndicators", **kwargs: Any) -> None: """ - :keyword metric_name: Metric name. - :paramtype metric_name: str - :keyword metric_value: Metric value. - :paramtype metric_value: int + :keyword indicators: Data type for indicators connection. Required. + :paramtype indicators: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypesIndicators """ super().__init__(**kwargs) - self.metric_name = metric_name - self.metric_value = metric_value + self.indicators = indicators -class ThreatIntelligenceMetrics(_serialization.Model): - """Threat intelligence metrics. +class TIDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): + """Data type for indicators connection. - :ivar properties: Threat intelligence metrics. - :vartype properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceMetric + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ + _validation = { + "state": {"required": True}, + } + _attribute_map = { - "properties": {"key": "properties", "type": "ThreatIntelligenceMetric"}, + "state": {"key": "state", "type": "str"}, } - def __init__(self, *, properties: Optional["_models.ThreatIntelligenceMetric"] = None, **kwargs): + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: """ - :keyword properties: Threat intelligence metrics. - :paramtype properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceMetric + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ - super().__init__(**kwargs) - self.properties = properties + super().__init__(state=state, **kwargs) -class ThreatIntelligenceMetricsList(_serialization.Model): - """List of all the threat intelligence metric fields (type/threat type/source). +class TIDataConnectorProperties(DataConnectorTenantId): + """TI (Threat Intelligence) data connector properties. All required parameters must be populated in order to send to Azure. - :ivar value: Array of threat intelligence metric fields (type/threat type/source). Required. - :vartype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetrics] + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar tip_lookback_period: The lookback period for the feed to be imported. + :vartype tip_lookback_period: ~datetime.datetime + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes """ _validation = { - "value": {"required": True}, + "tenant_id": {"required": True}, + "data_types": {"required": True}, } _attribute_map = { - "value": {"key": "value", "type": "[ThreatIntelligenceMetrics]"}, + "tenant_id": {"key": "tenantId", "type": "str"}, + "tip_lookback_period": {"key": "tipLookbackPeriod", "type": "iso-8601"}, + "data_types": {"key": "dataTypes", "type": "TIDataConnectorDataTypes"}, } - def __init__(self, *, value: List["_models.ThreatIntelligenceMetrics"], **kwargs): + def __init__( + self, + *, + tenant_id: str, + data_types: "_models.TIDataConnectorDataTypes", + tip_lookback_period: Optional[datetime.datetime] = None, + **kwargs: Any + ) -> None: """ - :keyword value: Array of threat intelligence metric fields (type/threat type/source). Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetrics] + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword tip_lookback_period: The lookback period for the feed to be imported. + :paramtype tip_lookback_period: ~datetime.datetime + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes """ - super().__init__(**kwargs) - self.value = value + super().__init__(tenant_id=tenant_id, **kwargs) + self.tip_lookback_period = tip_lookback_period + self.data_types = data_types -class ThreatIntelligenceParsedPattern(_serialization.Model): - """Describes parsed pattern entity. +class TimelineAggregation(_serialization.Model): + """timeline aggregation information per kind. - :ivar pattern_type_key: Pattern type key. - :vartype pattern_type_key: str - :ivar pattern_type_values: Pattern type keys. - :vartype pattern_type_values: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPatternTypeValue] + All required parameters must be populated in order to send to Azure. + + :ivar count: the total items found for a kind. Required. + :vartype count: int + :ivar kind: the query kind. Required. Known values are: "Activity", "Bookmark", + "SecurityAlert", and "Anomaly". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind """ + _validation = { + "count": {"required": True}, + "kind": {"required": True}, + } + _attribute_map = { - "pattern_type_key": {"key": "patternTypeKey", "type": "str"}, - "pattern_type_values": {"key": "patternTypeValues", "type": "[ThreatIntelligenceParsedPatternTypeValue]"}, + "count": {"key": "count", "type": "int"}, + "kind": {"key": "kind", "type": "str"}, } - def __init__( - self, - *, - pattern_type_key: Optional[str] = None, - pattern_type_values: Optional[List["_models.ThreatIntelligenceParsedPatternTypeValue"]] = None, - **kwargs - ): + def __init__(self, *, count: int, kind: Union[str, "_models.EntityTimelineKind"], **kwargs: Any) -> None: """ - :keyword pattern_type_key: Pattern type key. - :paramtype pattern_type_key: str - :keyword pattern_type_values: Pattern type keys. - :paramtype pattern_type_values: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPatternTypeValue] + :keyword count: the total items found for a kind. Required. + :paramtype count: int + :keyword kind: the query kind. Required. Known values are: "Activity", "Bookmark", + "SecurityAlert", and "Anomaly". + :paramtype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind """ super().__init__(**kwargs) - self.pattern_type_key = pattern_type_key - self.pattern_type_values = pattern_type_values + self.count = count + self.kind = kind -class ThreatIntelligenceParsedPatternTypeValue(_serialization.Model): - """Describes threat kill chain phase entity. +class TimelineError(_serialization.Model): + """Timeline Query Errors. - :ivar value_type: Type of the value. - :vartype value_type: str - :ivar value: Value of parsed pattern. - :vartype value: str + All required parameters must be populated in order to send to Azure. + + :ivar kind: the query kind. Required. Known values are: "Activity", "Bookmark", + "SecurityAlert", and "Anomaly". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind + :ivar query_id: the query id. + :vartype query_id: str + :ivar error_message: the error message. Required. + :vartype error_message: str """ + _validation = { + "kind": {"required": True}, + "error_message": {"required": True}, + } + _attribute_map = { - "value_type": {"key": "valueType", "type": "str"}, - "value": {"key": "value", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "query_id": {"key": "queryId", "type": "str"}, + "error_message": {"key": "errorMessage", "type": "str"}, } - def __init__(self, *, value_type: Optional[str] = None, value: Optional[str] = None, **kwargs): + def __init__( + self, + *, + kind: Union[str, "_models.EntityTimelineKind"], + error_message: str, + query_id: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword value_type: Type of the value. - :paramtype value_type: str - :keyword value: Value of parsed pattern. - :paramtype value: str + :keyword kind: the query kind. Required. Known values are: "Activity", "Bookmark", + "SecurityAlert", and "Anomaly". + :paramtype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind + :keyword query_id: the query id. + :paramtype query_id: str + :keyword error_message: the error message. Required. + :paramtype error_message: str """ super().__init__(**kwargs) - self.value_type = value_type - self.value = value + self.kind = kind + self.query_id = query_id + self.error_message = error_message -class ThreatIntelligenceSortingCriteria(_serialization.Model): - """List of available columns for sorting. +class TimelineResultsMetadata(_serialization.Model): + """Expansion result metadata. - :ivar item_key: Column name. - :vartype item_key: str - :ivar sort_order: Sorting order (ascending/descending/unsorted). Known values are: "unsorted", - "ascending", and "descending". - :vartype sort_order: str or - ~azure.mgmt.securityinsight.models.ThreatIntelligenceSortingCriteriaEnum + All required parameters must be populated in order to send to Azure. + + :ivar total_count: the total items found for the timeline request. Required. + :vartype total_count: int + :ivar aggregations: timeline aggregation per kind. Required. + :vartype aggregations: list[~azure.mgmt.securityinsight.models.TimelineAggregation] + :ivar errors: information about the failure queries. + :vartype errors: list[~azure.mgmt.securityinsight.models.TimelineError] """ + _validation = { + "total_count": {"required": True}, + "aggregations": {"required": True}, + } + _attribute_map = { - "item_key": {"key": "itemKey", "type": "str"}, - "sort_order": {"key": "sortOrder", "type": "str"}, + "total_count": {"key": "totalCount", "type": "int"}, + "aggregations": {"key": "aggregations", "type": "[TimelineAggregation]"}, + "errors": {"key": "errors", "type": "[TimelineError]"}, } def __init__( self, *, - item_key: Optional[str] = None, - sort_order: Optional[Union[str, "_models.ThreatIntelligenceSortingCriteriaEnum"]] = None, - **kwargs - ): + total_count: int, + aggregations: List["_models.TimelineAggregation"], + errors: Optional[List["_models.TimelineError"]] = None, + **kwargs: Any + ) -> None: """ - :keyword item_key: Column name. - :paramtype item_key: str - :keyword sort_order: Sorting order (ascending/descending/unsorted). Known values are: - "unsorted", "ascending", and "descending". - :paramtype sort_order: str or - ~azure.mgmt.securityinsight.models.ThreatIntelligenceSortingCriteriaEnum + :keyword total_count: the total items found for the timeline request. Required. + :paramtype total_count: int + :keyword aggregations: timeline aggregation per kind. Required. + :paramtype aggregations: list[~azure.mgmt.securityinsight.models.TimelineAggregation] + :keyword errors: information about the failure queries. + :paramtype errors: list[~azure.mgmt.securityinsight.models.TimelineError] """ super().__init__(**kwargs) - self.item_key = item_key - self.sort_order = sort_order + self.total_count = total_count + self.aggregations = aggregations + self.errors = errors -class TICheckRequirements(DataConnectorsCheckRequirements): - """Threat Intelligence Platforms data connector check requirements. +class TiTaxiiCheckRequirements(DataConnectorsCheckRequirements): + """Threat Intelligence TAXII data connector check requirements. All required parameters must be populated in order to send to Azure. :ivar kind: Describes the kind of connector to be checked. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str @@ -22412,18 +27931,18 @@ class TICheckRequirements(DataConnectorsCheckRequirements): "tenant_id": {"key": "properties.tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str """ super().__init__(**kwargs) - self.kind: str = "ThreatIntelligence" + self.kind: str = "ThreatIntelligenceTaxii" self.tenant_id = tenant_id -class TICheckRequirementsProperties(DataConnectorTenantId): - """Threat Intelligence Platforms data connector required properties. +class TiTaxiiCheckRequirementsProperties(DataConnectorTenantId): + """Threat Intelligence TAXII data connector required properties. All required parameters must be populated in order to send to Azure. @@ -22439,7 +27958,7 @@ class TICheckRequirementsProperties(DataConnectorTenantId): "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. Required. :paramtype tenant_id: str @@ -22447,8 +27966,8 @@ def __init__(self, *, tenant_id: str, **kwargs): super().__init__(tenant_id=tenant_id, **kwargs) -class TIDataConnector(DataConnector): - """Represents threat intelligence data connector. +class TiTaxiiDataConnector(DataConnector): # pylint: disable=too-many-instance-attributes + """Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server. Variables are only populated by the server, and will be ignored when sending a request. @@ -22470,17 +27989,32 @@ class TIDataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str - :ivar tip_lookback_period: The lookback period for the feed to be imported. - :vartype tip_lookback_period: ~datetime.datetime - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes + :ivar workspace_id: The workspace id. + :vartype workspace_id: str + :ivar friendly_name: The friendly name for the TAXII server. + :vartype friendly_name: str + :ivar taxii_server: The API root for the TAXII server. + :vartype taxii_server: str + :ivar collection_id: The collection id of the TAXII server. + :vartype collection_id: str + :ivar user_name: The userName for the TAXII server. + :vartype user_name: str + :ivar password: The password for the TAXII server. + :vartype password: str + :ivar taxii_lookback_period: The lookback period for the TAXII server. + :vartype taxii_lookback_period: ~datetime.datetime + :ivar polling_frequency: The polling frequency for the TAXII server. Known values are: + "OnceAMinute", "OnceAnHour", and "OnceADay". + :vartype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency + :ivar data_types: The available data types for Threat Intelligence TAXII data connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes """ _validation = { @@ -22499,8 +28033,15 @@ class TIDataConnector(DataConnector): "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "tip_lookback_period": {"key": "properties.tipLookbackPeriod", "type": "iso-8601"}, - "data_types": {"key": "properties.dataTypes", "type": "TIDataConnectorDataTypes"}, + "workspace_id": {"key": "properties.workspaceId", "type": "str"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "taxii_server": {"key": "properties.taxiiServer", "type": "str"}, + "collection_id": {"key": "properties.collectionId", "type": "str"}, + "user_name": {"key": "properties.userName", "type": "str"}, + "password": {"key": "properties.password", "type": "str"}, + "taxii_lookback_period": {"key": "properties.taxiiLookbackPeriod", "type": "iso-8601"}, + "polling_frequency": {"key": "properties.pollingFrequency", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "TiTaxiiDataConnectorDataTypes"}, } def __init__( @@ -22508,55 +28049,86 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - tip_lookback_period: Optional[datetime.datetime] = None, - data_types: Optional["_models.TIDataConnectorDataTypes"] = None, - **kwargs - ): + workspace_id: Optional[str] = None, + friendly_name: Optional[str] = None, + taxii_server: Optional[str] = None, + collection_id: Optional[str] = None, + user_name: Optional[str] = None, + password: Optional[str] = None, + taxii_lookback_period: Optional[datetime.datetime] = None, + polling_frequency: Optional[Union[str, "_models.PollingFrequency"]] = None, + data_types: Optional["_models.TiTaxiiDataConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str - :keyword tip_lookback_period: The lookback period for the feed to be imported. - :paramtype tip_lookback_period: ~datetime.datetime - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes + :keyword workspace_id: The workspace id. + :paramtype workspace_id: str + :keyword friendly_name: The friendly name for the TAXII server. + :paramtype friendly_name: str + :keyword taxii_server: The API root for the TAXII server. + :paramtype taxii_server: str + :keyword collection_id: The collection id of the TAXII server. + :paramtype collection_id: str + :keyword user_name: The userName for the TAXII server. + :paramtype user_name: str + :keyword password: The password for the TAXII server. + :paramtype password: str + :keyword taxii_lookback_period: The lookback period for the TAXII server. + :paramtype taxii_lookback_period: ~datetime.datetime + :keyword polling_frequency: The polling frequency for the TAXII server. Known values are: + "OnceAMinute", "OnceAnHour", and "OnceADay". + :paramtype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency + :keyword data_types: The available data types for Threat Intelligence TAXII data connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes """ super().__init__(etag=etag, **kwargs) - self.kind: str = "ThreatIntelligence" + self.kind: str = "ThreatIntelligenceTaxii" self.tenant_id = tenant_id - self.tip_lookback_period = tip_lookback_period + self.workspace_id = workspace_id + self.friendly_name = friendly_name + self.taxii_server = taxii_server + self.collection_id = collection_id + self.user_name = user_name + self.password = password + self.taxii_lookback_period = taxii_lookback_period + self.polling_frequency = polling_frequency self.data_types = data_types -class TIDataConnectorDataTypes(_serialization.Model): - """The available data types for TI (Threat Intelligence) data connector. +class TiTaxiiDataConnectorDataTypes(_serialization.Model): + """The available data types for Threat Intelligence TAXII data connector. All required parameters must be populated in order to send to Azure. - :ivar indicators: Data type for indicators connection. Required. - :vartype indicators: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypesIndicators + :ivar taxii_client: Data type for TAXII connector. Required. + :vartype taxii_client: + ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypesTaxiiClient """ _validation = { - "indicators": {"required": True}, + "taxii_client": {"required": True}, } _attribute_map = { - "indicators": {"key": "indicators", "type": "TIDataConnectorDataTypesIndicators"}, + "taxii_client": {"key": "taxiiClient", "type": "TiTaxiiDataConnectorDataTypesTaxiiClient"}, } - def __init__(self, *, indicators: "_models.TIDataConnectorDataTypesIndicators", **kwargs): + def __init__(self, *, taxii_client: "_models.TiTaxiiDataConnectorDataTypesTaxiiClient", **kwargs: Any) -> None: """ - :keyword indicators: Data type for indicators connection. Required. - :paramtype indicators: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypesIndicators + :keyword taxii_client: Data type for TAXII connector. Required. + :paramtype taxii_client: + ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypesTaxiiClient """ super().__init__(**kwargs) - self.indicators = indicators + self.taxii_client = taxii_client -class TIDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): - """Data type for indicators connection. +class TiTaxiiDataConnectorDataTypesTaxiiClient(DataConnectorDataTypeCommon): + """Data type for TAXII connector. All required parameters must be populated in order to send to Azure. @@ -22573,7 +28145,7 @@ class TIDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): "state": {"key": "state", "type": "str"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: """ :keyword state: Describe whether this data type connection is enabled or not. Required. Known values are: "Enabled" and "Disabled". @@ -22582,243 +28154,294 @@ def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): super().__init__(state=state, **kwargs) -class TIDataConnectorProperties(DataConnectorTenantId): - """TI (Threat Intelligence) data connector properties. +class TiTaxiiDataConnectorProperties(DataConnectorTenantId): + """Threat Intelligence TAXII data connector properties. All required parameters must be populated in order to send to Azure. :ivar tenant_id: The tenant id to connect to, and get the data from. Required. :vartype tenant_id: str - :ivar tip_lookback_period: The lookback period for the feed to be imported. - :vartype tip_lookback_period: ~datetime.datetime - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes + :ivar workspace_id: The workspace id. + :vartype workspace_id: str + :ivar friendly_name: The friendly name for the TAXII server. + :vartype friendly_name: str + :ivar taxii_server: The API root for the TAXII server. + :vartype taxii_server: str + :ivar collection_id: The collection id of the TAXII server. + :vartype collection_id: str + :ivar user_name: The userName for the TAXII server. + :vartype user_name: str + :ivar password: The password for the TAXII server. + :vartype password: str + :ivar taxii_lookback_period: The lookback period for the TAXII server. + :vartype taxii_lookback_period: ~datetime.datetime + :ivar polling_frequency: The polling frequency for the TAXII server. Required. Known values + are: "OnceAMinute", "OnceAnHour", and "OnceADay". + :vartype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency + :ivar data_types: The available data types for Threat Intelligence TAXII data connector. + Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes """ _validation = { "tenant_id": {"required": True}, + "polling_frequency": {"required": True}, "data_types": {"required": True}, } _attribute_map = { "tenant_id": {"key": "tenantId", "type": "str"}, - "tip_lookback_period": {"key": "tipLookbackPeriod", "type": "iso-8601"}, - "data_types": {"key": "dataTypes", "type": "TIDataConnectorDataTypes"}, + "workspace_id": {"key": "workspaceId", "type": "str"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "taxii_server": {"key": "taxiiServer", "type": "str"}, + "collection_id": {"key": "collectionId", "type": "str"}, + "user_name": {"key": "userName", "type": "str"}, + "password": {"key": "password", "type": "str"}, + "taxii_lookback_period": {"key": "taxiiLookbackPeriod", "type": "iso-8601"}, + "polling_frequency": {"key": "pollingFrequency", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "TiTaxiiDataConnectorDataTypes"}, } def __init__( self, *, tenant_id: str, - data_types: "_models.TIDataConnectorDataTypes", - tip_lookback_period: Optional[datetime.datetime] = None, - **kwargs - ): + polling_frequency: Union[str, "_models.PollingFrequency"], + data_types: "_models.TiTaxiiDataConnectorDataTypes", + workspace_id: Optional[str] = None, + friendly_name: Optional[str] = None, + taxii_server: Optional[str] = None, + collection_id: Optional[str] = None, + user_name: Optional[str] = None, + password: Optional[str] = None, + taxii_lookback_period: Optional[datetime.datetime] = None, + **kwargs: Any + ) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. Required. :paramtype tenant_id: str - :keyword tip_lookback_period: The lookback period for the feed to be imported. - :paramtype tip_lookback_period: ~datetime.datetime - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes + :keyword workspace_id: The workspace id. + :paramtype workspace_id: str + :keyword friendly_name: The friendly name for the TAXII server. + :paramtype friendly_name: str + :keyword taxii_server: The API root for the TAXII server. + :paramtype taxii_server: str + :keyword collection_id: The collection id of the TAXII server. + :paramtype collection_id: str + :keyword user_name: The userName for the TAXII server. + :paramtype user_name: str + :keyword password: The password for the TAXII server. + :paramtype password: str + :keyword taxii_lookback_period: The lookback period for the TAXII server. + :paramtype taxii_lookback_period: ~datetime.datetime + :keyword polling_frequency: The polling frequency for the TAXII server. Required. Known values + are: "OnceAMinute", "OnceAnHour", and "OnceADay". + :paramtype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency + :keyword data_types: The available data types for Threat Intelligence TAXII data connector. + Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes """ super().__init__(tenant_id=tenant_id, **kwargs) - self.tip_lookback_period = tip_lookback_period - self.data_types = data_types - - -class TimelineAggregation(_serialization.Model): - """timeline aggregation information per kind. - - All required parameters must be populated in order to send to Azure. - - :ivar count: the total items found for a kind. Required. - :vartype count: int - :ivar kind: the query kind. Required. Known values are: "Activity", "Bookmark", - "SecurityAlert", and "Anomaly". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind - """ - - _validation = { - "count": {"required": True}, - "kind": {"required": True}, - } - - _attribute_map = { - "count": {"key": "count", "type": "int"}, - "kind": {"key": "kind", "type": "str"}, - } - - def __init__(self, *, count: int, kind: Union[str, "_models.EntityTimelineKind"], **kwargs): - """ - :keyword count: the total items found for a kind. Required. - :paramtype count: int - :keyword kind: the query kind. Required. Known values are: "Activity", "Bookmark", - "SecurityAlert", and "Anomaly". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind - """ - super().__init__(**kwargs) - self.count = count - self.kind = kind - - -class TimelineError(_serialization.Model): - """Timeline Query Errors. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: the query kind. Required. Known values are: "Activity", "Bookmark", - "SecurityAlert", and "Anomaly". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind - :ivar query_id: the query id. - :vartype query_id: str - :ivar error_message: the error message. Required. - :vartype error_message: str - """ - - _validation = { - "kind": {"required": True}, - "error_message": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "query_id": {"key": "queryId", "type": "str"}, - "error_message": {"key": "errorMessage", "type": "str"}, - } - - def __init__( - self, - *, - kind: Union[str, "_models.EntityTimelineKind"], - error_message: str, - query_id: Optional[str] = None, - **kwargs - ): - """ - :keyword kind: the query kind. Required. Known values are: "Activity", "Bookmark", - "SecurityAlert", and "Anomaly". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind - :keyword query_id: the query id. - :paramtype query_id: str - :keyword error_message: the error message. Required. - :paramtype error_message: str - """ - super().__init__(**kwargs) - self.kind = kind - self.query_id = query_id - self.error_message = error_message + self.workspace_id = workspace_id + self.friendly_name = friendly_name + self.taxii_server = taxii_server + self.collection_id = collection_id + self.user_name = user_name + self.password = password + self.taxii_lookback_period = taxii_lookback_period + self.polling_frequency = polling_frequency + self.data_types = data_types -class TimelineResultsMetadata(_serialization.Model): - """Expansion result metadata. +class TriggeredAnalyticsRuleRun(ResourceWithEtag): + """The triggered analytics rule run. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar total_count: the total items found for the timeline request. Required. - :vartype total_count: int - :ivar aggregations: timeline aggregation per kind. Required. - :vartype aggregations: list[~azure.mgmt.securityinsight.models.TimelineAggregation] - :ivar errors: information about the failure queries. - :vartype errors: list[~azure.mgmt.securityinsight.models.TimelineError] + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar execution_time_utc: Required. + :vartype execution_time_utc: ~datetime.datetime + :ivar rule_id: Required. + :vartype rule_id: str + :ivar triggered_analytics_rule_run_id: Required. + :vartype triggered_analytics_rule_run_id: str + :ivar provisioning_state: The triggered analytics rule run provisioning state. Required. Known + values are: "Accepted", "InProgress", "Succeeded", "Failed", and "Canceled". + :vartype provisioning_state: str or ~azure.mgmt.securityinsight.models.ProvisioningState + :ivar rule_run_additional_data: Dictionary of :code:``. + :vartype rule_run_additional_data: dict[str, any] """ _validation = { - "total_count": {"required": True}, - "aggregations": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "execution_time_utc": {"required": True}, + "rule_id": {"required": True}, + "triggered_analytics_rule_run_id": {"required": True}, + "provisioning_state": {"required": True}, } _attribute_map = { - "total_count": {"key": "totalCount", "type": "int"}, - "aggregations": {"key": "aggregations", "type": "[TimelineAggregation]"}, - "errors": {"key": "errors", "type": "[TimelineError]"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "execution_time_utc": {"key": "properties.executionTimeUtc", "type": "iso-8601"}, + "rule_id": {"key": "properties.ruleId", "type": "str"}, + "triggered_analytics_rule_run_id": {"key": "properties.triggeredAnalyticsRuleRunId", "type": "str"}, + "provisioning_state": {"key": "properties.provisioningState", "type": "str"}, + "rule_run_additional_data": {"key": "properties.ruleRunAdditionalData", "type": "{object}"}, } def __init__( self, *, - total_count: int, - aggregations: List["_models.TimelineAggregation"], - errors: Optional[List["_models.TimelineError"]] = None, - **kwargs - ): + execution_time_utc: datetime.datetime, + rule_id: str, + triggered_analytics_rule_run_id: str, + provisioning_state: Union[str, "_models.ProvisioningState"], + etag: Optional[str] = None, + rule_run_additional_data: Optional[Dict[str, Any]] = None, + **kwargs: Any + ) -> None: """ - :keyword total_count: the total items found for the timeline request. Required. - :paramtype total_count: int - :keyword aggregations: timeline aggregation per kind. Required. - :paramtype aggregations: list[~azure.mgmt.securityinsight.models.TimelineAggregation] - :keyword errors: information about the failure queries. - :paramtype errors: list[~azure.mgmt.securityinsight.models.TimelineError] + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword execution_time_utc: Required. + :paramtype execution_time_utc: ~datetime.datetime + :keyword rule_id: Required. + :paramtype rule_id: str + :keyword triggered_analytics_rule_run_id: Required. + :paramtype triggered_analytics_rule_run_id: str + :keyword provisioning_state: The triggered analytics rule run provisioning state. Required. + Known values are: "Accepted", "InProgress", "Succeeded", "Failed", and "Canceled". + :paramtype provisioning_state: str or ~azure.mgmt.securityinsight.models.ProvisioningState + :keyword rule_run_additional_data: Dictionary of :code:``. + :paramtype rule_run_additional_data: dict[str, any] """ - super().__init__(**kwargs) - self.total_count = total_count - self.aggregations = aggregations - self.errors = errors + super().__init__(etag=etag, **kwargs) + self.execution_time_utc = execution_time_utc + self.rule_id = rule_id + self.triggered_analytics_rule_run_id = triggered_analytics_rule_run_id + self.provisioning_state = provisioning_state + self.rule_run_additional_data = rule_run_additional_data -class TiTaxiiCheckRequirements(DataConnectorsCheckRequirements): - """Threat Intelligence TAXII data connector check requirements. +class TriggeredAnalyticsRuleRuns(_serialization.Model): + """The triggered analytics rule run array. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str + :ivar value: Required. + :vartype value: list[~azure.mgmt.securityinsight.models.TriggeredAnalyticsRuleRun] + :ivar next_link: + :vartype next_link: str """ _validation = { - "kind": {"required": True}, + "value": {"required": True}, + "next_link": {"readonly": True}, } _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "value": {"key": "value", "type": "[TriggeredAnalyticsRuleRun]"}, + "next_link": {"key": "nextLink", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, value: List["_models.TriggeredAnalyticsRuleRun"], **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str + :keyword value: Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.TriggeredAnalyticsRuleRun] """ super().__init__(**kwargs) - self.kind: str = "ThreatIntelligenceTaxii" - self.tenant_id = tenant_id + self.value = value + self.next_link = None -class TiTaxiiCheckRequirementsProperties(DataConnectorTenantId): - """Threat Intelligence TAXII data connector required properties. +class Ueba(Settings): + """Settings with single toggle. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", + "EntityAnalytics", and "Ueba". + :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind + :ivar data_sources: The relevant data sources that enriched by ueba. + :vartype data_sources: list[str or ~azure.mgmt.securityinsight.models.UebaDataSources] """ _validation = { - "tenant_id": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "data_sources": {"key": "properties.dataSources", "type": "[str]"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__( + self, + *, + etag: Optional[str] = None, + data_sources: Optional[List[Union[str, "_models.UebaDataSources"]]] = None, + **kwargs: Any + ) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword data_sources: The relevant data sources that enriched by ueba. + :paramtype data_sources: list[str or ~azure.mgmt.securityinsight.models.UebaDataSources] """ - super().__init__(tenant_id=tenant_id, **kwargs) + super().__init__(etag=etag, **kwargs) + self.kind: str = "Ueba" + self.data_sources = data_sources -class TiTaxiiDataConnector(DataConnector): # pylint: disable=too-many-instance-attributes - """Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server. +class UrlEntity(Entity): + """Represents a url entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -22835,282 +28458,216 @@ class TiTaxiiDataConnector(DataConnector): # pylint: disable=too-many-instance- :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar workspace_id: The workspace id. - :vartype workspace_id: str - :ivar friendly_name: The friendly name for the TAXII server. + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str - :ivar taxii_server: The API root for the TAXII server. - :vartype taxii_server: str - :ivar collection_id: The collection id of the TAXII server. - :vartype collection_id: str - :ivar user_name: The userName for the TAXII server. - :vartype user_name: str - :ivar password: The password for the TAXII server. - :vartype password: str - :ivar taxii_lookback_period: The lookback period for the TAXII server. - :vartype taxii_lookback_period: ~datetime.datetime - :ivar polling_frequency: The polling frequency for the TAXII server. Known values are: - "OnceAMinute", "OnceAnHour", and "OnceADay". - :vartype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency - :ivar data_types: The available data types for Threat Intelligence TAXII data connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes + :ivar url: A full URL the entity points to. + :vartype url: str + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "url": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "url": {"key": "properties.url", "type": "str"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.kind: str = "Url" + self.additional_data = None + self.friendly_name = None + self.url = None + + +class UrlEntityProperties(EntityCommonProperties): + """Url entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar url: A full URL the entity points to. + :vartype url: str + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "url": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "url": {"key": "url", "type": "str"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.url = None + + +class UserInfo(_serialization.Model): + """User information that made some action. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar email: The email of the user. + :vartype email: str + :ivar name: The name of the user. + :vartype name: str + :ivar object_id: The object id of the user. + :vartype object_id: str """ _validation = { - "id": {"readonly": True}, + "email": {"readonly": True}, "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, + "email": {"key": "email", "type": "str"}, "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "workspace_id": {"key": "properties.workspaceId", "type": "str"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "taxii_server": {"key": "properties.taxiiServer", "type": "str"}, - "collection_id": {"key": "properties.collectionId", "type": "str"}, - "user_name": {"key": "properties.userName", "type": "str"}, - "password": {"key": "properties.password", "type": "str"}, - "taxii_lookback_period": {"key": "properties.taxiiLookbackPeriod", "type": "iso-8601"}, - "polling_frequency": {"key": "properties.pollingFrequency", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "TiTaxiiDataConnectorDataTypes"}, + "object_id": {"key": "objectId", "type": "str"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - workspace_id: Optional[str] = None, - friendly_name: Optional[str] = None, - taxii_server: Optional[str] = None, - collection_id: Optional[str] = None, - user_name: Optional[str] = None, - password: Optional[str] = None, - taxii_lookback_period: Optional[datetime.datetime] = None, - polling_frequency: Optional[Union[str, "_models.PollingFrequency"]] = None, - data_types: Optional["_models.TiTaxiiDataConnectorDataTypes"] = None, - **kwargs - ): + def __init__(self, *, object_id: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword workspace_id: The workspace id. - :paramtype workspace_id: str - :keyword friendly_name: The friendly name for the TAXII server. - :paramtype friendly_name: str - :keyword taxii_server: The API root for the TAXII server. - :paramtype taxii_server: str - :keyword collection_id: The collection id of the TAXII server. - :paramtype collection_id: str - :keyword user_name: The userName for the TAXII server. - :paramtype user_name: str - :keyword password: The password for the TAXII server. - :paramtype password: str - :keyword taxii_lookback_period: The lookback period for the TAXII server. - :paramtype taxii_lookback_period: ~datetime.datetime - :keyword polling_frequency: The polling frequency for the TAXII server. Known values are: - "OnceAMinute", "OnceAnHour", and "OnceADay". - :paramtype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency - :keyword data_types: The available data types for Threat Intelligence TAXII data connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes + :keyword object_id: The object id of the user. + :paramtype object_id: str """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "ThreatIntelligenceTaxii" - self.tenant_id = tenant_id - self.workspace_id = workspace_id - self.friendly_name = friendly_name - self.taxii_server = taxii_server - self.collection_id = collection_id - self.user_name = user_name - self.password = password - self.taxii_lookback_period = taxii_lookback_period - self.polling_frequency = polling_frequency - self.data_types = data_types + super().__init__(**kwargs) + self.email = None + self.name = None + self.object_id = object_id -class TiTaxiiDataConnectorDataTypes(_serialization.Model): - """The available data types for Threat Intelligence TAXII data connector. +class ValidationError(_serialization.Model): + """Describes an error encountered in the file during validation. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar taxii_client: Data type for TAXII connector. Required. - :vartype taxii_client: - ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypesTaxiiClient + :ivar record_index: The number of the record that has the error. + :vartype record_index: int + :ivar error_messages: A list of descriptions of the error. + :vartype error_messages: list[str] """ _validation = { - "taxii_client": {"required": True}, + "error_messages": {"readonly": True}, } _attribute_map = { - "taxii_client": {"key": "taxiiClient", "type": "TiTaxiiDataConnectorDataTypesTaxiiClient"}, + "record_index": {"key": "recordIndex", "type": "int"}, + "error_messages": {"key": "errorMessages", "type": "[str]"}, } - def __init__(self, *, taxii_client: "_models.TiTaxiiDataConnectorDataTypesTaxiiClient", **kwargs): + def __init__(self, *, record_index: Optional[int] = None, **kwargs: Any) -> None: """ - :keyword taxii_client: Data type for TAXII connector. Required. - :paramtype taxii_client: - ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypesTaxiiClient + :keyword record_index: The number of the record that has the error. + :paramtype record_index: int """ super().__init__(**kwargs) - self.taxii_client = taxii_client + self.record_index = record_index + self.error_messages = None -class TiTaxiiDataConnectorDataTypesTaxiiClient(DataConnectorDataTypeCommon): - """Data type for TAXII connector. +class Warning(_serialization.Model): + """Warning response structure. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :ivar warning: Warning data. + :vartype warning: ~azure.mgmt.securityinsight.models.WarningBody """ _validation = { - "state": {"required": True}, + "warning": {"readonly": True}, } _attribute_map = { - "state": {"key": "state", "type": "str"}, + "warning": {"key": "warning", "type": "WarningBody"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): - """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - super().__init__(state=state, **kwargs) + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.warning = None -class TiTaxiiDataConnectorProperties(DataConnectorTenantId): - """Threat Intelligence TAXII data connector properties. +class WarningBody(_serialization.Model): + """Warning details. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar workspace_id: The workspace id. - :vartype workspace_id: str - :ivar friendly_name: The friendly name for the TAXII server. - :vartype friendly_name: str - :ivar taxii_server: The API root for the TAXII server. - :vartype taxii_server: str - :ivar collection_id: The collection id of the TAXII server. - :vartype collection_id: str - :ivar user_name: The userName for the TAXII server. - :vartype user_name: str - :ivar password: The password for the TAXII server. - :vartype password: str - :ivar taxii_lookback_period: The lookback period for the TAXII server. - :vartype taxii_lookback_period: ~datetime.datetime - :ivar polling_frequency: The polling frequency for the TAXII server. Required. Known values - are: "OnceAMinute", "OnceAnHour", and "OnceADay". - :vartype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency - :ivar data_types: The available data types for Threat Intelligence TAXII data connector. - Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes + :ivar code: An identifier for the warning. Codes are invariant and are intended to be consumed + programmatically. Known values are: "SourceControlWarning_DeleteServicePrincipal", + "SourceControlWarning_DeletePipelineFromAzureDevOps", + "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub", + "SourceControlWarning_DeleteRoleAssignment", and "SourceControl_DeletedWithWarnings". + :vartype code: str or ~azure.mgmt.securityinsight.models.WarningCode + :ivar message: A message describing the warning, intended to be suitable for display in a user + interface. + :vartype message: str + :ivar details: + :vartype details: list[~azure.mgmt.securityinsight.models.WarningBody] """ _validation = { - "tenant_id": {"required": True}, - "polling_frequency": {"required": True}, - "data_types": {"required": True}, + "code": {"readonly": True}, + "message": {"readonly": True}, + "details": {"readonly": True}, } _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "workspace_id": {"key": "workspaceId", "type": "str"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "taxii_server": {"key": "taxiiServer", "type": "str"}, - "collection_id": {"key": "collectionId", "type": "str"}, - "user_name": {"key": "userName", "type": "str"}, - "password": {"key": "password", "type": "str"}, - "taxii_lookback_period": {"key": "taxiiLookbackPeriod", "type": "iso-8601"}, - "polling_frequency": {"key": "pollingFrequency", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "TiTaxiiDataConnectorDataTypes"}, + "code": {"key": "code", "type": "str"}, + "message": {"key": "message", "type": "str"}, + "details": {"key": "details", "type": "[WarningBody]"}, } - def __init__( - self, - *, - tenant_id: str, - polling_frequency: Union[str, "_models.PollingFrequency"], - data_types: "_models.TiTaxiiDataConnectorDataTypes", - workspace_id: Optional[str] = None, - friendly_name: Optional[str] = None, - taxii_server: Optional[str] = None, - collection_id: Optional[str] = None, - user_name: Optional[str] = None, - password: Optional[str] = None, - taxii_lookback_period: Optional[datetime.datetime] = None, - **kwargs - ): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword workspace_id: The workspace id. - :paramtype workspace_id: str - :keyword friendly_name: The friendly name for the TAXII server. - :paramtype friendly_name: str - :keyword taxii_server: The API root for the TAXII server. - :paramtype taxii_server: str - :keyword collection_id: The collection id of the TAXII server. - :paramtype collection_id: str - :keyword user_name: The userName for the TAXII server. - :paramtype user_name: str - :keyword password: The password for the TAXII server. - :paramtype password: str - :keyword taxii_lookback_period: The lookback period for the TAXII server. - :paramtype taxii_lookback_period: ~datetime.datetime - :keyword polling_frequency: The polling frequency for the TAXII server. Required. Known values - are: "OnceAMinute", "OnceAnHour", and "OnceADay". - :paramtype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency - :keyword data_types: The available data types for Threat Intelligence TAXII data connector. - Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes - """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.workspace_id = workspace_id - self.friendly_name = friendly_name - self.taxii_server = taxii_server - self.collection_id = collection_id - self.user_name = user_name - self.password = password - self.taxii_lookback_period = taxii_lookback_period - self.polling_frequency = polling_frequency - self.data_types = data_types + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.code = None + self.message = None + self.details = None -class Ueba(Settings): - """Settings with single toggle. +class Watchlist(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Represents a Watchlist in Azure Security Insights. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -23124,11 +28681,55 @@ class Ueba(Settings): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", - "EntityAnalytics", and "Ueba". - :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind - :ivar data_sources: The relevant data sources that enriched by ueba. - :vartype data_sources: list[str or ~azure.mgmt.securityinsight.models.UebaDataSources] + :ivar watchlist_id: The id (a Guid) of the watchlist. + :vartype watchlist_id: str + :ivar display_name: The display name of the watchlist. + :vartype display_name: str + :ivar provider: The provider of the watchlist. + :vartype provider: str + :ivar source: The filename of the watchlist, called 'source'. + :vartype source: str + :ivar source_type: The sourceType of the watchlist. Known values are: "Local file" and "Remote + storage". + :vartype source_type: str or ~azure.mgmt.securityinsight.models.SourceType + :ivar created: The time the watchlist was created. + :vartype created: ~datetime.datetime + :ivar updated: The last time the watchlist was updated. + :vartype updated: ~datetime.datetime + :ivar created_by: Describes a user that created the watchlist. + :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar updated_by: Describes a user that updated the watchlist. + :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar description: A description of the watchlist. + :vartype description: str + :ivar watchlist_type: The type of the watchlist. + :vartype watchlist_type: str + :ivar watchlist_alias: The alias of the watchlist. + :vartype watchlist_alias: str + :ivar is_deleted: A flag that indicates if the watchlist is deleted or not. + :vartype is_deleted: bool + :ivar labels: List of labels relevant to this watchlist. + :vartype labels: list[str] + :ivar default_duration: The default duration of a watchlist (in ISO 8601 duration format). + :vartype default_duration: ~datetime.timedelta + :ivar tenant_id: The tenantId where the watchlist belongs to. + :vartype tenant_id: str + :ivar number_of_lines_to_skip: The number of lines in a csv/tsv content to skip before the + header. + :vartype number_of_lines_to_skip: int + :ivar raw_content: The raw content that represents to watchlist items to create. In case of + csv/tsv content type, it's the content of the file that will parsed by the endpoint. + :vartype raw_content: str + :ivar items_search_key: The search key is used to optimize query performance when using + watchlists for joins with other data. For example, enable a column with IP addresses to be the + designated SearchKey field, then use this field as the key field when joining to other event + data by IP address. + :vartype items_search_key: str + :ivar content_type: The content type of the raw content. Example : text/csv or text/tsv. + :vartype content_type: str + :ivar upload_status: The status of the Watchlist upload : New, InProgress or Complete. Pls note + : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted. + :vartype upload_status: str """ _validation = { @@ -23136,7 +28737,6 @@ class Ueba(Settings): "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, - "kind": {"required": True}, } _attribute_map = { @@ -23145,35 +28745,138 @@ class Ueba(Settings): "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "data_sources": {"key": "properties.dataSources", "type": "[str]"}, + "watchlist_id": {"key": "properties.watchlistId", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "provider": {"key": "properties.provider", "type": "str"}, + "source": {"key": "properties.source", "type": "str"}, + "source_type": {"key": "properties.sourceType", "type": "str"}, + "created": {"key": "properties.created", "type": "iso-8601"}, + "updated": {"key": "properties.updated", "type": "iso-8601"}, + "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, + "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, + "description": {"key": "properties.description", "type": "str"}, + "watchlist_type": {"key": "properties.watchlistType", "type": "str"}, + "watchlist_alias": {"key": "properties.watchlistAlias", "type": "str"}, + "is_deleted": {"key": "properties.isDeleted", "type": "bool"}, + "labels": {"key": "properties.labels", "type": "[str]"}, + "default_duration": {"key": "properties.defaultDuration", "type": "duration"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "number_of_lines_to_skip": {"key": "properties.numberOfLinesToSkip", "type": "int"}, + "raw_content": {"key": "properties.rawContent", "type": "str"}, + "items_search_key": {"key": "properties.itemsSearchKey", "type": "str"}, + "content_type": {"key": "properties.contentType", "type": "str"}, + "upload_status": {"key": "properties.uploadStatus", "type": "str"}, } - def __init__( + def __init__( # pylint: disable=too-many-locals self, *, etag: Optional[str] = None, - data_sources: Optional[List[Union[str, "_models.UebaDataSources"]]] = None, - **kwargs - ): + watchlist_id: Optional[str] = None, + display_name: Optional[str] = None, + provider: Optional[str] = None, + source: Optional[str] = None, + source_type: Optional[Union[str, "_models.SourceType"]] = None, + created: Optional[datetime.datetime] = None, + updated: Optional[datetime.datetime] = None, + created_by: Optional["_models.UserInfo"] = None, + updated_by: Optional["_models.UserInfo"] = None, + description: Optional[str] = None, + watchlist_type: Optional[str] = None, + watchlist_alias: Optional[str] = None, + is_deleted: Optional[bool] = None, + labels: Optional[List[str]] = None, + default_duration: Optional[datetime.timedelta] = None, + tenant_id: Optional[str] = None, + number_of_lines_to_skip: Optional[int] = None, + raw_content: Optional[str] = None, + items_search_key: Optional[str] = None, + content_type: Optional[str] = None, + upload_status: Optional[str] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword data_sources: The relevant data sources that enriched by ueba. - :paramtype data_sources: list[str or ~azure.mgmt.securityinsight.models.UebaDataSources] + :keyword watchlist_id: The id (a Guid) of the watchlist. + :paramtype watchlist_id: str + :keyword display_name: The display name of the watchlist. + :paramtype display_name: str + :keyword provider: The provider of the watchlist. + :paramtype provider: str + :keyword source: The filename of the watchlist, called 'source'. + :paramtype source: str + :keyword source_type: The sourceType of the watchlist. Known values are: "Local file" and + "Remote storage". + :paramtype source_type: str or ~azure.mgmt.securityinsight.models.SourceType + :keyword created: The time the watchlist was created. + :paramtype created: ~datetime.datetime + :keyword updated: The last time the watchlist was updated. + :paramtype updated: ~datetime.datetime + :keyword created_by: Describes a user that created the watchlist. + :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword updated_by: Describes a user that updated the watchlist. + :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword description: A description of the watchlist. + :paramtype description: str + :keyword watchlist_type: The type of the watchlist. + :paramtype watchlist_type: str + :keyword watchlist_alias: The alias of the watchlist. + :paramtype watchlist_alias: str + :keyword is_deleted: A flag that indicates if the watchlist is deleted or not. + :paramtype is_deleted: bool + :keyword labels: List of labels relevant to this watchlist. + :paramtype labels: list[str] + :keyword default_duration: The default duration of a watchlist (in ISO 8601 duration format). + :paramtype default_duration: ~datetime.timedelta + :keyword tenant_id: The tenantId where the watchlist belongs to. + :paramtype tenant_id: str + :keyword number_of_lines_to_skip: The number of lines in a csv/tsv content to skip before the + header. + :paramtype number_of_lines_to_skip: int + :keyword raw_content: The raw content that represents to watchlist items to create. In case of + csv/tsv content type, it's the content of the file that will parsed by the endpoint. + :paramtype raw_content: str + :keyword items_search_key: The search key is used to optimize query performance when using + watchlists for joins with other data. For example, enable a column with IP addresses to be the + designated SearchKey field, then use this field as the key field when joining to other event + data by IP address. + :paramtype items_search_key: str + :keyword content_type: The content type of the raw content. Example : text/csv or text/tsv. + :paramtype content_type: str + :keyword upload_status: The status of the Watchlist upload : New, InProgress or Complete. Pls + note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted. + :paramtype upload_status: str """ super().__init__(etag=etag, **kwargs) - self.kind: str = "Ueba" - self.data_sources = data_sources + self.watchlist_id = watchlist_id + self.display_name = display_name + self.provider = provider + self.source = source + self.source_type = source_type + self.created = created + self.updated = updated + self.created_by = created_by + self.updated_by = updated_by + self.description = description + self.watchlist_type = watchlist_type + self.watchlist_alias = watchlist_alias + self.is_deleted = is_deleted + self.labels = labels + self.default_duration = default_duration + self.tenant_id = tenant_id + self.number_of_lines_to_skip = number_of_lines_to_skip + self.raw_content = raw_content + self.items_search_key = items_search_key + self.content_type = content_type + self.upload_status = upload_status -class UrlEntity(Entity): - """Represents a url entity. +class WatchlistItem(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Represents a Watchlist item in Azure Security Insights. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -23185,19 +28888,28 @@ class UrlEntity(Entity): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar url: A full URL the entity points to. - :vartype url: str + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar watchlist_item_type: The type of the watchlist item. + :vartype watchlist_item_type: str + :ivar watchlist_item_id: The id (a Guid) of the watchlist item. + :vartype watchlist_item_id: str + :ivar tenant_id: The tenantId to which the watchlist item belongs to. + :vartype tenant_id: str + :ivar is_deleted: A flag that indicates if the watchlist item is deleted or not. + :vartype is_deleted: bool + :ivar created: The time the watchlist item was created. + :vartype created: ~datetime.datetime + :ivar updated: The last time the watchlist item was updated. + :vartype updated: ~datetime.datetime + :ivar created_by: Describes a user that created the watchlist item. + :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar updated_by: Describes a user that updated the watchlist item. + :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar items_key_value: key-value pairs for a watchlist item. + :vartype items_key_value: dict[str, any] + :ivar entity_mapping: key-value pairs for a watchlist item entity mapping. + :vartype entity_mapping: dict[str, any] """ _validation = { @@ -23205,10 +28917,6 @@ class UrlEntity(Entity): "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "url": {"readonly": True}, } _attribute_map = { @@ -23216,121 +28924,181 @@ class UrlEntity(Entity): "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "url": {"key": "properties.url", "type": "str"}, + "etag": {"key": "etag", "type": "str"}, + "watchlist_item_type": {"key": "properties.watchlistItemType", "type": "str"}, + "watchlist_item_id": {"key": "properties.watchlistItemId", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "is_deleted": {"key": "properties.isDeleted", "type": "bool"}, + "created": {"key": "properties.created", "type": "iso-8601"}, + "updated": {"key": "properties.updated", "type": "iso-8601"}, + "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, + "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, + "items_key_value": {"key": "properties.itemsKeyValue", "type": "{object}"}, + "entity_mapping": {"key": "properties.entityMapping", "type": "{object}"}, } - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: str = "Url" - self.additional_data = None - self.friendly_name = None - self.url = None + def __init__( + self, + *, + etag: Optional[str] = None, + watchlist_item_type: Optional[str] = None, + watchlist_item_id: Optional[str] = None, + tenant_id: Optional[str] = None, + is_deleted: Optional[bool] = None, + created: Optional[datetime.datetime] = None, + updated: Optional[datetime.datetime] = None, + created_by: Optional["_models.UserInfo"] = None, + updated_by: Optional["_models.UserInfo"] = None, + items_key_value: Optional[Dict[str, Any]] = None, + entity_mapping: Optional[Dict[str, Any]] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword watchlist_item_type: The type of the watchlist item. + :paramtype watchlist_item_type: str + :keyword watchlist_item_id: The id (a Guid) of the watchlist item. + :paramtype watchlist_item_id: str + :keyword tenant_id: The tenantId to which the watchlist item belongs to. + :paramtype tenant_id: str + :keyword is_deleted: A flag that indicates if the watchlist item is deleted or not. + :paramtype is_deleted: bool + :keyword created: The time the watchlist item was created. + :paramtype created: ~datetime.datetime + :keyword updated: The last time the watchlist item was updated. + :paramtype updated: ~datetime.datetime + :keyword created_by: Describes a user that created the watchlist item. + :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword updated_by: Describes a user that updated the watchlist item. + :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword items_key_value: key-value pairs for a watchlist item. + :paramtype items_key_value: dict[str, any] + :keyword entity_mapping: key-value pairs for a watchlist item entity mapping. + :paramtype entity_mapping: dict[str, any] + """ + super().__init__(etag=etag, **kwargs) + self.watchlist_item_type = watchlist_item_type + self.watchlist_item_id = watchlist_item_id + self.tenant_id = tenant_id + self.is_deleted = is_deleted + self.created = created + self.updated = updated + self.created_by = created_by + self.updated_by = updated_by + self.items_key_value = items_key_value + self.entity_mapping = entity_mapping -class UrlEntityProperties(EntityCommonProperties): - """Url entity property bag. +class WatchlistItemList(_serialization.Model): + """List all the watchlist items. Variables are only populated by the server, and will be ignored when sending a request. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar url: A full URL the entity points to. - :vartype url: str + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of watchlist item. + :vartype next_link: str + :ivar value: Array of watchlist items. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.WatchlistItem] """ _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "url": {"readonly": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "url": {"key": "url", "type": "str"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[WatchlistItem]"}, } - def __init__(self, **kwargs): - """ """ + def __init__(self, *, value: List["_models.WatchlistItem"], **kwargs: Any) -> None: + """ + :keyword value: Array of watchlist items. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.WatchlistItem] + """ super().__init__(**kwargs) - self.url = None + self.next_link = None + self.value = value -class UserInfo(_serialization.Model): - """User information that made some action. +class WatchlistList(_serialization.Model): + """List all the watchlists. Variables are only populated by the server, and will be ignored when sending a request. - :ivar email: The email of the user. - :vartype email: str - :ivar name: The name of the user. - :vartype name: str - :ivar object_id: The object id of the user. - :vartype object_id: str + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of watchlists. + :vartype next_link: str + :ivar value: Array of watchlist. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Watchlist] """ _validation = { - "email": {"readonly": True}, - "name": {"readonly": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "email": {"key": "email", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "object_id": {"key": "objectId", "type": "str"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Watchlist]"}, } - def __init__(self, *, object_id: Optional[str] = None, **kwargs): + def __init__(self, *, value: List["_models.Watchlist"], **kwargs: Any) -> None: """ - :keyword object_id: The object id of the user. - :paramtype object_id: str + :keyword value: Array of watchlist. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Watchlist] """ super().__init__(**kwargs) - self.email = None - self.name = None - self.object_id = object_id + self.next_link = None + self.value = value -class ValidationError(_serialization.Model): - """Describes an error encountered in the file during validation. +class Webhook(_serialization.Model): + """Detail about the webhook object. Variables are only populated by the server, and will be ignored when sending a request. - :ivar record_index: The number of the record that has the error. - :vartype record_index: int - :ivar error_messages: A list of descriptions of the error. - :vartype error_messages: list[str] + :ivar webhook_id: Unique identifier for the webhook. + :vartype webhook_id: str + :ivar webhook_url: URL that gets invoked by the webhook. + :vartype webhook_url: str + :ivar webhook_secret_update_time: Time when the webhook secret was updated. + :vartype webhook_secret_update_time: ~datetime.datetime + :ivar rotate_webhook_secret: A flag to instruct the backend service to rotate webhook secret. + :vartype rotate_webhook_secret: bool """ _validation = { - "error_messages": {"readonly": True}, + "webhook_id": {"readonly": True}, + "webhook_url": {"readonly": True}, + "webhook_secret_update_time": {"readonly": True}, } _attribute_map = { - "record_index": {"key": "recordIndex", "type": "int"}, - "error_messages": {"key": "errorMessages", "type": "[str]"}, + "webhook_id": {"key": "webhookId", "type": "str"}, + "webhook_url": {"key": "webhookUrl", "type": "str"}, + "webhook_secret_update_time": {"key": "webhookSecretUpdateTime", "type": "iso-8601"}, + "rotate_webhook_secret": {"key": "rotateWebhookSecret", "type": "bool"}, } - def __init__(self, *, record_index: Optional[int] = None, **kwargs): + def __init__(self, *, rotate_webhook_secret: Optional[bool] = None, **kwargs: Any) -> None: """ - :keyword record_index: The number of the record that has the error. - :paramtype record_index: int + :keyword rotate_webhook_secret: A flag to instruct the backend service to rotate webhook + secret. + :paramtype rotate_webhook_secret: bool """ super().__init__(**kwargs) - self.record_index = record_index - self.error_messages = None + self.webhook_id = None + self.webhook_url = None + self.webhook_secret_update_time = None + self.rotate_webhook_secret = rotate_webhook_secret -class Watchlist(ResourceWithEtag): # pylint: disable=too-many-instance-attributes - """Represents a Watchlist in Azure Security Insights. +class WorkspaceManagerAssignment(AzureEntityResource): + """The workspace manager assignment. Variables are only populated by the server, and will be ignored when sending a request. @@ -23345,57 +29113,19 @@ class Watchlist(ResourceWithEtag): # pylint: disable=too-many-instance-attribut :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. + :ivar etag: Resource Etag. :vartype etag: str - :ivar watchlist_id: The id (a Guid) of the watchlist. - :vartype watchlist_id: str - :ivar display_name: The display name of the watchlist. - :vartype display_name: str - :ivar provider: The provider of the watchlist. - :vartype provider: str - :ivar source: The filename of the watchlist, called 'source'. - :vartype source: str - :ivar source_type: The sourceType of the watchlist. Known values are: "Local file" and "Remote - storage". - :vartype source_type: str or ~azure.mgmt.securityinsight.models.SourceType - :ivar created: The time the watchlist was created. - :vartype created: ~datetime.datetime - :ivar updated: The last time the watchlist was updated. - :vartype updated: ~datetime.datetime - :ivar created_by: Describes a user that created the watchlist. - :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar updated_by: Describes a user that updated the watchlist. - :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar description: A description of the watchlist. - :vartype description: str - :ivar watchlist_type: The type of the watchlist. - :vartype watchlist_type: str - :ivar watchlist_alias: The alias of the watchlist. - :vartype watchlist_alias: str - :ivar is_deleted: A flag that indicates if the watchlist is deleted or not. - :vartype is_deleted: bool - :ivar labels: List of labels relevant to this watchlist. - :vartype labels: list[str] - :ivar default_duration: The default duration of a watchlist (in ISO 8601 duration format). - :vartype default_duration: ~datetime.timedelta - :ivar tenant_id: The tenantId where the watchlist belongs to. - :vartype tenant_id: str - :ivar number_of_lines_to_skip: The number of lines in a csv/tsv content to skip before the - header. - :vartype number_of_lines_to_skip: int - :ivar raw_content: The raw content that represents to watchlist items to create. In case of - csv/tsv content type, it's the content of the file that will parsed by the endpoint. - :vartype raw_content: str - :ivar items_search_key: The search key is used to optimize query performance when using - watchlists for joins with other data. For example, enable a column with IP addresses to be the - designated SearchKey field, then use this field as the key field when joining to other event - data by IP address. - :vartype items_search_key: str - :ivar content_type: The content type of the raw content. Example : text/csv or text/tsv. - :vartype content_type: str - :ivar upload_status: The status of the Watchlist upload : New, InProgress or Complete. Pls note - : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted. - :vartype upload_status: str + :ivar target_resource_name: The resource name of the workspace manager group targeted by the + workspace manager assignment. + :vartype target_resource_name: str + :ivar last_job_end_time: The time the last job associated to this assignment ended at. + :vartype last_job_end_time: ~datetime.datetime + :ivar last_job_provisioning_state: State of the last job associated to this assignment. Known + values are: "Accepted", "InProgress", "Succeeded", "Failed", and "Canceled". + :vartype last_job_provisioning_state: str or + ~azure.mgmt.securityinsight.models.ProvisioningState + :ivar items: List of resources included in this workspace manager assignment. + :vartype items: list[~azure.mgmt.securityinsight.models.AssignmentItem] """ _validation = { @@ -23403,6 +29133,9 @@ class Watchlist(ResourceWithEtag): # pylint: disable=too-many-instance-attribut "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, + "etag": {"readonly": True}, + "last_job_end_time": {"readonly": True}, + "last_job_provisioning_state": {"readonly": True}, } _attribute_map = { @@ -23411,135 +29144,68 @@ class Watchlist(ResourceWithEtag): # pylint: disable=too-many-instance-attribut "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, - "watchlist_id": {"key": "properties.watchlistId", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "provider": {"key": "properties.provider", "type": "str"}, - "source": {"key": "properties.source", "type": "str"}, - "source_type": {"key": "properties.sourceType", "type": "str"}, - "created": {"key": "properties.created", "type": "iso-8601"}, - "updated": {"key": "properties.updated", "type": "iso-8601"}, - "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, - "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, - "description": {"key": "properties.description", "type": "str"}, - "watchlist_type": {"key": "properties.watchlistType", "type": "str"}, - "watchlist_alias": {"key": "properties.watchlistAlias", "type": "str"}, - "is_deleted": {"key": "properties.isDeleted", "type": "bool"}, - "labels": {"key": "properties.labels", "type": "[str]"}, - "default_duration": {"key": "properties.defaultDuration", "type": "duration"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "number_of_lines_to_skip": {"key": "properties.numberOfLinesToSkip", "type": "int"}, - "raw_content": {"key": "properties.rawContent", "type": "str"}, - "items_search_key": {"key": "properties.itemsSearchKey", "type": "str"}, - "content_type": {"key": "properties.contentType", "type": "str"}, - "upload_status": {"key": "properties.uploadStatus", "type": "str"}, + "target_resource_name": {"key": "properties.targetResourceName", "type": "str"}, + "last_job_end_time": {"key": "properties.lastJobEndTime", "type": "iso-8601"}, + "last_job_provisioning_state": {"key": "properties.lastJobProvisioningState", "type": "str"}, + "items": {"key": "properties.items", "type": "[AssignmentItem]"}, } - def __init__( # pylint: disable=too-many-locals + def __init__( self, *, - etag: Optional[str] = None, - watchlist_id: Optional[str] = None, - display_name: Optional[str] = None, - provider: Optional[str] = None, - source: Optional[str] = None, - source_type: Optional[Union[str, "_models.SourceType"]] = None, - created: Optional[datetime.datetime] = None, - updated: Optional[datetime.datetime] = None, - created_by: Optional["_models.UserInfo"] = None, - updated_by: Optional["_models.UserInfo"] = None, - description: Optional[str] = None, - watchlist_type: Optional[str] = None, - watchlist_alias: Optional[str] = None, - is_deleted: Optional[bool] = None, - labels: Optional[List[str]] = None, - default_duration: Optional[datetime.timedelta] = None, - tenant_id: Optional[str] = None, - number_of_lines_to_skip: Optional[int] = None, - raw_content: Optional[str] = None, - items_search_key: Optional[str] = None, - content_type: Optional[str] = None, - upload_status: Optional[str] = None, - **kwargs - ): + target_resource_name: Optional[str] = None, + items: Optional[List["_models.AssignmentItem"]] = None, + **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword watchlist_id: The id (a Guid) of the watchlist. - :paramtype watchlist_id: str - :keyword display_name: The display name of the watchlist. - :paramtype display_name: str - :keyword provider: The provider of the watchlist. - :paramtype provider: str - :keyword source: The filename of the watchlist, called 'source'. - :paramtype source: str - :keyword source_type: The sourceType of the watchlist. Known values are: "Local file" and - "Remote storage". - :paramtype source_type: str or ~azure.mgmt.securityinsight.models.SourceType - :keyword created: The time the watchlist was created. - :paramtype created: ~datetime.datetime - :keyword updated: The last time the watchlist was updated. - :paramtype updated: ~datetime.datetime - :keyword created_by: Describes a user that created the watchlist. - :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword updated_by: Describes a user that updated the watchlist. - :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword description: A description of the watchlist. - :paramtype description: str - :keyword watchlist_type: The type of the watchlist. - :paramtype watchlist_type: str - :keyword watchlist_alias: The alias of the watchlist. - :paramtype watchlist_alias: str - :keyword is_deleted: A flag that indicates if the watchlist is deleted or not. - :paramtype is_deleted: bool - :keyword labels: List of labels relevant to this watchlist. - :paramtype labels: list[str] - :keyword default_duration: The default duration of a watchlist (in ISO 8601 duration format). - :paramtype default_duration: ~datetime.timedelta - :keyword tenant_id: The tenantId where the watchlist belongs to. - :paramtype tenant_id: str - :keyword number_of_lines_to_skip: The number of lines in a csv/tsv content to skip before the - header. - :paramtype number_of_lines_to_skip: int - :keyword raw_content: The raw content that represents to watchlist items to create. In case of - csv/tsv content type, it's the content of the file that will parsed by the endpoint. - :paramtype raw_content: str - :keyword items_search_key: The search key is used to optimize query performance when using - watchlists for joins with other data. For example, enable a column with IP addresses to be the - designated SearchKey field, then use this field as the key field when joining to other event - data by IP address. - :paramtype items_search_key: str - :keyword content_type: The content type of the raw content. Example : text/csv or text/tsv. - :paramtype content_type: str - :keyword upload_status: The status of the Watchlist upload : New, InProgress or Complete. Pls - note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted. - :paramtype upload_status: str + :keyword target_resource_name: The resource name of the workspace manager group targeted by the + workspace manager assignment. + :paramtype target_resource_name: str + :keyword items: List of resources included in this workspace manager assignment. + :paramtype items: list[~azure.mgmt.securityinsight.models.AssignmentItem] + """ + super().__init__(**kwargs) + self.target_resource_name = target_resource_name + self.last_job_end_time = None + self.last_job_provisioning_state = None + self.items = items + + +class WorkspaceManagerAssignmentList(_serialization.Model): + """List of all the workspace manager assignments. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of workspace manager assignments. + :vartype next_link: str + :ivar value: Array of workspace manager assignments. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[WorkspaceManagerAssignment]"}, + } + + def __init__(self, *, value: List["_models.WorkspaceManagerAssignment"], **kwargs: Any) -> None: """ - super().__init__(etag=etag, **kwargs) - self.watchlist_id = watchlist_id - self.display_name = display_name - self.provider = provider - self.source = source - self.source_type = source_type - self.created = created - self.updated = updated - self.created_by = created_by - self.updated_by = updated_by - self.description = description - self.watchlist_type = watchlist_type - self.watchlist_alias = watchlist_alias - self.is_deleted = is_deleted - self.labels = labels - self.default_duration = default_duration - self.tenant_id = tenant_id - self.number_of_lines_to_skip = number_of_lines_to_skip - self.raw_content = raw_content - self.items_search_key = items_search_key - self.content_type = content_type - self.upload_status = upload_status + :keyword value: Array of workspace manager assignments. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value -class WatchlistItem(ResourceWithEtag): # pylint: disable=too-many-instance-attributes - """Represents a Watchlist item in Azure Security Insights. +class WorkspaceManagerConfiguration(AzureEntityResource): + """The workspace manager configuration. Variables are only populated by the server, and will be ignored when sending a request. @@ -23554,28 +29220,11 @@ class WatchlistItem(ResourceWithEtag): # pylint: disable=too-many-instance-attr :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. + :ivar etag: Resource Etag. :vartype etag: str - :ivar watchlist_item_type: The type of the watchlist item. - :vartype watchlist_item_type: str - :ivar watchlist_item_id: The id (a Guid) of the watchlist item. - :vartype watchlist_item_id: str - :ivar tenant_id: The tenantId to which the watchlist item belongs to. - :vartype tenant_id: str - :ivar is_deleted: A flag that indicates if the watchlist item is deleted or not. - :vartype is_deleted: bool - :ivar created: The time the watchlist item was created. - :vartype created: ~datetime.datetime - :ivar updated: The last time the watchlist item was updated. - :vartype updated: ~datetime.datetime - :ivar created_by: Describes a user that created the watchlist item. - :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar updated_by: Describes a user that updated the watchlist item. - :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar items_key_value: key-value pairs for a watchlist item. - :vartype items_key_value: dict[str, any] - :ivar entity_mapping: key-value pairs for a watchlist item entity mapping. - :vartype entity_mapping: dict[str, any] + :ivar mode: The current mode of the workspace manager configuration. Known values are: + "Enabled" and "Disabled". + :vartype mode: str or ~azure.mgmt.securityinsight.models.Mode """ _validation = { @@ -23583,6 +29232,7 @@ class WatchlistItem(ResourceWithEtag): # pylint: disable=too-many-instance-attr "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, + "etag": {"readonly": True}, } _attribute_map = { @@ -23591,82 +29241,30 @@ class WatchlistItem(ResourceWithEtag): # pylint: disable=too-many-instance-attr "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, - "watchlist_item_type": {"key": "properties.watchlistItemType", "type": "str"}, - "watchlist_item_id": {"key": "properties.watchlistItemId", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "is_deleted": {"key": "properties.isDeleted", "type": "bool"}, - "created": {"key": "properties.created", "type": "iso-8601"}, - "updated": {"key": "properties.updated", "type": "iso-8601"}, - "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, - "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, - "items_key_value": {"key": "properties.itemsKeyValue", "type": "{object}"}, - "entity_mapping": {"key": "properties.entityMapping", "type": "{object}"}, + "mode": {"key": "properties.mode", "type": "str"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - watchlist_item_type: Optional[str] = None, - watchlist_item_id: Optional[str] = None, - tenant_id: Optional[str] = None, - is_deleted: Optional[bool] = None, - created: Optional[datetime.datetime] = None, - updated: Optional[datetime.datetime] = None, - created_by: Optional["_models.UserInfo"] = None, - updated_by: Optional["_models.UserInfo"] = None, - items_key_value: Optional[Dict[str, Any]] = None, - entity_mapping: Optional[Dict[str, Any]] = None, - **kwargs - ): + def __init__(self, *, mode: Optional[Union[str, "_models.Mode"]] = None, **kwargs: Any) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword watchlist_item_type: The type of the watchlist item. - :paramtype watchlist_item_type: str - :keyword watchlist_item_id: The id (a Guid) of the watchlist item. - :paramtype watchlist_item_id: str - :keyword tenant_id: The tenantId to which the watchlist item belongs to. - :paramtype tenant_id: str - :keyword is_deleted: A flag that indicates if the watchlist item is deleted or not. - :paramtype is_deleted: bool - :keyword created: The time the watchlist item was created. - :paramtype created: ~datetime.datetime - :keyword updated: The last time the watchlist item was updated. - :paramtype updated: ~datetime.datetime - :keyword created_by: Describes a user that created the watchlist item. - :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword updated_by: Describes a user that updated the watchlist item. - :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword items_key_value: key-value pairs for a watchlist item. - :paramtype items_key_value: dict[str, any] - :keyword entity_mapping: key-value pairs for a watchlist item entity mapping. - :paramtype entity_mapping: dict[str, any] + :keyword mode: The current mode of the workspace manager configuration. Known values are: + "Enabled" and "Disabled". + :paramtype mode: str or ~azure.mgmt.securityinsight.models.Mode """ - super().__init__(etag=etag, **kwargs) - self.watchlist_item_type = watchlist_item_type - self.watchlist_item_id = watchlist_item_id - self.tenant_id = tenant_id - self.is_deleted = is_deleted - self.created = created - self.updated = updated - self.created_by = created_by - self.updated_by = updated_by - self.items_key_value = items_key_value - self.entity_mapping = entity_mapping + super().__init__(**kwargs) + self.mode = mode -class WatchlistItemList(_serialization.Model): - """List all the watchlist items. +class WorkspaceManagerConfigurationList(_serialization.Model): + """List all the workspace manager configurations for the workspace. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of watchlist item. + :ivar next_link: URL to fetch the next set of workspace manager configurations. :vartype next_link: str - :ivar value: Array of watchlist items. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.WatchlistItem] + :ivar value: Array of workspace manager configurations. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration] """ _validation = { @@ -23676,30 +29274,99 @@ class WatchlistItemList(_serialization.Model): _attribute_map = { "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[WatchlistItem]"}, + "value": {"key": "value", "type": "[WorkspaceManagerConfiguration]"}, } - def __init__(self, *, value: List["_models.WatchlistItem"], **kwargs): + def __init__(self, *, value: List["_models.WorkspaceManagerConfiguration"], **kwargs: Any) -> None: """ - :keyword value: Array of watchlist items. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.WatchlistItem] + :keyword value: Array of workspace manager configurations. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration] """ super().__init__(**kwargs) self.next_link = None self.value = value -class WatchlistList(_serialization.Model): - """List all the watchlists. +class WorkspaceManagerGroup(AzureEntityResource): + """The workspace manager group. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Resource Etag. + :vartype etag: str + :ivar description: The description of the workspace manager group. + :vartype description: str + :ivar display_name: The display name of the workspace manager group. + :vartype display_name: str + :ivar member_resource_names: The names of the workspace manager members participating in this + group. + :vartype member_resource_names: list[str] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "etag": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "member_resource_names": {"key": "properties.memberResourceNames", "type": "[str]"}, + } + + def __init__( + self, + *, + description: Optional[str] = None, + display_name: Optional[str] = None, + member_resource_names: Optional[List[str]] = None, + **kwargs: Any + ) -> None: + """ + :keyword description: The description of the workspace manager group. + :paramtype description: str + :keyword display_name: The display name of the workspace manager group. + :paramtype display_name: str + :keyword member_resource_names: The names of the workspace manager members participating in + this group. + :paramtype member_resource_names: list[str] + """ + super().__init__(**kwargs) + self.description = description + self.display_name = display_name + self.member_resource_names = member_resource_names + + +class WorkspaceManagerGroupList(_serialization.Model): + """List of all the workspace manager groups. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of watchlists. + :ivar next_link: URL to fetch the next set of workspace manager groups. :vartype next_link: str - :ivar value: Array of watchlist. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.Watchlist] + :ivar value: Array of workspace manager groups. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.WorkspaceManagerGroup] """ _validation = { @@ -23709,61 +29376,111 @@ class WatchlistList(_serialization.Model): _attribute_map = { "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[Watchlist]"}, + "value": {"key": "value", "type": "[WorkspaceManagerGroup]"}, } - def __init__(self, *, value: List["_models.Watchlist"], **kwargs): + def __init__(self, *, value: List["_models.WorkspaceManagerGroup"], **kwargs: Any) -> None: """ - :keyword value: Array of watchlist. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.Watchlist] + :keyword value: Array of workspace manager groups. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.WorkspaceManagerGroup] """ super().__init__(**kwargs) self.next_link = None self.value = value -class Webhook(_serialization.Model): - """Detail about the webhook object. +class WorkspaceManagerMember(AzureEntityResource): + """The workspace manager member. - :ivar webhook_id: Unique identifier for the webhook. - :vartype webhook_id: str - :ivar webhook_url: URL that gets invoked by the webhook. - :vartype webhook_url: str - :ivar webhook_secret_update_time: Time when the webhook secret was updated. - :vartype webhook_secret_update_time: str - :ivar rotate_webhook_secret: A flag to instruct the backend service to rotate webhook secret. - :vartype rotate_webhook_secret: bool + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Resource Etag. + :vartype etag: str + :ivar target_workspace_resource_id: Fully qualified resource ID of the target Sentinel + workspace joining the given Sentinel workspace manager. + :vartype target_workspace_resource_id: str + :ivar target_workspace_tenant_id: Tenant id of the target Sentinel workspace joining the given + Sentinel workspace manager. + :vartype target_workspace_tenant_id: str """ + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "etag": {"readonly": True}, + } + _attribute_map = { - "webhook_id": {"key": "webhookId", "type": "str"}, - "webhook_url": {"key": "webhookUrl", "type": "str"}, - "webhook_secret_update_time": {"key": "webhookSecretUpdateTime", "type": "str"}, - "rotate_webhook_secret": {"key": "rotateWebhookSecret", "type": "bool"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "target_workspace_resource_id": {"key": "properties.targetWorkspaceResourceId", "type": "str"}, + "target_workspace_tenant_id": {"key": "properties.targetWorkspaceTenantId", "type": "str"}, } def __init__( self, *, - webhook_id: Optional[str] = None, - webhook_url: Optional[str] = None, - webhook_secret_update_time: Optional[str] = None, - rotate_webhook_secret: Optional[bool] = None, - **kwargs - ): - """ - :keyword webhook_id: Unique identifier for the webhook. - :paramtype webhook_id: str - :keyword webhook_url: URL that gets invoked by the webhook. - :paramtype webhook_url: str - :keyword webhook_secret_update_time: Time when the webhook secret was updated. - :paramtype webhook_secret_update_time: str - :keyword rotate_webhook_secret: A flag to instruct the backend service to rotate webhook - secret. - :paramtype rotate_webhook_secret: bool + target_workspace_resource_id: Optional[str] = None, + target_workspace_tenant_id: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword target_workspace_resource_id: Fully qualified resource ID of the target Sentinel + workspace joining the given Sentinel workspace manager. + :paramtype target_workspace_resource_id: str + :keyword target_workspace_tenant_id: Tenant id of the target Sentinel workspace joining the + given Sentinel workspace manager. + :paramtype target_workspace_tenant_id: str """ super().__init__(**kwargs) - self.webhook_id = webhook_id - self.webhook_url = webhook_url - self.webhook_secret_update_time = webhook_secret_update_time - self.rotate_webhook_secret = rotate_webhook_secret + self.target_workspace_resource_id = target_workspace_resource_id + self.target_workspace_tenant_id = target_workspace_tenant_id + + +class WorkspaceManagerMembersList(_serialization.Model): + """List of workspace manager members. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of workspace manager members. + :vartype next_link: str + :ivar value: Array of workspace manager members. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.WorkspaceManagerMember] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[WorkspaceManagerMember]"}, + } + + def __init__(self, *, value: List["_models.WorkspaceManagerMember"], **kwargs: Any) -> None: + """ + :keyword value: Array of workspace manager members. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.WorkspaceManagerMember] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_security_insights_enums.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_security_insights_enums.py index 455b7f96600f..b35f3fc29e49 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_security_insights_enums.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_security_insights_enums.py @@ -13,44 +13,44 @@ class ActionType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The type of the automation rule action.""" - #: Modify an object's properties MODIFY_PROPERTIES = "ModifyProperties" - #: Run a playbook on an object + """Modify an object's properties""" RUN_PLAYBOOK = "RunPlaybook" - #: Add a task to an incident object + """Run a playbook on an object""" ADD_INCIDENT_TASK = "AddIncidentTask" + """Add a task to an incident object""" class AlertDetail(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Alert detail.""" - #: Alert display name DISPLAY_NAME = "DisplayName" - #: Alert severity + """Alert display name""" SEVERITY = "Severity" + """Alert severity""" class AlertProperty(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The V3 alert property.""" - #: Alert's link ALERT_LINK = "AlertLink" - #: Confidence level property + """Alert's link""" CONFIDENCE_LEVEL = "ConfidenceLevel" - #: Confidence score + """Confidence level property""" CONFIDENCE_SCORE = "ConfidenceScore" - #: Extended links to the alert + """Confidence score""" EXTENDED_LINKS = "ExtendedLinks" - #: Product name alert property + """Extended links to the alert""" PRODUCT_NAME = "ProductName" - #: Provider name alert property + """Product name alert property""" PROVIDER_NAME = "ProviderName" - #: Product component name alert property + """Provider name alert property""" PRODUCT_COMPONENT_NAME = "ProductComponentName" - #: Remediation steps alert property + """Product component name alert property""" REMEDIATION_STEPS = "RemediationSteps" - #: Techniques alert property + """Remediation steps alert property""" TECHNIQUES = "Techniques" + """Techniques alert property""" class AlertRuleKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -67,42 +67,42 @@ class AlertRuleKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): class AlertSeverity(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The severity of the alert.""" - #: High severity HIGH = "High" - #: Medium severity + """High severity""" MEDIUM = "Medium" - #: Low severity + """Medium severity""" LOW = "Low" - #: Informational severity + """Low severity""" INFORMATIONAL = "Informational" + """Informational severity""" class AlertStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The lifecycle status of the alert.""" - #: Unknown value UNKNOWN = "Unknown" - #: New alert + """Unknown value""" NEW = "New" - #: Alert closed after handling + """New alert""" RESOLVED = "Resolved" - #: Alert dismissed as false positive + """Alert closed after handling""" DISMISSED = "Dismissed" - #: Alert is being handled + """Alert dismissed as false positive""" IN_PROGRESS = "InProgress" + """Alert is being handled""" class AntispamMailDirection(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The directionality of this mail message.""" - #: Unknown UNKNOWN = "Unknown" - #: Inbound + """Unknown""" INBOUND = "Inbound" - #: Outbound + """Inbound""" OUTBOUND = "Outbound" - #: Intraorg + """Outbound""" INTRAORG = "Intraorg" + """Intraorg""" class AttackTactic(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -130,249 +130,259 @@ class AttackTactic(str, Enum, metaclass=CaseInsensitiveEnumMeta): class AutomationRuleBooleanConditionSupportedOperator(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRuleBooleanConditionSupportedOperator.""" - #: Evaluates as true if all the item conditions are evaluated as true AND = "And" - #: Evaluates as true if at least one of the item conditions are evaluated as true + """Evaluates as true if all the item conditions are evaluated as true""" OR = "Or" + """Evaluates as true if at least one of the item conditions are evaluated as true""" + AND_ENUM = "And" + """Evaluates as true if all the item conditions are evaluated as true""" + OR_ENUM = "Or" + """Evaluates as true if at least one of the item conditions are evaluated as true""" class AutomationRulePropertyArrayChangedConditionSupportedArrayType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRulePropertyArrayChangedConditionSupportedArrayType.""" - #: Evaluate the condition on the alerts ALERTS = "Alerts" - #: Evaluate the condition on the labels + """Evaluate the condition on the alerts""" LABELS = "Labels" - #: Evaluate the condition on the tactics + """Evaluate the condition on the labels""" TACTICS = "Tactics" - #: Evaluate the condition on the comments + """Evaluate the condition on the tactics""" COMMENTS = "Comments" + """Evaluate the condition on the comments""" class AutomationRulePropertyArrayChangedConditionSupportedChangeType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRulePropertyArrayChangedConditionSupportedChangeType.""" - #: Evaluate the condition on items added to the array ADDED = "Added" + """Evaluate the condition on items added to the array""" class AutomationRulePropertyArrayConditionSupportedArrayConditionType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRulePropertyArrayConditionSupportedArrayConditionType.""" - #: Evaluate the condition as true if any item fulfills it ANY_ITEM = "AnyItem" + """Evaluate the condition as true if any item fulfills it""" class AutomationRulePropertyArrayConditionSupportedArrayType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRulePropertyArrayConditionSupportedArrayType.""" - #: Evaluate the condition on the custom detail keys CUSTOM_DETAILS = "CustomDetails" - #: Evaluate the condition on a custom detail's values + """Evaluate the condition on the custom detail keys""" CUSTOM_DETAIL_VALUES = "CustomDetailValues" + """Evaluate the condition on a custom detail's values""" class AutomationRulePropertyChangedConditionSupportedChangedType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRulePropertyChangedConditionSupportedChangedType.""" - #: Evaluate the condition on the previous value of the property CHANGED_FROM = "ChangedFrom" - #: Evaluate the condition on the updated value of the property + """Evaluate the condition on the previous value of the property""" CHANGED_TO = "ChangedTo" + """Evaluate the condition on the updated value of the property""" class AutomationRulePropertyChangedConditionSupportedPropertyType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRulePropertyChangedConditionSupportedPropertyType.""" - #: Evaluate the condition on the incident severity INCIDENT_SEVERITY = "IncidentSeverity" - #: Evaluate the condition on the incident status + """Evaluate the condition on the incident severity""" INCIDENT_STATUS = "IncidentStatus" - #: Evaluate the condition on the incident owner + """Evaluate the condition on the incident status""" INCIDENT_OWNER = "IncidentOwner" + """Evaluate the condition on the incident owner""" class AutomationRulePropertyConditionSupportedOperator(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRulePropertyConditionSupportedOperator.""" - #: Evaluates if the property equals at least one of the condition values EQUALS = "Equals" - #: Evaluates if the property does not equal any of the condition values + """Evaluates if the property equals at least one of the condition values""" NOT_EQUALS = "NotEquals" - #: Evaluates if the property contains at least one of the condition values + """Evaluates if the property does not equal any of the condition values""" CONTAINS = "Contains" - #: Evaluates if the property does not contain any of the condition values + """Evaluates if the property contains at least one of the condition values""" NOT_CONTAINS = "NotContains" - #: Evaluates if the property starts with any of the condition values + """Evaluates if the property does not contain any of the condition values""" STARTS_WITH = "StartsWith" - #: Evaluates if the property does not start with any of the condition values + """Evaluates if the property starts with any of the condition values""" NOT_STARTS_WITH = "NotStartsWith" - #: Evaluates if the property ends with any of the condition values + """Evaluates if the property does not start with any of the condition values""" ENDS_WITH = "EndsWith" - #: Evaluates if the property does not end with any of the condition values + """Evaluates if the property ends with any of the condition values""" NOT_ENDS_WITH = "NotEndsWith" + """Evaluates if the property does not end with any of the condition values""" class AutomationRulePropertyConditionSupportedProperty(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The property to evaluate in an automation rule property condition.""" - #: The title of the incident INCIDENT_TITLE = "IncidentTitle" - #: The description of the incident + """The title of the incident""" INCIDENT_DESCRIPTION = "IncidentDescription" - #: The severity of the incident + """The description of the incident""" INCIDENT_SEVERITY = "IncidentSeverity" - #: The status of the incident + """The severity of the incident""" INCIDENT_STATUS = "IncidentStatus" - #: The related Analytic rule ids of the incident + """The status of the incident""" INCIDENT_RELATED_ANALYTIC_RULE_IDS = "IncidentRelatedAnalyticRuleIds" - #: The tactics of the incident + """The related Analytic rule ids of the incident""" INCIDENT_TACTICS = "IncidentTactics" - #: The labels of the incident + """The tactics of the incident""" INCIDENT_LABEL = "IncidentLabel" - #: The provider name of the incident + """The labels of the incident""" INCIDENT_PROVIDER_NAME = "IncidentProviderName" - #: The update source of the incident + """The provider name of the incident""" INCIDENT_UPDATED_BY_SOURCE = "IncidentUpdatedBySource" - #: The incident custom detail key + """The update source of the incident""" INCIDENT_CUSTOM_DETAILS_KEY = "IncidentCustomDetailsKey" - #: The incident custom detail value + """The incident custom detail key""" INCIDENT_CUSTOM_DETAILS_VALUE = "IncidentCustomDetailsValue" - #: The account Azure Active Directory tenant id + """The incident custom detail value""" ACCOUNT_AAD_TENANT_ID = "AccountAadTenantId" - #: The account Azure Active Directory user id + """The account Azure Active Directory tenant id""" ACCOUNT_AAD_USER_ID = "AccountAadUserId" - #: The account name + """The account Azure Active Directory user id""" ACCOUNT_NAME = "AccountName" - #: The account NetBIOS domain name + """The account name""" ACCOUNT_NT_DOMAIN = "AccountNTDomain" - #: The account Azure Active Directory Passport User ID + """The account NetBIOS domain name""" ACCOUNT_PUID = "AccountPUID" - #: The account security identifier + """The account Azure Active Directory Passport User ID""" ACCOUNT_SID = "AccountSid" - #: The account unique identifier + """The account security identifier""" ACCOUNT_OBJECT_GUID = "AccountObjectGuid" - #: The account user principal name suffix + """The account unique identifier""" ACCOUNT_UPN_SUFFIX = "AccountUPNSuffix" - #: The name of the product of the alert + """The account user principal name suffix""" ALERT_PRODUCT_NAMES = "AlertProductNames" - #: The analytic rule ids of the alert + """The name of the product of the alert""" ALERT_ANALYTIC_RULE_IDS = "AlertAnalyticRuleIds" - #: The Azure resource id + """The analytic rule ids of the alert""" AZURE_RESOURCE_RESOURCE_ID = "AzureResourceResourceId" - #: The Azure resource subscription id + """The Azure resource id""" AZURE_RESOURCE_SUBSCRIPTION_ID = "AzureResourceSubscriptionId" - #: The cloud application identifier + """The Azure resource subscription id""" CLOUD_APPLICATION_APP_ID = "CloudApplicationAppId" - #: The cloud application name + """The cloud application identifier""" CLOUD_APPLICATION_APP_NAME = "CloudApplicationAppName" - #: The dns record domain name + """The cloud application name""" DNS_DOMAIN_NAME = "DNSDomainName" - #: The file directory full path + """The dns record domain name""" FILE_DIRECTORY = "FileDirectory" - #: The file name without path + """The file directory full path""" FILE_NAME = "FileName" - #: The file hash value + """The file name without path""" FILE_HASH_VALUE = "FileHashValue" - #: The host Azure resource id + """The file hash value""" HOST_AZURE_ID = "HostAzureID" - #: The host name without domain + """The host Azure resource id""" HOST_NAME = "HostName" - #: The host NetBIOS name + """The host name without domain""" HOST_NET_BIOS_NAME = "HostNetBiosName" - #: The host NT domain + """The host NetBIOS name""" HOST_NT_DOMAIN = "HostNTDomain" - #: The host operating system + """The host NT domain""" HOST_OS_VERSION = "HostOSVersion" - #: "The IoT device id + """The host operating system""" IO_T_DEVICE_ID = "IoTDeviceId" - #: The IoT device name + """"The IoT device id""" IO_T_DEVICE_NAME = "IoTDeviceName" - #: The IoT device type + """The IoT device name""" IO_T_DEVICE_TYPE = "IoTDeviceType" - #: The IoT device vendor + """The IoT device type""" IO_T_DEVICE_VENDOR = "IoTDeviceVendor" - #: The IoT device model + """The IoT device vendor""" IO_T_DEVICE_MODEL = "IoTDeviceModel" - #: The IoT device operating system + """The IoT device model""" IO_T_DEVICE_OPERATING_SYSTEM = "IoTDeviceOperatingSystem" - #: The IP address + """The IoT device operating system""" IP_ADDRESS = "IPAddress" - #: The mailbox display name + """The IP address""" MAILBOX_DISPLAY_NAME = "MailboxDisplayName" - #: The mailbox primary address + """The mailbox display name""" MAILBOX_PRIMARY_ADDRESS = "MailboxPrimaryAddress" - #: The mailbox user principal name + """The mailbox primary address""" MAILBOX_UPN = "MailboxUPN" - #: The mail message delivery action + """The mailbox user principal name""" MAIL_MESSAGE_DELIVERY_ACTION = "MailMessageDeliveryAction" - #: The mail message delivery location + """The mail message delivery action""" MAIL_MESSAGE_DELIVERY_LOCATION = "MailMessageDeliveryLocation" - #: The mail message recipient + """The mail message delivery location""" MAIL_MESSAGE_RECIPIENT = "MailMessageRecipient" - #: The mail message sender IP address + """The mail message recipient""" MAIL_MESSAGE_SENDER_IP = "MailMessageSenderIP" - #: The mail message subject + """The mail message sender IP address""" MAIL_MESSAGE_SUBJECT = "MailMessageSubject" - #: The mail message P1 sender + """The mail message subject""" MAIL_MESSAGE_P1_SENDER = "MailMessageP1Sender" - #: The mail message P2 sender + """The mail message P1 sender""" MAIL_MESSAGE_P2_SENDER = "MailMessageP2Sender" - #: The malware category + """The mail message P2 sender""" MALWARE_CATEGORY = "MalwareCategory" - #: The malware name + """The malware category""" MALWARE_NAME = "MalwareName" - #: The process execution command line + """The malware name""" PROCESS_COMMAND_LINE = "ProcessCommandLine" - #: The process id + """The process execution command line""" PROCESS_ID = "ProcessId" - #: The registry key path + """The process id""" REGISTRY_KEY = "RegistryKey" - #: The registry key value in string formatted representation + """The registry key path""" REGISTRY_VALUE_DATA = "RegistryValueData" - #: The url + """The registry key value in string formatted representation""" URL = "Url" + """The url""" + + +class BillingStatisticKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The kind of the billing statistic.""" + + SAP_SOLUTION_USAGE = "SapSolutionUsage" class Category(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Categories of recommendations.""" - #: Onboarding recommendation. ONBOARDING = "Onboarding" - #: New feature recommendation. + """Onboarding recommendation.""" NEW_FEATURE = "NewFeature" - #: Soc Efficiency recommendation. + """New feature recommendation.""" SOC_EFFICIENCY = "SocEfficiency" - #: Cost optimization recommendation. + """Soc Efficiency recommendation.""" COST_OPTIMIZATION = "CostOptimization" - #: Demo recommendation. + """Cost optimization recommendation.""" DEMO = "Demo" + """Demo recommendation.""" class ConditionType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """ConditionType.""" - #: Evaluate an object property value PROPERTY = "Property" - #: Evaluate an object array property value + """Evaluate an object property value""" PROPERTY_ARRAY = "PropertyArray" - #: Evaluate an object property changed value + """Evaluate an object array property value""" PROPERTY_CHANGED = "PropertyChanged" - #: Evaluate an object array property changed value + """Evaluate an object property changed value""" PROPERTY_ARRAY_CHANGED = "PropertyArrayChanged" - #: Apply a boolean operator (e.g AND, OR) to conditions + """Evaluate an object array property changed value""" BOOLEAN = "Boolean" + """Apply a boolean operator (e.g AND, OR) to conditions""" class ConfidenceLevel(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The confidence level of this alert.""" - #: Unknown confidence, the is the default value UNKNOWN = "Unknown" - #: Low confidence, meaning we have some doubts this is indeed malicious or part of an attack + """Unknown confidence, the is the default value""" LOW = "Low" - #: High confidence that the alert is true positive malicious + """Low confidence, meaning we have some doubts this is indeed malicious or part of an attack""" HIGH = "High" + """High confidence that the alert is true positive malicious""" class ConfidenceScoreStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -380,15 +390,15 @@ class ConfidenceScoreStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): this alert, not applicable or final. """ - #: Score will not be calculated for this alert as it is not supported by virtual analyst NOT_APPLICABLE = "NotApplicable" - #: No score was set yet and calculation is in progress + """Score will not be calculated for this alert as it is not supported by virtual analyst""" IN_PROCESS = "InProcess" - #: Score is calculated and shown as part of the alert, but may be updated again at a later time - #: following the processing of additional data + """No score was set yet and calculation is in progress""" NOT_FINAL = "NotFinal" - #: Final score was calculated and available + """Score is calculated and shown as part of the alert, but may be updated again at a later time + #: following the processing of additional data""" FINAL = "Final" + """Final score was calculated and available""" class ConnectAuthKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -409,20 +419,24 @@ class ContentType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The content type of a source control path.""" ANALYTIC_RULE = "AnalyticRule" + AUTOMATION_RULE = "AutomationRule" + HUNTING_QUERY = "HuntingQuery" + PARSER = "Parser" + PLAYBOOK = "Playbook" WORKBOOK = "Workbook" class Context(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Context of recommendation.""" - #: Analytics context. ANALYTICS = "Analytics" - #: Incidents context. + """Analytics context.""" INCIDENTS = "Incidents" - #: Overview context. + """Incidents context.""" OVERVIEW = "Overview" - #: No context. + """Overview context.""" NONE = "None" + """No context.""" class CreatedByType(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -447,6 +461,12 @@ class DataConnectorAuthorizationState(str, Enum, metaclass=CaseInsensitiveEnumMe INVALID = "Invalid" +class DataConnectorDefinitionKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The kind of the data connector definitions.""" + + CUSTOMIZABLE = "Customizable" + + class DataConnectorKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The kind of the data connector.""" @@ -459,6 +479,7 @@ class DataConnectorKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): OFFICE_ATP = "OfficeATP" OFFICE_IRM = "OfficeIRM" OFFICE365_PROJECT = "Office365Project" + MICROSOFT_PURVIEW_INFORMATION_PROTECTION = "MicrosoftPurviewInformationProtection" OFFICE_POWER_BI = "OfficePowerBI" AMAZON_WEB_SERVICES_CLOUD_TRAIL = "AmazonWebServicesCloudTrail" AMAZON_WEB_SERVICES_S3 = "AmazonWebServicesS3" @@ -470,6 +491,7 @@ class DataConnectorKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): GENERIC_UI = "GenericUI" API_POLLING = "APIPolling" IOT = "IOT" + GCP = "GCP" class DataConnectorLicenseState(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -490,50 +512,50 @@ class DataTypeState(str, Enum, metaclass=CaseInsensitiveEnumMeta): class DeleteStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Indicates whether the file was deleted from the storage account.""" - #: The file was deleted. DELETED = "Deleted" - #: The file was not deleted. + """The file was deleted.""" NOT_DELETED = "NotDeleted" - #: Unspecified + """The file was not deleted.""" UNSPECIFIED = "Unspecified" + """Unspecified""" class DeliveryAction(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The delivery action of this mail message like Delivered, Blocked, Replaced etc.""" - #: Unknown UNKNOWN = "Unknown" - #: DeliveredAsSpam + """Unknown""" DELIVERED_AS_SPAM = "DeliveredAsSpam" - #: Delivered + """DeliveredAsSpam""" DELIVERED = "Delivered" - #: Blocked + """Delivered""" BLOCKED = "Blocked" - #: Replaced + """Blocked""" REPLACED = "Replaced" + """Replaced""" class DeliveryLocation(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The delivery location of this mail message like Inbox, JunkFolder etc.""" - #: Unknown UNKNOWN = "Unknown" - #: Inbox + """Unknown""" INBOX = "Inbox" - #: JunkFolder + """Inbox""" JUNK_FOLDER = "JunkFolder" - #: DeletedFolder + """JunkFolder""" DELETED_FOLDER = "DeletedFolder" - #: Quarantine + """DeletedFolder""" QUARANTINE = "Quarantine" - #: External + """Quarantine""" EXTERNAL = "External" - #: Failed + """External""" FAILED = "Failed" - #: Dropped + """Failed""" DROPPED = "Dropped" - #: Forwarded + """Dropped""" FORWARDED = "Forwarded" + """Forwarded""" class DeploymentFetchStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -564,122 +586,122 @@ class DeploymentState(str, Enum, metaclass=CaseInsensitiveEnumMeta): class DeviceImportance(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Device importance, determines if the device classified as 'crown jewel'.""" - #: Unknown - Default value UNKNOWN = "Unknown" - #: Low + """Unknown - Default value""" LOW = "Low" - #: Normal + """Low""" NORMAL = "Normal" - #: High + """Normal""" HIGH = "High" + """High""" class ElevationToken(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The elevation token associated with the process.""" - #: Default elevation token DEFAULT = "Default" - #: Full elevation token + """Default elevation token""" FULL = "Full" - #: Limited elevation token + """Full elevation token""" LIMITED = "Limited" + """Limited elevation token""" class EntityItemQueryKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): """EntityItemQueryKind.""" - #: insight INSIGHT = "Insight" + """insight""" -class EntityKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): +class EntityKindEnum(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The kind of the entity.""" - #: Entity represents account in the system. ACCOUNT = "Account" - #: Entity represents host in the system. + """Entity represents account in the system.""" HOST = "Host" - #: Entity represents file in the system. + """Entity represents host in the system.""" FILE = "File" - #: Entity represents azure resource in the system. + """Entity represents file in the system.""" AZURE_RESOURCE = "AzureResource" - #: Entity represents cloud application in the system. + """Entity represents azure resource in the system.""" CLOUD_APPLICATION = "CloudApplication" - #: Entity represents dns resolution in the system. + """Entity represents cloud application in the system.""" DNS_RESOLUTION = "DnsResolution" - #: Entity represents file hash in the system. + """Entity represents dns resolution in the system.""" FILE_HASH = "FileHash" - #: Entity represents ip in the system. + """Entity represents file hash in the system.""" IP = "Ip" - #: Entity represents malware in the system. + """Entity represents ip in the system.""" MALWARE = "Malware" - #: Entity represents process in the system. + """Entity represents malware in the system.""" PROCESS = "Process" - #: Entity represents registry key in the system. + """Entity represents process in the system.""" REGISTRY_KEY = "RegistryKey" - #: Entity represents registry value in the system. + """Entity represents registry key in the system.""" REGISTRY_VALUE = "RegistryValue" - #: Entity represents security group in the system. + """Entity represents registry value in the system.""" SECURITY_GROUP = "SecurityGroup" - #: Entity represents url in the system. + """Entity represents security group in the system.""" URL = "Url" - #: Entity represents IoT device in the system. + """Entity represents url in the system.""" IO_T_DEVICE = "IoTDevice" - #: Entity represents security alert in the system. + """Entity represents IoT device in the system.""" SECURITY_ALERT = "SecurityAlert" - #: Entity represents bookmark in the system. + """Entity represents security alert in the system.""" BOOKMARK = "Bookmark" - #: Entity represents mail cluster in the system. + """Entity represents bookmark in the system.""" MAIL_CLUSTER = "MailCluster" - #: Entity represents mail message in the system. + """Entity represents mail cluster in the system.""" MAIL_MESSAGE = "MailMessage" - #: Entity represents mailbox in the system. + """Entity represents mail message in the system.""" MAILBOX = "Mailbox" - #: Entity represents submission mail in the system. + """Entity represents mailbox in the system.""" SUBMISSION_MAIL = "SubmissionMail" - #: Entity represents network interface in the system. + """Entity represents submission mail in the system.""" NIC = "Nic" + """Entity represents network interface in the system.""" class EntityMappingType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The V3 type of the mapped entity.""" - #: User account entity type ACCOUNT = "Account" - #: Host entity type + """User account entity type""" HOST = "Host" - #: IP address entity type + """Host entity type""" IP = "IP" - #: Malware entity type + """IP address entity type""" MALWARE = "Malware" - #: System file entity type + """Malware entity type""" FILE = "File" - #: Process entity type + """System file entity type""" PROCESS = "Process" - #: Cloud app entity type + """Process entity type""" CLOUD_APPLICATION = "CloudApplication" - #: DNS entity type + """Cloud app entity type""" DNS = "DNS" - #: Azure resource entity type + """DNS entity type""" AZURE_RESOURCE = "AzureResource" - #: File-hash entity type + """Azure resource entity type""" FILE_HASH = "FileHash" - #: Registry key entity type + """File-hash entity type""" REGISTRY_KEY = "RegistryKey" - #: Registry value entity type + """Registry key entity type""" REGISTRY_VALUE = "RegistryValue" - #: Security group entity type + """Registry value entity type""" SECURITY_GROUP = "SecurityGroup" - #: URL entity type + """Security group entity type""" URL = "URL" - #: Mailbox entity type + """URL entity type""" MAILBOX = "Mailbox" - #: Mail cluster entity type + """Mailbox entity type""" MAIL_CLUSTER = "MailCluster" - #: Mail message entity type + """Mail cluster entity type""" MAIL_MESSAGE = "MailMessage" - #: Submission mail entity type + """Mail message entity type""" SUBMISSION_MAIL = "SubmissionMail" + """Submission mail entity type""" class EntityProviders(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -706,74 +728,74 @@ class EntityQueryTemplateKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): class EntityTimelineKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The entity query kind.""" - #: activity ACTIVITY = "Activity" - #: bookmarks + """activity""" BOOKMARK = "Bookmark" - #: security alerts + """bookmarks""" SECURITY_ALERT = "SecurityAlert" - #: anomaly + """security alerts""" ANOMALY = "Anomaly" + """anomaly""" class EntityType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The type of the entity.""" - #: Entity represents account in the system. ACCOUNT = "Account" - #: Entity represents host in the system. + """Entity represents account in the system.""" HOST = "Host" - #: Entity represents file in the system. + """Entity represents host in the system.""" FILE = "File" - #: Entity represents azure resource in the system. + """Entity represents file in the system.""" AZURE_RESOURCE = "AzureResource" - #: Entity represents cloud application in the system. + """Entity represents azure resource in the system.""" CLOUD_APPLICATION = "CloudApplication" - #: Entity represents dns in the system. + """Entity represents cloud application in the system.""" DNS = "DNS" - #: Entity represents file hash in the system. + """Entity represents dns in the system.""" FILE_HASH = "FileHash" - #: Entity represents ip in the system. + """Entity represents file hash in the system.""" IP = "IP" - #: Entity represents malware in the system. + """Entity represents ip in the system.""" MALWARE = "Malware" - #: Entity represents process in the system. + """Entity represents malware in the system.""" PROCESS = "Process" - #: Entity represents registry key in the system. + """Entity represents process in the system.""" REGISTRY_KEY = "RegistryKey" - #: Entity represents registry value in the system. + """Entity represents registry key in the system.""" REGISTRY_VALUE = "RegistryValue" - #: Entity represents security group in the system. + """Entity represents registry value in the system.""" SECURITY_GROUP = "SecurityGroup" - #: Entity represents url in the system. + """Entity represents security group in the system.""" URL = "URL" - #: Entity represents IoT device in the system. + """Entity represents url in the system.""" IO_T_DEVICE = "IoTDevice" - #: Entity represents security alert in the system. + """Entity represents IoT device in the system.""" SECURITY_ALERT = "SecurityAlert" - #: Entity represents HuntingBookmark in the system. + """Entity represents security alert in the system.""" HUNTING_BOOKMARK = "HuntingBookmark" - #: Entity represents mail cluster in the system. + """Entity represents HuntingBookmark in the system.""" MAIL_CLUSTER = "MailCluster" - #: Entity represents mail message in the system. + """Entity represents mail cluster in the system.""" MAIL_MESSAGE = "MailMessage" - #: Entity represents mailbox in the system. + """Entity represents mail message in the system.""" MAILBOX = "Mailbox" - #: Entity represents submission mail in the system. + """Entity represents mailbox in the system.""" SUBMISSION_MAIL = "SubmissionMail" - #: Entity represents network interface in the system. + """Entity represents submission mail in the system.""" NIC = "Nic" + """Entity represents network interface in the system.""" -class Enum13(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Enum13.""" +class Enum20(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """Enum20.""" EXPANSION = "Expansion" ACTIVITY = "Activity" -class Enum15(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Enum15.""" +class Enum22(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """Enum22.""" ACTIVITY = "Activity" @@ -788,58 +810,65 @@ class EventGroupingAggregationKind(str, Enum, metaclass=CaseInsensitiveEnumMeta) class FileFormat(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The format of the file.""" - #: A CSV file. CSV = "CSV" - #: A JSON file. + """A CSV file.""" JSON = "JSON" - #: A file of other format. + """A JSON file.""" UNSPECIFIED = "Unspecified" + """A file of other format.""" class FileHashAlgorithm(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The hash algorithm type.""" - #: Unknown hash algorithm UNKNOWN = "Unknown" - #: MD5 hash type + """Unknown hash algorithm""" MD5 = "MD5" - #: SHA1 hash type + """MD5 hash type""" SHA1 = "SHA1" - #: SHA256 hash type + """SHA1 hash type""" SHA256 = "SHA256" - #: SHA256 Authenticode hash type + """SHA256 hash type""" SHA256_AC = "SHA256AC" + """SHA256 Authenticode hash type""" class FileImportContentType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The content type of this file.""" - #: File containing records with the core fields of an indicator, plus the observables to construct - #: the STIX pattern. BASIC_INDICATOR = "BasicIndicator" - #: File containing STIX indicators. + """File containing records with the core fields of an indicator, plus the observables to construct + #: the STIX pattern.""" STIX_INDICATOR = "StixIndicator" - #: File containing other records. + """File containing STIX indicators.""" UNSPECIFIED = "Unspecified" + """File containing other records.""" class FileImportState(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The state of the file import.""" - #: A fatal error has occurred while ingesting the file. FATAL_ERROR = "FatalError" - #: The file has been ingested. + """A fatal error has occurred while ingesting the file.""" INGESTED = "Ingested" - #: The file has been ingested with errors. + """The file has been ingested.""" INGESTED_WITH_ERRORS = "IngestedWithErrors" - #: The file ingestion is in progress. + """The file has been ingested with errors.""" IN_PROGRESS = "InProgress" - #: The file is invalid. + """The file ingestion is in progress.""" INVALID = "Invalid" - #: Waiting for the file to be uploaded. + """The file is invalid.""" WAITING_FOR_UPLOAD = "WaitingForUpload" - #: Unspecified state. + """Waiting for the file to be uploaded.""" UNSPECIFIED = "Unspecified" + """Unspecified state.""" + + +class Flag(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The boolean value the metadata is for.""" + + TRUE = "true" + FALSE = "false" class GetInsightsError(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -848,156 +877,164 @@ class GetInsightsError(str, Enum, metaclass=CaseInsensitiveEnumMeta): INSIGHT = "Insight" +class HypothesisStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The hypothesis status of the hunt.""" + + UNKNOWN = "Unknown" + INVALIDATED = "Invalidated" + VALIDATED = "Validated" + + class IncidentClassification(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The reason the incident was closed.""" - #: Incident classification was undetermined UNDETERMINED = "Undetermined" - #: Incident was true positive + """Incident classification was undetermined""" TRUE_POSITIVE = "TruePositive" - #: Incident was benign positive + """Incident was true positive""" BENIGN_POSITIVE = "BenignPositive" - #: Incident was false positive + """Incident was benign positive""" FALSE_POSITIVE = "FalsePositive" + """Incident was false positive""" class IncidentClassificationReason(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The classification reason the incident was closed with.""" - #: Classification reason was suspicious activity SUSPICIOUS_ACTIVITY = "SuspiciousActivity" - #: Classification reason was suspicious but expected + """Classification reason was suspicious activity""" SUSPICIOUS_BUT_EXPECTED = "SuspiciousButExpected" - #: Classification reason was incorrect alert logic + """Classification reason was suspicious but expected""" INCORRECT_ALERT_LOGIC = "IncorrectAlertLogic" - #: Classification reason was inaccurate data + """Classification reason was incorrect alert logic""" INACCURATE_DATA = "InaccurateData" + """Classification reason was inaccurate data""" class IncidentLabelType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The type of the label.""" - #: Label manually created by a user USER = "User" - #: Label automatically created by the system + """Label manually created by a user""" AUTO_ASSIGNED = "AutoAssigned" + """Label automatically created by the system""" class IncidentSeverity(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The severity of the incident.""" - #: High severity HIGH = "High" - #: Medium severity + """High severity""" MEDIUM = "Medium" - #: Low severity + """Medium severity""" LOW = "Low" - #: Informational severity + """Low severity""" INFORMATIONAL = "Informational" + """Informational severity""" class IncidentStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The status of the incident.""" - #: An active incident which isn't being handled currently NEW = "New" - #: An active incident which is being handled + """An active incident which isn't being handled currently""" ACTIVE = "Active" - #: A non-active incident + """An active incident which is being handled""" CLOSED = "Closed" + """A non-active incident""" class IncidentTaskStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): """IncidentTaskStatus.""" - #: A new task NEW = "New" - #: A completed task + """A new task""" COMPLETED = "Completed" + """A completed task""" class IngestionMode(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Describes how to ingest the records in the file.""" - #: No records should be ingested when invalid records are detected. INGEST_ONLY_IF_ALL_ARE_VALID = "IngestOnlyIfAllAreValid" - #: Valid records should still be ingested when invalid records are detected. + """No records should be ingested when invalid records are detected.""" INGEST_ANY_VALID_RECORDS = "IngestAnyValidRecords" - #: Unspecified + """Valid records should still be ingested when invalid records are detected.""" UNSPECIFIED = "Unspecified" + """Unspecified""" class KillChainIntent(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The intent of the alert.""" - #: The default value. UNKNOWN = "Unknown" - #: Probing could be an attempt to access a certain resource regardless of a malicious intent or a + """The default value.""" + PROBING = "Probing" + """Probing could be an attempt to access a certain resource regardless of a malicious intent or a #: failed attempt to gain access to a target system to gather information prior to exploitation. #: This step is usually detected as an attempt originating from outside the network in attempt to - #: scan the target system and find a way in. - PROBING = "Probing" - #: Exploitation is the stage where an attacker manage to get foothold on the attacked resource. + #: scan the target system and find a way in.""" + EXPLOITATION = "Exploitation" + """Exploitation is the stage where an attacker manage to get foothold on the attacked resource. #: This stage is applicable not only for compute hosts, but also for resources such as user #: accounts, certificates etc. Adversaries will often be able to control the resource after this - #: stage. - EXPLOITATION = "Exploitation" - #: Persistence is any access, action, or configuration change to a system that gives an adversary + #: stage.""" + PERSISTENCE = "Persistence" + """Persistence is any access, action, or configuration change to a system that gives an adversary #: a persistent presence on that system. Adversaries will often need to maintain access to systems #: through interruptions such as system restarts, loss of credentials, or other failures that - #: would require a remote access tool to restart or alternate backdoor for them to regain access. - PERSISTENCE = "Persistence" - #: Privilege escalation is the result of actions that allow an adversary to obtain a higher level + #: would require a remote access tool to restart or alternate backdoor for them to regain access.""" + PRIVILEGE_ESCALATION = "PrivilegeEscalation" + """Privilege escalation is the result of actions that allow an adversary to obtain a higher level #: of permissions on a system or network. Certain tools or actions require a higher level of #: privilege to work and are likely necessary at many points throughout an operation. User #: accounts with permissions to access specific systems or perform specific functions necessary - #: for adversaries to achieve their objective may also be considered an escalation of privilege. - PRIVILEGE_ESCALATION = "PrivilegeEscalation" - #: Defense evasion consists of techniques an adversary may use to evade detection or avoid other - #: defenses. Sometimes these actions are the same as or variations of techniques in other - #: categories that have the added benefit of subverting a particular defense or mitigation. + #: for adversaries to achieve their objective may also be considered an escalation of privilege.""" DEFENSE_EVASION = "DefenseEvasion" - #: Credential access represents techniques resulting in access to or control over system, domain, + """Defense evasion consists of techniques an adversary may use to evade detection or avoid other + #: defenses. Sometimes these actions are the same as or variations of techniques in other + #: categories that have the added benefit of subverting a particular defense or mitigation.""" + CREDENTIAL_ACCESS = "CredentialAccess" + """Credential access represents techniques resulting in access to or control over system, domain, #: or service credentials that are used within an enterprise environment. Adversaries will likely #: attempt to obtain legitimate credentials from users or administrator accounts (local system #: administrator or domain users with administrator access) to use within the network. With #: sufficient access within a network, an adversary can create accounts for later use within the - #: environment. - CREDENTIAL_ACCESS = "CredentialAccess" - #: Discovery consists of techniques that allow the adversary to gain knowledge about the system - #: and internal network. When adversaries gain access to a new system, they must orient themselves - #: to what they now have control of and what benefits operating from that system give to their - #: current objective or overall goals during the intrusion. The operating system provides many - #: native tools that aid in this post-compromise information-gathering phase. + #: environment.""" DISCOVERY = "Discovery" - #: Lateral movement consists of techniques that enable an adversary to access and control remote + """Discovery consists of techniques that allow the adversary to gain knowledge about the system + #: and internal network. When adversaries gain access to a new system, they must navigate + #: themselves to what they now have control of and what benefits operating from that system give + #: to their current objective or overall goals during the intrusion. The operating system provides + #: many native tools that aid in this post-compromise information-gathering phase.""" + LATERAL_MOVEMENT = "LateralMovement" + """Lateral movement consists of techniques that enable an adversary to access and control remote #: systems on a network and could, but does not necessarily, include execution of tools on remote #: systems. The lateral movement techniques could allow an adversary to gather information from a #: system without needing additional tools, such as a remote access tool. An adversary can use #: lateral movement for many purposes, including remote Execution of tools, pivoting to additional #: systems, access to specific information or files, access to additional credentials, or to cause - #: an effect. - LATERAL_MOVEMENT = "LateralMovement" - #: The execution tactic represents techniques that result in execution of adversary-controlled - #: code on a local or remote system. This tactic is often used in conjunction with lateral - #: movement to expand access to remote systems on a network. + #: an effect.""" EXECUTION = "Execution" - #: Collection consists of techniques used to identify and gather information, such as sensitive - #: files, from a target network prior to exfiltration. This category also covers locations on a - #: system or network where the adversary may look for information to exfiltrate. + """The execution tactic represents techniques that result in execution of adversary-controlled + #: code on a local or remote system. This tactic is often used in conjunction with lateral + #: movement to expand access to remote systems on a network.""" COLLECTION = "Collection" - #: Exfiltration refers to techniques and attributes that result or aid in the adversary removing - #: files and information from a target network. This category also covers locations on a system or - #: network where the adversary may look for information to exfiltrate. + """Collection consists of techniques used to identify and gather information, such as sensitive + #: files, from a target network prior to exfiltration. This category also covers locations on a + #: system or network where the adversary may look for information to exfiltrate.""" EXFILTRATION = "Exfiltration" - #: The command and control tactic represents how adversaries communicate with systems under their - #: control within a target network. + """Exfiltration refers to techniques and attributes that result or aid in the adversary removing + #: files and information from a target network. This category also covers locations on a system or + #: network where the adversary may look for information to exfiltrate.""" COMMAND_AND_CONTROL = "CommandAndControl" - #: The impact intent primary objective is to directly reduce the availability or integrity of a + """The command and control tactic represents how adversaries communicate with systems under their + #: control within a target network.""" + IMPACT = "Impact" + """The impact intent primary objective is to directly reduce the availability or integrity of a #: system, service, or network; including manipulation of data to impact a business or operational #: process. This would often refer to techniques such as ransom-ware, defacement, data - #: manipulation and others. - IMPACT = "Impact" + #: manipulation and others.""" class Kind(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1027,13 +1064,13 @@ class MatchingMethod(str, Enum, metaclass=CaseInsensitiveEnumMeta): groupByAlertDetails, groupByCustomDetails must be provided and not empty. """ - #: Grouping alerts into a single incident if all the entities match ALL_ENTITIES = "AllEntities" - #: Grouping any alerts triggered by this rule into a single incident + """Grouping alerts into a single incident if all the entities match""" ANY_ALERT = "AnyAlert" - #: Grouping alerts into a single incident if the selected entities, custom details and alert - #: details match + """Grouping any alerts triggered by this rule into a single incident""" SELECTED = "Selected" + """Grouping alerts into a single incident if the selected entities, custom details and alert + #: details match""" class MicrosoftSecurityProductName(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1048,26 +1085,44 @@ class MicrosoftSecurityProductName(str, Enum, metaclass=CaseInsensitiveEnumMeta) MICROSOFT_DEFENDER_ADVANCED_THREAT_PROTECTION = "Microsoft Defender Advanced Threat Protection" +class Mode(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The current mode of the workspace manager configuration.""" + + ENABLED = "Enabled" + """The workspace manager configuration is enabled""" + DISABLED = "Disabled" + """The workspace manager configuration is disabled""" + + +class MtpProvider(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The available data providers.""" + + MICROSOFT_DEFENDER_FOR_CLOUD_APPS = "microsoftDefenderForCloudApps" + MICROSOFT_DEFENDER_FOR_IDENTITY = "microsoftDefenderForIdentity" + + class Operator(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Operator used for list of dependencies in criteria array.""" AND = "AND" OR = "OR" + AND_ENUM = "AND" + OR_ENUM = "OR" class OSFamily(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The operating system type.""" - #: Host with Linux operating system. LINUX = "Linux" - #: Host with Windows operating system. + """Host with Linux operating system.""" WINDOWS = "Windows" - #: Host with Android operating system. + """Host with Windows operating system.""" ANDROID = "Android" - #: Host with IOS operating system. + """Host with Android operating system.""" IOS = "IOS" - #: Host with Unknown operating system. + """Host with IOS operating system.""" UNKNOWN = "Unknown" + """Host with Unknown operating system.""" class OutputType(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1080,14 +1135,21 @@ class OutputType(str, Enum, metaclass=CaseInsensitiveEnumMeta): class OwnerType(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The type of the owner the incident is assigned to.""" + """The type of the owner the hunt is assigned to.""" - #: The incident owner type is unknown UNKNOWN = "Unknown" - #: The incident owner type is an AAD user + """The hunt owner type is unknown""" USER = "User" - #: The incident owner type is an AAD group + """The hunt owner type is an AAD user""" GROUP = "Group" + """The hunt owner type is an AAD group""" + + +class PackageKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The package kind.""" + + SOLUTION = "Solution" + STANDALONE = "Standalone" class PermissionProviderScope(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1101,23 +1163,23 @@ class PermissionProviderScope(str, Enum, metaclass=CaseInsensitiveEnumMeta): class PollingFrequency(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The polling frequency for the TAXII server.""" - #: Once a minute ONCE_A_MINUTE = "OnceAMinute" - #: Once an hour + """Once a minute""" ONCE_AN_HOUR = "OnceAnHour" - #: Once a day + """Once an hour""" ONCE_A_DAY = "OnceADay" + """Once a day""" class Priority(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Priority of recommendation.""" - #: Low priority for recommendation. LOW = "Low" - #: Medium priority for recommendation. + """Low priority for recommendation.""" MEDIUM = "Medium" - #: High priority for recommendation. + """Medium priority for recommendation.""" HIGH = "High" + """High priority for recommendation.""" class ProviderName(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1131,29 +1193,47 @@ class ProviderName(str, Enum, metaclass=CaseInsensitiveEnumMeta): MICROSOFT_AUTHORIZATION_POLICY_ASSIGNMENTS = "Microsoft.Authorization/policyAssignments" +class ProviderPermissionsScope(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The scope on which the user should have permissions, in order to be able to create connections.""" + + SUBSCRIPTION = "Subscription" + RESOURCE_GROUP = "ResourceGroup" + WORKSPACE = "Workspace" + + +class ProvisioningState(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The triggered analytics rule run provisioning state.""" + + ACCEPTED = "Accepted" + IN_PROGRESS = "InProgress" + SUCCEEDED = "Succeeded" + FAILED = "Failed" + CANCELED = "Canceled" + + class RegistryHive(str, Enum, metaclass=CaseInsensitiveEnumMeta): """the hive that holds the registry key.""" - #: HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE = "HKEY_LOCAL_MACHINE" - #: HKEY_CLASSES_ROOT + """HKEY_LOCAL_MACHINE""" HKEY_CLASSES_ROOT = "HKEY_CLASSES_ROOT" - #: HKEY_CURRENT_CONFIG + """HKEY_CLASSES_ROOT""" HKEY_CURRENT_CONFIG = "HKEY_CURRENT_CONFIG" - #: HKEY_USERS + """HKEY_CURRENT_CONFIG""" HKEY_USERS = "HKEY_USERS" - #: HKEY_CURRENT_USER_LOCAL_SETTINGS + """HKEY_USERS""" HKEY_CURRENT_USER_LOCAL_SETTINGS = "HKEY_CURRENT_USER_LOCAL_SETTINGS" - #: HKEY_PERFORMANCE_DATA + """HKEY_CURRENT_USER_LOCAL_SETTINGS""" HKEY_PERFORMANCE_DATA = "HKEY_PERFORMANCE_DATA" - #: HKEY_PERFORMANCE_NLSTEXT + """HKEY_PERFORMANCE_DATA""" HKEY_PERFORMANCE_NLSTEXT = "HKEY_PERFORMANCE_NLSTEXT" - #: HKEY_PERFORMANCE_TEXT + """HKEY_PERFORMANCE_NLSTEXT""" HKEY_PERFORMANCE_TEXT = "HKEY_PERFORMANCE_TEXT" - #: HKEY_A + """HKEY_PERFORMANCE_TEXT""" HKEY_A = "HKEY_A" - #: HKEY_CURRENT_USER + """HKEY_A""" HKEY_CURRENT_USER = "HKEY_CURRENT_USER" + """HKEY_CURRENT_USER""" class RegistryValueKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1161,29 +1241,37 @@ class RegistryValueKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): type of a value in the registry. """ - #: None NONE = "None" - #: Unknown value type + """None""" UNKNOWN = "Unknown" - #: String value type + """Unknown value type""" STRING = "String" - #: ExpandString value type + """String value type""" EXPAND_STRING = "ExpandString" - #: Binary value type + """ExpandString value type""" BINARY = "Binary" - #: DWord value type + """Binary value type""" D_WORD = "DWord" - #: MultiString value type + """DWord value type""" MULTI_STRING = "MultiString" - #: QWord value type + """MultiString value type""" Q_WORD = "QWord" + """QWord value type""" + + +class RepositoryAccessKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The kind of repository access credentials.""" + + O_AUTH = "OAuth" + PAT = "PAT" + APP = "App" class RepoType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The type of repository.""" GITHUB = "Github" - DEV_OPS = "DevOps" + AZURE_DEV_OPS = "AzureDevOps" class SecurityMLAnalyticsSettingsKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1204,10 +1292,10 @@ class SettingKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): class SettingsStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The anomaly SecurityMLAnalyticsSettings status.""" - #: Anomaly settings status in Production mode PRODUCTION = "Production" - #: Anomaly settings status in Flighting mode + """Anomaly settings status in Production mode""" FLIGHTING = "Flighting" + """Anomaly settings status in Flighting mode""" class SettingType(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1237,16 +1325,29 @@ class SourceType(str, Enum, metaclass=CaseInsensitiveEnumMeta): class State(str, Enum, metaclass=CaseInsensitiveEnumMeta): """State of recommendation.""" - #: Recommendation is active. ACTIVE = "Active" - #: Recommendation is disabled. + """Recommendation is active.""" DISABLED = "Disabled" - #: Recommendation has been completed by user. + """Recommendation is disabled.""" COMPLETED_BY_USER = "CompletedByUser" - #: Recommendation has been completed by action. + """Recommendation has been completed by user.""" COMPLETED_BY_ACTION = "CompletedByAction" - #: Recommendation is hidden. + """Recommendation has been completed by action.""" HIDDEN = "Hidden" + """Recommendation is hidden.""" + + +class Status(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The status of the hunt.""" + + NEW = "New" + ACTIVE = "Active" + CLOSED = "Closed" + BACKLOG = "Backlog" + APPROVED = "Approved" + SUCCEEDED = "Succeeded" + FAILED = "Failed" + IN_PROGRESS = "InProgress" class SupportTier(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1260,22 +1361,22 @@ class SupportTier(str, Enum, metaclass=CaseInsensitiveEnumMeta): class TemplateStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The alert rule template status.""" - #: Alert rule template installed. and can not use more then once INSTALLED = "Installed" - #: Alert rule template is available. + """Alert rule template installed. and can not use more then once""" AVAILABLE = "Available" - #: Alert rule template is not available + """Alert rule template is available.""" NOT_AVAILABLE = "NotAvailable" + """Alert rule template is not available""" -class ThreatIntelligenceResourceKindEnum(str, Enum, metaclass=CaseInsensitiveEnumMeta): +class ThreatIntelligenceResourceInnerKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The kind of the threat intelligence entity.""" - #: Entity represents threat intelligence indicator in the system. INDICATOR = "indicator" + """Entity represents threat intelligence indicator in the system.""" -class ThreatIntelligenceSortingCriteriaEnum(str, Enum, metaclass=CaseInsensitiveEnumMeta): +class ThreatIntelligenceSortingOrder(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Sorting order (ascending/descending/unsorted).""" UNSORTED = "unsorted" @@ -1295,19 +1396,19 @@ class TriggerOperator(str, Enum, metaclass=CaseInsensitiveEnumMeta): class TriggersOn(str, Enum, metaclass=CaseInsensitiveEnumMeta): """TriggersOn.""" - #: Trigger on Incidents INCIDENTS = "Incidents" - #: Trigger on Alerts + """Trigger on Incidents""" ALERTS = "Alerts" + """Trigger on Alerts""" class TriggersWhen(str, Enum, metaclass=CaseInsensitiveEnumMeta): """TriggersWhen.""" - #: Trigger on created objects CREATED = "Created" - #: Trigger on updated objects + """Trigger on created objects""" UPDATED = "Updated" + """Trigger on updated objects""" class UebaDataSources(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1324,3 +1425,15 @@ class Version(str, Enum, metaclass=CaseInsensitiveEnumMeta): V1 = "V1" V2 = "V2" + + +class WarningCode(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The type of repository.""" + + SOURCE_CONTROL_WARNING_DELETE_SERVICE_PRINCIPAL = "SourceControlWarning_DeleteServicePrincipal" + SOURCE_CONTROL_WARNING_DELETE_PIPELINE_FROM_AZURE_DEV_OPS = "SourceControlWarning_DeletePipelineFromAzureDevOps" + SOURCE_CONTROL_WARNING_DELETE_WORKFLOW_AND_SECRET_FROM_GIT_HUB = ( + "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub" + ) + SOURCE_CONTROL_WARNING_DELETE_ROLE_ASSIGNMENT = "SourceControlWarning_DeleteRoleAssignment" + SOURCE_CONTROL_DELETED_WITH_WARNINGS = "SourceControl_DeletedWithWarnings" diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py index 802d895ef601..3cef9c159131 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py @@ -10,19 +10,31 @@ from ._actions_operations import ActionsOperations from ._alert_rule_templates_operations import AlertRuleTemplatesOperations from ._automation_rules_operations import AutomationRulesOperations +from ._entities_operations import EntitiesOperations from ._incidents_operations import IncidentsOperations +from ._billing_statistics_operations import BillingStatisticsOperations from ._bookmarks_operations import BookmarksOperations from ._bookmark_relations_operations import BookmarkRelationsOperations from ._bookmark_operations import BookmarkOperations +from ._content_packages_operations import ContentPackagesOperations +from ._content_package_operations import ContentPackageOperations +from ._product_packages_operations import ProductPackagesOperations +from ._product_package_operations import ProductPackageOperations +from ._product_templates_operations import ProductTemplatesOperations +from ._product_template_operations import ProductTemplateOperations +from ._content_templates_operations import ContentTemplatesOperations +from ._content_template_operations import ContentTemplateOperations from ._ip_geodata_operations import IPGeodataOperations from ._domain_whois_operations import DomainWhoisOperations -from ._entities_operations import EntitiesOperations from ._entities_get_timeline_operations import EntitiesGetTimelineOperations from ._entities_relations_operations import EntitiesRelationsOperations from ._entity_relations_operations import EntityRelationsOperations from ._entity_queries_operations import EntityQueriesOperations from ._entity_query_templates_operations import EntityQueryTemplatesOperations from ._file_imports_operations import FileImportsOperations +from ._hunts_operations import HuntsOperations +from ._hunt_relations_operations import HuntRelationsOperations +from ._hunt_comments_operations import HuntCommentsOperations from ._incident_comments_operations import IncidentCommentsOperations from ._incident_relations_operations import IncidentRelationsOperations from ._incident_tasks_operations import IncidentTasksOperations @@ -39,8 +51,17 @@ from ._threat_intelligence_indicator_operations import ThreatIntelligenceIndicatorOperations from ._threat_intelligence_indicators_operations import ThreatIntelligenceIndicatorsOperations from ._threat_intelligence_indicator_metrics_operations import ThreatIntelligenceIndicatorMetricsOperations +from ._triggered_analytics_rule_run_operations import TriggeredAnalyticsRuleRunOperations +from ._get_triggered_analytics_rule_runs_operations import GetTriggeredAnalyticsRuleRunsOperations +from ._alert_rule_operations import AlertRuleOperations from ._watchlists_operations import WatchlistsOperations from ._watchlist_items_operations import WatchlistItemsOperations +from ._workspace_manager_assignments_operations import WorkspaceManagerAssignmentsOperations +from ._workspace_manager_assignment_jobs_operations import WorkspaceManagerAssignmentJobsOperations +from ._workspace_manager_configurations_operations import WorkspaceManagerConfigurationsOperations +from ._workspace_manager_groups_operations import WorkspaceManagerGroupsOperations +from ._workspace_manager_members_operations import WorkspaceManagerMembersOperations +from ._data_connector_definitions_operations import DataConnectorDefinitionsOperations from ._data_connectors_operations import DataConnectorsOperations from ._data_connectors_check_requirements_operations import DataConnectorsCheckRequirementsOperations from ._operations import Operations @@ -54,19 +75,31 @@ "ActionsOperations", "AlertRuleTemplatesOperations", "AutomationRulesOperations", + "EntitiesOperations", "IncidentsOperations", + "BillingStatisticsOperations", "BookmarksOperations", "BookmarkRelationsOperations", "BookmarkOperations", + "ContentPackagesOperations", + "ContentPackageOperations", + "ProductPackagesOperations", + "ProductPackageOperations", + "ProductTemplatesOperations", + "ProductTemplateOperations", + "ContentTemplatesOperations", + "ContentTemplateOperations", "IPGeodataOperations", "DomainWhoisOperations", - "EntitiesOperations", "EntitiesGetTimelineOperations", "EntitiesRelationsOperations", "EntityRelationsOperations", "EntityQueriesOperations", "EntityQueryTemplatesOperations", "FileImportsOperations", + "HuntsOperations", + "HuntRelationsOperations", + "HuntCommentsOperations", "IncidentCommentsOperations", "IncidentRelationsOperations", "IncidentTasksOperations", @@ -83,8 +116,17 @@ "ThreatIntelligenceIndicatorOperations", "ThreatIntelligenceIndicatorsOperations", "ThreatIntelligenceIndicatorMetricsOperations", + "TriggeredAnalyticsRuleRunOperations", + "GetTriggeredAnalyticsRuleRunsOperations", + "AlertRuleOperations", "WatchlistsOperations", "WatchlistItemsOperations", + "WorkspaceManagerAssignmentsOperations", + "WorkspaceManagerAssignmentJobsOperations", + "WorkspaceManagerConfigurationsOperations", + "WorkspaceManagerGroupsOperations", + "WorkspaceManagerMembersOperations", + "DataConnectorDefinitionsOperations", "DataConnectorsOperations", "DataConnectorsCheckRequirementsOperations", "Operations", diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_actions_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_actions_operations.py index a26c034dbc69..e52986b4793b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_actions_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_actions_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +43,7 @@ def build_list_by_alert_rule_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -73,7 +67,7 @@ def build_list_by_alert_rule_request( "ruleId": _SERIALIZER.url("rule_id", rule_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -90,9 +84,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -117,7 +109,7 @@ def build_get_request( "actionId": _SERIALIZER.url("action_id", action_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -134,9 +126,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -162,7 +152,7 @@ def build_create_or_update_request( "actionId": _SERIALIZER.url("action_id", action_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -181,9 +171,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -208,7 +196,7 @@ def build_delete_request( "actionId": _SERIALIZER.url("action_id", action_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -259,9 +247,7 @@ def list_by_alert_rule( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.ActionsList] = kwargs.pop("cls", None) error_map = { @@ -316,8 +302,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -364,9 +351,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.ActionResponse] = kwargs.pop("cls", None) request = build_get_request( @@ -383,8 +368,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -493,7 +479,7 @@ def create_or_update( :type rule_id: str :param action_id: Action ID. Required. :type action_id: str - :param action: The action. Is either a model type or a IO type. Required. + :param action: The action. Is either a ActionRequest type or a IO type. Required. :type action: ~azure.mgmt.securityinsight.models.ActionRequest or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -514,16 +500,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.ActionResponse] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(action, (IO, bytes)): + if isinstance(action, (IOBase, bytes)): _content = action else: _json = self._serialize.body(action, "ActionRequest") @@ -545,8 +529,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -601,9 +586,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -620,8 +603,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_operations.py new file mode 100644 index 000000000000..34e4b336c9ec --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_operations.py @@ -0,0 +1,334 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, cast, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.polling import LROPoller, NoPolling, PollingMethod +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat +from azure.mgmt.core.polling.arm_polling import ARMPolling + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_trigger_rule_run_request( + resource_group_name: str, workspace_name: str, rule_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/triggerRuleRun", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "ruleId": _SERIALIZER.url("rule_id", rule_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) + + +class AlertRuleOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`alert_rule` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + def _trigger_rule_run_initial( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + analytics_rule_run_trigger_parameter: Union[_models.AnalyticsRuleRunTrigger, IO], + **kwargs: Any + ) -> None: + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[None] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(analytics_rule_run_trigger_parameter, (IOBase, bytes)): + _content = analytics_rule_run_trigger_parameter + else: + _json = self._serialize.body(analytics_rule_run_trigger_parameter, "AnalyticsRuleRunTrigger") + + request = build_trigger_rule_run_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self._trigger_rule_run_initial.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [202]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + response_headers = {} + response_headers["Location"] = self._deserialize("str", response.headers.get("Location")) + + if cls: + return cls(pipeline_response, None, response_headers) + + _trigger_rule_run_initial.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/triggerRuleRun" + } + + @overload + def begin_trigger_rule_run( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + analytics_rule_run_trigger_parameter: _models.AnalyticsRuleRunTrigger, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> LROPoller[None]: + """triggers analytics rule run. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_id: Alert rule ID. Required. + :type rule_id: str + :param analytics_rule_run_trigger_parameter: The Analytics Rule Run Trigger parameter. + Required. + :type analytics_rule_run_trigger_parameter: + ~azure.mgmt.securityinsight.models.AnalyticsRuleRunTrigger + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :keyword str continuation_token: A continuation token to restart a poller from a saved state. + :keyword polling: By default, your polling method will be ARMPolling. Pass in False for this + operation to not poll, or pass in your own initialized polling object for a personal polling + strategy. + :paramtype polling: bool or ~azure.core.polling.PollingMethod + :keyword int polling_interval: Default waiting time between two polls for LRO operations if no + Retry-After header is present. + :return: An instance of LROPoller that returns either None or the result of cls(response) + :rtype: ~azure.core.polling.LROPoller[None] + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def begin_trigger_rule_run( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + analytics_rule_run_trigger_parameter: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> LROPoller[None]: + """triggers analytics rule run. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_id: Alert rule ID. Required. + :type rule_id: str + :param analytics_rule_run_trigger_parameter: The Analytics Rule Run Trigger parameter. + Required. + :type analytics_rule_run_trigger_parameter: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :keyword str continuation_token: A continuation token to restart a poller from a saved state. + :keyword polling: By default, your polling method will be ARMPolling. Pass in False for this + operation to not poll, or pass in your own initialized polling object for a personal polling + strategy. + :paramtype polling: bool or ~azure.core.polling.PollingMethod + :keyword int polling_interval: Default waiting time between two polls for LRO operations if no + Retry-After header is present. + :return: An instance of LROPoller that returns either None or the result of cls(response) + :rtype: ~azure.core.polling.LROPoller[None] + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def begin_trigger_rule_run( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + analytics_rule_run_trigger_parameter: Union[_models.AnalyticsRuleRunTrigger, IO], + **kwargs: Any + ) -> LROPoller[None]: + """triggers analytics rule run. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_id: Alert rule ID. Required. + :type rule_id: str + :param analytics_rule_run_trigger_parameter: The Analytics Rule Run Trigger parameter. Is + either a AnalyticsRuleRunTrigger type or a IO type. Required. + :type analytics_rule_run_trigger_parameter: + ~azure.mgmt.securityinsight.models.AnalyticsRuleRunTrigger or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :keyword str continuation_token: A continuation token to restart a poller from a saved state. + :keyword polling: By default, your polling method will be ARMPolling. Pass in False for this + operation to not poll, or pass in your own initialized polling object for a personal polling + strategy. + :paramtype polling: bool or ~azure.core.polling.PollingMethod + :keyword int polling_interval: Default waiting time between two polls for LRO operations if no + Retry-After header is present. + :return: An instance of LROPoller that returns either None or the result of cls(response) + :rtype: ~azure.core.polling.LROPoller[None] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[None] = kwargs.pop("cls", None) + polling: Union[bool, PollingMethod] = kwargs.pop("polling", True) + lro_delay = kwargs.pop("polling_interval", self._config.polling_interval) + cont_token: Optional[str] = kwargs.pop("continuation_token", None) + if cont_token is None: + raw_result = self._trigger_rule_run_initial( # type: ignore + resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + analytics_rule_run_trigger_parameter=analytics_rule_run_trigger_parameter, + api_version=api_version, + content_type=content_type, + cls=lambda x, y, z: x, + headers=_headers, + params=_params, + **kwargs + ) + kwargs.pop("error_map", None) + + def get_long_running_output(pipeline_response): # pylint: disable=inconsistent-return-statements + if cls: + return cls(pipeline_response, None, {}) + + if polling is True: + polling_method: PollingMethod = cast( + PollingMethod, ARMPolling(lro_delay, lro_options={"final-state-via": "location"}, **kwargs) + ) + elif polling is False: + polling_method = cast(PollingMethod, NoPolling()) + else: + polling_method = polling + if cont_token: + return LROPoller.from_continuation_token( + polling_method=polling_method, + continuation_token=cont_token, + client=self._client, + deserialization_callback=get_long_running_output, + ) + return LROPoller(self._client, raw_result, get_long_running_output, polling_method) # type: ignore + + begin_trigger_rule_run.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/triggerRuleRun" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_templates_operations.py index 938d7e565001..ce9ba9bb5611 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_templates_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_templates_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Iterable, Optional, TypeVar import urllib.parse @@ -28,12 +27,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +42,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -72,7 +65,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -89,9 +82,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -115,7 +106,7 @@ def build_get_request( "alertRuleTemplateId": _SERIALIZER.url("alert_rule_template_id", alert_rule_template_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -164,9 +155,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AlertRuleTemplatesList] = kwargs.pop("cls", None) error_map = { @@ -220,8 +209,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -266,9 +256,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AlertRuleTemplate] = kwargs.pop("cls", None) request = build_get_request( @@ -284,8 +272,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rules_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rules_operations.py index 911942febd7a..0691069433f3 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rules_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rules_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +43,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -72,7 +66,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -89,9 +83,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -115,7 +107,7 @@ def build_get_request( "ruleId": _SERIALIZER.url("rule_id", rule_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -132,9 +124,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -159,7 +149,7 @@ def build_create_or_update_request( "ruleId": _SERIALIZER.url("rule_id", rule_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -178,9 +168,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -204,7 +192,7 @@ def build_delete_request( "ruleId": _SERIALIZER.url("rule_id", rule_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -251,9 +239,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AlertRulesList] = kwargs.pop("cls", None) error_map = { @@ -307,8 +293,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -351,9 +338,7 @@ def get(self, resource_group_name: str, workspace_name: str, rule_id: str, **kwa _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AlertRule] = kwargs.pop("cls", None) request = build_get_request( @@ -369,8 +354,9 @@ def get(self, resource_group_name: str, workspace_name: str, rule_id: str, **kwa request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -470,7 +456,7 @@ def create_or_update( :type workspace_name: str :param rule_id: Alert rule ID. Required. :type rule_id: str - :param alert_rule: The alert rule. Is either a model type or a IO type. Required. + :param alert_rule: The alert rule. Is either a AlertRule type or a IO type. Required. :type alert_rule: ~azure.mgmt.securityinsight.models.AlertRule or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -491,16 +477,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.AlertRule] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(alert_rule, (IO, bytes)): + if isinstance(alert_rule, (IOBase, bytes)): _content = alert_rule else: _json = self._serialize.body(alert_rule, "AlertRule") @@ -521,8 +505,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -575,9 +560,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -593,8 +576,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_automation_rules_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_automation_rules_operations.py index bb9e386f6773..b5a92db7fd7c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_automation_rules_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_automation_rules_operations.py @@ -6,6 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- +from io import IOBase import sys from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,16 +29,12 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request if sys.version_info >= (3, 9): from collections.abc import MutableMapping else: from typing import MutableMapping # type: ignore # pylint: disable=ungrouped-imports -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports JSON = MutableMapping[str, Any] # pylint: disable=unsubscriptable-object T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -52,9 +49,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -78,7 +73,7 @@ def build_get_request( "automationRuleId": _SERIALIZER.url("automation_rule_id", automation_rule_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -95,9 +90,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -122,7 +115,7 @@ def build_create_or_update_request( "automationRuleId": _SERIALIZER.url("automation_rule_id", automation_rule_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -141,9 +134,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -167,7 +158,7 @@ def build_delete_request( "automationRuleId": _SERIALIZER.url("automation_rule_id", automation_rule_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -184,9 +175,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -209,7 +198,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -268,9 +257,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AutomationRule] = kwargs.pop("cls", None) request = build_get_request( @@ -286,8 +273,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -387,8 +375,8 @@ def create_or_update( :type workspace_name: str :param automation_rule_id: Automation rule ID. Required. :type automation_rule_id: str - :param automation_rule_to_upsert: The automation rule. Is either a model type or a IO type. - Default value is None. + :param automation_rule_to_upsert: The automation rule. Is either a AutomationRule type or a IO + type. Default value is None. :type automation_rule_to_upsert: ~azure.mgmt.securityinsight.models.AutomationRule or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -409,16 +397,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.AutomationRule] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(automation_rule_to_upsert, (IO, bytes)): + if isinstance(automation_rule_to_upsert, (IOBase, bytes)): _content = automation_rule_to_upsert else: if automation_rule_to_upsert is not None: @@ -442,8 +428,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -494,9 +481,7 @@ def delete(self, resource_group_name: str, workspace_name: str, automation_rule_ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[JSON] = kwargs.pop("cls", None) request = build_delete_request( @@ -512,8 +497,9 @@ def delete(self, resource_group_name: str, workspace_name: str, automation_rule_ request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -554,9 +540,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AutomationRulesList] = kwargs.pop("cls", None) error_map = { @@ -610,8 +594,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_billing_statistics_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_billing_statistics_operations.py new file mode 100644 index 000000000000..a83ec8181652 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_billing_statistics_operations.py @@ -0,0 +1,299 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Iterable, Optional, TypeVar +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, workspace_name: str, billing_statistic_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics/{billingStatisticName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "billingStatisticName": _SERIALIZER.url( + "billing_statistic_name", billing_statistic_name, "str", pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class BillingStatisticsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`billing_statistics` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, resource_group_name: str, workspace_name: str, **kwargs: Any + ) -> Iterable["_models.BillingStatistic"]: + """Gets all Microsoft Sentinel billing statistics. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either BillingStatistic or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.BillingStatistic] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.BillingStatisticList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("BillingStatisticList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics" + } + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, billing_statistic_name: str, **kwargs: Any + ) -> _models.BillingStatistic: + """Gets a billing statistic. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param billing_statistic_name: The name of the billing statistic. Required. + :type billing_statistic_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: BillingStatistic or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.BillingStatistic + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.BillingStatistic] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + billing_statistic_name=billing_statistic_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("BillingStatistic", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics/{billingStatisticName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_operations.py index 493b78b645ee..8fd3ba852fec 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload from azure.core.exceptions import ( @@ -26,12 +26,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -45,9 +41,7 @@ def build_expand_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -72,7 +66,7 @@ def build_expand_request( "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -187,7 +181,7 @@ def expand( :param bookmark_id: Bookmark ID. Required. :type bookmark_id: str :param parameters: The parameters required to execute an expand operation on the given - bookmark. Is either a model type or a IO type. Required. + bookmark. Is either a BookmarkExpandParameters type or a IO type. Required. :type parameters: ~azure.mgmt.securityinsight.models.BookmarkExpandParameters or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -208,16 +202,14 @@ def expand( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.BookmarkExpandResponse] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(parameters, (IO, bytes)): + if isinstance(parameters, (IOBase, bytes)): _content = parameters else: _json = self._serialize.body(parameters, "BookmarkExpandParameters") @@ -238,8 +230,9 @@ def expand( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_relations_operations.py index ea17c2058589..f4b0b9a50a55 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_relations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_relations_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -56,9 +52,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -82,7 +76,7 @@ def build_list_request( "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -112,9 +106,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -139,7 +131,7 @@ def build_get_request( "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -161,9 +153,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -189,7 +179,7 @@ def build_create_or_update_request( "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -213,9 +203,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -240,7 +228,7 @@ def build_delete_request( "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -311,9 +299,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.RelationList] = kwargs.pop("cls", None) error_map = { @@ -372,8 +358,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -420,9 +407,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) request = build_get_request( @@ -439,8 +424,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -549,7 +535,7 @@ def create_or_update( :type bookmark_id: str :param relation_name: Relation Name. Required. :type relation_name: str - :param relation: The relation model. Is either a model type or a IO type. Required. + :param relation: The relation model. Is either a Relation type or a IO type. Required. :type relation: ~azure.mgmt.securityinsight.models.Relation or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -570,16 +556,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(relation, (IO, bytes)): + if isinstance(relation, (IOBase, bytes)): _content = relation else: _json = self._serialize.body(relation, "Relation") @@ -601,8 +585,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -657,9 +642,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -676,8 +659,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmarks_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmarks_operations.py index 3f7b2f8ad3de..174d984d1e9e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmarks_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmarks_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +43,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -72,7 +66,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -89,9 +83,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -115,7 +107,7 @@ def build_get_request( "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -132,9 +124,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -159,7 +149,7 @@ def build_create_or_update_request( "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -178,9 +168,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -204,7 +192,7 @@ def build_delete_request( "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -251,9 +239,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.BookmarkList] = kwargs.pop("cls", None) error_map = { @@ -307,8 +293,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -351,9 +338,7 @@ def get(self, resource_group_name: str, workspace_name: str, bookmark_id: str, * _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Bookmark] = kwargs.pop("cls", None) request = build_get_request( @@ -369,8 +354,9 @@ def get(self, resource_group_name: str, workspace_name: str, bookmark_id: str, * request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -470,7 +456,7 @@ def create_or_update( :type workspace_name: str :param bookmark_id: Bookmark ID. Required. :type bookmark_id: str - :param bookmark: The bookmark. Is either a model type or a IO type. Required. + :param bookmark: The bookmark. Is either a Bookmark type or a IO type. Required. :type bookmark: ~azure.mgmt.securityinsight.models.Bookmark or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -491,16 +477,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Bookmark] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(bookmark, (IO, bytes)): + if isinstance(bookmark, (IOBase, bytes)): _content = bookmark else: _json = self._serialize.body(bookmark, "Bookmark") @@ -521,8 +505,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -575,9 +560,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -593,8 +576,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_package_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_package_operations.py new file mode 100644 index 000000000000..c74bdd421e33 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_package_operations.py @@ -0,0 +1,359 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_install_request( + resource_group_name: str, workspace_name: str, package_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "packageId": _SERIALIZER.url("package_id", package_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_uninstall_request( + resource_group_name: str, workspace_name: str, package_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "packageId": _SERIALIZER.url("package_id", package_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +class ContentPackageOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`content_package` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @overload + def install( + self, + resource_group_name: str, + workspace_name: str, + package_id: str, + package_installation_properties: _models.PackageModel, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.PackageModel: + """Install a package to the workspace. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :param package_installation_properties: Package installation properties. Required. + :type package_installation_properties: ~azure.mgmt.securityinsight.models.PackageModel + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: PackageModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.PackageModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def install( + self, + resource_group_name: str, + workspace_name: str, + package_id: str, + package_installation_properties: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.PackageModel: + """Install a package to the workspace. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :param package_installation_properties: Package installation properties. Required. + :type package_installation_properties: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: PackageModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.PackageModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def install( + self, + resource_group_name: str, + workspace_name: str, + package_id: str, + package_installation_properties: Union[_models.PackageModel, IO], + **kwargs: Any + ) -> _models.PackageModel: + """Install a package to the workspace. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :param package_installation_properties: Package installation properties. Is either a + PackageModel type or a IO type. Required. + :type package_installation_properties: ~azure.mgmt.securityinsight.models.PackageModel or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: PackageModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.PackageModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.PackageModel] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(package_installation_properties, (IOBase, bytes)): + _content = package_installation_properties + else: + _json = self._serialize.body(package_installation_properties, "PackageModel") + + request = build_install_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + package_id=package_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.install.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("PackageModel", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("PackageModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + install.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}" + } + + @distributed_trace + def uninstall( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, package_id: str, **kwargs: Any + ) -> None: + """Uninstall a package from the workspace. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_uninstall_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + package_id=package_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.uninstall.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + uninstall.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_packages_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_packages_operations.py new file mode 100644 index 000000000000..c9dd81fe0d37 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_packages_operations.py @@ -0,0 +1,357 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Iterable, Optional, TypeVar +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + filter: Optional[str] = None, + orderby: Optional[str] = None, + search: Optional[str] = None, + count: Optional[bool] = None, + top: Optional[int] = None, + skip: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if filter is not None: + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if search is not None: + _params["$search"] = _SERIALIZER.query("search", search, "str") + if count is not None: + _params["$count"] = _SERIALIZER.query("count", count, "bool") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip is not None: + _params["$skip"] = _SERIALIZER.query("skip", skip, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, workspace_name: str, package_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "packageId": _SERIALIZER.url("package_id", package_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class ContentPackagesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`content_packages` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + search: Optional[str] = None, + count: Optional[bool] = None, + top: Optional[int] = None, + skip: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.PackageModel"]: + """Gets all installed packages. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param search: Searches for a substring in the response. Optional. Default value is None. + :type search: str + :param count: Instructs the server to return only object count without actual body. Optional. + Default value is None. + :type count: bool + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip: Used to skip n elements in the OData query (offset). Returns a nextLink to the + next page of results if there are any left. Default value is None. + :type skip: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either PackageModel or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.PackageModel] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.PackageList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + search=search, + count=count, + top=top, + skip=skip, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("PackageList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages" + } + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, package_id: str, **kwargs: Any + ) -> _models.PackageModel: + """Gets an installed packages by its id. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: PackageModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.PackageModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.PackageModel] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + package_id=package_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("PackageModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_template_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_template_operations.py new file mode 100644 index 000000000000..69a98aa439bc --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_template_operations.py @@ -0,0 +1,472 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_install_request( + resource_group_name: str, workspace_name: str, template_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "templateId": _SERIALIZER.url("template_id", template_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, workspace_name: str, template_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "templateId": _SERIALIZER.url("template_id", template_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, workspace_name: str, template_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "templateId": _SERIALIZER.url("template_id", template_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +class ContentTemplateOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`content_template` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @overload + def install( + self, + resource_group_name: str, + workspace_name: str, + template_id: str, + template_installation_properties: _models.TemplateModel, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.TemplateModel: + """Install a template. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :param template_installation_properties: Template installation properties. Required. + :type template_installation_properties: ~azure.mgmt.securityinsight.models.TemplateModel + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TemplateModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TemplateModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def install( + self, + resource_group_name: str, + workspace_name: str, + template_id: str, + template_installation_properties: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.TemplateModel: + """Install a template. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :param template_installation_properties: Template installation properties. Required. + :type template_installation_properties: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TemplateModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TemplateModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def install( + self, + resource_group_name: str, + workspace_name: str, + template_id: str, + template_installation_properties: Union[_models.TemplateModel, IO], + **kwargs: Any + ) -> _models.TemplateModel: + """Install a template. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :param template_installation_properties: Template installation properties. Is either a + TemplateModel type or a IO type. Required. + :type template_installation_properties: ~azure.mgmt.securityinsight.models.TemplateModel or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TemplateModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TemplateModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.TemplateModel] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(template_installation_properties, (IOBase, bytes)): + _content = template_installation_properties + else: + _json = self._serialize.body(template_installation_properties, "TemplateModel") + + request = build_install_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + template_id=template_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.install.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("TemplateModel", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("TemplateModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + install.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}" + } + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, template_id: str, **kwargs: Any + ) -> _models.TemplateModel: + """Gets a template byt its identifier. + Expandable properties: + + + * properties/mainTemplate + * properties/dependantTemplates. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TemplateModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TemplateModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.TemplateModel] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + template_id=template_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("TemplateModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}" + } + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, template_id: str, **kwargs: Any + ) -> None: + """Delete an installed template. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + template_id=template_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_templates_operations.py new file mode 100644 index 000000000000..e0fe176cedbf --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_templates_operations.py @@ -0,0 +1,262 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Iterable, Optional, TypeVar +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + filter: Optional[str] = None, + orderby: Optional[str] = None, + expand: Optional[str] = None, + search: Optional[str] = None, + count: Optional[bool] = None, + top: Optional[int] = None, + skip: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if filter is not None: + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if expand is not None: + _params["$expand"] = _SERIALIZER.query("expand", expand, "str") + if search is not None: + _params["$search"] = _SERIALIZER.query("search", search, "str") + if count is not None: + _params["$count"] = _SERIALIZER.query("count", count, "bool") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip is not None: + _params["$skip"] = _SERIALIZER.query("skip", skip, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class ContentTemplatesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`content_templates` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + expand: Optional[str] = None, + search: Optional[str] = None, + count: Optional[bool] = None, + top: Optional[int] = None, + skip: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.TemplateModel"]: + """Gets all installed templates. + Expandable properties: + + + * properties/mainTemplate + * properties/dependantTemplates. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param expand: Expands the object with optional fiends that are not included by default. + Optional. Default value is None. + :type expand: str + :param search: Searches for a substring in the response. Optional. Default value is None. + :type search: str + :param count: Instructs the server to return only object count without actual body. Optional. + Default value is None. + :type count: bool + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip: Used to skip n elements in the OData query (offset). Returns a nextLink to the + next page of results if there are any left. Default value is None. + :type skip: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either TemplateModel or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.TemplateModel] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.TemplateList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + expand=expand, + search=search, + count=count, + top=top, + skip=skip, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("TemplateList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connector_definitions_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connector_definitions_operations.py new file mode 100644 index 000000000000..2c29bf842153 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connector_definitions_operations.py @@ -0,0 +1,621 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, + workspace_name: str, + data_connector_definition_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "dataConnectorDefinitionName": _SERIALIZER.url( + "data_connector_definition_name", data_connector_definition_name, "str", pattern=r"^[a-z0-9A-Z-_]*$" + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_or_update_request( + resource_group_name: str, + workspace_name: str, + data_connector_definition_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "dataConnectorDefinitionName": _SERIALIZER.url( + "data_connector_definition_name", data_connector_definition_name, "str", pattern=r"^[a-z0-9A-Z-_]*$" + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, + workspace_name: str, + data_connector_definition_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "dataConnectorDefinitionName": _SERIALIZER.url( + "data_connector_definition_name", data_connector_definition_name, "str", pattern=r"^[a-z0-9A-Z-_]*$" + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +class DataConnectorDefinitionsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`data_connector_definitions` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, resource_group_name: str, workspace_name: str, **kwargs: Any + ) -> Iterable["_models.DataConnectorDefinition"]: + """Gets all data connector definitions. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either DataConnectorDefinition or the result of + cls(response) + :rtype: + ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.DataConnectorDefinition] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.DataConnectorDefinitionArmCollectionWrapper] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("DataConnectorDefinitionArmCollectionWrapper", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions" + } + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, data_connector_definition_name: str, **kwargs: Any + ) -> _models.DataConnectorDefinition: + """Gets a data connector definition. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_definition_name: The data connector definition name. Required. + :type data_connector_definition_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorDefinition or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorDefinition + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.DataConnectorDefinition] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_definition_name=data_connector_definition_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("DataConnectorDefinition", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}" + } + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + data_connector_definition_name: str, + connector_definition_input: _models.DataConnectorDefinition, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.DataConnectorDefinition: + """Creates or updates the data connector definition. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_definition_name: The data connector definition name. Required. + :type data_connector_definition_name: str + :param connector_definition_input: The data connector definition. Required. + :type connector_definition_input: ~azure.mgmt.securityinsight.models.DataConnectorDefinition + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorDefinition or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorDefinition + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + data_connector_definition_name: str, + connector_definition_input: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.DataConnectorDefinition: + """Creates or updates the data connector definition. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_definition_name: The data connector definition name. Required. + :type data_connector_definition_name: str + :param connector_definition_input: The data connector definition. Required. + :type connector_definition_input: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorDefinition or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorDefinition + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + data_connector_definition_name: str, + connector_definition_input: Union[_models.DataConnectorDefinition, IO], + **kwargs: Any + ) -> _models.DataConnectorDefinition: + """Creates or updates the data connector definition. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_definition_name: The data connector definition name. Required. + :type data_connector_definition_name: str + :param connector_definition_input: The data connector definition. Is either a + DataConnectorDefinition type or a IO type. Required. + :type connector_definition_input: ~azure.mgmt.securityinsight.models.DataConnectorDefinition or + IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorDefinition or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorDefinition + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.DataConnectorDefinition] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(connector_definition_input, (IOBase, bytes)): + _content = connector_definition_input + else: + _json = self._serialize.body(connector_definition_input, "DataConnectorDefinition") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_definition_name=data_connector_definition_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("DataConnectorDefinition", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("DataConnectorDefinition", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}" + } + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, data_connector_definition_name: str, **kwargs: Any + ) -> None: + """Delete the data connector definition. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_definition_name: The data connector definition name. Required. + :type data_connector_definition_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_definition_name=data_connector_definition_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_check_requirements_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_check_requirements_operations.py index a443aede96d7..12b86174c1cf 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_check_requirements_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_check_requirements_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload from azure.core.exceptions import ( @@ -26,12 +26,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -45,9 +41,7 @@ def build_post_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -71,7 +65,7 @@ def build_post_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -178,7 +172,7 @@ def post( :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param data_connectors_check_requirements: The parameters for requirements check message. Is - either a model type or a IO type. Required. + either a DataConnectorsCheckRequirements type or a IO type. Required. :type data_connectors_check_requirements: ~azure.mgmt.securityinsight.models.DataConnectorsCheckRequirements or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -200,16 +194,14 @@ def post( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.DataConnectorRequirementsState] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(data_connectors_check_requirements, (IO, bytes)): + if isinstance(data_connectors_check_requirements, (IOBase, bytes)): _content = data_connectors_check_requirements else: _json = self._serialize.body(data_connectors_check_requirements, "DataConnectorsCheckRequirements") @@ -229,8 +221,9 @@ def post( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_operations.py index d0adeeadb0c8..521758802dd2 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +43,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -72,7 +66,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -89,9 +83,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -115,7 +107,7 @@ def build_get_request( "dataConnectorId": _SERIALIZER.url("data_connector_id", data_connector_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -132,9 +124,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -159,7 +149,7 @@ def build_create_or_update_request( "dataConnectorId": _SERIALIZER.url("data_connector_id", data_connector_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -178,9 +168,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -204,7 +192,7 @@ def build_delete_request( "dataConnectorId": _SERIALIZER.url("data_connector_id", data_connector_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -221,9 +209,7 @@ def build_connect_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -248,7 +234,7 @@ def build_connect_request( "dataConnectorId": _SERIALIZER.url("data_connector_id", data_connector_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -267,9 +253,7 @@ def build_disconnect_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -293,7 +277,7 @@ def build_disconnect_request( "dataConnectorId": _SERIALIZER.url("data_connector_id", data_connector_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -340,9 +324,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.DataConnectorList] = kwargs.pop("cls", None) error_map = { @@ -396,8 +378,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -442,9 +425,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.DataConnector] = kwargs.pop("cls", None) request = build_get_request( @@ -460,8 +441,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -561,7 +543,8 @@ def create_or_update( :type workspace_name: str :param data_connector_id: Connector ID. Required. :type data_connector_id: str - :param data_connector: The data connector. Is either a model type or a IO type. Required. + :param data_connector: The data connector. Is either a DataConnector type or a IO type. + Required. :type data_connector: ~azure.mgmt.securityinsight.models.DataConnector or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -582,16 +565,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.DataConnector] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(data_connector, (IO, bytes)): + if isinstance(data_connector, (IOBase, bytes)): _content = data_connector else: _json = self._serialize.body(data_connector, "DataConnector") @@ -612,8 +593,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -666,9 +648,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -684,8 +664,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -781,7 +762,8 @@ def connect( # pylint: disable=inconsistent-return-statements :type workspace_name: str :param data_connector_id: Connector ID. Required. :type data_connector_id: str - :param connect_body: The data connector. Is either a model type or a IO type. Required. + :param connect_body: The data connector. Is either a DataConnectorConnectBody type or a IO + type. Required. :type connect_body: ~azure.mgmt.securityinsight.models.DataConnectorConnectBody or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -802,16 +784,14 @@ def connect( # pylint: disable=inconsistent-return-statements _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[None] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(connect_body, (IO, bytes)): + if isinstance(connect_body, (IOBase, bytes)): _content = connect_body else: _json = self._serialize.body(connect_body, "DataConnectorConnectBody") @@ -832,8 +812,9 @@ def connect( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -878,9 +859,7 @@ def disconnect( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_disconnect_request( @@ -896,8 +875,9 @@ def disconnect( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_domain_whois_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_domain_whois_operations.py index ce39a050336d..047c463500d6 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_domain_whois_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_domain_whois_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -26,12 +25,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -43,9 +38,7 @@ def build_get_request(resource_group_name: str, subscription_id: str, *, domain: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -60,7 +53,7 @@ def build_get_request(resource_group_name: str, subscription_id: str, *, domain: ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -116,9 +109,7 @@ def get(self, resource_group_name: str, domain: str, **kwargs: Any) -> _models.E _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EnrichmentDomainWhois] = kwargs.pop("cls", None) request = build_get_request( @@ -133,8 +124,9 @@ def get(self, resource_group_name: str, domain: str, **kwargs: Any) -> _models.E request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_get_timeline_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_get_timeline_operations.py index 0cdd1ffdd887..d2a8eafeaecd 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_get_timeline_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_get_timeline_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload from azure.core.exceptions import ( @@ -26,12 +26,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -45,9 +41,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -72,7 +66,7 @@ def build_list_request( "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -187,7 +181,7 @@ def list( :param entity_id: entity ID. Required. :type entity_id: str :param parameters: The parameters required to execute an timeline operation on the given - entity. Is either a model type or a IO type. Required. + entity. Is either a EntityTimelineParameters type or a IO type. Required. :type parameters: ~azure.mgmt.securityinsight.models.EntityTimelineParameters or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -208,16 +202,14 @@ def list( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.EntityTimelineResponse] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(parameters, (IO, bytes)): + if isinstance(parameters, (IOBase, bytes)): _content = parameters else: _json = self._serialize.body(parameters, "EntityTimelineParameters") @@ -238,8 +230,9 @@ def list( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_operations.py index 7a25ea360d46..b3b840fa1414 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -41,15 +37,57 @@ _SERIALIZER.client_side_validation = False +def build_run_playbook_request( + resource_group_name: str, workspace_name: str, entity_identifier: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityIdentifier}/runPlaybook", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "entityIdentifier": _SERIALIZER.url("entity_identifier", entity_identifier, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) + + def build_list_request( resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -72,7 +110,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -89,9 +127,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -115,7 +151,7 @@ def build_get_request( "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -132,9 +168,7 @@ def build_expand_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -159,7 +193,7 @@ def build_expand_request( "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -184,9 +218,7 @@ def build_queries_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -210,7 +242,7 @@ def build_queries_request( "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -228,9 +260,7 @@ def build_get_insights_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -255,7 +285,7 @@ def build_get_insights_request( "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -287,6 +317,159 @@ def __init__(self, *args, **kwargs): self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + @overload + def run_playbook( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + entity_identifier: str, + request_body: Optional[_models.EntityManualTriggerRequestBody] = None, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> None: + """Triggers playbook on a specific entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_identifier: Entity identifier. Required. + :type entity_identifier: str + :param request_body: Describes the request body for triggering a playbook on an entity. Default + value is None. + :type request_body: ~azure.mgmt.securityinsight.models.EntityManualTriggerRequestBody + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def run_playbook( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + entity_identifier: str, + request_body: Optional[IO] = None, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> None: + """Triggers playbook on a specific entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_identifier: Entity identifier. Required. + :type entity_identifier: str + :param request_body: Describes the request body for triggering a playbook on an entity. Default + value is None. + :type request_body: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def run_playbook( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + entity_identifier: str, + request_body: Optional[Union[_models.EntityManualTriggerRequestBody, IO]] = None, + **kwargs: Any + ) -> None: + """Triggers playbook on a specific entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_identifier: Entity identifier. Required. + :type entity_identifier: str + :param request_body: Describes the request body for triggering a playbook on an entity. Is + either a EntityManualTriggerRequestBody type or a IO type. Default value is None. + :type request_body: ~azure.mgmt.securityinsight.models.EntityManualTriggerRequestBody or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[None] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(request_body, (IOBase, bytes)): + _content = request_body + else: + if request_body is not None: + _json = self._serialize.body(request_body, "EntityManualTriggerRequestBody") + else: + _json = None + + request = build_run_playbook_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_identifier=entity_identifier, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.run_playbook.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + run_playbook.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityIdentifier}/runPlaybook" + } + @distributed_trace def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> Iterable["_models.Entity"]: """Gets all entities. @@ -304,9 +487,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EntityList] = kwargs.pop("cls", None) error_map = { @@ -360,8 +541,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -404,9 +586,7 @@ def get(self, resource_group_name: str, workspace_name: str, entity_id: str, **k _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Entity] = kwargs.pop("cls", None) request = build_get_request( @@ -422,8 +602,9 @@ def get(self, resource_group_name: str, workspace_name: str, entity_id: str, **k request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -526,7 +707,7 @@ def expand( :param entity_id: entity ID. Required. :type entity_id: str :param parameters: The parameters required to execute an expand operation on the given entity. - Is either a model type or a IO type. Required. + Is either a EntityExpandParameters type or a IO type. Required. :type parameters: ~azure.mgmt.securityinsight.models.EntityExpandParameters or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -547,16 +728,14 @@ def expand( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.EntityExpandResponse] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(parameters, (IO, bytes)): + if isinstance(parameters, (IOBase, bytes)): _content = parameters else: _json = self._serialize.body(parameters, "EntityExpandParameters") @@ -577,8 +756,9 @@ def expand( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -634,9 +814,7 @@ def queries( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.GetQueriesResponse] = kwargs.pop("cls", None) request = build_queries_request( @@ -653,8 +831,9 @@ def queries( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -755,7 +934,7 @@ def get_insights( :param entity_id: entity ID. Required. :type entity_id: str :param parameters: The parameters required to execute insights on the given entity. Is either a - model type or a IO type. Required. + EntityGetInsightsParameters type or a IO type. Required. :type parameters: ~azure.mgmt.securityinsight.models.EntityGetInsightsParameters or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -776,16 +955,14 @@ def get_insights( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.EntityGetInsightsResponse] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(parameters, (IO, bytes)): + if isinstance(parameters, (IOBase, bytes)): _content = parameters else: _json = self._serialize.body(parameters, "EntityGetInsightsParameters") @@ -806,8 +983,9 @@ def get_insights( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_relations_operations.py index e160a77e83f7..ee4ed2185b30 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_relations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_relations_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Iterable, Optional, TypeVar import urllib.parse @@ -28,12 +27,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -56,9 +51,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -82,7 +75,7 @@ def build_list_request( "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -161,9 +154,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.RelationList] = kwargs.pop("cls", None) error_map = { @@ -222,8 +213,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_queries_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_queries_operations.py index 89f9d636c466..7bc2c248cfcc 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_queries_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_queries_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -46,15 +42,13 @@ def build_list_request( workspace_name: str, subscription_id: str, *, - kind: Optional[Union[str, _models.Enum13]] = None, + kind: Optional[Union[str, _models.Enum20]] = None, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -77,7 +71,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters if kind is not None: @@ -96,9 +90,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -122,7 +114,7 @@ def build_get_request( "entityQueryId": _SERIALIZER.url("entity_query_id", entity_query_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -139,9 +131,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -166,7 +156,7 @@ def build_create_or_update_request( "entityQueryId": _SERIALIZER.url("entity_query_id", entity_query_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -185,9 +175,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -211,7 +199,7 @@ def build_delete_request( "entityQueryId": _SERIALIZER.url("entity_query_id", entity_query_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -246,7 +234,7 @@ def list( self, resource_group_name: str, workspace_name: str, - kind: Optional[Union[str, _models.Enum13]] = None, + kind: Optional[Union[str, _models.Enum20]] = None, **kwargs: Any ) -> Iterable["_models.EntityQuery"]: """Gets all entity queries. @@ -258,7 +246,7 @@ def list( :type workspace_name: str :param kind: The entity query kind we want to fetch. Known values are: "Expansion" and "Activity". Default value is None. - :type kind: str or ~azure.mgmt.securityinsight.models.Enum13 + :type kind: str or ~azure.mgmt.securityinsight.models.Enum20 :keyword callable cls: A custom type or function that will be passed the direct response :return: An iterator like instance of either EntityQuery or the result of cls(response) :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.EntityQuery] @@ -267,9 +255,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EntityQueryList] = kwargs.pop("cls", None) error_map = { @@ -324,8 +310,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -370,9 +357,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EntityQuery] = kwargs.pop("cls", None) request = build_get_request( @@ -388,8 +373,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -489,8 +475,8 @@ def create_or_update( :type workspace_name: str :param entity_query_id: entity query ID. Required. :type entity_query_id: str - :param entity_query: The entity query we want to create or update. Is either a model type or a - IO type. Required. + :param entity_query: The entity query we want to create or update. Is either a + CustomEntityQuery type or a IO type. Required. :type entity_query: ~azure.mgmt.securityinsight.models.CustomEntityQuery or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -511,16 +497,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.EntityQuery] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(entity_query, (IO, bytes)): + if isinstance(entity_query, (IOBase, bytes)): _content = entity_query else: _json = self._serialize.body(entity_query, "CustomEntityQuery") @@ -541,8 +525,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -595,9 +580,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -613,8 +596,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_query_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_query_templates_operations.py index cd961f94a317..9cd9260a8075 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_query_templates_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_query_templates_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Iterable, Optional, TypeVar, Union import urllib.parse @@ -28,12 +27,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -46,15 +41,13 @@ def build_list_request( workspace_name: str, subscription_id: str, *, - kind: Optional[Union[str, _models.Enum15]] = None, + kind: Optional[Union[str, _models.Enum22]] = None, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -77,7 +70,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters if kind is not None: @@ -96,9 +89,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -122,7 +113,7 @@ def build_get_request( "entityQueryTemplateId": _SERIALIZER.url("entity_query_template_id", entity_query_template_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -157,7 +148,7 @@ def list( self, resource_group_name: str, workspace_name: str, - kind: Optional[Union[str, _models.Enum15]] = None, + kind: Optional[Union[str, _models.Enum22]] = None, **kwargs: Any ) -> Iterable["_models.EntityQueryTemplate"]: """Gets all entity query templates. @@ -168,7 +159,7 @@ def list( :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param kind: The entity template query kind we want to fetch. "Activity" Default value is None. - :type kind: str or ~azure.mgmt.securityinsight.models.Enum15 + :type kind: str or ~azure.mgmt.securityinsight.models.Enum22 :keyword callable cls: A custom type or function that will be passed the direct response :return: An iterator like instance of either EntityQueryTemplate or the result of cls(response) :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.EntityQueryTemplate] @@ -177,9 +168,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EntityQueryTemplateList] = kwargs.pop("cls", None) error_map = { @@ -234,8 +223,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -280,9 +270,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EntityQueryTemplate] = kwargs.pop("cls", None) request = build_get_request( @@ -298,8 +286,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_relations_operations.py index 676e478cc9d2..b17a219e9412 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_relations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_relations_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -26,12 +25,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -50,9 +45,7 @@ def build_get_relation_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -77,7 +70,7 @@ def build_get_relation_request( "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -138,9 +131,7 @@ def get_relation( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) request = build_get_relation_request( @@ -157,8 +148,9 @@ def get_relation( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_file_imports_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_file_imports_operations.py index 156bf96f7654..9ba5ed0574f7 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_file_imports_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_file_imports_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, cast, overload import urllib.parse @@ -30,12 +30,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -57,9 +53,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -82,7 +76,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -107,9 +101,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -133,7 +125,7 @@ def build_get_request( "fileImportId": _SERIALIZER.url("file_import_id", file_import_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -150,9 +142,7 @@ def build_create_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -177,7 +167,7 @@ def build_create_request( "fileImportId": _SERIALIZER.url("file_import_id", file_import_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -196,9 +186,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -222,7 +210,7 @@ def build_delete_request( "fileImportId": _SERIALIZER.url("file_import_id", file_import_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -290,9 +278,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.FileImportList] = kwargs.pop("cls", None) error_map = { @@ -350,8 +336,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -396,9 +383,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.FileImport] = kwargs.pop("cls", None) request = build_get_request( @@ -414,8 +399,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -515,7 +501,7 @@ def create( :type workspace_name: str :param file_import_id: File import ID. Required. :type file_import_id: str - :param file_import: The file import. Is either a model type or a IO type. Required. + :param file_import: The file import. Is either a FileImport type or a IO type. Required. :type file_import: ~azure.mgmt.securityinsight.models.FileImport or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -536,16 +522,14 @@ def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.FileImport] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(file_import, (IO, bytes)): + if isinstance(file_import, (IOBase, bytes)): _content = file_import else: _json = self._serialize.body(file_import, "FileImport") @@ -566,8 +550,9 @@ def create( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -601,9 +586,7 @@ def _delete_initial( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[Optional[_models.FileImport]] = kwargs.pop("cls", None) request = build_delete_request( @@ -619,8 +602,9 @@ def _delete_initial( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -670,9 +654,7 @@ def begin_delete( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.FileImport] = kwargs.pop("cls", None) polling: Union[bool, PollingMethod] = kwargs.pop("polling", True) lro_delay = kwargs.pop("polling_interval", self._config.polling_interval) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_operations.py index 8d495ea329ef..b18f07dce360 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -26,12 +25,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -45,9 +40,7 @@ def build_single_recommendation_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -71,7 +64,7 @@ def build_single_recommendation_request( "recommendationId": _SERIALIZER.url("recommendation_id", recommendation_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -130,9 +123,7 @@ def single_recommendation( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Recommendation] = kwargs.pop("cls", None) request = build_single_recommendation_request( @@ -148,8 +139,9 @@ def single_recommendation( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_recommendations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_recommendations_operations.py index a6e5f145a99f..0fb00a42510b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_recommendations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_recommendations_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -26,12 +25,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -45,9 +40,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -70,7 +63,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -125,9 +118,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.RecommendationList] = kwargs.pop("cls", None) request = build_list_request( @@ -142,8 +133,9 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_triggered_analytics_rule_runs_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_triggered_analytics_rule_runs_operations.py new file mode 100644 index 000000000000..0b5eb27a93bf --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_triggered_analytics_rule_runs_operations.py @@ -0,0 +1,189 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Iterable, Optional, TypeVar +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class GetTriggeredAnalyticsRuleRunsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`get_triggered_analytics_rule_runs` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, resource_group_name: str, workspace_name: str, **kwargs: Any + ) -> Iterable["_models.TriggeredAnalyticsRuleRun"]: + """Gets the triggered analytics rule runs. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either TriggeredAnalyticsRuleRun or the result of + cls(response) + :rtype: + ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.TriggeredAnalyticsRuleRun] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.TriggeredAnalyticsRuleRuns] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("TriggeredAnalyticsRuleRuns", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunt_comments_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunt_comments_operations.py new file mode 100644 index 000000000000..c79682a1ff9f --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunt_comments_operations.py @@ -0,0 +1,678 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + hunt_id: str, + subscription_id: str, + *, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if filter is not None: + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_comment_id: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + "huntCommentId": _SERIALIZER.url("hunt_comment_id", hunt_comment_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_comment_id: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + "huntCommentId": _SERIALIZER.url("hunt_comment_id", hunt_comment_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_or_update_request( + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_comment_id: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + "huntCommentId": _SERIALIZER.url("hunt_comment_id", hunt_comment_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +class HuntCommentsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`hunt_comments` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.HuntComment"]: + """Gets all hunt comments. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either HuntComment or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.HuntComment] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.HuntCommentList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("HuntCommentList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments" + } + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, hunt_id: str, hunt_comment_id: str, **kwargs: Any + ) -> _models.HuntComment: + """Gets a hunt comment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_comment_id: The hunt comment id (GUID). Required. + :type hunt_comment_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntComment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntComment + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.HuntComment] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_comment_id=hunt_comment_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("HuntComment", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}" + } + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, hunt_id: str, hunt_comment_id: str, **kwargs: Any + ) -> None: + """Delete a hunt comment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_comment_id: The hunt comment id (GUID). Required. + :type hunt_comment_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_comment_id=hunt_comment_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}" + } + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_comment_id: str, + hunt_comment: _models.HuntComment, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.HuntComment: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_comment_id: The hunt comment id (GUID). Required. + :type hunt_comment_id: str + :param hunt_comment: The hunt comment. Required. + :type hunt_comment: ~azure.mgmt.securityinsight.models.HuntComment + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntComment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntComment + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_comment_id: str, + hunt_comment: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.HuntComment: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_comment_id: The hunt comment id (GUID). Required. + :type hunt_comment_id: str + :param hunt_comment: The hunt comment. Required. + :type hunt_comment: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntComment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntComment + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_comment_id: str, + hunt_comment: Union[_models.HuntComment, IO], + **kwargs: Any + ) -> _models.HuntComment: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_comment_id: The hunt comment id (GUID). Required. + :type hunt_comment_id: str + :param hunt_comment: The hunt comment. Is either a HuntComment type or a IO type. Required. + :type hunt_comment: ~azure.mgmt.securityinsight.models.HuntComment or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntComment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntComment + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.HuntComment] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(hunt_comment, (IOBase, bytes)): + _content = hunt_comment + else: + _json = self._serialize.body(hunt_comment, "HuntComment") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_comment_id=hunt_comment_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("HuntComment", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("HuntComment", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunt_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunt_relations_operations.py new file mode 100644 index 000000000000..2dc071cec529 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunt_relations_operations.py @@ -0,0 +1,678 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + hunt_id: str, + subscription_id: str, + *, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if filter is not None: + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_relation_id: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + "huntRelationId": _SERIALIZER.url("hunt_relation_id", hunt_relation_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_relation_id: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + "huntRelationId": _SERIALIZER.url("hunt_relation_id", hunt_relation_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_or_update_request( + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_relation_id: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + "huntRelationId": _SERIALIZER.url("hunt_relation_id", hunt_relation_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +class HuntRelationsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`hunt_relations` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.HuntRelation"]: + """Gets all hunt relations. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either HuntRelation or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.HuntRelation] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.HuntRelationList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("HuntRelationList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations" + } + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, hunt_id: str, hunt_relation_id: str, **kwargs: Any + ) -> _models.HuntRelation: + """Gets a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_relation_id: The hunt relation id (GUID). Required. + :type hunt_relation_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntRelation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntRelation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.HuntRelation] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_relation_id=hunt_relation_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("HuntRelation", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}" + } + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, hunt_id: str, hunt_relation_id: str, **kwargs: Any + ) -> None: + """Delete a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_relation_id: The hunt relation id (GUID). Required. + :type hunt_relation_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_relation_id=hunt_relation_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}" + } + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_relation_id: str, + hunt_relation: _models.HuntRelation, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.HuntRelation: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_relation_id: The hunt relation id (GUID). Required. + :type hunt_relation_id: str + :param hunt_relation: The hunt relation. Required. + :type hunt_relation: ~azure.mgmt.securityinsight.models.HuntRelation + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntRelation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntRelation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_relation_id: str, + hunt_relation: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.HuntRelation: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_relation_id: The hunt relation id (GUID). Required. + :type hunt_relation_id: str + :param hunt_relation: The hunt relation. Required. + :type hunt_relation: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntRelation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntRelation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_relation_id: str, + hunt_relation: Union[_models.HuntRelation, IO], + **kwargs: Any + ) -> _models.HuntRelation: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_relation_id: The hunt relation id (GUID). Required. + :type hunt_relation_id: str + :param hunt_relation: The hunt relation. Is either a HuntRelation type or a IO type. Required. + :type hunt_relation: ~azure.mgmt.securityinsight.models.HuntRelation or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntRelation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntRelation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.HuntRelation] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(hunt_relation, (IOBase, bytes)): + _content = hunt_relation + else: + _json = self._serialize.body(hunt_relation, "HuntRelation") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_relation_id=hunt_relation_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("HuntRelation", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("HuntRelation", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunts_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunts_operations.py new file mode 100644 index 000000000000..d2c52daab5ca --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunts_operations.py @@ -0,0 +1,631 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if filter is not None: + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, workspace_name: str, hunt_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, workspace_name: str, hunt_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_or_update_request( + resource_group_name: str, workspace_name: str, hunt_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +class HuntsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`hunts` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.Hunt"]: + """Gets all hunts, without relations and comments. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either Hunt or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.Hunt] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.HuntList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("HuntList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts" + } + + @distributed_trace + def get(self, resource_group_name: str, workspace_name: str, hunt_id: str, **kwargs: Any) -> _models.Hunt: + """Gets a hunt, without relations and comments. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Hunt or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Hunt + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.Hunt] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Hunt", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}" + } + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, hunt_id: str, **kwargs: Any + ) -> None: + """Delete a hunt. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}" + } + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt: _models.Hunt, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Hunt: + """Create or update a hunt. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt: The hunt. Required. + :type hunt: ~azure.mgmt.securityinsight.models.Hunt + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Hunt or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Hunt + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Hunt: + """Create or update a hunt. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt: The hunt. Required. + :type hunt: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Hunt or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Hunt + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, resource_group_name: str, workspace_name: str, hunt_id: str, hunt: Union[_models.Hunt, IO], **kwargs: Any + ) -> _models.Hunt: + """Create or update a hunt. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt: The hunt. Is either a Hunt type or a IO type. Required. + :type hunt: ~azure.mgmt.securityinsight.models.Hunt or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Hunt or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Hunt + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.Hunt] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(hunt, (IOBase, bytes)): + _content = hunt + else: + _json = self._serialize.body(hunt, "Hunt") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("Hunt", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("Hunt", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_comments_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_comments_operations.py index 8b63ffbf0831..22b18b3cf7e2 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_comments_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_comments_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -56,9 +52,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -82,7 +76,7 @@ def build_list_request( "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -112,9 +106,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -139,7 +131,7 @@ def build_get_request( "incidentCommentId": _SERIALIZER.url("incident_comment_id", incident_comment_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -161,9 +153,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -189,7 +179,7 @@ def build_create_or_update_request( "incidentCommentId": _SERIALIZER.url("incident_comment_id", incident_comment_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -213,9 +203,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -240,7 +228,7 @@ def build_delete_request( "incidentCommentId": _SERIALIZER.url("incident_comment_id", incident_comment_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -311,9 +299,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentCommentList] = kwargs.pop("cls", None) error_map = { @@ -372,8 +358,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -420,9 +407,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentComment] = kwargs.pop("cls", None) request = build_get_request( @@ -439,8 +424,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -549,7 +535,8 @@ def create_or_update( :type incident_id: str :param incident_comment_id: Incident comment ID. Required. :type incident_comment_id: str - :param incident_comment: The incident comment. Is either a model type or a IO type. Required. + :param incident_comment: The incident comment. Is either a IncidentComment type or a IO type. + Required. :type incident_comment: ~azure.mgmt.securityinsight.models.IncidentComment or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -570,16 +557,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.IncidentComment] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(incident_comment, (IO, bytes)): + if isinstance(incident_comment, (IOBase, bytes)): _content = incident_comment else: _json = self._serialize.body(incident_comment, "IncidentComment") @@ -601,8 +586,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -657,9 +643,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -676,8 +660,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_relations_operations.py index 4c9164691097..1b01941d3013 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_relations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_relations_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -56,9 +52,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -82,7 +76,7 @@ def build_list_request( "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -112,9 +106,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -139,7 +131,7 @@ def build_get_request( "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -161,9 +153,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -189,7 +179,7 @@ def build_create_or_update_request( "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -213,9 +203,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -240,7 +228,7 @@ def build_delete_request( "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -311,9 +299,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.RelationList] = kwargs.pop("cls", None) error_map = { @@ -372,8 +358,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -420,9 +407,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) request = build_get_request( @@ -439,8 +424,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -549,7 +535,7 @@ def create_or_update( :type incident_id: str :param relation_name: Relation Name. Required. :type relation_name: str - :param relation: The relation model. Is either a model type or a IO type. Required. + :param relation: The relation model. Is either a Relation type or a IO type. Required. :type relation: ~azure.mgmt.securityinsight.models.Relation or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -570,16 +556,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(relation, (IO, bytes)): + if isinstance(relation, (IOBase, bytes)): _content = relation else: _json = self._serialize.body(relation, "Relation") @@ -601,8 +585,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -657,9 +642,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -676,8 +659,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_tasks_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_tasks_operations.py index 95ff858a910f..e4ddc495e409 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_tasks_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_tasks_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +43,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -73,7 +67,7 @@ def build_list_request( "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -95,9 +89,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -122,7 +114,7 @@ def build_get_request( "incidentTaskId": _SERIALIZER.url("incident_task_id", incident_task_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -144,9 +136,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -172,7 +162,7 @@ def build_create_or_update_request( "incidentTaskId": _SERIALIZER.url("incident_task_id", incident_task_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -196,9 +186,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -223,7 +211,7 @@ def build_delete_request( "incidentTaskId": _SERIALIZER.url("incident_task_id", incident_task_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -274,9 +262,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentTaskList] = kwargs.pop("cls", None) error_map = { @@ -331,8 +317,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -379,9 +366,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentTask] = kwargs.pop("cls", None) request = build_get_request( @@ -398,8 +383,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -508,7 +494,7 @@ def create_or_update( :type incident_id: str :param incident_task_id: Incident task ID. Required. :type incident_task_id: str - :param incident_task: The incident task. Is either a model type or a IO type. Required. + :param incident_task: The incident task. Is either a IncidentTask type or a IO type. Required. :type incident_task: ~azure.mgmt.securityinsight.models.IncidentTask or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -529,16 +515,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.IncidentTask] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(incident_task, (IO, bytes)): + if isinstance(incident_task, (IOBase, bytes)): _content = incident_task else: _json = self._serialize.body(incident_task, "IncidentTask") @@ -560,8 +544,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -616,9 +601,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -635,8 +618,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incidents_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incidents_operations.py index fcbe3e15a34c..3bde75750a71 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incidents_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incidents_operations.py @@ -6,6 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- +from io import IOBase import sys from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,16 +29,12 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request if sys.version_info >= (3, 9): from collections.abc import MutableMapping else: from typing import MutableMapping # type: ignore # pylint: disable=ungrouped-imports -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports JSON = MutableMapping[str, Any] # pylint: disable=unsubscriptable-object T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -52,9 +49,7 @@ def build_run_playbook_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -79,7 +74,7 @@ def build_run_playbook_request( "incidentIdentifier": _SERIALIZER.url("incident_identifier", incident_identifier, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -106,9 +101,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -131,7 +124,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -156,9 +149,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -182,7 +173,7 @@ def build_get_request( "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -199,9 +190,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -226,7 +215,7 @@ def build_create_or_update_request( "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -245,9 +234,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -271,7 +258,7 @@ def build_delete_request( "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -288,9 +275,7 @@ def build_create_team_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -315,7 +300,7 @@ def build_create_team_request( "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -334,9 +319,7 @@ def build_list_alerts_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -360,7 +343,7 @@ def build_list_alerts_request( "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -377,9 +360,7 @@ def build_list_bookmarks_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -403,7 +384,7 @@ def build_list_bookmarks_request( "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -420,9 +401,7 @@ def build_list_entities_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -446,7 +425,7 @@ def build_list_entities_request( "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -556,7 +535,8 @@ def run_playbook( :type workspace_name: str :param incident_identifier: Required. :type incident_identifier: str - :param request_body: Is either a model type or a IO type. Default value is None. + :param request_body: Is either a ManualTriggerRequestBody type or a IO type. Default value is + None. :type request_body: ~azure.mgmt.securityinsight.models.ManualTriggerRequestBody or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -577,16 +557,14 @@ def run_playbook( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[JSON] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(request_body, (IO, bytes)): + if isinstance(request_body, (IOBase, bytes)): _content = request_body else: if request_body is not None: @@ -610,8 +588,9 @@ def run_playbook( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -669,9 +648,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentList] = kwargs.pop("cls", None) error_map = { @@ -729,8 +706,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -773,9 +751,7 @@ def get(self, resource_group_name: str, workspace_name: str, incident_id: str, * _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Incident] = kwargs.pop("cls", None) request = build_get_request( @@ -791,8 +767,9 @@ def get(self, resource_group_name: str, workspace_name: str, incident_id: str, * request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -892,7 +869,7 @@ def create_or_update( :type workspace_name: str :param incident_id: Incident ID. Required. :type incident_id: str - :param incident: The incident. Is either a model type or a IO type. Required. + :param incident: The incident. Is either a Incident type or a IO type. Required. :type incident: ~azure.mgmt.securityinsight.models.Incident or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -913,16 +890,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Incident] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(incident, (IO, bytes)): + if isinstance(incident, (IOBase, bytes)): _content = incident else: _json = self._serialize.body(incident, "Incident") @@ -943,8 +918,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -997,9 +973,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -1015,8 +989,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -1115,7 +1090,8 @@ def create_team( :type workspace_name: str :param incident_id: Incident ID. Required. :type incident_id: str - :param team_properties: Team properties. Is either a model type or a IO type. Required. + :param team_properties: Team properties. Is either a TeamInformation type or a IO type. + Required. :type team_properties: ~azure.mgmt.securityinsight.models.TeamInformation or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -1136,16 +1112,14 @@ def create_team( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.TeamInformation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(team_properties, (IO, bytes)): + if isinstance(team_properties, (IOBase, bytes)): _content = team_properties else: _json = self._serialize.body(team_properties, "TeamInformation") @@ -1166,8 +1140,9 @@ def create_team( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -1216,9 +1191,7 @@ def list_alerts( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentAlertList] = kwargs.pop("cls", None) request = build_list_alerts_request( @@ -1234,8 +1207,9 @@ def list_alerts( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -1284,9 +1258,7 @@ def list_bookmarks( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentBookmarkList] = kwargs.pop("cls", None) request = build_list_bookmarks_request( @@ -1302,8 +1274,9 @@ def list_bookmarks( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -1352,9 +1325,7 @@ def list_entities( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentEntitiesResponse] = kwargs.pop("cls", None) request = build_list_entities_request( @@ -1370,8 +1341,9 @@ def list_entities( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_ip_geodata_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_ip_geodata_operations.py index 89c8e309e108..39318e5150a7 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_ip_geodata_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_ip_geodata_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -26,12 +25,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -43,9 +38,7 @@ def build_get_request(resource_group_name: str, subscription_id: str, *, ip_addr _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -60,7 +53,7 @@ def build_get_request(resource_group_name: str, subscription_id: str, *, ip_addr ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -116,9 +109,7 @@ def get(self, resource_group_name: str, ip_address: str, **kwargs: Any) -> _mode _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EnrichmentIpGeodata] = kwargs.pop("cls", None) request = build_get_request( @@ -133,8 +124,9 @@ def get(self, resource_group_name: str, ip_address: str, **kwargs: Any) -> _mode request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_metadata_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_metadata_operations.py index 532bea1e8db1..f9f97304b80c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_metadata_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_metadata_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -55,9 +51,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -80,7 +74,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -105,9 +99,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -128,10 +120,10 @@ def build_get_request( min_length=1, pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", ), - "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str"), + "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str", pattern=r"^\S+$"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -148,9 +140,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -171,10 +161,10 @@ def build_delete_request( min_length=1, pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", ), - "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str"), + "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str", pattern=r"^\S+$"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -191,9 +181,7 @@ def build_create_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -215,10 +203,10 @@ def build_create_request( min_length=1, pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", ), - "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str"), + "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str", pattern=r"^\S+$"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -237,9 +225,7 @@ def build_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -261,10 +247,10 @@ def build_update_request( min_length=1, pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", ), - "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str"), + "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str", pattern=r"^\S+$"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -332,9 +318,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.MetadataList] = kwargs.pop("cls", None) error_map = { @@ -392,8 +376,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -438,9 +423,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.MetadataModel] = kwargs.pop("cls", None) request = build_get_request( @@ -456,8 +439,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -506,9 +490,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -524,8 +506,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -621,7 +604,7 @@ def create( :type workspace_name: str :param metadata_name: The Metadata name. Required. :type metadata_name: str - :param metadata: Metadata resource. Is either a model type or a IO type. Required. + :param metadata: Metadata resource. Is either a MetadataModel type or a IO type. Required. :type metadata: ~azure.mgmt.securityinsight.models.MetadataModel or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -642,16 +625,14 @@ def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.MetadataModel] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(metadata, (IO, bytes)): + if isinstance(metadata, (IOBase, bytes)): _content = metadata else: _json = self._serialize.body(metadata, "MetadataModel") @@ -672,8 +653,9 @@ def create( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -777,7 +759,8 @@ def update( :type workspace_name: str :param metadata_name: The Metadata name. Required. :type metadata_name: str - :param metadata_patch: Partial metadata request. Is either a model type or a IO type. Required. + :param metadata_patch: Partial metadata request. Is either a MetadataPatch type or a IO type. + Required. :type metadata_patch: ~azure.mgmt.securityinsight.models.MetadataPatch or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -798,16 +781,14 @@ def update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.MetadataModel] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(metadata_patch, (IO, bytes)): + if isinstance(metadata_patch, (IOBase, bytes)): _content = metadata_patch else: _json = self._serialize.body(metadata_patch, "MetadataPatch") @@ -828,8 +809,9 @@ def update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_office_consents_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_office_consents_operations.py index 6c185d8b07ac..c3977ef7cd12 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_office_consents_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_office_consents_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Iterable, Optional, TypeVar import urllib.parse @@ -28,12 +27,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +42,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -72,7 +65,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -89,9 +82,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -115,7 +106,7 @@ def build_get_request( "consentId": _SERIALIZER.url("consent_id", consent_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -132,9 +123,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -158,7 +147,7 @@ def build_delete_request( "consentId": _SERIALIZER.url("consent_id", consent_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -205,9 +194,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.OfficeConsentList] = kwargs.pop("cls", None) error_map = { @@ -261,8 +248,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -307,9 +295,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.OfficeConsent] = kwargs.pop("cls", None) request = build_get_request( @@ -325,8 +311,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -375,9 +362,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -393,8 +378,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_operations.py index e74ff2e56de3..2da9bd1d3fe1 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Iterable, Optional, TypeVar import urllib.parse @@ -30,10 +29,6 @@ from .._serialization import Serializer from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -45,9 +40,7 @@ def build_list_request(**kwargs: Any) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -93,9 +86,7 @@ def list(self, **kwargs: Any) -> Iterable["_models.Operation"]: _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.OperationsList] = kwargs.pop("cls", None) error_map = { @@ -146,8 +137,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_package_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_package_operations.py new file mode 100644 index 000000000000..80c27f5c71c2 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_package_operations.py @@ -0,0 +1,162 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Optional, TypeVar + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_get_request( + resource_group_name: str, workspace_name: str, package_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages/{packageId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "packageId": _SERIALIZER.url("package_id", package_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class ProductPackageOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`product_package` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, package_id: str, **kwargs: Any + ) -> _models.ProductPackageModel: + """Gets a package by its identifier from the catalog. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ProductPackageModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ProductPackageModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.ProductPackageModel] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + package_id=package_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("ProductPackageModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages/{packageId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_packages_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_packages_operations.py new file mode 100644 index 000000000000..a1d80748d954 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_packages_operations.py @@ -0,0 +1,231 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Iterable, Optional, TypeVar +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if filter is not None: + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class ProductPackagesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`product_packages` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.ProductPackageModel"]: + """Gets all packages from the catalog. + Expandable properties: + + + * properties/installed + * properties/packagedContent. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either ProductPackageModel or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.ProductPackageModel] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.ProductPackageList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("ProductPackageList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_settings_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_settings_operations.py index 86def718fd40..344c96fdfbd3 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_settings_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_settings_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload from azure.core.exceptions import ( @@ -26,12 +26,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -45,9 +41,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -70,7 +64,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -87,9 +81,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -113,7 +105,7 @@ def build_get_request( "settingsName": _SERIALIZER.url("settings_name", settings_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -130,9 +122,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -156,7 +146,7 @@ def build_delete_request( "settingsName": _SERIALIZER.url("settings_name", settings_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -173,9 +163,7 @@ def build_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -200,7 +188,7 @@ def build_update_request( "settingsName": _SERIALIZER.url("settings_name", settings_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -257,9 +245,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SettingList] = kwargs.pop("cls", None) request = build_list_request( @@ -274,8 +260,9 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -323,9 +310,7 @@ def get(self, resource_group_name: str, workspace_name: str, settings_name: str, _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Settings] = kwargs.pop("cls", None) request = build_get_request( @@ -341,8 +326,9 @@ def get(self, resource_group_name: str, workspace_name: str, settings_name: str, request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -392,9 +378,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -410,8 +394,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -510,7 +495,7 @@ def update( :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. Required. :type settings_name: str - :param settings: The setting. Is either a model type or a IO type. Required. + :param settings: The setting. Is either a Settings type or a IO type. Required. :type settings: ~azure.mgmt.securityinsight.models.Settings or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -531,16 +516,14 @@ def update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Settings] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(settings, (IO, bytes)): + if isinstance(settings, (IOBase, bytes)): _content = settings else: _json = self._serialize.body(settings, "Settings") @@ -561,8 +544,9 @@ def update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_template_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_template_operations.py new file mode 100644 index 000000000000..d8f97d7799a0 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_template_operations.py @@ -0,0 +1,162 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Optional, TypeVar + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_get_request( + resource_group_name: str, workspace_name: str, template_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentproducttemplates/{templateId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "templateId": _SERIALIZER.url("template_id", template_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class ProductTemplateOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`product_template` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, template_id: str, **kwargs: Any + ) -> _models.ProductTemplateModel: + """Gets a template by its identifier. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ProductTemplateModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ProductTemplateModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.ProductTemplateModel] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + template_id=template_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("ProductTemplateModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentproducttemplates/{templateId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_templates_operations.py new file mode 100644 index 000000000000..f8b9ee181699 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_templates_operations.py @@ -0,0 +1,250 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Iterable, Optional, TypeVar +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + filter: Optional[str] = None, + orderby: Optional[str] = None, + search: Optional[str] = None, + count: Optional[bool] = None, + top: Optional[int] = None, + skip: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductTemplates", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if filter is not None: + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if search is not None: + _params["$search"] = _SERIALIZER.query("search", search, "str") + if count is not None: + _params["$count"] = _SERIALIZER.query("count", count, "bool") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip is not None: + _params["$skip"] = _SERIALIZER.query("skip", skip, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class ProductTemplatesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`product_templates` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + search: Optional[str] = None, + count: Optional[bool] = None, + top: Optional[int] = None, + skip: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.ProductTemplateModel"]: + """Gets all templates in the catalog. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param search: Searches for a substring in the response. Optional. Default value is None. + :type search: str + :param count: Instructs the server to return only object count without actual body. Optional. + Default value is None. + :type count: bool + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip: Used to skip n elements in the OData query (offset). Returns a nextLink to the + next page of results if there are any left. Default value is None. + :type skip: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either ProductTemplateModel or the result of + cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.ProductTemplateModel] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.ProductTemplateList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + search=search, + count=count, + top=top, + skip=skip, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("ProductTemplateList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductTemplates" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_security_ml_analytics_settings_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_security_ml_analytics_settings_operations.py index 67f7732a0682..fa8a65c35193 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_security_ml_analytics_settings_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_security_ml_analytics_settings_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +43,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -72,7 +66,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -89,9 +83,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -115,7 +107,7 @@ def build_get_request( "settingsResourceName": _SERIALIZER.url("settings_resource_name", settings_resource_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -132,9 +124,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -159,7 +149,7 @@ def build_create_or_update_request( "settingsResourceName": _SERIALIZER.url("settings_resource_name", settings_resource_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -178,9 +168,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -204,7 +192,7 @@ def build_delete_request( "settingsResourceName": _SERIALIZER.url("settings_resource_name", settings_resource_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -255,9 +243,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SecurityMLAnalyticsSettingsList] = kwargs.pop("cls", None) error_map = { @@ -311,8 +297,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -357,9 +344,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SecurityMLAnalyticsSetting] = kwargs.pop("cls", None) request = build_get_request( @@ -375,8 +360,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -477,8 +463,8 @@ def create_or_update( :type workspace_name: str :param settings_resource_name: Security ML Analytics Settings resource name. Required. :type settings_resource_name: str - :param security_ml_analytics_setting: The security ML Analytics setting. Is either a model type - or a IO type. Required. + :param security_ml_analytics_setting: The security ML Analytics setting. Is either a + SecurityMLAnalyticsSetting type or a IO type. Required. :type security_ml_analytics_setting: ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -500,16 +486,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.SecurityMLAnalyticsSetting] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(security_ml_analytics_setting, (IO, bytes)): + if isinstance(security_ml_analytics_setting, (IOBase, bytes)): _content = security_ml_analytics_setting else: _json = self._serialize.body(security_ml_analytics_setting, "SecurityMLAnalyticsSetting") @@ -530,8 +514,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -584,9 +569,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -602,8 +585,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_sentinel_onboarding_states_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_sentinel_onboarding_states_operations.py index dede32ea1345..6bea060e583f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_sentinel_onboarding_states_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_sentinel_onboarding_states_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload from azure.core.exceptions import ( @@ -26,12 +26,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -49,9 +45,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -77,7 +71,7 @@ def build_get_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -98,9 +92,7 @@ def build_create_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -127,7 +119,7 @@ def build_create_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -150,9 +142,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -178,7 +168,7 @@ def build_delete_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -195,9 +185,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -220,7 +208,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -280,9 +268,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SentinelOnboardingState] = kwargs.pop("cls", None) request = build_get_request( @@ -298,8 +284,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -406,7 +393,7 @@ def create( Required. :type sentinel_onboarding_state_name: str :param sentinel_onboarding_state_parameter: The Sentinel onboarding state parameter. Is either - a model type or a IO type. Default value is None. + a SentinelOnboardingState type or a IO type. Default value is None. :type sentinel_onboarding_state_parameter: ~azure.mgmt.securityinsight.models.SentinelOnboardingState or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -428,16 +415,14 @@ def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.SentinelOnboardingState] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(sentinel_onboarding_state_parameter, (IO, bytes)): + if isinstance(sentinel_onboarding_state_parameter, (IOBase, bytes)): _content = sentinel_onboarding_state_parameter else: if sentinel_onboarding_state_parameter is not None: @@ -461,8 +446,9 @@ def create( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -516,9 +502,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -534,8 +518,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -578,9 +563,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SentinelOnboardingStatesList] = kwargs.pop("cls", None) request = build_list_request( @@ -595,8 +578,9 @@ def list( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_control_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_control_operations.py index 4a4957b10d8d..97c3c116b587 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_control_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_control_operations.py @@ -6,8 +6,8 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys -from typing import Any, Callable, Dict, Iterable, Optional, TypeVar, Union +from io import IOBase +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse from azure.core.exceptions import ( @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -42,19 +38,12 @@ def build_list_repositories_request( - resource_group_name: str, - workspace_name: str, - subscription_id: str, - *, - json: Union[str, _models.RepoType], - **kwargs: Any + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -78,7 +67,7 @@ def build_list_repositories_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -88,7 +77,7 @@ def build_list_repositories_request( _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, json=json, **kwargs) + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) class SourceControlOperations: @@ -110,9 +99,69 @@ def __init__(self, *args, **kwargs): self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + @overload + def list_repositories( + self, + resource_group_name: str, + workspace_name: str, + repository_access: _models.RepositoryAccessProperties, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> Iterable["_models.Repo"]: + """Gets a list of repositories metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param repository_access: The repository access credentials. Required. + :type repository_access: ~azure.mgmt.securityinsight.models.RepositoryAccessProperties + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either Repo or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.Repo] + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def list_repositories( + self, + resource_group_name: str, + workspace_name: str, + repository_access: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> Iterable["_models.Repo"]: + """Gets a list of repositories metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param repository_access: The repository access credentials. Required. + :type repository_access: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either Repo or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.Repo] + :raises ~azure.core.exceptions.HttpResponseError: + """ + @distributed_trace def list_repositories( - self, resource_group_name: str, workspace_name: str, repo_type: Union[str, _models.RepoType], **kwargs: Any + self, + resource_group_name: str, + workspace_name: str, + repository_access: Union[_models.RepositoryAccessProperties, IO], + **kwargs: Any ) -> Iterable["_models.Repo"]: """Gets a list of repositories metadata. @@ -121,8 +170,12 @@ def list_repositories( :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param repo_type: The repo type. Known values are: "Github" and "DevOps". Required. - :type repo_type: str or ~azure.mgmt.securityinsight.models.RepoType + :param repository_access: The repository access credentials. Is either a + RepositoryAccessProperties type or a IO type. Required. + :type repository_access: ~azure.mgmt.securityinsight.models.RepositoryAccessProperties or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response :return: An iterator like instance of either Repo or the result of cls(response) :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.Repo] @@ -131,10 +184,8 @@ def list_repositories( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - content_type: str = kwargs.pop("content_type", _headers.pop("Content-Type", "application/json")) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.RepoList] = kwargs.pop("cls", None) error_map = { @@ -144,10 +195,16 @@ def list_repositories( 304: ResourceNotModifiedError, } error_map.update(kwargs.pop("error_map", {}) or {}) + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(repository_access, (IOBase, bytes)): + _content = repository_access + else: + _json = self._serialize.body(repository_access, "RepositoryAccessProperties") def prepare_request(next_link=None): if not next_link: - _json = self._serialize.body(repo_type, "str") request = build_list_repositories_request( resource_group_name=resource_group_name, @@ -156,6 +213,7 @@ def prepare_request(next_link=None): api_version=api_version, content_type=content_type, json=_json, + content=_content, template_url=self.list_repositories.metadata["url"], headers=_headers, params=_params, @@ -191,8 +249,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_controls_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_controls_operations.py index e4f8c1291dc3..5e706292f6ac 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_controls_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_controls_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +43,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -72,7 +66,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -89,9 +83,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -115,7 +107,7 @@ def build_get_request( "sourceControlId": _SERIALIZER.url("source_control_id", source_control_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -126,15 +118,14 @@ def build_get_request( return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) -def build_delete_request( +def build_create_request( resource_group_name: str, workspace_name: str, source_control_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -158,33 +149,33 @@ def build_delete_request( "sourceControlId": _SERIALIZER.url("source_control_id", source_control_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) -def build_create_request( +def build_delete_request( resource_group_name: str, workspace_name: str, source_control_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") # Construct URL _url = kwargs.pop( "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}/delete", ) # pylint: disable=line-too-long path_format_arguments = { "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), @@ -202,7 +193,7 @@ def build_create_request( "sourceControlId": _SERIALIZER.url("source_control_id", source_control_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -212,7 +203,7 @@ def build_create_request( _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) class SourceControlsOperations: @@ -251,9 +242,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SourceControlList] = kwargs.pop("cls", None) error_map = { @@ -307,8 +296,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -353,9 +343,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SourceControl] = kwargs.pop("cls", None) request = build_get_request( @@ -371,8 +359,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -392,11 +381,78 @@ def get( "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" } + @overload + def create( + self, + resource_group_name: str, + workspace_name: str, + source_control_id: str, + source_control: _models.SourceControl, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.SourceControl: + """Creates a source control. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param source_control_id: Source control Id. Required. + :type source_control_id: str + :param source_control: The SourceControl. Required. + :type source_control: ~azure.mgmt.securityinsight.models.SourceControl + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SourceControl or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create( + self, + resource_group_name: str, + workspace_name: str, + source_control_id: str, + source_control: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.SourceControl: + """Creates a source control. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param source_control_id: Source control Id. Required. + :type source_control_id: str + :param source_control: The SourceControl. Required. + :type source_control: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SourceControl or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :raises ~azure.core.exceptions.HttpResponseError: + """ + @distributed_trace - def delete( # pylint: disable=inconsistent-return-statements - self, resource_group_name: str, workspace_name: str, source_control_id: str, **kwargs: Any - ) -> None: - """Delete a source control. + def create( + self, + resource_group_name: str, + workspace_name: str, + source_control_id: str, + source_control: Union[_models.SourceControl, IO], + **kwargs: Any + ) -> _models.SourceControl: + """Creates a source control. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -405,9 +461,15 @@ def delete( # pylint: disable=inconsistent-return-statements :type workspace_name: str :param source_control_id: Source control Id. Required. :type source_control_id: str + :param source_control: The SourceControl. Is either a SourceControl type or a IO type. + Required. + :type source_control: ~azure.mgmt.securityinsight.models.SourceControl or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None + :return: SourceControl or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SourceControl :raises ~azure.core.exceptions.HttpResponseError: """ error_map = { @@ -418,56 +480,75 @@ def delete( # pylint: disable=inconsistent-return-statements } error_map.update(kwargs.pop("error_map", {}) or {}) - _headers = kwargs.pop("headers", {}) or {} + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[None] = kwargs.pop("cls", None) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.SourceControl] = kwargs.pop("cls", None) - request = build_delete_request( + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(source_control, (IOBase, bytes)): + _content = source_control + else: + _json = self._serialize.body(source_control, "SourceControl") + + request = build_create_request( resource_group_name=resource_group_name, workspace_name=workspace_name, source_control_id=source_control_id, subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata["url"], + content_type=content_type, + json=_json, + content=_content, + template_url=self.create.metadata["url"], headers=_headers, params=_params, ) request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response - if response.status_code not in [200, 204]: + if response.status_code not in [200, 201]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) + if response.status_code == 200: + deserialized = self._deserialize("SourceControl", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("SourceControl", pipeline_response) + if cls: - return cls(pipeline_response, None, {}) + return cls(pipeline_response, deserialized, {}) # type: ignore - delete.metadata = { + return deserialized # type: ignore + + create.metadata = { "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" } @overload - def create( + def delete( self, resource_group_name: str, workspace_name: str, source_control_id: str, - source_control: _models.SourceControl, + repository_access: _models.RepositoryAccessProperties, *, content_type: str = "application/json", **kwargs: Any - ) -> _models.SourceControl: - """Creates a source control. + ) -> _models.Warning: + """Delete a source control. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -476,29 +557,29 @@ def create( :type workspace_name: str :param source_control_id: Source control Id. Required. :type source_control_id: str - :param source_control: The SourceControl. Required. - :type source_control: ~azure.mgmt.securityinsight.models.SourceControl + :param repository_access: The repository access credentials. Required. + :type repository_access: ~azure.mgmt.securityinsight.models.RepositoryAccessProperties :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: SourceControl or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :return: Warning or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Warning :raises ~azure.core.exceptions.HttpResponseError: """ @overload - def create( + def delete( self, resource_group_name: str, workspace_name: str, source_control_id: str, - source_control: IO, + repository_access: IO, *, content_type: str = "application/json", **kwargs: Any - ) -> _models.SourceControl: - """Creates a source control. + ) -> _models.Warning: + """Delete a source control. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -507,27 +588,27 @@ def create( :type workspace_name: str :param source_control_id: Source control Id. Required. :type source_control_id: str - :param source_control: The SourceControl. Required. - :type source_control: IO + :param repository_access: The repository access credentials. Required. + :type repository_access: IO :keyword content_type: Body Parameter content-type. Content type parameter for binary body. Default value is "application/json". :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: SourceControl or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :return: Warning or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Warning :raises ~azure.core.exceptions.HttpResponseError: """ @distributed_trace - def create( + def delete( self, resource_group_name: str, workspace_name: str, source_control_id: str, - source_control: Union[_models.SourceControl, IO], + repository_access: Union[_models.RepositoryAccessProperties, IO], **kwargs: Any - ) -> _models.SourceControl: - """Creates a source control. + ) -> _models.Warning: + """Delete a source control. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -536,14 +617,15 @@ def create( :type workspace_name: str :param source_control_id: Source control Id. Required. :type source_control_id: str - :param source_control: The SourceControl. Is either a model type or a IO type. Required. - :type source_control: ~azure.mgmt.securityinsight.models.SourceControl or IO + :param repository_access: The repository access credentials. Is either a + RepositoryAccessProperties type or a IO type. Required. + :type repository_access: ~azure.mgmt.securityinsight.models.RepositoryAccessProperties or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: SourceControl or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :return: Warning or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Warning :raises ~azure.core.exceptions.HttpResponseError: """ error_map = { @@ -557,21 +639,19 @@ def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.SourceControl] = kwargs.pop("cls", None) + cls: ClsType[_models.Warning] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(source_control, (IO, bytes)): - _content = source_control + if isinstance(repository_access, (IOBase, bytes)): + _content = repository_access else: - _json = self._serialize.body(source_control, "SourceControl") + _json = self._serialize.body(repository_access, "RepositoryAccessProperties") - request = build_create_request( + request = build_delete_request( resource_group_name=resource_group_name, workspace_name=workspace_name, source_control_id=source_control_id, @@ -580,34 +660,31 @@ def create( content_type=content_type, json=_json, content=_content, - template_url=self.create.metadata["url"], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response - if response.status_code not in [200, 201]: + if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - if response.status_code == 200: - deserialized = self._deserialize("SourceControl", pipeline_response) - - if response.status_code == 201: - deserialized = self._deserialize("SourceControl", pipeline_response) + deserialized = self._deserialize("Warning", pipeline_response) if cls: - return cls(pipeline_response, deserialized, {}) # type: ignore + return cls(pipeline_response, deserialized, {}) - return deserialized # type: ignore + return deserialized - create.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}/delete" } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_metrics_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_metrics_operations.py index 282e791e6ca8..8e25a3c5e1e2 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_metrics_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_metrics_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -26,12 +25,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -45,9 +40,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -70,7 +63,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -127,9 +120,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.ThreatIntelligenceMetricsList] = kwargs.pop("cls", None) request = build_list_request( @@ -144,8 +135,9 @@ def list( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_operations.py index 6800898f0f65..7d20a7eaee60 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +43,7 @@ def build_create_indicator_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -73,7 +67,7 @@ def build_create_indicator_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -92,9 +86,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -118,7 +110,7 @@ def build_get_request( "name": _SERIALIZER.url("name", name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -135,9 +127,7 @@ def build_create_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -162,7 +152,7 @@ def build_create_request( "name": _SERIALIZER.url("name", name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -181,9 +171,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -207,7 +195,7 @@ def build_delete_request( "name": _SERIALIZER.url("name", name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -224,9 +212,7 @@ def build_query_indicators_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -250,7 +236,7 @@ def build_query_indicators_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -269,9 +255,7 @@ def build_append_tags_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -296,7 +280,7 @@ def build_append_tags_request( "name": _SERIALIZER.url("name", name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -315,9 +299,7 @@ def build_replace_tags_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -342,7 +324,7 @@ def build_replace_tags_request( "name": _SERIALIZER.url("name", name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -449,7 +431,7 @@ def create_indicator( :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param threat_intelligence_properties: Properties of threat intelligence indicators to create - and update. Is either a model type or a IO type. Required. + and update. Is either a ThreatIntelligenceIndicatorModel type or a IO type. Required. :type threat_intelligence_properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -471,16 +453,14 @@ def create_indicator( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.ThreatIntelligenceInformation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(threat_intelligence_properties, (IO, bytes)): + if isinstance(threat_intelligence_properties, (IOBase, bytes)): _content = threat_intelligence_properties else: _json = self._serialize.body(threat_intelligence_properties, "ThreatIntelligenceIndicatorModel") @@ -500,8 +480,9 @@ def create_indicator( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -554,9 +535,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.ThreatIntelligenceInformation] = kwargs.pop("cls", None) request = build_get_request( @@ -572,8 +551,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -677,7 +657,7 @@ def create( :param name: Threat intelligence indicator name field. Required. :type name: str :param threat_intelligence_properties: Properties of threat intelligence indicators to create - and update. Is either a model type or a IO type. Required. + and update. Is either a ThreatIntelligenceIndicatorModel type or a IO type. Required. :type threat_intelligence_properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -699,16 +679,14 @@ def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.ThreatIntelligenceInformation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(threat_intelligence_properties, (IO, bytes)): + if isinstance(threat_intelligence_properties, (IOBase, bytes)): _content = threat_intelligence_properties else: _json = self._serialize.body(threat_intelligence_properties, "ThreatIntelligenceIndicatorModel") @@ -729,8 +707,9 @@ def create( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -783,9 +762,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -801,8 +778,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -897,7 +875,8 @@ def query_indicators( :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param threat_intelligence_filtering_criteria: Filtering criteria for querying threat - intelligence indicators. Is either a model type or a IO type. Required. + intelligence indicators. Is either a ThreatIntelligenceFilteringCriteria type or a IO type. + Required. :type threat_intelligence_filtering_criteria: ~azure.mgmt.securityinsight.models.ThreatIntelligenceFilteringCriteria or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -913,9 +892,7 @@ def query_indicators( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.ThreatIntelligenceInformationList] = kwargs.pop("cls", None) @@ -929,7 +906,7 @@ def query_indicators( content_type = content_type or "application/json" _json = None _content = None - if isinstance(threat_intelligence_filtering_criteria, (IO, bytes)): + if isinstance(threat_intelligence_filtering_criteria, (IOBase, bytes)): _content = threat_intelligence_filtering_criteria else: _json = self._serialize.body(threat_intelligence_filtering_criteria, "ThreatIntelligenceFilteringCriteria") @@ -980,8 +957,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -1081,7 +1059,7 @@ def append_tags( # pylint: disable=inconsistent-return-statements :param name: Threat intelligence indicator name field. Required. :type name: str :param threat_intelligence_append_tags: The threat intelligence append tags request body. Is - either a model type or a IO type. Required. + either a ThreatIntelligenceAppendTags type or a IO type. Required. :type threat_intelligence_append_tags: ~azure.mgmt.securityinsight.models.ThreatIntelligenceAppendTags or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -1103,16 +1081,14 @@ def append_tags( # pylint: disable=inconsistent-return-statements _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[None] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(threat_intelligence_append_tags, (IO, bytes)): + if isinstance(threat_intelligence_append_tags, (IOBase, bytes)): _content = threat_intelligence_append_tags else: _json = self._serialize.body(threat_intelligence_append_tags, "ThreatIntelligenceAppendTags") @@ -1133,8 +1109,9 @@ def append_tags( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -1234,7 +1211,7 @@ def replace_tags( :param name: Threat intelligence indicator name field. Required. :type name: str :param threat_intelligence_replace_tags: Tags in the threat intelligence indicator to be - replaced. Is either a model type or a IO type. Required. + replaced. Is either a ThreatIntelligenceIndicatorModel type or a IO type. Required. :type threat_intelligence_replace_tags: ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -1256,16 +1233,14 @@ def replace_tags( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.ThreatIntelligenceInformation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(threat_intelligence_replace_tags, (IO, bytes)): + if isinstance(threat_intelligence_replace_tags, (IOBase, bytes)): _content = threat_intelligence_replace_tags else: _json = self._serialize.body(threat_intelligence_replace_tags, "ThreatIntelligenceIndicatorModel") @@ -1286,8 +1261,9 @@ def replace_tags( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicators_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicators_operations.py index 8353884e05ce..5075daf5e9a4 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicators_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicators_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Iterable, Optional, TypeVar import urllib.parse @@ -28,12 +27,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -55,9 +50,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -80,7 +73,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -158,9 +151,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.ThreatIntelligenceInformationList] = kwargs.pop("cls", None) error_map = { @@ -218,8 +209,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_triggered_analytics_rule_run_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_triggered_analytics_rule_run_operations.py new file mode 100644 index 000000000000..34391d73f454 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_triggered_analytics_rule_run_operations.py @@ -0,0 +1,162 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Optional, TypeVar + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_get_request( + resource_group_name: str, workspace_name: str, rule_run_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/{ruleRunId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "ruleRunId": _SERIALIZER.url("rule_run_id", rule_run_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class TriggeredAnalyticsRuleRunOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`triggered_analytics_rule_run` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, rule_run_id: str, **kwargs: Any + ) -> _models.TriggeredAnalyticsRuleRun: + """Gets the triggered analytics rule run. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_run_id: the triggered rule id. Required. + :type rule_run_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TriggeredAnalyticsRuleRun or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TriggeredAnalyticsRuleRun + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.TriggeredAnalyticsRuleRun] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_run_id=rule_run_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("TriggeredAnalyticsRuleRun", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/{ruleRunId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_update_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_update_operations.py index b35219b0a81e..73348269a1b5 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_update_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_update_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, List, Optional, TypeVar, Union, cast, overload from azure.core.exceptions import ( @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +43,7 @@ def build_recommendation_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -74,7 +68,7 @@ def build_recommendation_request( "recommendationId": _SERIALIZER.url("recommendation_id", recommendation_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -125,16 +119,14 @@ def _recommendation_initial( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Recommendation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(recommendation_patch, (IO, bytes)): + if isinstance(recommendation_patch, (IOBase, bytes)): _content = recommendation_patch else: _json = self._serialize.body(recommendation_patch, "[RecommendationPatch]") @@ -155,8 +147,9 @@ def _recommendation_initial( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -272,8 +265,8 @@ def begin_recommendation( :type workspace_name: str :param recommendation_id: Recommendation Id. Required. :type recommendation_id: str - :param recommendation_patch: Recommendation Fields to Update. Is either a list type or a IO - type. Required. + :param recommendation_patch: Recommendation Fields to Update. Is either a [RecommendationPatch] + type or a IO type. Required. :type recommendation_patch: list[~azure.mgmt.securityinsight.models.RecommendationPatch] or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -294,9 +287,7 @@ def begin_recommendation( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Recommendation] = kwargs.pop("cls", None) polling: Union[bool, PollingMethod] = kwargs.pop("polling", True) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlist_items_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlist_items_operations.py index 1139c4e49331..cc51c2d9df3b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlist_items_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlist_items_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -53,9 +49,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -79,7 +73,7 @@ def build_list_request( "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -103,9 +97,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -130,7 +122,7 @@ def build_get_request( "watchlistItemId": _SERIALIZER.url("watchlist_item_id", watchlist_item_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -152,9 +144,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -179,7 +169,7 @@ def build_delete_request( "watchlistItemId": _SERIALIZER.url("watchlist_item_id", watchlist_item_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -201,9 +191,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -229,7 +217,7 @@ def build_create_or_update_request( "watchlistItemId": _SERIALIZER.url("watchlist_item_id", watchlist_item_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -292,9 +280,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.WatchlistItemList] = kwargs.pop("cls", None) error_map = { @@ -350,8 +336,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -398,9 +385,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.WatchlistItem] = kwargs.pop("cls", None) request = build_get_request( @@ -417,8 +402,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -469,9 +455,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -488,8 +472,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -594,7 +579,8 @@ def create_or_update( :type watchlist_alias: str :param watchlist_item_id: Watchlist Item Id (GUID). Required. :type watchlist_item_id: str - :param watchlist_item: The watchlist item. Is either a model type or a IO type. Required. + :param watchlist_item: The watchlist item. Is either a WatchlistItem type or a IO type. + Required. :type watchlist_item: ~azure.mgmt.securityinsight.models.WatchlistItem or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -615,16 +601,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.WatchlistItem] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(watchlist_item, (IO, bytes)): + if isinstance(watchlist_item, (IOBase, bytes)): _content = watchlist_item else: _json = self._serialize.body(watchlist_item, "WatchlistItem") @@ -646,8 +630,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlists_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlists_operations.py index c675404d4edb..45f53eb29323 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlists_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlists_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -52,9 +48,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -77,7 +71,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -96,9 +90,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -122,7 +114,7 @@ def build_get_request( "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -139,9 +131,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -165,7 +155,7 @@ def build_delete_request( "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -182,9 +172,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -209,7 +197,7 @@ def build_create_or_update_request( "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -265,9 +253,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.WatchlistList] = kwargs.pop("cls", None) error_map = { @@ -322,8 +308,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -368,9 +355,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Watchlist] = kwargs.pop("cls", None) request = build_get_request( @@ -386,8 +371,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -436,9 +422,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -454,8 +438,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -572,7 +557,7 @@ def create_or_update( :type workspace_name: str :param watchlist_alias: Watchlist Alias. Required. :type watchlist_alias: str - :param watchlist: The watchlist. Is either a model type or a IO type. Required. + :param watchlist: The watchlist. Is either a Watchlist type or a IO type. Required. :type watchlist: ~azure.mgmt.securityinsight.models.Watchlist or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -593,16 +578,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Watchlist] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(watchlist, (IO, bytes)): + if isinstance(watchlist, (IOBase, bytes)): _content = watchlist else: _json = self._serialize.body(watchlist, "Watchlist") @@ -623,8 +606,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_assignment_jobs_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_assignment_jobs_operations.py new file mode 100644 index 000000000000..97b8f6ae6ac9 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_assignment_jobs_operations.py @@ -0,0 +1,604 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Iterable, Optional, TypeVar +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + subscription_id: str, + *, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerAssignmentName": _SERIALIZER.url( + "workspace_manager_assignment_name", + workspace_manager_assignment_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerAssignmentName": _SERIALIZER.url( + "workspace_manager_assignment_name", + workspace_manager_assignment_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + job_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs/{jobName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerAssignmentName": _SERIALIZER.url( + "workspace_manager_assignment_name", + workspace_manager_assignment_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "jobName": _SERIALIZER.url("job_name", job_name, "str", pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + job_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs/{jobName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerAssignmentName": _SERIALIZER.url( + "workspace_manager_assignment_name", + workspace_manager_assignment_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "jobName": _SERIALIZER.url("job_name", job_name, "str", pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +class WorkspaceManagerAssignmentJobsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`workspace_manager_assignment_jobs` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.Job"]: + """Get all jobs for the specified workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either Job or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.Job] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.JobList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + subscription_id=self._config.subscription_id, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("JobList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs" + } + + @distributed_trace + def create( + self, resource_group_name: str, workspace_name: str, workspace_manager_assignment_name: str, **kwargs: Any + ) -> _models.Job: + """Create a job for the specified workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Job or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Job + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.Job] = kwargs.pop("cls", None) + + request = build_create_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.create.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Job", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + create.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs" + } + + @distributed_trace + def get( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + job_name: str, + **kwargs: Any + ) -> _models.Job: + """Gets a job. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param job_name: The job name. Required. + :type job_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Job or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Job + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.Job] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + job_name=job_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Job", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs/{jobName}" + } + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + job_name: str, + **kwargs: Any + ) -> None: + """Deletes the specified job from the specified workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param job_name: The job name. Required. + :type job_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + job_name=job_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs/{jobName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_assignments_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_assignments_operations.py new file mode 100644 index 000000000000..46719ebf048c --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_assignments_operations.py @@ -0,0 +1,671 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerAssignmentName": _SERIALIZER.url( + "workspace_manager_assignment_name", + workspace_manager_assignment_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_or_update_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerAssignmentName": _SERIALIZER.url( + "workspace_manager_assignment_name", + workspace_manager_assignment_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerAssignmentName": _SERIALIZER.url( + "workspace_manager_assignment_name", + workspace_manager_assignment_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +class WorkspaceManagerAssignmentsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`workspace_manager_assignments` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.WorkspaceManagerAssignment"]: + """Get all workspace manager assignments for the Sentinel workspace manager. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either WorkspaceManagerAssignment or the result of + cls(response) + :rtype: + ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerAssignmentList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("WorkspaceManagerAssignmentList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments" + } + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, workspace_manager_assignment_name: str, **kwargs: Any + ) -> _models.WorkspaceManagerAssignment: + """Gets a workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerAssignment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerAssignment] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("WorkspaceManagerAssignment", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}" + } + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + workspace_manager_assignment: _models.WorkspaceManagerAssignment, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerAssignment: + """Creates or updates a workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param workspace_manager_assignment: The workspace manager assignment. Required. + :type workspace_manager_assignment: + ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerAssignment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + workspace_manager_assignment: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerAssignment: + """Creates or updates a workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param workspace_manager_assignment: The workspace manager assignment. Required. + :type workspace_manager_assignment: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerAssignment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + workspace_manager_assignment: Union[_models.WorkspaceManagerAssignment, IO], + **kwargs: Any + ) -> _models.WorkspaceManagerAssignment: + """Creates or updates a workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param workspace_manager_assignment: The workspace manager assignment. Is either a + WorkspaceManagerAssignment type or a IO type. Required. + :type workspace_manager_assignment: + ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerAssignment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.WorkspaceManagerAssignment] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(workspace_manager_assignment, (IOBase, bytes)): + _content = workspace_manager_assignment + else: + _json = self._serialize.body(workspace_manager_assignment, "WorkspaceManagerAssignment") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("WorkspaceManagerAssignment", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("WorkspaceManagerAssignment", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}" + } + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, workspace_manager_assignment_name: str, **kwargs: Any + ) -> None: + """Deletes a workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_configurations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_configurations_operations.py new file mode 100644 index 000000000000..27332a0f6f44 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_configurations_operations.py @@ -0,0 +1,671 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_configuration_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerConfigurationName": _SERIALIZER.url( + "workspace_manager_configuration_name", + workspace_manager_configuration_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_configuration_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerConfigurationName": _SERIALIZER.url( + "workspace_manager_configuration_name", + workspace_manager_configuration_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_or_update_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_configuration_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerConfigurationName": _SERIALIZER.url( + "workspace_manager_configuration_name", + workspace_manager_configuration_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +class WorkspaceManagerConfigurationsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`workspace_manager_configurations` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.WorkspaceManagerConfiguration"]: + """Gets all workspace manager configurations for a Sentinel workspace. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either WorkspaceManagerConfiguration or the result of + cls(response) + :rtype: + ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerConfigurationList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("WorkspaceManagerConfigurationList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations" + } + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, workspace_manager_configuration_name: str, **kwargs: Any + ) -> _models.WorkspaceManagerConfiguration: + """Gets a workspace manager configuration. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_configuration_name: The name of the workspace manager configuration. + Required. + :type workspace_manager_configuration_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerConfiguration or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerConfiguration] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_configuration_name=workspace_manager_configuration_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("WorkspaceManagerConfiguration", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}" + } + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, workspace_manager_configuration_name: str, **kwargs: Any + ) -> None: + """Deletes a workspace manager configuration. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_configuration_name: The name of the workspace manager configuration. + Required. + :type workspace_manager_configuration_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_configuration_name=workspace_manager_configuration_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}" + } + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_configuration_name: str, + workspace_manager_configuration: _models.WorkspaceManagerConfiguration, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerConfiguration: + """Creates or updates a workspace manager configuration. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_configuration_name: The name of the workspace manager configuration. + Required. + :type workspace_manager_configuration_name: str + :param workspace_manager_configuration: The workspace manager configuration. Required. + :type workspace_manager_configuration: + ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerConfiguration or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_configuration_name: str, + workspace_manager_configuration: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerConfiguration: + """Creates or updates a workspace manager configuration. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_configuration_name: The name of the workspace manager configuration. + Required. + :type workspace_manager_configuration_name: str + :param workspace_manager_configuration: The workspace manager configuration. Required. + :type workspace_manager_configuration: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerConfiguration or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_configuration_name: str, + workspace_manager_configuration: Union[_models.WorkspaceManagerConfiguration, IO], + **kwargs: Any + ) -> _models.WorkspaceManagerConfiguration: + """Creates or updates a workspace manager configuration. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_configuration_name: The name of the workspace manager configuration. + Required. + :type workspace_manager_configuration_name: str + :param workspace_manager_configuration: The workspace manager configuration. Is either a + WorkspaceManagerConfiguration type or a IO type. Required. + :type workspace_manager_configuration: + ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerConfiguration or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.WorkspaceManagerConfiguration] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(workspace_manager_configuration, (IOBase, bytes)): + _content = workspace_manager_configuration + else: + _json = self._serialize.body(workspace_manager_configuration, "WorkspaceManagerConfiguration") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_configuration_name=workspace_manager_configuration_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("WorkspaceManagerConfiguration", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("WorkspaceManagerConfiguration", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_groups_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_groups_operations.py new file mode 100644 index 000000000000..615ac90f6979 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_groups_operations.py @@ -0,0 +1,663 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_group_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerGroupName": _SERIALIZER.url( + "workspace_manager_group_name", + workspace_manager_group_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_or_update_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_group_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerGroupName": _SERIALIZER.url( + "workspace_manager_group_name", + workspace_manager_group_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_group_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerGroupName": _SERIALIZER.url( + "workspace_manager_group_name", + workspace_manager_group_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +class WorkspaceManagerGroupsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`workspace_manager_groups` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.WorkspaceManagerGroup"]: + """Gets all workspace manager groups in the Sentinel workspace manager. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either WorkspaceManagerGroup or the result of + cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.WorkspaceManagerGroup] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerGroupList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("WorkspaceManagerGroupList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups" + } + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, workspace_manager_group_name: str, **kwargs: Any + ) -> _models.WorkspaceManagerGroup: + """Gets a workspace manager group. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_group_name: The name of the workspace manager group. Required. + :type workspace_manager_group_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerGroup or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerGroup] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_group_name=workspace_manager_group_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("WorkspaceManagerGroup", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}" + } + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_group_name: str, + workspace_manager_group: _models.WorkspaceManagerGroup, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerGroup: + """Creates or updates a workspace manager group. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_group_name: The name of the workspace manager group. Required. + :type workspace_manager_group_name: str + :param workspace_manager_group: The workspace manager group object. Required. + :type workspace_manager_group: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerGroup or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_group_name: str, + workspace_manager_group: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerGroup: + """Creates or updates a workspace manager group. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_group_name: The name of the workspace manager group. Required. + :type workspace_manager_group_name: str + :param workspace_manager_group: The workspace manager group object. Required. + :type workspace_manager_group: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerGroup or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_group_name: str, + workspace_manager_group: Union[_models.WorkspaceManagerGroup, IO], + **kwargs: Any + ) -> _models.WorkspaceManagerGroup: + """Creates or updates a workspace manager group. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_group_name: The name of the workspace manager group. Required. + :type workspace_manager_group_name: str + :param workspace_manager_group: The workspace manager group object. Is either a + WorkspaceManagerGroup type or a IO type. Required. + :type workspace_manager_group: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerGroup or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.WorkspaceManagerGroup] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(workspace_manager_group, (IOBase, bytes)): + _content = workspace_manager_group + else: + _json = self._serialize.body(workspace_manager_group, "WorkspaceManagerGroup") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_group_name=workspace_manager_group_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("WorkspaceManagerGroup", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("WorkspaceManagerGroup", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}" + } + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, workspace_manager_group_name: str, **kwargs: Any + ) -> None: + """Deletes a workspace manager group. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_group_name: The name of the workspace manager group. Required. + :type workspace_manager_group_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_group_name=workspace_manager_group_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_members_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_members_operations.py new file mode 100644 index 000000000000..2a20ee316f3a --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_members_operations.py @@ -0,0 +1,663 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_member_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerMemberName": _SERIALIZER.url( + "workspace_manager_member_name", + workspace_manager_member_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_or_update_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_member_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerMemberName": _SERIALIZER.url( + "workspace_manager_member_name", + workspace_manager_member_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_member_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-10-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerMemberName": _SERIALIZER.url( + "workspace_manager_member_name", + workspace_manager_member_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +class WorkspaceManagerMembersOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`workspace_manager_members` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.WorkspaceManagerMember"]: + """Gets all workspace manager members that exist for the given Sentinel workspace manager. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either WorkspaceManagerMember or the result of + cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.WorkspaceManagerMember] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerMembersList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("WorkspaceManagerMembersList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/" + } + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, workspace_manager_member_name: str, **kwargs: Any + ) -> _models.WorkspaceManagerMember: + """Gets a workspace manager member. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_member_name: The name of the workspace manager member. Required. + :type workspace_manager_member_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerMember or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerMember] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_member_name=workspace_manager_member_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("WorkspaceManagerMember", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}" + } + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_member_name: str, + workspace_manager_member: _models.WorkspaceManagerMember, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerMember: + """Creates or updates a workspace manager member. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_member_name: The name of the workspace manager member. Required. + :type workspace_manager_member_name: str + :param workspace_manager_member: The workspace manager member object. Required. + :type workspace_manager_member: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerMember or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_member_name: str, + workspace_manager_member: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerMember: + """Creates or updates a workspace manager member. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_member_name: The name of the workspace manager member. Required. + :type workspace_manager_member_name: str + :param workspace_manager_member: The workspace manager member object. Required. + :type workspace_manager_member: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerMember or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_member_name: str, + workspace_manager_member: Union[_models.WorkspaceManagerMember, IO], + **kwargs: Any + ) -> _models.WorkspaceManagerMember: + """Creates or updates a workspace manager member. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_member_name: The name of the workspace manager member. Required. + :type workspace_manager_member_name: str + :param workspace_manager_member: The workspace manager member object. Is either a + WorkspaceManagerMember type or a IO type. Required. + :type workspace_manager_member: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerMember or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.WorkspaceManagerMember] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(workspace_manager_member, (IOBase, bytes)): + _content = workspace_manager_member + else: + _json = self._serialize.body(workspace_manager_member, "WorkspaceManagerMember") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_member_name=workspace_manager_member_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("WorkspaceManagerMember", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("WorkspaceManagerMember", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}" + } + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, workspace_manager_member_name: str, **kwargs: Any + ) -> None: + """Deletes a workspace manager member. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_member_name: The name of the workspace manager member. Required. + :type workspace_manager_member_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_member_name=workspace_manager_member_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_action_of_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/create_action_of_alert_rule.py similarity index 97% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_action_of_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/create_action_of_alert_rule.py index 805f96e8a4ec..f6751c235b93 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_action_of_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/create_action_of_alert_rule.py @@ -45,6 +45,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/actions/CreateActionOfAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/CreateActionOfAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_action_of_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/delete_action_of_alert_rule.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_action_of_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/delete_action_of_alert_rule.py index 01907457a01d..c743a1f3b763 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_action_of_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/delete_action_of_alert_rule.py @@ -29,15 +29,14 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.actions.delete( + client.actions.delete( resource_group_name="myRg", workspace_name="myWorkspace", rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", action_id="912bec42-cb66-4c03-ac63-1761b6898c3e", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/actions/DeleteActionOfAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/DeleteActionOfAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_action_of_alert_rule_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/get_action_of_alert_rule_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_action_of_alert_rule_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/get_action_of_alert_rule_by_id.py index 6bf9693e038f..6d3411f787ff 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_action_of_alert_rule_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/get_action_of_alert_rule_by_id.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/actions/GetActionOfAlertRuleById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/GetActionOfAlertRuleById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_actions_by_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/get_all_actions_by_alert_rule.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_actions_by_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/get_all_actions_by_alert_rule.py index 71e28322c8e7..88bbd78fe85e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_actions_by_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/get_all_actions_by_alert_rule.py @@ -38,6 +38,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/actions/GetAllActionsByAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/GetAllActionsByAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_alert_rule_template_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rule_templates/get_alert_rule_template_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_alert_rule_template_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rule_templates/get_alert_rule_template_by_id.py index 1d18bbcb0164..071499b0dc20 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_alert_rule_template_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rule_templates/get_alert_rule_template_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_alert_rule_templates.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rule_templates/get_alert_rule_templates.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_alert_rule_templates.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rule_templates/get_alert_rule_templates.py index 4f232d8a66d2..beebd21b17f3 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_alert_rule_templates.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rule_templates/get_alert_rule_templates.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_fusion_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_fusion_alert_rule.py similarity index 99% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_fusion_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_fusion_alert_rule.py index 7f4268b32cbc..5b2c64006285 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_fusion_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_fusion_alert_rule.py @@ -174,6 +174,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/CreateFusionAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateFusionAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_fusion_alert_rule_with_fusion_scenario_exclusion.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_fusion_alert_rule_with_fusion_scenario_exclusion.py similarity index 99% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_fusion_alert_rule_with_fusion_scenario_exclusion.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_fusion_alert_rule_with_fusion_scenario_exclusion.py index cea2c133fe51..1fc21d894228 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_fusion_alert_rule_with_fusion_scenario_exclusion.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_fusion_alert_rule_with_fusion_scenario_exclusion.py @@ -174,6 +174,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_microsoft_security_incident_creation_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_microsoft_security_incident_creation_alert_rule.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_microsoft_security_incident_creation_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_microsoft_security_incident_creation_alert_rule.py index f1dae6d1fced..ad7dd374862c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_microsoft_security_incident_creation_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_microsoft_security_incident_creation_alert_rule.py @@ -46,6 +46,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_nrt_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_nrt_alert_rule.py similarity index 97% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_nrt_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_nrt_alert_rule.py index b52313895455..201265d14ba8 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_nrt_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_nrt_alert_rule.py @@ -63,6 +63,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/CreateNrtAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateNrtAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_scheduled_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_scheduled_alert_rule.py similarity index 98% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_scheduled_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_scheduled_alert_rule.py index 41f7815cc6e8..0402d9c7bba3 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_scheduled_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_scheduled_alert_rule.py @@ -84,6 +84,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/CreateScheduledAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateScheduledAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/delete_alert_rule.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/delete_alert_rule.py index e8eccd69f4ac..d33cc633ec5e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/delete_alert_rule.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.alert_rules.delete( + client.alert_rules.delete( resource_group_name="myRg", workspace_name="myWorkspace", rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/DeleteAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/DeleteAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_alert_rules.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_all_alert_rules.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_alert_rules.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_all_alert_rules.py index 6bfe39da69fe..5f43c481ceaf 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_alert_rules.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_all_alert_rules.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/GetAllAlertRules.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetAllAlertRules.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_fusion_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_fusion_alert_rule.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_fusion_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_fusion_alert_rule.py index 20bbac08277f..a279de893e58 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_fusion_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_fusion_alert_rule.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/GetFusionAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetFusionAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_security_incident_creation_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_microsoft_security_incident_creation_alert_rule.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_security_incident_creation_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_microsoft_security_incident_creation_alert_rule.py index fd1493e29bb6..66118bf77ced 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_security_incident_creation_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_microsoft_security_incident_creation_alert_rule.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_nrt_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_nrt_alert_rule.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_nrt_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_nrt_alert_rule.py index e3ffcd9605df..f92c767a9e42 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_nrt_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_nrt_alert_rule.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/GetNrtAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetNrtAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_scheduled_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_scheduled_alert_rule.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_scheduled_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_scheduled_alert_rule.py index fe0d97781a54..bbb48a5d206d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_scheduled_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_scheduled_alert_rule.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/GetScheduledAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetScheduledAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_create_or_update.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_create_or_update.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_create_or_update.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_create_or_update.py index 41e25ad33c82..96f51ff064da 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_create_or_update.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_create_or_update.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_delete.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_delete.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_delete.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_delete.py index 5425a32f6ccd..7bcc76c68ede 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_delete.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_delete.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/automationRules/AutomationRules_Delete.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_Delete.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_get.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_get.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_get.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_get.py index 56075cbd2de2..00da6c3bebe5 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_get.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_get.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/automationRules/AutomationRules_Get.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_Get.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_list.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_list.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_list.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_list.py index 5916a50c7a2a..99c55117c073 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_list.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_list.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/automationRules/AutomationRules_List.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_List.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/billing_statistics/get_all_billing_statistics.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/billing_statistics/get_all_billing_statistics.py new file mode 100644 index 000000000000..cdc4f48b0bf1 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/billing_statistics/get_all_billing_statistics.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_all_billing_statistics.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.billing_statistics.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/billingStatistics/GetAllBillingStatistics.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/billing_statistics/get_billing_statistic.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/billing_statistics/get_billing_statistic.py new file mode 100644 index 000000000000..0d6fc4388260 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/billing_statistics/get_billing_statistic.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_billing_statistic.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.billing_statistics.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + billing_statistic_name="sapSolutionUsage", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/billingStatistics/GetBillingStatistic.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_bookmark.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/create_bookmark.py similarity index 97% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_bookmark.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/create_bookmark.py index 44e578eca8d0..f1974776a750 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_bookmark.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/create_bookmark.py @@ -59,6 +59,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/CreateBookmark.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/CreateBookmark.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_bookmark.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/delete_bookmark.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_bookmark.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/delete_bookmark.py index 5f63071b1758..59505d20a3df 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_bookmark.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/delete_bookmark.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.bookmarks.delete( + client.bookmarks.delete( resource_group_name="myRg", workspace_name="myWorkspace", bookmark_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/DeleteBookmark.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/DeleteBookmark.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_expand_bookmark.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/expand/post_expand_bookmark.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_expand_bookmark.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/expand/post_expand_bookmark.py index 49329bae179a..ea75e8ac7f70 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_expand_bookmark.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/expand/post_expand_bookmark.py @@ -42,6 +42,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/expand/PostExpandBookmark.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/expand/PostExpandBookmark.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmark_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/get_bookmark_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmark_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/get_bookmark_by_id.py index 8e87468ceb1e..a1137d028334 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmark_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/get_bookmark_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/GetBookmarkById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/GetBookmarkById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmarks.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/get_bookmarks.py similarity index 95% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmarks.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/get_bookmarks.py index 3bfe6238bf16..47b595e0be19 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmarks.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/get_bookmarks.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/GetBookmarks.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/GetBookmarks.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_bookmark_relation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/create_bookmark_relation.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_bookmark_relation.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/create_bookmark_relation.py index fa4c8433745e..795d4ff98204 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_bookmark_relation.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/create_bookmark_relation.py @@ -43,6 +43,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_bookmark_relation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/delete_bookmark_relation.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_bookmark_relation.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/delete_bookmark_relation.py index 940f286c435e..b2dd3969ed75 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_bookmark_relation.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/delete_bookmark_relation.py @@ -29,15 +29,14 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.bookmark_relations.delete( + client.bookmark_relations.delete( resource_group_name="myRg", workspace_name="myWorkspace", bookmark_id="2216d0e1-91e3-4902-89fd-d2df8c535096", relation_name="4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_bookmark_relations.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/get_all_bookmark_relations.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_bookmark_relations.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/get_all_bookmark_relations.py index dd257f859112..4199c0d38497 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_bookmark_relations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/get_all_bookmark_relations.py @@ -38,6 +38,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmark_relation_by_name.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/get_bookmark_relation_by_name.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmark_relation_by_name.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/get_bookmark_relation_by_name.py index 7426af196f31..82f3eaa702b0 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmark_relation_by_name.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/get_bookmark_relation_by_name.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_package_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_package_by_id.py new file mode 100644 index 000000000000..fd38356e0563 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_package_by_id.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_package_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + response = client.content_packages.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + package_id="str.azure-sentinel-solution-str", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetPackageById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_packages.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_packages.py new file mode 100644 index 000000000000..12a89c20d9c4 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_packages.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_packages.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + response = client.content_packages.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetPackages.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_product_package_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_product_package_by_id.py new file mode 100644 index 000000000000..e66e66792a47 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_product_package_by_id.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_product_package_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + response = client.product_package.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + package_id="str.azure-sentinel-solution-str", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetProductPackageById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_product_packages.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_product_packages.py new file mode 100644 index 000000000000..31b8d3b46419 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_product_packages.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_product_packages.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + response = client.product_packages.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetProductPackages.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/install_package.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/install_package.py new file mode 100644 index 000000000000..d1389d2b7954 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/install_package.py @@ -0,0 +1,52 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python install_package.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + response = client.content_package.install( + resource_group_name="myRg", + workspace_name="myWorkspace", + package_id="str.azure-sentinel-solution-str", + package_installation_properties={ + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "displayName": "str", + "version": "2.0.0", + }, + "tags": {"tag1": "str"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/InstallPackage.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/uninstall_package.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/uninstall_package.py new file mode 100644 index 000000000000..04b7afad2bf3 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/uninstall_package.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python uninstall_package.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + client.content_package.uninstall( + resource_group_name="myRg", + workspace_name="myWorkspace", + package_id="str.azure-sentinel-solution-str", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/UninstallPackage.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/delete_template.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/delete_template.py new file mode 100644 index 000000000000..89c8931bcc95 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/delete_template.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_template.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + client.content_template.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + template_id="8365ebfe-a381-45b7-ad08-7d818070e11f", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/DeleteTemplate.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_product_template_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_product_template_by_id.py new file mode 100644 index 000000000000..17a3318d1038 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_product_template_by_id.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_product_template_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + response = client.product_template.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + template_id="8365ebfe-a381-45b7-ad08-7d818070e11f", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetProductTemplateById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_product_templates.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_product_templates.py new file mode 100644 index 000000000000..63f769c5802f --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_product_templates.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_product_templates.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + response = client.product_templates.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetProductTemplates.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_template_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_template_by_id.py new file mode 100644 index 000000000000..1ab6ea95c29f --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_template_by_id.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_template_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + response = client.content_template.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + template_id="8365ebfe-a381-45b7-ad08-7d818070e11f", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetTemplateById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_templates.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_templates.py new file mode 100644 index 000000000000..e02f2f1f86a2 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_templates.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_templates.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + response = client.content_templates.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetTemplates.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/install_template.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/install_template.py new file mode 100644 index 000000000000..29dc6a35bbc3 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/install_template.py @@ -0,0 +1,115 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python install_template.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + response = client.content_template.install( + resource_group_name="myRg", + workspace_name="myWorkspace", + template_id="str.azure-sentinel-solution-str", + template_installation_properties={ + "properties": { + "author": {"email": "support@microsoft.com", "name": "Microsoft"}, + "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "contentKind": "AnalyticsRule", + "contentProductId": "str.azure-sentinel-solution-str-ar-cbfe4fndz66bi", + "displayName": "API Protection workbook template", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.1", + "resources": [ + { + "apiVersion": "2022-04-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "properties": { + "description": "Creates an incident when a large number of Critical/High severity CrowdStrike Falcon sensor detections is triggered by a single user", + "displayName": "Critical or High Severity Detections by User", + "enabled": False, + "query": "...", + "queryFrequency": "PT1H", + "queryPeriod": "PT1H", + "severity": "High", + "status": "Available", + "suppressionDuration": "PT1H", + "suppressionEnabled": False, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + }, + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + }, + { + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split([resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)],'/'))))]", + "properties": { + "author": {"email": "support@microsoft.com", "name": "Microsoft"}, + "contentId": "4465ebde-b381-45f7-ad08-7d818070a11c", + "description": "CrowdStrike Falcon Endpoint Protection Analytics Rule 1", + "kind": "AnalyticsRule", + "parentId": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)]", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str", + }, + "support": { + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "name": "Microsoft Corporation", + "tier": "Microsoft", + }, + "version": "1.0.0", + }, + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + }, + ], + }, + "packageId": "str.azure-sentinel-solution-str", + "packageKind": "Solution", + "packageName": "str", + "packageVersion": "1.0.0", + "source": {"kind": "Solution", "name": "str", "sourceId": "str.azure-sentinel-solution-str"}, + "support": { + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "name": "Microsoft Corporation", + "tier": "Microsoft", + }, + "version": "1.0.1", + }, + "tags": {"tag1": "str"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/InstallTemplate.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/create_customizable_data_connector_definition.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/create_customizable_data_connector_definition.py new file mode 100644 index 000000000000..717b1633deb3 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/create_customizable_data_connector_definition.py @@ -0,0 +1,110 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_customizable_data_connector_definition.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connector_definitions.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_definition_name="73e01a99-5cd7-4139-a149-9f2736ff2ab5", + connector_definition_input={ + "etag": '"0300bf09-0000-0000-0000-5c37296e0000"', + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "availability": {"isPreview": False, "status": 1}, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ], + } + ], + "dataTypes": [ + { + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)", + "name": "GitHubAuditLogPolling_CL", + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "GitHubAuditLogPolling_CL", + "legend": "GitHub audit log events", + "metricName": "Total events received", + } + ], + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow `this `_ to create or find your personal key", + "instructions": [ + { + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect", + }, + "type": "OAuthForm", + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + } + ], + "permissions": { + "customs": [ + { + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope", + "name": "GitHub API personal token Key", + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": {"action": False, "delete": False, "read": False, "write": True}, + "scope": "Workspace", + } + ], + }, + "publisher": "GitHub", + "sampleQueries": [{"description": "All logs", "query": "GitHubAuditLogPolling_CL \n | take 10"}], + "title": "GitHub Enterprise Audit Log", + } + }, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/delete_data_connector_definition_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/delete_data_connector_definition_by_id.py new file mode 100644 index 000000000000..05e019e1a6bf --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/delete_data_connector_definition_by_id.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_data_connector_definition_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.data_connector_definitions.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_definition_name="73e01a99-5cd7-4139-a149-9f2736ff2ab5", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/get_customizable_data_connectoe_definition_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/get_customizable_data_connectoe_definition_by_id.py new file mode 100644 index 000000000000..65634f6f9047 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/get_customizable_data_connectoe_definition_by_id.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_customizable_data_connectoe_definition_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connector_definitions.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_definition_name="763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/get_data_connector_definitions.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/get_data_connector_definitions.py new file mode 100644 index 000000000000..baf8fb6c7904 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/get_data_connector_definitions.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_data_connector_definitions.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connector_definitions.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory.py new file mode 100644 index 000000000000..ae597e4487c4 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_azure_active_directory.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "AzureActiveDirectory", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory_no_authorization.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory_no_authorization.py new file mode 100644 index 000000000000..43a6e57b383e --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory_no_authorization.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_azure_active_directory_no_authorization.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "AzureActiveDirectory", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory_no_license.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory_no_license.py new file mode 100644 index 000000000000..f098caf78514 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory_no_license.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_azure_active_directory_no_license.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "AzureActiveDirectory", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_security_center.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_security_center.py new file mode 100644 index 000000000000..ea0fe290f1d7 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_security_center.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_azure_security_center.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "AzureSecurityCenter", + "properties": {"subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_dynamics365.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_dynamics365.py new file mode 100644 index 000000000000..b90ee41675b2 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_dynamics365.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_dynamics365.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "Dynamics365", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_io_t.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_io_t.py new file mode 100644 index 000000000000..4f29296beef8 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_io_t.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_io_t.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "IOT", + "properties": {"subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsIoT.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_mdatp.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_mdatp.py new file mode 100644 index 000000000000..6d55fc95e3e5 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_mdatp.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_mdatp.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "MicrosoftCloudAppSecurity", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_cloud_app_security.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_cloud_app_security.py new file mode 100644 index 000000000000..16dceb1ccd3a --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_cloud_app_security.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_microsoft_cloud_app_security.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "MicrosoftCloudAppSecurity", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_purview_information_protection.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_purview_information_protection.py new file mode 100644 index 000000000000..922b96d94bea --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_purview_information_protection.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_microsoft_purview_information_protection.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "MicrosoftPurviewInformationProtection", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_threat_intelligence.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_threat_intelligence.py new file mode 100644 index 000000000000..6895f4455a6f --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_threat_intelligence.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_microsoft_threat_intelligence.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "MicrosoftThreatIntelligence", + "properties": {"tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_threat_protection.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_threat_protection.py new file mode 100644 index 000000000000..2a23aaeb2eb0 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_threat_protection.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_microsoft_threat_protection.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "MicrosoftThreatProtection", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office365_project.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office365_project.py new file mode 100644 index 000000000000..e137c4da88cf --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office365_project.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_office365_project.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "Office365Project", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_atp.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_atp.py new file mode 100644 index 000000000000..f262d004da31 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_atp.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_office_atp.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "OfficeATP", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_irm.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_irm.py new file mode 100644 index 000000000000..5d6039711879 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_irm.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_office_irm.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "OfficeIRM", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_power_bi.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_power_bi.py new file mode 100644 index 000000000000..8546929b3bb2 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_power_bi.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_office_power_bi.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "OfficePowerBI", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_threat_intelligence.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_threat_intelligence.py new file mode 100644 index 000000000000..0ac985c11d05 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_threat_intelligence.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_threat_intelligence.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "ThreatIntelligence", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_threat_intelligence_taxii.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_threat_intelligence_taxii.py new file mode 100644 index 000000000000..61242a74dc21 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_threat_intelligence_taxii.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_threat_intelligence_taxii.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "ThreatIntelligenceTaxii", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/connect_api_polling.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/connect_api_polling.py similarity index 93% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/connect_api_polling.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/connect_api_polling.py index 2a05669c46df..1cc3f68f7ce1 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/connect_api_polling.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/connect_api_polling.py @@ -29,7 +29,7 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.data_connectors.connect( + client.data_connectors.connect( resource_group_name="myRg", workspace_name="myWorkspace", data_connector_id="316ec55e-7138-4d63-ab18-90c8a60fd1c8", @@ -46,9 +46,8 @@ def main(): ], }, ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/ConnectAPIPolling.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/ConnectAPIPolling.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/connect_api_polling_v2_logs.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/connect_api_polling_v2_logs.py similarity index 94% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/connect_api_polling_v2_logs.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/connect_api_polling_v2_logs.py index f63f252194af..e7d6b78798a7 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/connect_api_polling_v2_logs.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/connect_api_polling_v2_logs.py @@ -29,7 +29,7 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.data_connectors.connect( + client.data_connectors.connect( resource_group_name="myRg", workspace_name="myWorkspace", data_connector_id="316ec55e-7138-4d63-ab18-90c8a60fd1c8", @@ -49,9 +49,8 @@ def main(): ], }, ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_api_polling.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_api_polling.py similarity index 99% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_api_polling.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_api_polling.py index ceceb21be0af..c7dde496356d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_api_polling.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_api_polling.py @@ -121,6 +121,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateAPIPolling.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateAPIPolling.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_dynamics365_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_dynamics365_data_connetor.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_dynamics365_data_connetor.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_dynamics365_data_connetor.py index 14c0e141de06..9433ab29caa4 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_dynamics365_data_connetor.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_dynamics365_data_connetor.py @@ -45,6 +45,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_generic_ui.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_generic_ui.py similarity index 99% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_generic_ui.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_generic_ui.py index b28a4a25f666..5af143fd4819 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_generic_ui.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_generic_ui.py @@ -156,6 +156,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateGenericUI.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateGenericUI.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_google_cloud_platform.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_google_cloud_platform.py new file mode 100644 index 000000000000..9fc75f9838ce --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_google_cloud_platform.py @@ -0,0 +1,60 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_google_cloud_platform.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_id="GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + data_connector={ + "kind": "GCP", + "properties": { + "auth": { + "projectNumber": "123456789012", + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "type": "GCP", + "workloadIdentityProviderId": "sentinel-identity-provider", + }, + "connectorDefinitionName": "GcpConnector", + "dcrConfig": { + "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023", + "streamName": "SENTINEL_GCP_AUDIT_LOGS", + }, + "request": {"projectId": "project-id", "subscriptionNames": ["sentinel-subscription"]}, + }, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_purview_information_protection_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_purview_information_protection_data_connetor.py new file mode 100644 index 000000000000..398c6ef9b051 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_purview_information_protection_data_connetor.py @@ -0,0 +1,50 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_microsoft_purview_information_protection_data_connetor.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", + data_connector={ + "etag": '"0300bf09-0000-0000-0000-5c37296e0000"', + "kind": "MicrosoftPurviewInformationProtection", + "properties": { + "dataTypes": {"logs": {"state": "Enabled"}}, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + }, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_threat_intelligence_data_connector.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_threat_intelligence_data_connector.py new file mode 100644 index 000000000000..429e842e66b4 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_threat_intelligence_data_connector.py @@ -0,0 +1,51 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_microsoft_threat_intelligence_data_connector.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_id="c345bf40-8509-4ed2-b947-50cb773aaf04", + data_connector={ + "kind": "MicrosoftThreatIntelligence", + "properties": { + "dataTypes": { + "microsoftEmergingThreatFeed": {"lookbackPeriod": "1970-01-01T00:00:00.000Z", "state": "Enabled"} + }, + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + }, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_threat_protection_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_threat_protection_data_connetor.py new file mode 100644 index 000000000000..e27cefb99122 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_threat_protection_data_connetor.py @@ -0,0 +1,51 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_microsoft_threat_protection_data_connetor.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", + data_connector={ + "etag": '"0300bf09-0000-0000-0000-5c37296e0000"', + "kind": "MicrosoftThreatProtection", + "properties": { + "dataTypes": {"alerts": {"state": "Enabled"}, "incidents": {"state": "Disabled"}}, + "filteredProviders": {"alerts": ["microsoftDefenderForCloudApps"]}, + "tenantId": "178265c4-3136-4ff6-8ed1-b5b62b4cb5f5", + }, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office365_project_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_office365_project_data_connetor.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office365_project_data_connetor.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_office365_project_data_connetor.py index 17400d2e0bbe..9069b1bbade5 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office365_project_data_connetor.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_office365_project_data_connetor.py @@ -45,6 +45,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_office_data_connetor.py similarity index 97% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office_data_connetor.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_office_data_connetor.py index e64dbac15d70..adf7fa128bd1 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office_data_connetor.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_office_data_connetor.py @@ -49,6 +49,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office_power_bi_data_connector.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_office_power_bi_data_connector.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office_power_bi_data_connector.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_office_power_bi_data_connector.py index c2c0e69ee1c2..fe7fe230eaa9 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office_power_bi_data_connector.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_office_power_bi_data_connector.py @@ -45,6 +45,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_threat_intelligence_data_connector.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_threat_intelligence_data_connector.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_threat_intelligence_data_connector.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_threat_intelligence_data_connector.py index e58c78df5816..f72ea73b677d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_threat_intelligence_data_connector.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_threat_intelligence_data_connector.py @@ -45,6 +45,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_threat_intelligence_taxii_data_connector.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_threat_intelligence_taxii_data_connector.py similarity index 97% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_threat_intelligence_taxii_data_connector.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_threat_intelligence_taxii_data_connector.py index 1b4a4587c163..015bef82584e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_threat_intelligence_taxii_data_connector.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_threat_intelligence_taxii_data_connector.py @@ -53,6 +53,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_api_polling.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_api_polling.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_api_polling.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_api_polling.py index 49864982ae30..c2f20bdd9daf 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_api_polling.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_api_polling.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.data_connectors.delete( + client.data_connectors.delete( resource_group_name="myRg", workspace_name="myWorkspace", data_connector_id="316ec55e-7138-4d63-ab18-90c8a60fd1c8", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/DeleteAPIPolling.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteAPIPolling.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_generic_ui.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_generic_ui.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_generic_ui.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_generic_ui.py index b73a6e33886e..93f33cc41917 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_generic_ui.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_generic_ui.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.data_connectors.delete( + client.data_connectors.delete( resource_group_name="myRg", workspace_name="myWorkspace", data_connector_id="316ec55e-7138-4d63-ab18-90c8a60fd1c8", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/DeleteGenericUI.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteGenericUI.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_google_cloud_platform.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_google_cloud_platform.py new file mode 100644 index 000000000000..834b14812744 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_google_cloud_platform.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_google_cloud_platform.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.data_connectors.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_id="GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_microsoft_purview_information_protection_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_microsoft_purview_information_protection_data_connetor.py new file mode 100644 index 000000000000..3eb6e32fe0f5 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_microsoft_purview_information_protection_data_connetor.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_microsoft_purview_information_protection_data_connetor.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.data_connectors.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_microsoft_threat_intelligence_data_connector.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_microsoft_threat_intelligence_data_connector.py new file mode 100644 index 000000000000..ca070dfbabd0 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_microsoft_threat_intelligence_data_connector.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_microsoft_threat_intelligence_data_connector.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.data_connectors.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_id="c345bf40-8509-4ed2-b947-50cb773aaf04", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office365_project_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_office365_project_data_connetor.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office365_project_data_connetor.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_office365_project_data_connetor.py index 8b565c226eb2..f18f7c891727 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office365_project_data_connetor.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_office365_project_data_connetor.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.data_connectors.delete( + client.data_connectors.delete( resource_group_name="myRg", workspace_name="myWorkspace", data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_office_data_connetor.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_data_connetor.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_office_data_connetor.py index ea1346bce56e..6adbb9ab4651 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_data_connetor.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_office_data_connetor.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.data_connectors.delete( + client.data_connectors.delete( resource_group_name="myRg", workspace_name="myWorkspace", data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_power_bi_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_office_power_bi_data_connetor.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_power_bi_data_connetor.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_office_power_bi_data_connetor.py index 9e48c8e08851..73e9f202fbfd 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_power_bi_data_connetor.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_office_power_bi_data_connetor.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.data_connectors.delete( + client.data_connectors.delete( resource_group_name="myRg", workspace_name="myWorkspace", data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/disconnect_api_polling.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/disconnect_api_polling.py similarity index 91% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/disconnect_api_polling.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/disconnect_api_polling.py index 86acefb3218e..2dff4b5138de 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/disconnect_api_polling.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/disconnect_api_polling.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.data_connectors.disconnect( + client.data_connectors.disconnect( resource_group_name="myRg", workspace_name="myWorkspace", data_connector_id="316ec55e-7138-4d63-ab18-90c8a60fd1c8", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/DisconnectAPIPolling.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DisconnectAPIPolling.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_amazon_web_services_cloud_trail_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_amazon_web_services_cloud_trail_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_amazon_web_services_cloud_trail_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_amazon_web_services_cloud_trail_by_id.py index 763052e052f7..0361ac03aca5 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_amazon_web_services_cloud_trail_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_amazon_web_services_cloud_trail_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_amazon_web_services_s3_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_amazon_web_services_s3_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_amazon_web_services_s3_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_amazon_web_services_s3_by_id.py index 6738b3b06f21..4d9694ff6f91 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_amazon_web_services_s3_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_amazon_web_services_s3_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_api_polling.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_api_polling.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_api_polling.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_api_polling.py index e36510675dde..b1db18d82e90 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_api_polling.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_api_polling.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetAPIPolling.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAPIPolling.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_active_directory_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_azure_active_directory_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_active_directory_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_azure_active_directory_by_id.py index 6fce52a1fd6c..5bf08e7a6a3f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_active_directory_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_azure_active_directory_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_advanced_threat_protection_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_azure_advanced_threat_protection_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_advanced_threat_protection_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_azure_advanced_threat_protection_by_id.py index b6d603f21861..2234e8bf11ab 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_advanced_threat_protection_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_azure_advanced_threat_protection_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_security_center_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_azure_security_center_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_security_center_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_azure_security_center_by_id.py index efd0ea37571e..850699c69780 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_security_center_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_azure_security_center_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_data_connectors.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_data_connectors.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_data_connectors.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_data_connectors.py index 3427dc2447ff..d201d4d94aa4 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_data_connectors.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_data_connectors.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetDataConnectors.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetDataConnectors.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_dynamics365_data_connector_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_dynamics365_data_connector_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_dynamics365_data_connector_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_dynamics365_data_connector_by_id.py index 7b5578864e8a..81f0e64415a2 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_dynamics365_data_connector_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_dynamics365_data_connector_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_generic_ui.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_generic_ui.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_generic_ui.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_generic_ui.py index 3d93903adcd8..54c579bd7760 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_generic_ui.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_generic_ui.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetGenericUI.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetGenericUI.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_google_cloud_platform_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_google_cloud_platform_by_id.py new file mode 100644 index 000000000000..db1fb310cc2c --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_google_cloud_platform_by_id.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_google_cloud_platform_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_id="GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_io_tby_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_io_tby_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_io_tby_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_io_tby_id.py index 2862942122ce..b933e251ba47 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_io_tby_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_io_tby_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetIoTById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetIoTById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_cloud_app_security_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_cloud_app_security_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_cloud_app_security_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_cloud_app_security_by_id.py index 31c5ac11df7d..75dbf828cd02 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_cloud_app_security_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_cloud_app_security_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_defender_advanced_threat_protection_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_defender_advanced_threat_protection_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_defender_advanced_threat_protection_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_defender_advanced_threat_protection_by_id.py index b1d6154e90aa..71c463b85018 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_defender_advanced_threat_protection_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_defender_advanced_threat_protection_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_insider_risk_management_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_insider_risk_management_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_insider_risk_management_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_insider_risk_management_by_id.py index 51ae83893b7d..0f1d3f8bb6a7 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_insider_risk_management_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_insider_risk_management_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_purview_information_protection_data_connetor_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_purview_information_protection_data_connetor_by_id.py new file mode 100644 index 000000000000..9b8e1bca0008 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_purview_information_protection_data_connetor_by_id.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_microsoft_purview_information_protection_data_connetor_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_threat_intelligence_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_threat_intelligence_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_threat_intelligence_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_threat_intelligence_by_id.py index 404e3265f958..769b21e210a5 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_threat_intelligence_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_threat_intelligence_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_threat_protection_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_threat_protection_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_threat_protection_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_threat_protection_by_id.py index d97c5ff04218..5cd7f6ed3004 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_threat_protection_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_threat_protection_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office365_advanced_threat_protection_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office365_advanced_threat_protection_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office365_advanced_threat_protection_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office365_advanced_threat_protection_by_id.py index ce52eaf4847f..ccc91832ccb4 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office365_advanced_threat_protection_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office365_advanced_threat_protection_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office365_project_data_connetor_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office365_project_data_connetor_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office365_project_data_connetor_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office365_project_data_connetor_by_id.py index 5486268cc6f0..02ff0fa4786f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office365_project_data_connetor_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office365_project_data_connetor_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_data_connetor_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office_data_connetor_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_data_connetor_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office_data_connetor_by_id.py index 0a4e4319b4f7..600ad36a6d73 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_data_connetor_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office_data_connetor_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_power_bi_data_connetor_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office_power_bi_data_connetor_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_power_bi_data_connetor_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office_power_bi_data_connetor_by_id.py index 6136caf31c43..7b61983a886f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_power_bi_data_connetor_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office_power_bi_data_connetor_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_threat_intelligence_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_threat_intelligence_by_id.py new file mode 100644 index 000000000000..d2d34ca14649 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_threat_intelligence_by_id.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_threat_intelligence_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_id="c345bf40-8509-4ed2-b947-50cb773aaf04", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence_taxii_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_threat_intelligence_taxii_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence_taxii_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_threat_intelligence_taxii_by_id.py index 52cb79c118e1..4fc42a4b1c13 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence_taxii_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_threat_intelligence_taxii_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_geodata_by_ip.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/enrichment/get_geodata_by_ip.py similarity index 95% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_geodata_by_ip.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/enrichment/get_geodata_by_ip.py index 93496f23f2d7..0147defc6509 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_geodata_by_ip.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/enrichment/get_geodata_by_ip.py @@ -36,6 +36,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/enrichment/GetGeodataByIp.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/enrichment/GetGeodataByIp.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_whois_by_domain_name.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/enrichment/get_whois_by_domain_name.py similarity index 95% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_whois_by_domain_name.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/enrichment/get_whois_by_domain_name.py index 53f54bfb1d25..d5dd2efe2a25 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_whois_by_domain_name.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/enrichment/get_whois_by_domain_name.py @@ -36,6 +36,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/enrichment/GetWhoisByDomainName.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/enrichment/GetWhoisByDomainName.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_expand_entity.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/expand/post_expand_entity.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_expand_entity.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/expand/post_expand_entity.py index 6419a34d794d..37362abf3c4e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_expand_entity.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/expand/post_expand_entity.py @@ -42,6 +42,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/expand/PostExpandEntity.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/expand/PostExpandEntity.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_account_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_account_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_account_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_account_entity_by_id.py index 4cdf7445de26..11e063f066a3 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_account_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_account_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetAccountEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetAccountEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_resource_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_azure_resource_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_resource_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_azure_resource_entity_by_id.py index b050cca4c7c5..ffe429ba48b6 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_resource_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_azure_resource_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetAzureResourceEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetAzureResourceEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_cloud_application_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_cloud_application_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_cloud_application_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_cloud_application_entity_by_id.py index 6f0e16b2e736..97488046dc2b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_cloud_application_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_cloud_application_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetCloudApplicationEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetCloudApplicationEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_dns_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_dns_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_dns_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_dns_entity_by_id.py index d12e56266b46..92a9fe2c5cf6 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_dns_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_dns_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetDnsEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetDnsEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entities.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_entities.py similarity index 95% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entities.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_entities.py index 7497dda7be87..ed864924a62f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entities.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_entities.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetEntities.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetEntities.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_file_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_file_entity_by_id.py index 91f2d212d0ef..782ef9838908 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_file_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetFileEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetFileEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_hash_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_file_hash_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_hash_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_file_hash_entity_by_id.py index e3191f6d250b..39413c4f15ad 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_hash_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_file_hash_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetFileHashEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetFileHashEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_host_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_host_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_host_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_host_entity_by_id.py index da73796bf50e..60cbbf6cecdc 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_host_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_host_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetHostEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetHostEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_io_tdevice_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_io_tdevice_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_io_tdevice_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_io_tdevice_entity_by_id.py index eb492445a610..a62e840fda18 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_io_tdevice_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_io_tdevice_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetIoTDeviceEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetIoTDeviceEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_ip_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_ip_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_ip_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_ip_entity_by_id.py index 0df0f6826bed..149e7e523195 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_ip_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_ip_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetIpEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetIpEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mail_cluster_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_mail_cluster_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mail_cluster_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_mail_cluster_entity_by_id.py index f43526065efd..38a26cc83118 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mail_cluster_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_mail_cluster_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetMailClusterEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailClusterEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mail_message_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_mail_message_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mail_message_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_mail_message_entity_by_id.py index 5d9c55a18e9f..b446e1e10f8a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mail_message_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_mail_message_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetMailMessageEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailMessageEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mailbox_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_mailbox_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mailbox_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_mailbox_entity_by_id.py index ab443b71cfd7..61a2f9a70e3e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mailbox_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_mailbox_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetMailboxEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailboxEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_malware_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_malware_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_malware_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_malware_entity_by_id.py index 5c8a14d51428..52e0107d1ac1 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_malware_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_malware_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetMalwareEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMalwareEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_process_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_process_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_process_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_process_entity_by_id.py index f00cd0a7d744..c94ec9707beb 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_process_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_process_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetProcessEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetProcessEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_queries.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_queries.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_queries.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_queries.py index eb816400aa67..4f7dbd1bce02 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_queries.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_queries.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetQueries.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetQueries.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_registry_key_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_registry_key_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_registry_key_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_registry_key_entity_by_id.py index cb4e42df61ca..26c4f19bb078 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_registry_key_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_registry_key_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetRegistryKeyEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetRegistryKeyEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_registry_value_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_registry_value_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_registry_value_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_registry_value_entity_by_id.py index 5081e924eae9..1768a07864a0 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_registry_value_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_registry_value_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetRegistryValueEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetRegistryValueEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_security_alert_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_security_alert_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_security_alert_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_security_alert_entity_by_id.py index d97f34e82268..3f6fd189da4f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_security_alert_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_security_alert_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetSecurityAlertEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSecurityAlertEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_security_group_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_security_group_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_security_group_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_security_group_entity_by_id.py index 4dbc57ea7730..0f1e8fde213c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_security_group_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_security_group_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetSecurityGroupEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSecurityGroupEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_submission_mail_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_submission_mail_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_submission_mail_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_submission_mail_entity_by_id.py index 3ee652535e57..17cc2dd30416 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_submission_mail_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_submission_mail_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetSubmissionMailEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSubmissionMailEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_url_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_url_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_url_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_url_entity_by_id.py index fb4d819a677e..f2c0c2524227 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_url_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_url_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetUrlEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetUrlEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_get_insights.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/insights/post_get_insights.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_get_insights.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/insights/post_get_insights.py index 4e210c82efb3..2b1d1d104fd5 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_get_insights.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/insights/post_get_insights.py @@ -43,6 +43,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/insights/PostGetInsights.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/insights/PostGetInsights.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_entity_relations.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/relations/get_all_entity_relations.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_entity_relations.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/relations/get_all_entity_relations.py index 292751766fbf..9bde71126e55 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_entity_relations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/relations/get_all_entity_relations.py @@ -38,6 +38,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/relations/GetAllEntityRelations.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/relations/GetAllEntityRelations.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_relation_by_name.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/relations/get_entity_relation_by_name.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_relation_by_name.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/relations/get_entity_relation_by_name.py index 9f6da60a51c1..441c87a7a7d0 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_relation_by_name.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/relations/get_entity_relation_by_name.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/relations/GetEntityRelationByName.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/relations/GetEntityRelationByName.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_timeline_entity.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/timeline/post_timeline_entity.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_timeline_entity.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/timeline/post_timeline_entity.py index 8d224b26250a..7b29ef46b9b9 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_timeline_entity.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/timeline/post_timeline_entity.py @@ -42,6 +42,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/timeline/PostTimelineEntity.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/timeline/PostTimelineEntity.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_entity_query_activity.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/create_entity_query_activity.py similarity index 98% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_entity_query_activity.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/create_entity_query_activity.py index 0d31fbd40726..9f4306fa2178 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_entity_query_activity.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/create_entity_query_activity.py @@ -59,6 +59,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueries/CreateEntityQueryActivity.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/CreateEntityQueryActivity.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_entity_query.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/delete_entity_query.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_entity_query.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/delete_entity_query.py index a65893898988..48128677f221 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_entity_query.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/delete_entity_query.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.entity_queries.delete( + client.entity_queries.delete( resource_group_name="myRg", workspace_name="myWorkspace", entity_query_id="07da3cc8-c8ad-4710-a44e-334cdcb7882b", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueries/DeleteEntityQuery.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/DeleteEntityQuery.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_activity_entity_query_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/get_activity_entity_query_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_activity_entity_query_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/get_activity_entity_query_by_id.py index 627d89dee6b5..30d9e6ac072a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_activity_entity_query_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/get_activity_entity_query_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueries/GetActivityEntityQueryById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetActivityEntityQueryById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_queries.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/get_entity_queries.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_queries.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/get_entity_queries.py index 8cee24ba1398..51901a2364d8 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_queries.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/get_entity_queries.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueries/GetEntityQueries.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetEntityQueries.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_expansion_entity_query_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/get_expansion_entity_query_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_expansion_entity_query_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/get_expansion_entity_query_by_id.py index b602cd4c4c5f..287b1a9ab8e8 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_expansion_entity_query_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/get_expansion_entity_query_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_activity_entity_query_template_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_query_templates/get_activity_entity_query_template_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_activity_entity_query_template_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_query_templates/get_activity_entity_query_template_by_id.py index 8535ed42977e..ff0f22e0184b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_activity_entity_query_template_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_query_templates/get_activity_entity_query_template_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_query_templates.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_query_templates/get_entity_query_templates.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_query_templates.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_query_templates/get_entity_query_templates.py index 9891a363b78b..6a5eba52fe54 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_query_templates.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_query_templates/get_entity_query_templates.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_file_import.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/create_file_import.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_file_import.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/create_file_import.py index 9a9744fd6ec9..9ec23c88229e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_file_import.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/create_file_import.py @@ -45,6 +45,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/fileImports/CreateFileImport.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/CreateFileImport.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_file_import.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/delete_file_import.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_file_import.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/delete_file_import.py index 3b966a3523f3..1fbaf6774a8a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_file_import.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/delete_file_import.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/fileImports/DeleteFileImport.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/DeleteFileImport.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_import_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/get_file_import_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_import_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/get_file_import_by_id.py index 31cca3f33ca3..9cb73596581e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_import_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/get_file_import_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/fileImports/GetFileImportById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/GetFileImportById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_imports.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/get_file_imports.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_imports.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/get_file_imports.py index 453ebae65bdc..b6fc73a1224f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_imports.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/get_file_imports.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/fileImports/GetFileImports.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/GetFileImports.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt.py new file mode 100644 index 000000000000..a859cfb612da --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt.py @@ -0,0 +1,54 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_hunt.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.hunts.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + hunt={ + "properties": { + "attackTactics": ["Reconnaissance"], + "attackTechniques": ["T1595"], + "description": "Log4J Hunt Description", + "displayName": "Log4J new hunt", + "hypothesisStatus": "Unknown", + "labels": ["Label1", "Label2"], + "owner": {"objectId": "873b5263-5d34-4149-b356-ad341b01e123"}, + "status": "New", + } + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHunt.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt_comment.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt_comment.py new file mode 100644 index 000000000000..9c1eb62768f3 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt_comment.py @@ -0,0 +1,44 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_hunt_comment.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.hunt_comments.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + hunt_comment_id="2216d0e1-91e3-4902-89fd-d2df8c535096", + hunt_comment={"properties": {"message": "This is a test comment."}}, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHuntComment.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt_relation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt_relation.py new file mode 100644 index 000000000000..f70bbef5909f --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt_relation.py @@ -0,0 +1,49 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_hunt_relation.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.hunt_relations.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + hunt_relation_id="2216d0e1-91e3-4902-89fd-d2df8c535096", + hunt_relation={ + "properties": { + "labels": ["Test Label"], + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + } + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHuntRelation.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt.py new file mode 100644 index 000000000000..9095ea6ee068 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_hunt.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + client.hunts.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHunt.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt_comment.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt_comment.py new file mode 100644 index 000000000000..a27c297b5292 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt_comment.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_hunt_comment.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + client.hunt_comments.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + hunt_comment_id="2216d0e1-91e3-4902-89fd-d2df8c123456", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHuntComment.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt_relation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt_relation.py new file mode 100644 index 000000000000..ac3699f3c196 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt_relation.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_hunt_relation.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + client.hunt_relations.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + hunt_relation_id="2216d0e1-91e3-4902-89fd-d2df8c535096", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHuntRelation.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_by_id.py new file mode 100644 index 000000000000..56297bc7cdef --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_by_id.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_hunt_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.hunts.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_comment_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_comment_by_id.py new file mode 100644 index 000000000000..29684648d89a --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_comment_by_id.py @@ -0,0 +1,43 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_hunt_comment_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.hunt_comments.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + hunt_comment_id="2216d0e1-91e3-4902-89fd-d2df8c535096", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntCommentById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_comments.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_comments.py new file mode 100644 index 000000000000..8f0f6ea40cf9 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_comments.py @@ -0,0 +1,43 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_hunt_comments.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.hunt_comments.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntComments.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_relation_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_relation_by_id.py new file mode 100644 index 000000000000..e33de01a26cd --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_relation_by_id.py @@ -0,0 +1,43 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_hunt_relation_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.hunt_relations.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + hunt_relation_id="2216d0e1-91e3-4902-89fd-d2df8c535096", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntRelationById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_relations.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_relations.py new file mode 100644 index 000000000000..acf23870fa25 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_relations.py @@ -0,0 +1,43 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_hunt_relations.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.hunt_relations.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntRelations.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunts.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunts.py new file mode 100644 index 000000000000..5e9c07bd3559 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunts.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_hunts.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.hunts.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHunts.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_alerts.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_alerts/incidents_list_alerts.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_alerts.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_alerts/incidents_list_alerts.py index a62de178a146..3a73c01a5dd7 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_alerts.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_alerts/incidents_list_alerts.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_bookmarks.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_bookmarks/incidents_list_bookmarks.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_bookmarks.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_bookmarks/incidents_list_bookmarks.py index b931f0ff5499..b5bcdae2a29c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_bookmarks.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_bookmarks/incidents_list_bookmarks.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_create_or_update.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_create_or_update.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_create_or_update.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_create_or_update.py index 76b762bca38f..cd8a1258d167 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_create_or_update.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_create_or_update.py @@ -39,6 +39,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_delete.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_delete.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_delete.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_delete.py index 41de0f2f027c..d976927c5884 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_delete.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_delete.py @@ -29,15 +29,14 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.incident_comments.delete( + client.incident_comments.delete( resource_group_name="myRg", workspace_name="myWorkspace", incident_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", incident_comment_id="4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_get.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_get.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_get.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_get.py index 376e884be9ca..074a578432e2 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_get.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_get.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_list.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_list.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_list.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_list.py index 7fce290b89df..738e0efcf612 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_list.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_list.py @@ -38,6 +38,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_entities.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_entities/incidents_list_entities.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_entities.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_entities/incidents_list_entities.py index 93dbebcc10c5..fd4b1ef70780 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_entities.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_entities/incidents_list_entities.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_create_or_update.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_create_or_update.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_create_or_update.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_create_or_update.py index 358cd15f754e..ccd94a174f93 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_create_or_update.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_create_or_update.py @@ -39,6 +39,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_delete.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_delete.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_delete.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_delete.py index 4e742bfbd432..229ecc0180e2 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_delete.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_delete.py @@ -29,15 +29,14 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.incident_tasks.delete( + client.incident_tasks.delete( resource_group_name="myRg", workspace_name="myWorkspace", incident_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", incident_task_id="4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_get.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_get.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_get.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_get.py index e825d109fd60..32feae83e613 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_get.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_get.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_list.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_list.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_list.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_list.py index 371a20ddd697..c00a6ceebabb 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_list.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_list.py @@ -38,6 +38,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_create_team.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_team/incidents_create_team.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_create_team.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_team/incidents_create_team.py index 6f3462eb2a73..3b0884fac8fc 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_create_team.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_team/incidents_create_team.py @@ -43,6 +43,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_create_or_update.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_create_or_update.py similarity index 97% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_create_or_update.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_create_or_update.py index 99dd33a78950..5f16a4ed5712 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_create_or_update.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_create_or_update.py @@ -58,6 +58,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/Incidents_CreateOrUpdate.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_CreateOrUpdate.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_delete.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_delete.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_delete.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_delete.py index 46d6ef624106..60fadeccb103 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_delete.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_delete.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.incidents.delete( + client.incidents.delete( resource_group_name="myRg", workspace_name="myWorkspace", incident_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/Incidents_Delete.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_Delete.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_get.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_get.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_get.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_get.py index 159a603b2460..674c52faff23 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_get.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_get.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/Incidents_Get.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_Get.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_list.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_list.py index 92ad2ea10b6b..0fcba814904d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_list.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/Incidents_List.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_List.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_incident_relation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/create_incident_relation.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_incident_relation.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/create_incident_relation.py index 18684885840e..7b68772df9bd 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_incident_relation.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/create_incident_relation.py @@ -43,6 +43,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/relations/CreateIncidentRelation.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/CreateIncidentRelation.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_incident_relation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/delete_incident_relation.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_incident_relation.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/delete_incident_relation.py index 78337555b97a..a52aee44cd2b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_incident_relation.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/delete_incident_relation.py @@ -29,15 +29,14 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.incident_relations.delete( + client.incident_relations.delete( resource_group_name="myRg", workspace_name="myWorkspace", incident_id="afbd324f-6c48-459c-8710-8d1e1cd03812", relation_name="4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/relations/DeleteIncidentRelation.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/DeleteIncidentRelation.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_relations.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/get_all_incident_relations.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_relations.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/get_all_incident_relations.py index d51befaed744..d74a00f92d08 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_relations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/get_all_incident_relations.py @@ -38,6 +38,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/relations/GetAllIncidentRelations.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/GetAllIncidentRelations.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_incident_relation_by_name.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/get_incident_relation_by_name.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_incident_relation_by_name.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/get_incident_relation_by_name.py index 56607932ef56..af8a0db899c0 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_incident_relation_by_name.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/get_incident_relation_by_name.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/relations/GetIncidentRelationByName.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/GetIncidentRelationByName.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/manual_trigger/entities_run_playbook.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/manual_trigger/entities_run_playbook.py new file mode 100644 index 000000000000..0c5ac444adf7 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/manual_trigger/entities_run_playbook.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python entities_run_playbook.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.entities.run_playbook( + resource_group_name="myRg", + workspace_name="myWorkspace", + entity_identifier="72e01a22-5cd2-4139-a149-9f2736ff2ar2", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/manualTrigger/Entities_RunPlaybook.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_run_playbook.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/manual_trigger/incidents_run_playbook.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_run_playbook.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/manual_trigger/incidents_run_playbook.py index eeccd2e1694d..f8e17633a2ff 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_run_playbook.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/manual_trigger/incidents_run_playbook.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_metadata.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/delete_metadata.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_metadata.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/delete_metadata.py index 49bd06ba9428..732316061eff 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_metadata.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/delete_metadata.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.metadata.delete( + client.metadata.delete( resource_group_name="myRg", workspace_name="myWorkspace", metadata_name="metadataName", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/DeleteMetadata.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/DeleteMetadata.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_metadata.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/get_all_metadata.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_metadata.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/get_all_metadata.py index 7db4cc0f8c28..e87cbefb703d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_metadata.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/get_all_metadata.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/GetAllMetadata.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetAllMetadata.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_metadata_odata.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/get_all_metadata_odata.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_metadata_odata.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/get_all_metadata_odata.py index 5b4257bac619..600f506ca135 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_metadata_odata.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/get_all_metadata_odata.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/GetAllMetadataOData.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetAllMetadataOData.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_metadata.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/get_metadata.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_metadata.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/get_metadata.py index e8d786700ebb..4408bbaf89c3 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_metadata.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/get_metadata.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/GetMetadata.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetMetadata.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/patch_metadata.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/patch_metadata.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/patch_metadata.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/patch_metadata.py index 7cbdf1b8fb56..1b4dfcea3008 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/patch_metadata.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/patch_metadata.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/PatchMetadata.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PatchMetadata.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/put_metadata.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/put_metadata.py similarity index 98% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/put_metadata.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/put_metadata.py index 62ff77bced8a..f46da7c9c036 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/put_metadata.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/put_metadata.py @@ -90,6 +90,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/PutMetadata.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PutMetadata.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/put_metadata_minimal.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/put_metadata_minimal.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/put_metadata_minimal.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/put_metadata_minimal.py index 10215a694f1a..d50821f4f817 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/put_metadata_minimal.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/put_metadata_minimal.py @@ -44,6 +44,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/PutMetadataMinimal.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PutMetadataMinimal.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_consents.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/office_consents/delete_office_consents.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_consents.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/office_consents/delete_office_consents.py index d66ae4ac7351..24e4f5cec381 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_consents.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/office_consents/delete_office_consents.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.office_consents.delete( + client.office_consents.delete( resource_group_name="myRg", workspace_name="myWorkspace", consent_id="04e5fd05-ff86-4b97-b8d2-1c20933cb46c", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/officeConsents/DeleteOfficeConsents.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/DeleteOfficeConsents.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_consents.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/office_consents/get_office_consents.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_consents.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/office_consents/get_office_consents.py index 047adb41a559..4a70f01bd114 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_consents.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/office_consents/get_office_consents.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/officeConsents/GetOfficeConsents.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/GetOfficeConsents.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_consents_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/office_consents/get_office_consents_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_consents_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/office_consents/get_office_consents_by_id.py index 07d171e85fe9..ab7dea53197f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_consents_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/office_consents/get_office_consents_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/officeConsents/GetOfficeConsentsById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/GetOfficeConsentsById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_sentinel_onboarding_state.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/create_sentinel_onboarding_state.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_sentinel_onboarding_state.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/create_sentinel_onboarding_state.py index 5c8fe53f325f..8bdc73f1b9b2 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_sentinel_onboarding_state.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/create_sentinel_onboarding_state.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_sentinel_onboarding_state.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/delete_sentinel_onboarding_state.py similarity index 91% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_sentinel_onboarding_state.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/delete_sentinel_onboarding_state.py index 7efd7e514297..bf3a6b63fdde 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_sentinel_onboarding_state.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/delete_sentinel_onboarding_state.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.sentinel_onboarding_states.delete( + client.sentinel_onboarding_states.delete( resource_group_name="myRg", workspace_name="myWorkspace", sentinel_onboarding_state_name="default", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_sentinel_onboarding_states.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/get_all_sentinel_onboarding_states.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_sentinel_onboarding_states.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/get_all_sentinel_onboarding_states.py index 50414b351665..396b243d039f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_sentinel_onboarding_states.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/get_all_sentinel_onboarding_states.py @@ -36,6 +36,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_sentinel_onboarding_state.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/get_sentinel_onboarding_state.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_sentinel_onboarding_state.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/get_sentinel_onboarding_state.py index 9913163dbb50..28bccbacf61f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_sentinel_onboarding_state.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/get_sentinel_onboarding_state.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/list_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/operations/list_operations.py similarity index 95% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/list_operations.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/operations/list_operations.py index c5bdf9face9c..2730b7463851 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/list_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/operations/list_operations.py @@ -34,6 +34,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/operations/ListOperations.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/operations/ListOperations.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_recommendation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/recommendations/get_recommendation.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_recommendation.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/recommendations/get_recommendation.py index 10ce219569fc..eaeaf412dc73 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_recommendation.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/recommendations/get_recommendation.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/recommendations/GetRecommendation.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/GetRecommendation.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_recommendations.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/recommendations/get_recommendations.py similarity index 95% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_recommendations.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/recommendations/get_recommendations.py index 049b5a6b8a82..29ad8dfc3c84 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_recommendations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/recommendations/get_recommendations.py @@ -36,6 +36,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/recommendations/GetRecommendations.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/GetRecommendations.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/patch_recommendation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/recommendations/patch_recommendation.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/patch_recommendation.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/recommendations/patch_recommendation.py index 42ed7cf1e6ac..6e573a9c599c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/patch_recommendation.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/recommendations/patch_recommendation.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/recommendations/PatchRecommendation.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/PatchRecommendation.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_repositories.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/repositories/get_repositories.py similarity index 77% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_repositories.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/repositories/get_repositories.py index a79ba4b95ce1..0dd3862af999 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_repositories.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/repositories/get_repositories.py @@ -32,12 +32,22 @@ def main(): response = client.source_control.list_repositories( resource_group_name="myRg", workspace_name="myWorkspace", - repo_type="Github", + repository_access={ + "etag": '"0300bf09-0000-0000-0000-5c37296e0000"', + "properties": { + "repositoryAccess": { + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73", + "code": "939fd7c6caf754f4f41f", + "kind": "OAuth", + "state": "state", + } + }, + }, ) for item in response: print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/repositories/GetRepositories.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/repositories/GetRepositories.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/create_anomaly_security_ml_analytics_setting.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/create_anomaly_security_ml_analytics_setting.py new file mode 100644 index 000000000000..f38a737639de --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/create_anomaly_security_ml_analytics_setting.py @@ -0,0 +1,97 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_anomaly_security_ml_analytics_setting.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.security_ml_analytics_settings.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + settings_resource_name="f209187f-1d17-4431-94af-c141bf5f23db", + security_ml_analytics_setting={ + "etag": '"260090e2-0000-0d00-0000-5d6fb8670000"', + "kind": "Anomaly", + "properties": { + "anomalySettingsVersion": 0, + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": None, + "prioritizeExcludeObservations": None, + "singleSelectObservations": [ + { + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "name": "Device vendor", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "supportedValues": ["Palo Alto Networks", "Fortinet", "Check Point"], + "supportedValuesKql": None, + "value": ["Palo Alto Networks"], + "valuesKql": None, + } + ], + "singleValueObservations": None, + "thresholdObservations": [ + { + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "maximum": "100", + "minimum": "1", + "name": "Daily data transfer threshold in MB", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "value": "25", + }, + { + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "maximum": "10", + "minimum": "2", + "name": "Number of standard deviations", + "rerun": "RerunAlways", + "sequenceNumber": 2, + "value": "3", + }, + ], + }, + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "displayName": "Login from unusual region", + "enabled": True, + "frequency": "PT1H", + "isDefaultSettings": True, + "requiredDataConnectors": [{"connectorId": "AWS", "dataTypes": ["AWSCloudTrail"]}], + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db", + "settingsStatus": "Production", + "tactics": ["Exfiltration", "CommandAndControl"], + "techniques": ["T1037", "T1021"], + }, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_security_ml_analytics_setting.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/delete_security_ml_analytics_setting.py similarity index 91% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_security_ml_analytics_setting.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/delete_security_ml_analytics_setting.py index 10c84d42cbb3..84b14a6127cd 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_security_ml_analytics_setting.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/delete_security_ml_analytics_setting.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.security_ml_analytics_settings.delete( + client.security_ml_analytics_settings.delete( resource_group_name="myRg", workspace_name="myWorkspace", settings_resource_name="f209187f-1d17-4431-94af-c141bf5f23db", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_security_ml_analytics_settings.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/get_all_security_ml_analytics_settings.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_security_ml_analytics_settings.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/get_all_security_ml_analytics_settings.py index 1a674b133d69..6628dee028a6 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_security_ml_analytics_settings.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/get_all_security_ml_analytics_settings.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_anomaly_security_ml_analytics_setting.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/get_anomaly_security_ml_analytics_setting.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_anomaly_security_ml_analytics_setting.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/get_anomaly_security_ml_analytics_setting.py index 58c9a9583e24..8a0b739a8b7d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_anomaly_security_ml_analytics_setting.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/get_anomaly_security_ml_analytics_setting.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_eyes_on_setting.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/delete_eyes_on_setting.py similarity index 91% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_eyes_on_setting.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/delete_eyes_on_setting.py index 599eaa20379e..cb5db880a576 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_eyes_on_setting.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/delete_eyes_on_setting.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.product_settings.delete( + client.product_settings.delete( resource_group_name="myRg", workspace_name="myWorkspace", settings_name="EyesOn", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/settings/DeleteEyesOnSetting.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/DeleteEyesOnSetting.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_settings.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/get_all_settings.py similarity index 95% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_settings.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/get_all_settings.py index 9686f64f3e57..7b3737202a44 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_settings.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/get_all_settings.py @@ -36,6 +36,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/settings/GetAllSettings.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/GetAllSettings.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_eyes_on_setting.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/get_eyes_on_setting.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_eyes_on_setting.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/get_eyes_on_setting.py index 631125a81101..75cd83caaa8b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_eyes_on_setting.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/get_eyes_on_setting.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/settings/GetEyesOnSetting.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/GetEyesOnSetting.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/update_eyes_on_setting.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/update_eyes_on_setting.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/update_eyes_on_setting.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/update_eyes_on_setting.py index 9f10f20bb113..36a95edca310 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/update_eyes_on_setting.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/update_eyes_on_setting.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/settings/UpdateEyesOnSetting.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/UpdateEyesOnSetting.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_source_control.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/create_source_control.py similarity index 87% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_source_control.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/create_source_control.py index e4ba898e9ea7..9b9c0ba10b2c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_source_control.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/create_source_control.py @@ -43,18 +43,20 @@ def main(): "repository": { "branch": "master", "displayUrl": "https://github.com/user/repo", - "pathMapping": [ - {"contentType": "AnalyticRules", "path": "path/to/rules"}, - {"contentType": "Workbook", "path": "path/to/workbooks"}, - ], "url": "https://github.com/user/repo", }, + "repositoryAccess": { + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73", + "code": "939fd7c6caf754f4f41f", + "kind": "OAuth", + "state": "state", + }, }, }, ) print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/sourcecontrols/CreateSourceControl.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/CreateSourceControl.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_source_control.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/delete_source_control.py similarity index 80% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_source_control.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/delete_source_control.py index b39bed43c896..54000595b177 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_source_control.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/delete_source_control.py @@ -33,10 +33,20 @@ def main(): resource_group_name="myRg", workspace_name="myWorkspace", source_control_id="789e0c1f-4a3d-43ad-809c-e713b677b04a", + repository_access={ + "properties": { + "repositoryAccess": { + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73", + "code": "939fd7c6caf754f4f41f", + "kind": "OAuth", + "state": "state", + } + } + }, ) print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/sourcecontrols/DeleteSourceControl.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_source_control_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/get_source_control_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_source_control_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/get_source_control_by_id.py index 340237ce6a45..5b995552c08a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_source_control_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/get_source_control_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/sourcecontrols/GetSourceControlById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/GetSourceControlById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_source_controls.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/get_source_controls.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_source_controls.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/get_source_controls.py index ceb9628d252b..6d695f4b4de1 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_source_controls.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/get_source_controls.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/sourcecontrols/GetSourceControls.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/GetSourceControls.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/append_tags_threat_intelligence.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/append_tags_threat_intelligence.py new file mode 100644 index 000000000000..31bb224dfc02 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/append_tags_threat_intelligence.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python append_tags_threat_intelligence.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + client.threat_intelligence_indicator.append_tags( + resource_group_name="myRg", + workspace_name="myWorkspace", + name="d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + threat_intelligence_append_tags={"threatIntelligenceTags": ["tag1", "tag2"]}, + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/collect_threat_intelligence_metrics.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/collect_threat_intelligence_metrics.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/collect_threat_intelligence_metrics.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/collect_threat_intelligence_metrics.py index a75c2fbfdef1..5f7144410349 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/collect_threat_intelligence_metrics.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/collect_threat_intelligence_metrics.py @@ -36,6 +36,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/create_threat_intelligence.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/create_threat_intelligence.py new file mode 100644 index 000000000000..dc420d62976f --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/create_threat_intelligence.py @@ -0,0 +1,63 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_threat_intelligence.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.threat_intelligence_indicator.create_indicator( + resource_group_name="myRg", + workspace_name="myWorkspace", + threat_intelligence_properties={ + "kind": "indicator", + "properties": { + "confidence": 78, + "createdByRef": "contoso@contoso.com", + "description": "debugging indicators", + "displayName": "new schema", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "labels": [], + "modified": "", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": False, + "source": "Azure Sentinel", + "threatIntelligenceTags": ["new schema"], + "threatTypes": ["compromised"], + "validFrom": "2021-09-15T17:44:00.114052Z", + "validUntil": "", + }, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/CreateThreatIntelligence.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_threat_intelligence.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/delete_threat_intelligence.py similarity index 91% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_threat_intelligence.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/delete_threat_intelligence.py index 254248e2572d..9ee30c3ff5fb 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_threat_intelligence.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/delete_threat_intelligence.py @@ -29,14 +29,13 @@ def main(): subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", ) - response = client.threat_intelligence_indicator.delete( + client.threat_intelligence_indicator.delete( resource_group_name="myRg", workspace_name="myWorkspace", name="d9cd6f0b-96b9-3984-17cd-a779d1e15a93", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/get_threat_intelligence.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/get_threat_intelligence.py index 6dc9762759ac..bf496d8adff4 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/get_threat_intelligence.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/threatintelligence/GetThreatIntelligence.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/GetThreatIntelligence.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/get_threat_intelligence_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/get_threat_intelligence_by_id.py index 41e6c872c5ee..0ead83c3c293 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/get_threat_intelligence_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/query_threat_intelligence.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/query_threat_intelligence.py new file mode 100644 index 000000000000..1f35917de974 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/query_threat_intelligence.py @@ -0,0 +1,51 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python query_threat_intelligence.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.threat_intelligence_indicator.query_indicators( + resource_group_name="myRg", + workspace_name="myWorkspace", + threat_intelligence_filtering_criteria={ + "maxConfidence": 80, + "maxValidUntil": "2021-04-25T17:44:00.114052Z", + "minConfidence": 25, + "minValidUntil": "2021-04-05T17:44:00.114052Z", + "pageSize": 100, + "sortBy": [{"itemKey": "lastUpdatedTimeUtc", "sortOrder": "descending"}], + "sources": ["Azure Sentinel"], + }, + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/QueryThreatIntelligence.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/replace_tags_threat_intelligence.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/replace_tags_threat_intelligence.py new file mode 100644 index 000000000000..5623f67b213c --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/replace_tags_threat_intelligence.py @@ -0,0 +1,47 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python replace_tags_threat_intelligence.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.threat_intelligence_indicator.replace_tags( + resource_group_name="myRg", + workspace_name="myWorkspace", + name="d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + threat_intelligence_replace_tags={ + "etag": '"0000262c-0000-0800-0000-5e9767060000"', + "kind": "indicator", + "properties": {"threatIntelligenceTags": ["patching tags"]}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/update_threat_intelligence.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/update_threat_intelligence.py new file mode 100644 index 000000000000..2e8cbf4baa8c --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/update_threat_intelligence.py @@ -0,0 +1,64 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python update_threat_intelligence.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.threat_intelligence_indicator.create( + resource_group_name="myRg", + workspace_name="myWorkspace", + name="d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + threat_intelligence_properties={ + "kind": "indicator", + "properties": { + "confidence": 78, + "createdByRef": "contoso@contoso.com", + "description": "debugging indicators", + "displayName": "new schema", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "labels": [], + "modified": "", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": False, + "source": "Azure Sentinel", + "threatIntelligenceTags": ["new schema"], + "threatTypes": ["compromised"], + "validFrom": "2020-04-15T17:44:00.114052Z", + "validUntil": "", + }, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/trigger_rule_run_post.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/trigger_rule_run_post.py new file mode 100644 index 000000000000..c567d2f991d3 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/trigger_rule_run_post.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python trigger_rule_run_post.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.alert_rule.begin_trigger_rule_run( + resource_group_name="myRg", + workspace_name="myWorkspace", + rule_id="65360bb0-8986-4ade-a89d-af3cf44d28aa", + analytics_rule_run_trigger_parameter={"properties": {"executionTimeUtc": "2022-12-22T15:37:03.074Z"}}, + ).result() + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/triggered_analytics_rule_run_get.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/triggered_analytics_rule_run_get.py new file mode 100644 index 000000000000..f684bce81e97 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/triggered_analytics_rule_run_get.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python triggered_analytics_rule_run_get.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.triggered_analytics_rule_run.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + rule_run_id="65360bb0-8986-4ade-a89d-af3cf44d28aa", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/triggered_analytics_rule_runs_get.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/triggered_analytics_rule_runs_get.py new file mode 100644 index 000000000000..74f1cf479b7f --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/triggered_analytics_rule_runs_get.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python triggered_analytics_rule_runs_get.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.get_triggered_analytics_rule_runs.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/create_watchlist.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/create_watchlist.py index 47b0e922392f..9bfe903f15e7 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/create_watchlist.py @@ -48,6 +48,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/CreateWatchlist.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlist.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist_and_watchlist_items.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/create_watchlist_and_watchlist_items.py similarity index 97% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist_and_watchlist_items.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/create_watchlist_and_watchlist_items.py index 96205b46222e..00c94aaf096e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist_and_watchlist_items.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/create_watchlist_and_watchlist_items.py @@ -51,6 +51,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist_item.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/create_watchlist_item.py similarity index 97% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist_item.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/create_watchlist_item.py index f527c1dbf8eb..390f4222918d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist_item.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/create_watchlist_item.py @@ -51,6 +51,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/CreateWatchlistItem.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlistItem.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_watchlist.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/delete_watchlist.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_watchlist.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/delete_watchlist.py index 657798684a34..4f64e54ed175 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_watchlist.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/delete_watchlist.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.watchlists.delete( + client.watchlists.delete( resource_group_name="myRg", workspace_name="myWorkspace", watchlist_alias="highValueAsset", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/DeleteWatchlist.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/DeleteWatchlist.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_watchlist_item.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/delete_watchlist_item.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_watchlist_item.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/delete_watchlist_item.py index d22cdfb7f9df..e00bf0c7085d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_watchlist_item.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/delete_watchlist_item.py @@ -29,15 +29,14 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.watchlist_items.delete( + client.watchlist_items.delete( resource_group_name="myRg", workspace_name="myWorkspace", watchlist_alias="highValueAsset", watchlist_item_id="4008512e-1d30-48b2-9ee2-d3612ed9d3ea", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/DeleteWatchlistItem.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/DeleteWatchlistItem.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_by_alias.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlist_by_alias.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_by_alias.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlist_by_alias.py index 52d3b745e293..72910a34f7fa 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_by_alias.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlist_by_alias.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/GetWatchlistByAlias.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistByAlias.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_item_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlist_item_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_item_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlist_item_by_id.py index 412ba40fef43..6e1867ae0dc3 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_item_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlist_item_by_id.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/GetWatchlistItemById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistItemById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_items.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlist_items.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_items.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlist_items.py index ca7c80699b5b..df9327e44757 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_items.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlist_items.py @@ -38,6 +38,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/GetWatchlistItems.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistItems.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlists.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlists.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlists.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlists.py index 2546e29b6ff9..f1c2ae574b2b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlists.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlists.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/GetWatchlists.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlists.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/create_job.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/create_job.py new file mode 100644 index 000000000000..82fb723ade58 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/create_job.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_job.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_assignment_jobs.create( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_assignment_name="47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/CreateJob.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/create_or_update_workspace_manager_assignment.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/create_or_update_workspace_manager_assignment.py new file mode 100644 index 000000000000..ea00b66c7fdb --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/create_or_update_workspace_manager_assignment.py @@ -0,0 +1,55 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_or_update_workspace_manager_assignment.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_assignments.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_assignment_name="47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + workspace_manager_assignment={ + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + }, + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96", + } + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/delete_job.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/delete_job.py new file mode 100644 index 000000000000..65280d50f51d --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/delete_job.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_job.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.workspace_manager_assignment_jobs.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_assignment_name="47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + job_name="cfbe1338-8276-4d5d-8b96-931117f9fa0e", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/DeleteJob.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/delete_workspace_manager_assignment.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/delete_workspace_manager_assignment.py new file mode 100644 index 000000000000..860a4b662b7e --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/delete_workspace_manager_assignment.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_workspace_manager_assignment.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.workspace_manager_assignments.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_assignment_name="47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_all_jobs.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_all_jobs.py new file mode 100644 index 000000000000..3a2f50392ca7 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_all_jobs.py @@ -0,0 +1,43 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_all_jobs.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_assignment_jobs.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_assignment_name="47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_all_workspace_manager_assignments.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_all_workspace_manager_assignments.py new file mode 100644 index 000000000000..0a553d5997d4 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_all_workspace_manager_assignments.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_all_workspace_manager_assignments.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_assignments.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_job.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_job.py new file mode 100644 index 000000000000..8f094e45afd3 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_job.py @@ -0,0 +1,43 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_job.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_assignment_jobs.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_assignment_name="47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + job_name="cfbe1338-8276-4d5d-8b96-931117f9fa0e", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetJob.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_workspace_manager_assignment.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_workspace_manager_assignment.py new file mode 100644 index 000000000000..fe1cc17c6b63 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_workspace_manager_assignment.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_workspace_manager_assignment.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_assignments.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_assignment_name="47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/create_or_update_workspace_manager_configuration.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/create_or_update_workspace_manager_configuration.py new file mode 100644 index 000000000000..a885dbf8bafd --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/create_or_update_workspace_manager_configuration.py @@ -0,0 +1,43 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_or_update_workspace_manager_configuration.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_configurations.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_configuration_name="default", + workspace_manager_configuration={"properties": {"mode": "Enabled"}}, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/delete_workspace_manager_configuration.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/delete_workspace_manager_configuration.py new file mode 100644 index 000000000000..ed5d51e215cf --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/delete_workspace_manager_configuration.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_workspace_manager_configuration.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.workspace_manager_configurations.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_configuration_name="default", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/get_all_workspace_manager_configurations.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/get_all_workspace_manager_configurations.py new file mode 100644 index 000000000000..4cf08668a64b --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/get_all_workspace_manager_configurations.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_all_workspace_manager_configurations.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_configurations.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/get_workspace_manager_configuration.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/get_workspace_manager_configuration.py new file mode 100644 index 000000000000..f60460b3f60d --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/get_workspace_manager_configuration.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_workspace_manager_configuration.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_configurations.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_configuration_name="default", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/create_or_update_workspace_manager_group.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/create_or_update_workspace_manager_group.py new file mode 100644 index 000000000000..4fef7fc697ca --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/create_or_update_workspace_manager_group.py @@ -0,0 +1,49 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_or_update_workspace_manager_group.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_groups.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_group_name="37207a7a-3b8a-438f-a559-c7df400e1b96", + workspace_manager_group={ + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": ["afbd324f-6c48-459c-8710-8d1e1cd03812", "f5fa104e-c0e3-4747-9182-d342dc048a9e"], + } + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/delete_workspace_manager_group.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/delete_workspace_manager_group.py new file mode 100644 index 000000000000..4276ab95f96f --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/delete_workspace_manager_group.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_workspace_manager_group.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.workspace_manager_groups.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_group_name="37207a7a-3b8a-438f-a559-c7df400e1b96", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/get_all_workspace_manager_groups.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/get_all_workspace_manager_groups.py new file mode 100644 index 000000000000..6d4e8613be56 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/get_all_workspace_manager_groups.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_all_workspace_manager_groups.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_groups.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/get_workspace_manager_group.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/get_workspace_manager_group.py new file mode 100644 index 000000000000..a24c1d22844e --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/get_workspace_manager_group.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_workspace_manager_group.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_groups.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_group_name="37207a7a-3b8a-438f-a559-c7df400e1b96", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/create_or_update_workspace_manager_member.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/create_or_update_workspace_manager_member.py new file mode 100644 index 000000000000..7b2302fed816 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/create_or_update_workspace_manager_member.py @@ -0,0 +1,48 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_or_update_workspace_manager_member.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_members.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_member_name="afbd324f-6c48-459c-8710-8d1e1cd03812", + workspace_manager_member={ + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd", + } + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/delete_workspace_manager_member.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/delete_workspace_manager_member.py new file mode 100644 index 000000000000..19fdb279bdb8 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/delete_workspace_manager_member.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_workspace_manager_member.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.workspace_manager_members.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_member_name="afbd324f-6c48-459c-8710-8d1e1cd03812", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/get_all_workspace_manager_members.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/get_all_workspace_manager_members.py new file mode 100644 index 000000000000..626d5becf393 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/get_all_workspace_manager_members.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_all_workspace_manager_members.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_members.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/get_workspace_manager_member.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/get_workspace_manager_member.py new file mode 100644 index 000000000000..421d788f4ea1 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/get_workspace_manager_member.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_workspace_manager_member.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_members.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_member_name="afbd324f-6c48-459c-8710-8d1e1cd03812", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json +if __name__ == "__main__": + main()