From 53973dbad88ed39e2ef7a04574a69787529fd7bd Mon Sep 17 00:00:00 2001 From: SDKAuto Date: Wed, 6 Sep 2023 00:22:54 +0000 Subject: [PATCH] CodeGen from PR 25370 in Azure/azure-rest-api-specs Merge 3ddcc7a33a78a276101488ee7511056acd90eedb into baa82396a21dcc1c79a6aeea185589749515012d --- .../azure-mgmt-securityinsight/_meta.json | 10 +- .../mgmt/securityinsight/_configuration.py | 10 +- .../securityinsight/_security_insights.py | 134 +- .../mgmt/securityinsight/_serialization.py | 119 +- .../azure/mgmt/securityinsight/_vendor.py | 11 - .../azure/mgmt/securityinsight/_version.py | 2 +- .../securityinsight/aio/_configuration.py | 10 +- .../securityinsight/aio/_security_insights.py | 137 +- .../aio/operations/__init__.py | 46 +- .../aio/operations/_actions_operations.py | 38 +- .../aio/operations/_alert_rule_operations.py | 287 + .../_alert_rule_templates_operations.py | 19 +- .../aio/operations/_alert_rules_operations.py | 38 +- .../_automation_rules_operations.py | 39 +- .../_billing_statistics_operations.py | 215 + .../aio/operations/_bookmark_operations.py | 17 +- .../_bookmark_relations_operations.py | 38 +- .../aio/operations/_bookmarks_operations.py | 38 +- .../operations/_content_package_operations.py | 271 + .../_content_packages_operations.py | 236 + .../_content_template_operations.py | 338 + .../_content_templates_operations.py | 168 + .../_data_connector_definitions_operations.py | 440 + ...onnectors_check_requirements_operations.py | 17 +- .../operations/_data_connectors_operations.py | 58 +- .../operations/_domain_whois_operations.py | 12 +- .../_entities_get_timeline_operations.py | 17 +- .../aio/operations/_entities_operations.py | 203 +- .../_entities_relations_operations.py | 12 +- .../operations/_entity_queries_operations.py | 44 +- .../_entity_query_templates_operations.py | 23 +- .../_entity_relations_operations.py | 12 +- .../operations/_file_imports_operations.py | 42 +- .../aio/operations/_get_operations.py | 12 +- .../_get_recommendations_operations.py | 12 +- ...riggered_analytics_rule_runs_operations.py | 146 + .../operations/_hunt_comments_operations.py | 479 + .../operations/_hunt_relations_operations.py | 480 + .../aio/operations/_hunts_operations.py | 452 + .../_incident_comments_operations.py | 39 +- .../_incident_relations_operations.py | 38 +- .../operations/_incident_tasks_operations.py | 38 +- .../aio/operations/_incidents_operations.py | 82 +- .../aio/operations/_ip_geodata_operations.py | 12 +- .../aio/operations/_metadata_operations.py | 50 +- .../operations/_office_consents_operations.py | 26 +- .../aio/operations/_operations.py | 12 +- .../operations/_product_package_operations.py | 118 + .../_product_packages_operations.py | 168 + .../_product_settings_operations.py | 38 +- .../_product_template_operations.py | 118 + .../_product_templates_operations.py | 169 + ...curity_ml_analytics_settings_operations.py | 40 +- .../_sentinel_onboarding_states_operations.py | 38 +- .../operations/_source_control_operations.py | 14 +- .../operations/_source_controls_operations.py | 240 +- ...telligence_indicator_metrics_operations.py | 12 +- ...hreat_intelligence_indicator_operations.py | 76 +- ...reat_intelligence_indicators_operations.py | 12 +- ...triggered_analytics_rule_run_operations.py | 118 + .../aio/operations/_update_operations.py | 23 +- .../operations/_watchlist_items_operations.py | 39 +- .../aio/operations/_watchlists_operations.py | 38 +- ...pace_manager_assignment_jobs_operations.py | 393 + ...orkspace_manager_assignments_operations.py | 468 + ...space_manager_configurations_operations.py | 468 + .../_workspace_manager_groups_operations.py | 461 + .../_workspace_manager_members_operations.py | 461 + .../mgmt/securityinsight/models/__init__.py | 214 +- .../securityinsight/models/_models_py3.py | 26134 ++++++++++------ .../models/_security_insights_enums.py | 839 +- .../securityinsight/operations/__init__.py | 46 +- .../operations/_actions_operations.py | 64 +- .../operations/_alert_rule_operations.py | 334 + .../_alert_rule_templates_operations.py | 33 +- .../operations/_alert_rules_operations.py | 64 +- .../_automation_rules_operations.py | 65 +- .../_billing_statistics_operations.py | 299 + .../operations/_bookmark_operations.py | 25 +- .../_bookmark_relations_operations.py | 64 +- .../operations/_bookmarks_operations.py | 64 +- .../operations/_content_package_operations.py | 359 + .../_content_packages_operations.py | 334 + .../_content_template_operations.py | 467 + .../_content_templates_operations.py | 226 + .../_data_connector_definitions_operations.py | 621 + ...onnectors_check_requirements_operations.py | 25 +- .../operations/_data_connectors_operations.py | 96 +- .../operations/_domain_whois_operations.py | 20 +- .../_entities_get_timeline_operations.py | 25 +- .../operations/_entities_operations.py | 278 +- .../_entities_relations_operations.py | 20 +- .../operations/_entity_queries_operations.py | 72 +- .../_entity_query_templates_operations.py | 39 +- .../_entity_relations_operations.py | 20 +- .../operations/_file_imports_operations.py | 68 +- .../operations/_get_operations.py | 20 +- .../_get_recommendations_operations.py | 20 +- ...riggered_analytics_rule_runs_operations.py | 189 + .../operations/_hunt_comments_operations.py | 678 + .../operations/_hunt_relations_operations.py | 678 + .../operations/_hunts_operations.py | 631 + .../_incident_comments_operations.py | 65 +- .../_incident_relations_operations.py | 64 +- .../operations/_incident_tasks_operations.py | 64 +- .../operations/_incidents_operations.py | 138 +- .../operations/_ip_geodata_operations.py | 20 +- .../operations/_metadata_operations.py | 90 +- .../operations/_office_consents_operations.py | 46 +- .../securityinsight/operations/_operations.py | 16 +- .../operations/_product_package_operations.py | 162 + .../_product_packages_operations.py | 226 + .../_product_settings_operations.py | 64 +- .../_product_template_operations.py | 162 + .../_product_templates_operations.py | 227 + ...curity_ml_analytics_settings_operations.py | 66 +- .../_sentinel_onboarding_states_operations.py | 64 +- .../operations/_source_control_operations.py | 22 +- .../operations/_source_controls_operations.py | 279 +- ...telligence_indicator_metrics_operations.py | 20 +- ...hreat_intelligence_indicator_operations.py | 120 +- ...reat_intelligence_indicators_operations.py | 20 +- ...triggered_analytics_rule_run_operations.py | 162 + .../operations/_update_operations.py | 31 +- .../operations/_watchlist_items_operations.py | 65 +- .../operations/_watchlists_operations.py | 64 +- ...pace_manager_assignment_jobs_operations.py | 604 + ...orkspace_manager_assignments_operations.py | 671 + ...space_manager_configurations_operations.py | 671 + .../_workspace_manager_groups_operations.py | 663 + .../_workspace_manager_members_operations.py | 663 + .../create_action_of_alert_rule.py | 2 +- .../delete_action_of_alert_rule.py | 5 +- .../get_action_of_alert_rule_by_id.py | 2 +- .../get_all_actions_by_alert_rule.py | 2 +- .../get_alert_rule_template_by_id.py | 2 +- .../get_alert_rule_templates.py | 2 +- .../create_fusion_alert_rule.py | 2 +- ...ert_rule_with_fusion_scenario_exclusion.py | 2 +- ...t_security_incident_creation_alert_rule.py | 2 +- .../create_nrt_alert_rule.py | 2 +- .../create_scheduled_alert_rule.py | 2 +- .../{ => alert_rules}/delete_alert_rule.py | 5 +- .../{ => alert_rules}/get_all_alert_rules.py | 2 +- .../get_fusion_alert_rule.py | 2 +- ...t_security_incident_creation_alert_rule.py | 2 +- .../{ => alert_rules}/get_nrt_alert_rule.py | 2 +- .../get_scheduled_alert_rule.py | 2 +- .../automation_rules_create_or_update.py | 2 +- .../automation_rules_delete.py | 2 +- .../automation_rules_get.py | 2 +- .../automation_rules_list.py | 2 +- .../get_all_billing_statistics.py | 42 + .../get_billing_statistic.py | 42 + .../{ => bookmarks}/create_bookmark.py | 2 +- .../{ => bookmarks}/delete_bookmark.py | 5 +- .../expand}/post_expand_bookmark.py | 2 +- .../{ => bookmarks}/get_bookmark_by_id.py | 2 +- .../{ => bookmarks}/get_bookmarks.py | 2 +- .../relations}/create_bookmark_relation.py | 2 +- .../relations}/delete_bookmark_relation.py | 5 +- .../relations}/get_all_bookmark_relations.py | 2 +- .../get_bookmark_relation_by_name.py | 2 +- .../content_packages/get_package_by_id.py | 42 + .../content_packages/get_packages.py | 42 + .../get_product_package_by_id.py | 42 + .../content_packages/get_product_packages.py | 42 + .../content_packages/install_package.py | 52 + .../content_packages/uninstall_package.py | 41 + .../content_templates/delete_template.py | 41 + .../get_product_template_by_id.py | 42 + .../get_product_templates.py | 42 + .../content_templates/get_template_by_id.py | 42 + .../content_templates/get_templates.py | 42 + .../content_templates/install_template.py | 115 + ..._customizable_data_connector_definition.py | 110 + .../delete_data_connector_definition_by_id.py | 41 + ...mizable_data_connectoe_definition_by_id.py | 42 + .../get_data_connector_definitions.py | 42 + ...eck_requirements_azure_active_directory.py | 45 + ...azure_active_directory_no_authorization.py | 45 + ...ments_azure_active_directory_no_license.py | 45 + ...heck_requirements_azure_security_center.py | 45 + .../check_requirements_dynamics365.py | 45 + .../check_requirements_io_t.py | 45 + .../check_requirements_mdatp.py | 45 + ...quirements_microsoft_cloud_app_security.py | 45 + ...icrosoft_purview_information_protection.py | 45 + ...uirements_microsoft_threat_intelligence.py | 45 + ...equirements_microsoft_threat_protection.py | 45 + .../check_requirements_office365_project.py | 45 + .../check_requirements_office_atp.py | 45 + .../check_requirements_office_irm.py | 45 + .../check_requirements_office_power_bi.py | 45 + .../check_requirements_threat_intelligence.py | 45 + ..._requirements_threat_intelligence_taxii.py | 45 + .../connect_api_polling.py | 5 +- .../connect_api_polling_v2_logs.py | 5 +- .../create_api_polling.py | 2 +- .../create_dynamics365_data_connetor.py | 2 +- .../create_generic_ui.py | 2 +- .../create_google_cloud_platform.py | 60 + ...ew_information_protection_data_connetor.py | 50 + ...soft_threat_intelligence_data_connector.py | 51 + ...crosoft_threat_protection_data_connetor.py | 51 + .../create_office365_project_data_connetor.py | 2 +- .../create_office_data_connetor.py | 2 +- .../create_office_power_bi_data_connector.py | 2 +- ...eate_threat_intelligence_data_connector.py | 2 +- ...hreat_intelligence_taxii_data_connector.py | 2 +- .../delete_api_polling.py | 5 +- .../delete_generic_ui.py | 5 +- .../delete_google_cloud_platform.py | 41 + ...ew_information_protection_data_connetor.py | 41 + ...soft_threat_intelligence_data_connector.py | 41 + .../delete_office365_project_data_connetor.py | 5 +- .../delete_office_data_connetor.py | 5 +- .../delete_office_power_bi_data_connetor.py | 5 +- .../disconnect_api_polling.py | 5 +- ...t_amazon_web_services_cloud_trail_by_id.py | 2 +- .../get_amazon_web_services_s3_by_id.py | 2 +- .../{ => data_connectors}/get_api_polling.py | 2 +- .../get_azure_active_directory_by_id.py | 2 +- ..._azure_advanced_threat_protection_by_id.py | 2 +- .../get_azure_security_center_by_id.py | 2 +- .../get_data_connectors.py | 2 +- .../get_dynamics365_data_connector_by_id.py | 2 +- .../{ => data_connectors}/get_generic_ui.py | 2 +- .../get_google_cloud_platform_by_id.py | 42 + .../{ => data_connectors}/get_io_tby_id.py | 2 +- .../get_microsoft_cloud_app_security_by_id.py | 2 +- ...fender_advanced_threat_protection_by_id.py | 2 +- ...microsoft_insider_risk_management_by_id.py | 2 +- ...ormation_protection_data_connetor_by_id.py | 42 + ...get_microsoft_threat_intelligence_by_id.py | 2 +- .../get_microsoft_threat_protection_by_id.py | 2 +- ...ice365_advanced_threat_protection_by_id.py | 2 +- ...t_office365_project_data_connetor_by_id.py | 2 +- .../get_office_data_connetor_by_id.py | 2 +- ...get_office_power_bi_data_connetor_by_id.py | 2 +- .../get_threat_intelligence_by_id.py | 42 + .../get_threat_intelligence_taxii_by_id.py | 2 +- .../{ => enrichment}/get_geodata_by_ip.py | 2 +- .../get_whois_by_domain_name.py | 2 +- .../expand}/post_expand_entity.py | 2 +- .../get_account_entity_by_id.py | 2 +- .../get_azure_resource_entity_by_id.py | 2 +- .../get_cloud_application_entity_by_id.py | 2 +- .../{ => entities}/get_dns_entity_by_id.py | 2 +- .../{ => entities}/get_entities.py | 2 +- .../{ => entities}/get_file_entity_by_id.py | 2 +- .../get_file_hash_entity_by_id.py | 2 +- .../{ => entities}/get_host_entity_by_id.py | 2 +- .../get_io_tdevice_entity_by_id.py | 2 +- .../{ => entities}/get_ip_entity_by_id.py | 2 +- .../get_mail_cluster_entity_by_id.py | 2 +- .../get_mail_message_entity_by_id.py | 2 +- .../get_mailbox_entity_by_id.py | 2 +- .../get_malware_entity_by_id.py | 2 +- .../get_process_entity_by_id.py | 2 +- .../{ => entities}/get_queries.py | 2 +- .../get_registry_key_entity_by_id.py | 2 +- .../get_registry_value_entity_by_id.py | 2 +- .../get_security_alert_entity_by_id.py | 2 +- .../get_security_group_entity_by_id.py | 2 +- .../get_submission_mail_entity_by_id.py | 2 +- .../{ => entities}/get_url_entity_by_id.py | 2 +- .../insights}/post_get_insights.py | 2 +- .../relations}/get_all_entity_relations.py | 2 +- .../relations}/get_entity_relation_by_name.py | 2 +- .../timeline}/post_timeline_entity.py | 2 +- .../create_entity_query_activity.py | 2 +- .../delete_entity_query.py | 5 +- .../get_activity_entity_query_by_id.py | 2 +- .../get_entity_queries.py | 2 +- .../get_expansion_entity_query_by_id.py | 2 +- ...et_activity_entity_query_template_by_id.py | 2 +- .../get_entity_query_templates.py | 2 +- .../{ => file_imports}/create_file_import.py | 2 +- .../{ => file_imports}/delete_file_import.py | 2 +- .../get_file_import_by_id.py | 2 +- .../{ => file_imports}/get_file_imports.py | 2 +- .../generated_samples/hunts/create_hunt.py | 54 + .../hunts/create_hunt_comment.py | 44 + .../hunts/create_hunt_relation.py | 49 + .../generated_samples/hunts/delete_hunt.py | 41 + .../hunts/delete_hunt_comment.py | 42 + .../hunts/delete_hunt_relation.py | 42 + .../generated_samples/hunts/get_hunt_by_id.py | 42 + .../hunts/get_hunt_comment_by_id.py | 43 + .../hunts/get_hunt_comments.py | 43 + .../hunts/get_hunt_relation_by_id.py | 43 + .../hunts/get_hunt_relations.py | 43 + .../generated_samples/hunts/get_hunts.py | 42 + .../incident_alerts}/incidents_list_alerts.py | 2 +- .../incidents_list_bookmarks.py | 2 +- .../incident_comments_create_or_update.py | 2 +- .../incident_comments_delete.py | 5 +- .../incident_comments_get.py | 2 +- .../incident_comments_list.py | 2 +- .../incidents_list_entities.py | 2 +- .../incident_tasks_create_or_update.py | 2 +- .../incident_tasks}/incident_tasks_delete.py | 5 +- .../incident_tasks}/incident_tasks_get.py | 2 +- .../incident_tasks}/incident_tasks_list.py | 2 +- .../incident_team}/incidents_create_team.py | 2 +- .../incidents_create_or_update.py | 2 +- .../{ => incidents}/incidents_delete.py | 5 +- .../{ => incidents}/incidents_get.py | 2 +- .../{ => incidents}/incidents_list.py | 2 +- .../relations}/create_incident_relation.py | 2 +- .../relations}/delete_incident_relation.py | 5 +- .../relations}/get_all_incident_relations.py | 2 +- .../get_incident_relation_by_name.py | 2 +- .../manual_trigger/entities_run_playbook.py | 41 + .../incidents_run_playbook.py | 2 +- .../{ => metadata}/delete_metadata.py | 5 +- .../{ => metadata}/get_all_metadata.py | 2 +- .../{ => metadata}/get_all_metadata_odata.py | 2 +- .../{ => metadata}/get_metadata.py | 2 +- .../{ => metadata}/patch_metadata.py | 2 +- .../{ => metadata}/put_metadata.py | 2 +- .../{ => metadata}/put_metadata_minimal.py | 2 +- .../delete_office_consents.py | 5 +- .../get_office_consents.py | 2 +- .../get_office_consents_by_id.py | 2 +- .../create_sentinel_onboarding_state.py | 2 +- .../delete_sentinel_onboarding_state.py | 5 +- .../get_all_sentinel_onboarding_states.py | 2 +- .../get_sentinel_onboarding_state.py | 2 +- .../{ => operations}/list_operations.py | 2 +- .../get_recommendation.py | 2 +- .../get_recommendations.py | 2 +- .../patch_recommendation.py | 2 +- .../{ => repositories}/get_repositories.py | 2 +- ...e_anomaly_security_ml_analytics_setting.py | 97 + .../delete_security_ml_analytics_setting.py | 5 +- .../get_all_security_ml_analytics_settings.py | 2 +- ...t_anomaly_security_ml_analytics_setting.py | 2 +- .../{ => settings}/delete_eyes_on_setting.py | 5 +- .../{ => settings}/get_all_settings.py | 2 +- .../{ => settings}/get_eyes_on_setting.py | 2 +- .../{ => settings}/update_eyes_on_setting.py | 2 +- .../create_source_control.py | 12 +- .../delete_source_control.py | 10 +- .../get_source_control_by_id.py | 2 +- .../get_source_controls.py | 2 +- .../append_tags_threat_intelligence.py | 42 + .../collect_threat_intelligence_metrics.py | 2 +- .../create_threat_intelligence.py | 63 + .../delete_threat_intelligence.py | 5 +- .../get_threat_intelligence.py | 2 +- .../get_threat_intelligence_by_id.py | 2 +- .../query_threat_intelligence.py | 51 + .../replace_tags_threat_intelligence.py | 47 + .../update_threat_intelligence.py | 64 + .../trigger_rule_run_post.py | 42 + .../triggered_analytics_rule_run_get.py | 42 + .../triggered_analytics_rule_runs_get.py | 42 + .../{ => watchlists}/create_watchlist.py | 2 +- .../create_watchlist_and_watchlist_items.py | 2 +- .../{ => watchlists}/create_watchlist_item.py | 2 +- .../{ => watchlists}/delete_watchlist.py | 5 +- .../{ => watchlists}/delete_watchlist_item.py | 5 +- .../get_watchlist_by_alias.py | 2 +- .../get_watchlist_item_by_id.py | 2 +- .../{ => watchlists}/get_watchlist_items.py | 2 +- .../{ => watchlists}/get_watchlists.py | 2 +- .../create_job.py | 42 + ..._or_update_workspace_manager_assignment.py | 55 + .../delete_job.py | 42 + .../delete_workspace_manager_assignment.py | 41 + .../get_all_jobs.py | 43 + .../get_all_workspace_manager_assignments.py | 42 + .../workspace_manager_assignments/get_job.py | 43 + .../get_workspace_manager_assignment.py | 42 + ..._update_workspace_manager_configuration.py | 43 + .../delete_workspace_manager_configuration.py | 41 + ...et_all_workspace_manager_configurations.py | 42 + .../get_workspace_manager_configuration.py | 42 + ...reate_or_update_workspace_manager_group.py | 49 + .../delete_workspace_manager_group.py | 41 + .../get_all_workspace_manager_groups.py | 42 + .../get_workspace_manager_group.py | 42 + ...eate_or_update_workspace_manager_member.py | 48 + .../delete_workspace_manager_member.py | 41 + .../get_all_workspace_manager_members.py | 42 + .../get_workspace_manager_member.py | 42 + 388 files changed, 38557 insertions(+), 13081 deletions(-) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_billing_statistics_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_package_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_packages_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_template_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_templates_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connector_definitions_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_triggered_analytics_rule_runs_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunt_comments_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunt_relations_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunts_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_package_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_packages_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_template_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_templates_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_triggered_analytics_rule_run_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_assignment_jobs_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_assignments_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_configurations_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_groups_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_members_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_billing_statistics_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_package_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_packages_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_template_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_templates_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connector_definitions_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_triggered_analytics_rule_runs_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunt_comments_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunt_relations_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunts_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_package_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_packages_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_template_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_templates_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_triggered_analytics_rule_run_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_assignment_jobs_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_assignments_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_configurations_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_groups_operations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_members_operations.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => actions}/create_action_of_alert_rule.py (97%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => actions}/delete_action_of_alert_rule.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => actions}/get_action_of_alert_rule_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => actions}/get_all_actions_by_alert_rule.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rule_templates}/get_alert_rule_template_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rule_templates}/get_alert_rule_templates.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/create_fusion_alert_rule.py (99%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/create_fusion_alert_rule_with_fusion_scenario_exclusion.py (99%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/create_microsoft_security_incident_creation_alert_rule.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/create_nrt_alert_rule.py (97%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/create_scheduled_alert_rule.py (98%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/delete_alert_rule.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/get_all_alert_rules.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/get_fusion_alert_rule.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/get_microsoft_security_incident_creation_alert_rule.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/get_nrt_alert_rule.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => alert_rules}/get_scheduled_alert_rule.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => automation_rules}/automation_rules_create_or_update.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => automation_rules}/automation_rules_delete.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => automation_rules}/automation_rules_get.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => automation_rules}/automation_rules_list.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/billing_statistics/get_all_billing_statistics.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/billing_statistics/get_billing_statistic.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => bookmarks}/create_bookmark.py (97%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => bookmarks}/delete_bookmark.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => bookmarks/expand}/post_expand_bookmark.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => bookmarks}/get_bookmark_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => bookmarks}/get_bookmarks.py (95%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => bookmarks/relations}/create_bookmark_relation.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => bookmarks/relations}/delete_bookmark_relation.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => bookmarks/relations}/get_all_bookmark_relations.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => bookmarks/relations}/get_bookmark_relation_by_name.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_package_by_id.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_packages.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_product_package_by_id.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_product_packages.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/install_package.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/uninstall_package.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/delete_template.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_product_template_by_id.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_product_templates.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_template_by_id.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_templates.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/install_template.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/create_customizable_data_connector_definition.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/delete_data_connector_definition_by_id.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/get_customizable_data_connectoe_definition_by_id.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/get_data_connector_definitions.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory_no_authorization.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory_no_license.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_security_center.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_dynamics365.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_io_t.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_mdatp.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_cloud_app_security.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_purview_information_protection.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_threat_intelligence.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_threat_protection.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office365_project.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_atp.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_irm.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_power_bi.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_threat_intelligence.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_threat_intelligence_taxii.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/connect_api_polling.py (93%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/connect_api_polling_v2_logs.py (94%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/create_api_polling.py (99%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/create_dynamics365_data_connetor.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/create_generic_ui.py (99%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_google_cloud_platform.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_purview_information_protection_data_connetor.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_threat_intelligence_data_connector.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_threat_protection_data_connetor.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/create_office365_project_data_connetor.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/create_office_data_connetor.py (97%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/create_office_power_bi_data_connector.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/create_threat_intelligence_data_connector.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/create_threat_intelligence_taxii_data_connector.py (97%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/delete_api_polling.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/delete_generic_ui.py (92%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_google_cloud_platform.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_microsoft_purview_information_protection_data_connetor.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_microsoft_threat_intelligence_data_connector.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/delete_office365_project_data_connetor.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/delete_office_data_connetor.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/delete_office_power_bi_data_connetor.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/disconnect_api_polling.py (91%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_amazon_web_services_cloud_trail_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_amazon_web_services_s3_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_api_polling.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_azure_active_directory_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_azure_advanced_threat_protection_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_azure_security_center_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_data_connectors.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_dynamics365_data_connector_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_generic_ui.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_google_cloud_platform_by_id.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_io_tby_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_microsoft_cloud_app_security_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_microsoft_defender_advanced_threat_protection_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_microsoft_insider_risk_management_by_id.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_purview_information_protection_data_connetor_by_id.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_microsoft_threat_intelligence_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_microsoft_threat_protection_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_office365_advanced_threat_protection_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_office365_project_data_connetor_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_office_data_connetor_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_office_power_bi_data_connetor_by_id.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_threat_intelligence_by_id.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => data_connectors}/get_threat_intelligence_taxii_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => enrichment}/get_geodata_by_ip.py (95%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => enrichment}/get_whois_by_domain_name.py (95%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities/expand}/post_expand_entity.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_account_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_azure_resource_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_cloud_application_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_dns_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_entities.py (95%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_file_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_file_hash_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_host_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_io_tdevice_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_ip_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_mail_cluster_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_mail_message_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_mailbox_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_malware_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_process_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_queries.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_registry_key_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_registry_value_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_security_alert_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_security_group_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_submission_mail_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities}/get_url_entity_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities/insights}/post_get_insights.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities/relations}/get_all_entity_relations.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities/relations}/get_entity_relation_by_name.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entities/timeline}/post_timeline_entity.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entity_queries}/create_entity_query_activity.py (98%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entity_queries}/delete_entity_query.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entity_queries}/get_activity_entity_query_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entity_queries}/get_entity_queries.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entity_queries}/get_expansion_entity_query_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entity_query_templates}/get_activity_entity_query_template_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => entity_query_templates}/get_entity_query_templates.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => file_imports}/create_file_import.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => file_imports}/delete_file_import.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => file_imports}/get_file_import_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => file_imports}/get_file_imports.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt_comment.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt_relation.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt_comment.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt_relation.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_by_id.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_comment_by_id.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_comments.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_relation_by_id.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_relations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunts.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_alerts}/incidents_list_alerts.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_bookmarks}/incidents_list_bookmarks.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_comments}/incident_comments_create_or_update.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_comments}/incident_comments_delete.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_comments}/incident_comments_get.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_comments}/incident_comments_list.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_entities}/incidents_list_entities.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_tasks}/incident_tasks_create_or_update.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_tasks}/incident_tasks_delete.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_tasks}/incident_tasks_get.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_tasks}/incident_tasks_list.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/incident_team}/incidents_create_team.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents}/incidents_create_or_update.py (97%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents}/incidents_delete.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents}/incidents_get.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents}/incidents_list.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/relations}/create_incident_relation.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/relations}/delete_incident_relation.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/relations}/get_all_incident_relations.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => incidents/relations}/get_incident_relation_by_name.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/manual_trigger/entities_run_playbook.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => manual_trigger}/incidents_run_playbook.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => metadata}/delete_metadata.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => metadata}/get_all_metadata.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => metadata}/get_all_metadata_odata.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => metadata}/get_metadata.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => metadata}/patch_metadata.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => metadata}/put_metadata.py (98%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => metadata}/put_metadata_minimal.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => office_consents}/delete_office_consents.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => office_consents}/get_office_consents.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => office_consents}/get_office_consents_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => onboarding_states}/create_sentinel_onboarding_state.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => onboarding_states}/delete_sentinel_onboarding_state.py (91%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => onboarding_states}/get_all_sentinel_onboarding_states.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => onboarding_states}/get_sentinel_onboarding_state.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => operations}/list_operations.py (95%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => recommendations}/get_recommendation.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => recommendations}/get_recommendations.py (95%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => recommendations}/patch_recommendation.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => repositories}/get_repositories.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/create_anomaly_security_ml_analytics_setting.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => security_ml_analytics_settings}/delete_security_ml_analytics_setting.py (91%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => security_ml_analytics_settings}/get_all_security_ml_analytics_settings.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => security_ml_analytics_settings}/get_anomaly_security_ml_analytics_setting.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => settings}/delete_eyes_on_setting.py (91%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => settings}/get_all_settings.py (95%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => settings}/get_eyes_on_setting.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => settings}/update_eyes_on_setting.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => sourcecontrols}/create_source_control.py (87%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => sourcecontrols}/delete_source_control.py (82%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => sourcecontrols}/get_source_control_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => sourcecontrols}/get_source_controls.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/append_tags_threat_intelligence.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => threatintelligence}/collect_threat_intelligence_metrics.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/create_threat_intelligence.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => threatintelligence}/delete_threat_intelligence.py (91%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => threatintelligence}/get_threat_intelligence.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => threatintelligence}/get_threat_intelligence_by_id.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/query_threat_intelligence.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/replace_tags_threat_intelligence.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/update_threat_intelligence.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/trigger_rule_run_post.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/triggered_analytics_rule_run_get.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/triggered_analytics_rule_runs_get.py rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => watchlists}/create_watchlist.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => watchlists}/create_watchlist_and_watchlist_items.py (97%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => watchlists}/create_watchlist_item.py (97%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => watchlists}/delete_watchlist.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => watchlists}/delete_watchlist_item.py (92%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => watchlists}/get_watchlist_by_alias.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => watchlists}/get_watchlist_item_by_id.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => watchlists}/get_watchlist_items.py (96%) rename sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/{ => watchlists}/get_watchlists.py (96%) create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/create_job.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/create_or_update_workspace_manager_assignment.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/delete_job.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/delete_workspace_manager_assignment.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_all_jobs.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_all_workspace_manager_assignments.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_job.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_workspace_manager_assignment.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/create_or_update_workspace_manager_configuration.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/delete_workspace_manager_configuration.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/get_all_workspace_manager_configurations.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/get_workspace_manager_configuration.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/create_or_update_workspace_manager_group.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/delete_workspace_manager_group.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/get_all_workspace_manager_groups.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/get_workspace_manager_group.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/create_or_update_workspace_manager_member.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/delete_workspace_manager_member.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/get_all_workspace_manager_members.py create mode 100644 sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/get_workspace_manager_member.py diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/_meta.json b/sdk/securityinsight/azure-mgmt-securityinsight/_meta.json index fa7204443a7e..8fab78e7f631 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/_meta.json +++ b/sdk/securityinsight/azure-mgmt-securityinsight/_meta.json @@ -1,11 +1,11 @@ { - "commit": "89a9bf17524904e7670f0fd2d62ac882ca00d85c", + "commit": "7183528b66787ee97e08077b518fe542172552a7", "repository_url": "https://github.com/Azure/azure-rest-api-specs", - "autorest": "3.9.2", + "autorest": "3.9.7", "use": [ - "@autorest/python@6.2.7", - "@autorest/modelerfour@4.24.3" + "@autorest/python@6.7.1", + "@autorest/modelerfour@4.26.2" ], - "autorest_command": "autorest specification/securityinsights/resource-manager/readme.md --generate-sample=True --include-x-ms-examples-original-file=True --python --python-sdks-folder=/home/vsts/work/1/azure-sdk-for-python/sdk --use=@autorest/python@6.2.7 --use=@autorest/modelerfour@4.24.3 --version=3.9.2 --version-tolerant=False", + "autorest_command": "autorest specification/securityinsights/resource-manager/readme.md --generate-sample=True --include-x-ms-examples-original-file=True --python --python-sdks-folder=/mnt/vss/_work/1/s/azure-sdk-for-python/sdk --use=@autorest/python@6.7.1 --use=@autorest/modelerfour@4.26.2 --version=3.9.7 --version-tolerant=False", "readme": "specification/securityinsights/resource-manager/readme.md" } \ No newline at end of file diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_configuration.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_configuration.py index 9b68f6af78ea..aa939dc9ef6f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_configuration.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_configuration.py @@ -6,7 +6,6 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, TYPE_CHECKING from azure.core.configuration import Configuration @@ -15,11 +14,6 @@ from ._version import VERSION -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports - if TYPE_CHECKING: # pylint: disable=unused-import,ungrouped-imports from azure.core.credentials import TokenCredential @@ -35,14 +29,14 @@ class SecurityInsightsConfiguration(Configuration): # pylint: disable=too-many- :type credential: ~azure.core.credentials.TokenCredential :param subscription_id: The ID of the target subscription. Required. :type subscription_id: str - :keyword api_version: Api Version. Default value is "2022-12-01-preview". Note that overriding + :keyword api_version: Api Version. Default value is "2023-08-01-preview". Note that overriding this default value may result in unsupported behavior. :paramtype api_version: str """ def __init__(self, credential: "TokenCredential", subscription_id: str, **kwargs: Any) -> None: super(SecurityInsightsConfiguration, self).__init__(**kwargs) - api_version: Literal["2022-12-01-preview"] = kwargs.pop("api_version", "2022-12-01-preview") + api_version: str = kwargs.pop("api_version", "2023-08-01-preview") if credential is None: raise ValueError("Parameter 'credential' must not be None.") diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_security_insights.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_security_insights.py index 3cde4c860447..327e6a48d388 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_security_insights.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_security_insights.py @@ -17,12 +17,19 @@ from ._serialization import Deserializer, Serializer from .operations import ( ActionsOperations, + AlertRuleOperations, AlertRuleTemplatesOperations, AlertRulesOperations, AutomationRulesOperations, + BillingStatisticsOperations, BookmarkOperations, BookmarkRelationsOperations, BookmarksOperations, + ContentPackageOperations, + ContentPackagesOperations, + ContentTemplateOperations, + ContentTemplatesOperations, + DataConnectorDefinitionsOperations, DataConnectorsCheckRequirementsOperations, DataConnectorsOperations, DomainWhoisOperations, @@ -35,6 +42,10 @@ FileImportsOperations, GetOperations, GetRecommendationsOperations, + GetTriggeredAnalyticsRuleRunsOperations, + HuntCommentsOperations, + HuntRelationsOperations, + HuntsOperations, IPGeodataOperations, IncidentCommentsOperations, IncidentRelationsOperations, @@ -43,7 +54,11 @@ MetadataOperations, OfficeConsentsOperations, Operations, + ProductPackageOperations, + ProductPackagesOperations, ProductSettingsOperations, + ProductTemplateOperations, + ProductTemplatesOperations, SecurityMLAnalyticsSettingsOperations, SentinelOnboardingStatesOperations, SourceControlOperations, @@ -51,9 +66,15 @@ ThreatIntelligenceIndicatorMetricsOperations, ThreatIntelligenceIndicatorOperations, ThreatIntelligenceIndicatorsOperations, + TriggeredAnalyticsRuleRunOperations, UpdateOperations, WatchlistItemsOperations, WatchlistsOperations, + WorkspaceManagerAssignmentJobsOperations, + WorkspaceManagerAssignmentsOperations, + WorkspaceManagerConfigurationsOperations, + WorkspaceManagerGroupsOperations, + WorkspaceManagerMembersOperations, ) if TYPE_CHECKING: @@ -73,20 +94,38 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to azure.mgmt.securityinsight.operations.AlertRuleTemplatesOperations :ivar automation_rules: AutomationRulesOperations operations :vartype automation_rules: azure.mgmt.securityinsight.operations.AutomationRulesOperations + :ivar entities: EntitiesOperations operations + :vartype entities: azure.mgmt.securityinsight.operations.EntitiesOperations :ivar incidents: IncidentsOperations operations :vartype incidents: azure.mgmt.securityinsight.operations.IncidentsOperations + :ivar billing_statistics: BillingStatisticsOperations operations + :vartype billing_statistics: azure.mgmt.securityinsight.operations.BillingStatisticsOperations :ivar bookmarks: BookmarksOperations operations :vartype bookmarks: azure.mgmt.securityinsight.operations.BookmarksOperations :ivar bookmark_relations: BookmarkRelationsOperations operations :vartype bookmark_relations: azure.mgmt.securityinsight.operations.BookmarkRelationsOperations :ivar bookmark: BookmarkOperations operations :vartype bookmark: azure.mgmt.securityinsight.operations.BookmarkOperations + :ivar content_packages: ContentPackagesOperations operations + :vartype content_packages: azure.mgmt.securityinsight.operations.ContentPackagesOperations + :ivar content_package: ContentPackageOperations operations + :vartype content_package: azure.mgmt.securityinsight.operations.ContentPackageOperations + :ivar product_packages: ProductPackagesOperations operations + :vartype product_packages: azure.mgmt.securityinsight.operations.ProductPackagesOperations + :ivar product_package: ProductPackageOperations operations + :vartype product_package: azure.mgmt.securityinsight.operations.ProductPackageOperations + :ivar product_templates: ProductTemplatesOperations operations + :vartype product_templates: azure.mgmt.securityinsight.operations.ProductTemplatesOperations + :ivar product_template: ProductTemplateOperations operations + :vartype product_template: azure.mgmt.securityinsight.operations.ProductTemplateOperations + :ivar content_templates: ContentTemplatesOperations operations + :vartype content_templates: azure.mgmt.securityinsight.operations.ContentTemplatesOperations + :ivar content_template: ContentTemplateOperations operations + :vartype content_template: azure.mgmt.securityinsight.operations.ContentTemplateOperations :ivar ip_geodata: IPGeodataOperations operations :vartype ip_geodata: azure.mgmt.securityinsight.operations.IPGeodataOperations :ivar domain_whois: DomainWhoisOperations operations :vartype domain_whois: azure.mgmt.securityinsight.operations.DomainWhoisOperations - :ivar entities: EntitiesOperations operations - :vartype entities: azure.mgmt.securityinsight.operations.EntitiesOperations :ivar entities_get_timeline: EntitiesGetTimelineOperations operations :vartype entities_get_timeline: azure.mgmt.securityinsight.operations.EntitiesGetTimelineOperations @@ -101,6 +140,12 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to azure.mgmt.securityinsight.operations.EntityQueryTemplatesOperations :ivar file_imports: FileImportsOperations operations :vartype file_imports: azure.mgmt.securityinsight.operations.FileImportsOperations + :ivar hunts: HuntsOperations operations + :vartype hunts: azure.mgmt.securityinsight.operations.HuntsOperations + :ivar hunt_relations: HuntRelationsOperations operations + :vartype hunt_relations: azure.mgmt.securityinsight.operations.HuntRelationsOperations + :ivar hunt_comments: HuntCommentsOperations operations + :vartype hunt_comments: azure.mgmt.securityinsight.operations.HuntCommentsOperations :ivar incident_comments: IncidentCommentsOperations operations :vartype incident_comments: azure.mgmt.securityinsight.operations.IncidentCommentsOperations :ivar incident_relations: IncidentRelationsOperations operations @@ -140,10 +185,36 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to operations :vartype threat_intelligence_indicator_metrics: azure.mgmt.securityinsight.operations.ThreatIntelligenceIndicatorMetricsOperations + :ivar triggered_analytics_rule_run: TriggeredAnalyticsRuleRunOperations operations + :vartype triggered_analytics_rule_run: + azure.mgmt.securityinsight.operations.TriggeredAnalyticsRuleRunOperations + :ivar get_triggered_analytics_rule_runs: GetTriggeredAnalyticsRuleRunsOperations operations + :vartype get_triggered_analytics_rule_runs: + azure.mgmt.securityinsight.operations.GetTriggeredAnalyticsRuleRunsOperations + :ivar alert_rule: AlertRuleOperations operations + :vartype alert_rule: azure.mgmt.securityinsight.operations.AlertRuleOperations :ivar watchlists: WatchlistsOperations operations :vartype watchlists: azure.mgmt.securityinsight.operations.WatchlistsOperations :ivar watchlist_items: WatchlistItemsOperations operations :vartype watchlist_items: azure.mgmt.securityinsight.operations.WatchlistItemsOperations + :ivar workspace_manager_assignments: WorkspaceManagerAssignmentsOperations operations + :vartype workspace_manager_assignments: + azure.mgmt.securityinsight.operations.WorkspaceManagerAssignmentsOperations + :ivar workspace_manager_assignment_jobs: WorkspaceManagerAssignmentJobsOperations operations + :vartype workspace_manager_assignment_jobs: + azure.mgmt.securityinsight.operations.WorkspaceManagerAssignmentJobsOperations + :ivar workspace_manager_configurations: WorkspaceManagerConfigurationsOperations operations + :vartype workspace_manager_configurations: + azure.mgmt.securityinsight.operations.WorkspaceManagerConfigurationsOperations + :ivar workspace_manager_groups: WorkspaceManagerGroupsOperations operations + :vartype workspace_manager_groups: + azure.mgmt.securityinsight.operations.WorkspaceManagerGroupsOperations + :ivar workspace_manager_members: WorkspaceManagerMembersOperations operations + :vartype workspace_manager_members: + azure.mgmt.securityinsight.operations.WorkspaceManagerMembersOperations + :ivar data_connector_definitions: DataConnectorDefinitionsOperations operations + :vartype data_connector_definitions: + azure.mgmt.securityinsight.operations.DataConnectorDefinitionsOperations :ivar data_connectors: DataConnectorsOperations operations :vartype data_connectors: azure.mgmt.securityinsight.operations.DataConnectorsOperations :ivar data_connectors_check_requirements: DataConnectorsCheckRequirementsOperations operations @@ -157,7 +228,7 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to :type subscription_id: str :param base_url: Service URL. Default value is "https://management.azure.com". :type base_url: str - :keyword api_version: Api Version. Default value is "2022-12-01-preview". Note that overriding + :keyword api_version: Api Version. Default value is "2023-08-01-preview". Note that overriding this default value may result in unsupported behavior. :paramtype api_version: str :keyword int polling_interval: Default waiting time between two polls for LRO operations if no @@ -172,7 +243,7 @@ def __init__( **kwargs: Any ) -> None: self._config = SecurityInsightsConfiguration(credential=credential, subscription_id=subscription_id, **kwargs) - self._client = ARMPipelineClient(base_url=base_url, config=self._config, **kwargs) + self._client: ARMPipelineClient = ARMPipelineClient(base_url=base_url, config=self._config, **kwargs) client_models = {k: v for k, v in _models.__dict__.items() if isinstance(v, type)} self._serialize = Serializer(client_models) @@ -186,15 +257,38 @@ def __init__( self.automation_rules = AutomationRulesOperations( self._client, self._config, self._serialize, self._deserialize ) + self.entities = EntitiesOperations(self._client, self._config, self._serialize, self._deserialize) self.incidents = IncidentsOperations(self._client, self._config, self._serialize, self._deserialize) + self.billing_statistics = BillingStatisticsOperations( + self._client, self._config, self._serialize, self._deserialize + ) self.bookmarks = BookmarksOperations(self._client, self._config, self._serialize, self._deserialize) self.bookmark_relations = BookmarkRelationsOperations( self._client, self._config, self._serialize, self._deserialize ) self.bookmark = BookmarkOperations(self._client, self._config, self._serialize, self._deserialize) + self.content_packages = ContentPackagesOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.content_package = ContentPackageOperations(self._client, self._config, self._serialize, self._deserialize) + self.product_packages = ProductPackagesOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.product_package = ProductPackageOperations(self._client, self._config, self._serialize, self._deserialize) + self.product_templates = ProductTemplatesOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.product_template = ProductTemplateOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.content_templates = ContentTemplatesOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.content_template = ContentTemplateOperations( + self._client, self._config, self._serialize, self._deserialize + ) self.ip_geodata = IPGeodataOperations(self._client, self._config, self._serialize, self._deserialize) self.domain_whois = DomainWhoisOperations(self._client, self._config, self._serialize, self._deserialize) - self.entities = EntitiesOperations(self._client, self._config, self._serialize, self._deserialize) self.entities_get_timeline = EntitiesGetTimelineOperations( self._client, self._config, self._serialize, self._deserialize ) @@ -209,6 +303,9 @@ def __init__( self._client, self._config, self._serialize, self._deserialize ) self.file_imports = FileImportsOperations(self._client, self._config, self._serialize, self._deserialize) + self.hunts = HuntsOperations(self._client, self._config, self._serialize, self._deserialize) + self.hunt_relations = HuntRelationsOperations(self._client, self._config, self._serialize, self._deserialize) + self.hunt_comments = HuntCommentsOperations(self._client, self._config, self._serialize, self._deserialize) self.incident_comments = IncidentCommentsOperations( self._client, self._config, self._serialize, self._deserialize ) @@ -243,8 +340,33 @@ def __init__( self.threat_intelligence_indicator_metrics = ThreatIntelligenceIndicatorMetricsOperations( self._client, self._config, self._serialize, self._deserialize ) + self.triggered_analytics_rule_run = TriggeredAnalyticsRuleRunOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.get_triggered_analytics_rule_runs = GetTriggeredAnalyticsRuleRunsOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.alert_rule = AlertRuleOperations(self._client, self._config, self._serialize, self._deserialize) self.watchlists = WatchlistsOperations(self._client, self._config, self._serialize, self._deserialize) self.watchlist_items = WatchlistItemsOperations(self._client, self._config, self._serialize, self._deserialize) + self.workspace_manager_assignments = WorkspaceManagerAssignmentsOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.workspace_manager_assignment_jobs = WorkspaceManagerAssignmentJobsOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.workspace_manager_configurations = WorkspaceManagerConfigurationsOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.workspace_manager_groups = WorkspaceManagerGroupsOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.workspace_manager_members = WorkspaceManagerMembersOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.data_connector_definitions = DataConnectorDefinitionsOperations( + self._client, self._config, self._serialize, self._deserialize + ) self.data_connectors = DataConnectorsOperations(self._client, self._config, self._serialize, self._deserialize) self.data_connectors_check_requirements = DataConnectorsCheckRequirementsOperations( self._client, self._config, self._serialize, self._deserialize @@ -280,5 +402,5 @@ def __enter__(self) -> "SecurityInsights": self._client.__enter__() return self - def __exit__(self, *exc_details) -> None: + def __exit__(self, *exc_details: Any) -> None: self._client.__exit__(*exc_details) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_serialization.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_serialization.py index 2c170e28dbca..4bae2292227b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_serialization.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_serialization.py @@ -38,7 +38,22 @@ import re import sys import codecs -from typing import Optional, Union, AnyStr, IO, Mapping +from typing import ( + Dict, + Any, + cast, + Optional, + Union, + AnyStr, + IO, + Mapping, + Callable, + TypeVar, + MutableMapping, + Type, + List, + Mapping, +) try: from urllib import quote # type: ignore @@ -48,12 +63,14 @@ import isodate # type: ignore -from typing import Dict, Any, cast - from azure.core.exceptions import DeserializationError, SerializationError, raise_with_traceback +from azure.core.serialization import NULL as AzureCoreNull _BOM = codecs.BOM_UTF8.decode(encoding="utf-8") +ModelType = TypeVar("ModelType", bound="Model") +JSON = MutableMapping[str, Any] + class RawDeserializer: @@ -277,8 +294,8 @@ class Model(object): _attribute_map: Dict[str, Dict[str, Any]] = {} _validation: Dict[str, Dict[str, Any]] = {} - def __init__(self, **kwargs): - self.additional_properties = {} + def __init__(self, **kwargs: Any) -> None: + self.additional_properties: Dict[str, Any] = {} for k in kwargs: if k not in self._attribute_map: _LOGGER.warning("%s is not a known attribute of class %s and will be ignored", k, self.__class__) @@ -287,25 +304,25 @@ def __init__(self, **kwargs): else: setattr(self, k, kwargs[k]) - def __eq__(self, other): + def __eq__(self, other: Any) -> bool: """Compare objects by comparing all attributes.""" if isinstance(other, self.__class__): return self.__dict__ == other.__dict__ return False - def __ne__(self, other): + def __ne__(self, other: Any) -> bool: """Compare objects by comparing all attributes.""" return not self.__eq__(other) - def __str__(self): + def __str__(self) -> str: return str(self.__dict__) @classmethod - def enable_additional_properties_sending(cls): + def enable_additional_properties_sending(cls) -> None: cls._attribute_map["additional_properties"] = {"key": "", "type": "{object}"} @classmethod - def is_xml_model(cls): + def is_xml_model(cls) -> bool: try: cls._xml_map # type: ignore except AttributeError: @@ -322,7 +339,7 @@ def _create_xml_node(cls): return _create_xml_node(xml_map.get("name", cls.__name__), xml_map.get("prefix", None), xml_map.get("ns", None)) - def serialize(self, keep_readonly=False, **kwargs): + def serialize(self, keep_readonly: bool = False, **kwargs: Any) -> JSON: """Return the JSON that would be sent to azure from this model. This is an alias to `as_dict(full_restapi_key_transformer, keep_readonly=False)`. @@ -336,8 +353,13 @@ def serialize(self, keep_readonly=False, **kwargs): serializer = Serializer(self._infer_class_models()) return serializer._serialize(self, keep_readonly=keep_readonly, **kwargs) - def as_dict(self, keep_readonly=True, key_transformer=attribute_transformer, **kwargs): - """Return a dict that can be JSONify using json.dump. + def as_dict( + self, + keep_readonly: bool = True, + key_transformer: Callable[[str, Dict[str, Any], Any], Any] = attribute_transformer, + **kwargs: Any + ) -> JSON: + """Return a dict that can be serialized using json.dump. Advanced usage might optionally use a callback as parameter: @@ -384,7 +406,7 @@ def _infer_class_models(cls): return client_models @classmethod - def deserialize(cls, data, content_type=None): + def deserialize(cls: Type[ModelType], data: Any, content_type: Optional[str] = None) -> ModelType: """Parse a str using the RestAPI syntax and return a model. :param str data: A str using RestAPI structure. JSON by default. @@ -396,7 +418,12 @@ def deserialize(cls, data, content_type=None): return deserializer(cls.__name__, data, content_type=content_type) @classmethod - def from_dict(cls, data, key_extractors=None, content_type=None): + def from_dict( + cls: Type[ModelType], + data: Any, + key_extractors: Optional[Callable[[str, Dict[str, Any], Any], Any]] = None, + content_type: Optional[str] = None, + ) -> ModelType: """Parse a dict using given key extractor return a model. By default consider key @@ -409,8 +436,8 @@ def from_dict(cls, data, key_extractors=None, content_type=None): :raises: DeserializationError if something went wrong """ deserializer = Deserializer(cls._infer_class_models()) - deserializer.key_extractors = ( - [ + deserializer.key_extractors = ( # type: ignore + [ # type: ignore attribute_key_case_insensitive_extractor, rest_key_case_insensitive_extractor, last_rest_key_case_insensitive_extractor, @@ -518,7 +545,7 @@ class Serializer(object): "multiple": lambda x, y: x % y != 0, } - def __init__(self, classes=None): + def __init__(self, classes: Optional[Mapping[str, Type[ModelType]]] = None): self.serialize_type = { "iso-8601": Serializer.serialize_iso, "rfc-1123": Serializer.serialize_rfc, @@ -534,7 +561,7 @@ def __init__(self, classes=None): "[]": self.serialize_iter, "{}": self.serialize_dict, } - self.dependencies = dict(classes) if classes else {} + self.dependencies: Dict[str, Type[ModelType]] = dict(classes) if classes else {} self.key_transformer = full_restapi_key_transformer self.client_side_validation = True @@ -602,7 +629,7 @@ def _serialize(self, target_obj, data_type=None, **kwargs): if xml_desc.get("attr", False): if xml_ns: ET.register_namespace(xml_prefix, xml_ns) - xml_name = "{}{}".format(xml_ns, xml_name) + xml_name = "{{{}}}{}".format(xml_ns, xml_name) serialized.set(xml_name, new_attr) # type: ignore continue if xml_desc.get("text", False): @@ -626,8 +653,7 @@ def _serialize(self, target_obj, data_type=None, **kwargs): serialized.append(local_node) # type: ignore else: # JSON for k in reversed(keys): # type: ignore - unflattened = {k: new_attr} - new_attr = unflattened + new_attr = {k: new_attr} _new_attr = new_attr _serialized = serialized @@ -636,8 +662,9 @@ def _serialize(self, target_obj, data_type=None, **kwargs): _serialized.update(_new_attr) # type: ignore _new_attr = _new_attr[k] # type: ignore _serialized = _serialized[k] - except ValueError: - continue + except ValueError as err: + if isinstance(err, SerializationError): + raise except (AttributeError, KeyError, TypeError) as err: msg = "Attribute {} in object {} cannot be serialized.\n{}".format(attr_name, class_name, str(target_obj)) @@ -656,8 +683,8 @@ def body(self, data, data_type, **kwargs): """ # Just in case this is a dict - internal_data_type = data_type.strip("[]{}") - internal_data_type = self.dependencies.get(internal_data_type, None) + internal_data_type_str = data_type.strip("[]{}") + internal_data_type = self.dependencies.get(internal_data_type_str, None) try: is_xml_model_serialization = kwargs["is_xml"] except KeyError: @@ -715,6 +742,8 @@ def query(self, name, data, data_type, **kwargs): :param data: The data to be serialized. :param str data_type: The type to be serialized from. + :keyword bool skip_quote: Whether to skip quote the serialized result. + Defaults to False. :rtype: str :raises: TypeError if serialization fails. :raises: ValueError if data is None @@ -723,10 +752,8 @@ def query(self, name, data, data_type, **kwargs): # Treat the list aside, since we don't want to encode the div separator if data_type.startswith("["): internal_data_type = data_type[1:-1] - data = [self.serialize_data(d, internal_data_type, **kwargs) if d is not None else "" for d in data] - if not kwargs.get("skip_quote", False): - data = [quote(str(d), safe="") for d in data] - return str(self.serialize_iter(data, internal_data_type, **kwargs)) + do_quote = not kwargs.get("skip_quote", False) + return str(self.serialize_iter(data, internal_data_type, do_quote=do_quote, **kwargs)) # Not a list, regular serialization output = self.serialize_data(data, data_type, **kwargs) @@ -777,6 +804,8 @@ def serialize_data(self, data, data_type, **kwargs): raise ValueError("No value for given attribute") try: + if data is AzureCoreNull: + return None if data_type in self.basic_types.values(): return self.serialize_basic(data, data_type, **kwargs) @@ -863,6 +892,8 @@ def serialize_iter(self, data, iter_type, div=None, **kwargs): not be None or empty. :param str div: If set, this str will be used to combine the elements in the iterable into a combined string. Default is 'None'. + :keyword bool do_quote: Whether to quote the serialized result of each iterable element. + Defaults to False. :rtype: list, str """ if isinstance(data, str): @@ -875,9 +906,14 @@ def serialize_iter(self, data, iter_type, div=None, **kwargs): for d in data: try: serialized.append(self.serialize_data(d, iter_type, **kwargs)) - except ValueError: + except ValueError as err: + if isinstance(err, SerializationError): + raise serialized.append(None) + if kwargs.get("do_quote", False): + serialized = ["" if s is None else quote(str(s), safe="") for s in serialized] + if div: serialized = ["" if s is None else str(s) for s in serialized] serialized = div.join(serialized) @@ -922,7 +958,9 @@ def serialize_dict(self, attr, dict_type, **kwargs): for key, value in attr.items(): try: serialized[self.serialize_unicode(key)] = self.serialize_data(value, dict_type, **kwargs) - except ValueError: + except ValueError as err: + if isinstance(err, SerializationError): + raise serialized[self.serialize_unicode(key)] = None if "xml" in serialization_ctxt: @@ -1161,7 +1199,8 @@ def rest_key_extractor(attr, attr_desc, data): working_data = data while "." in key: - dict_keys = _FLATTEN.split(key) + # Need the cast, as for some reasons "split" is typed as list[str | Any] + dict_keys = cast(List[str], _FLATTEN.split(key)) if len(dict_keys) == 1: key = _decode_attribute_map_key(dict_keys[0]) break @@ -1242,7 +1281,7 @@ def _extract_name_from_internal_type(internal_type): xml_name = internal_type_xml_map.get("name", internal_type.__name__) xml_ns = internal_type_xml_map.get("ns", None) if xml_ns: - xml_name = "{}{}".format(xml_ns, xml_name) + xml_name = "{{{}}}{}".format(xml_ns, xml_name) return xml_name @@ -1266,7 +1305,7 @@ def xml_key_extractor(attr, attr_desc, data): # Integrate namespace if necessary xml_ns = xml_desc.get("ns", internal_type_xml_map.get("ns", None)) if xml_ns: - xml_name = "{}{}".format(xml_ns, xml_name) + xml_name = "{{{}}}{}".format(xml_ns, xml_name) # If it's an attribute, that's simple if xml_desc.get("attr", False): @@ -1332,7 +1371,7 @@ class Deserializer(object): valid_date = re.compile(r"\d{4}[-]\d{2}[-]\d{2}T\d{2}:\d{2}:\d{2}" r"\.?\d*Z?[-+]?[\d{2}]?:?[\d{2}]?") - def __init__(self, classes=None): + def __init__(self, classes: Optional[Mapping[str, Type[ModelType]]] = None): self.deserialize_type = { "iso-8601": Deserializer.deserialize_iso, "rfc-1123": Deserializer.deserialize_rfc, @@ -1352,7 +1391,7 @@ def __init__(self, classes=None): "duration": (isodate.Duration, datetime.timedelta), "iso-8601": (datetime.datetime), } - self.dependencies = dict(classes) if classes else {} + self.dependencies: Dict[str, Type[ModelType]] = dict(classes) if classes else {} self.key_extractors = [rest_key_extractor, xml_key_extractor] # Additional properties only works if the "rest_key_extractor" is used to # extract the keys. Making it to work whatever the key extractor is too much @@ -1471,7 +1510,7 @@ def _classify_target(self, target, data): Once classification has been determined, initialize object. :param str target: The target object type to deserialize to. - :param str/dict data: The response data to deseralize. + :param str/dict data: The response data to deserialize. """ if target is None: return None, None @@ -1486,7 +1525,7 @@ def _classify_target(self, target, data): target = target._classify(data, self.dependencies) except AttributeError: pass # Target is not a Model, no classify - return target, target.__class__.__name__ + return target, target.__class__.__name__ # type: ignore def failsafe_deserialize(self, target_obj, data, content_type=None): """Ignores any errors encountered in deserialization, @@ -1496,7 +1535,7 @@ def failsafe_deserialize(self, target_obj, data, content_type=None): a deserialization error. :param str target_obj: The target object type to deserialize to. - :param str/dict data: The response data to deseralize. + :param str/dict data: The response data to deserialize. :param str content_type: Swagger "produces" if available. """ try: diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_vendor.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_vendor.py index 9aad73fc743e..0dafe0e287ff 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_vendor.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_vendor.py @@ -14,14 +14,3 @@ def _convert_request(request, files=None): if files: request.set_formdata_body(files) return request - - -def _format_url_section(template, **kwargs): - components = template.split("/") - while components: - try: - return template.format(**kwargs) - except KeyError as key: - formatted_components = template.split("/") - components = [c for c in formatted_components if "{}".format(key.args[0]) not in c] - template = "/".join(components) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_version.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_version.py index 2eda20789583..e5754a47ce68 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_version.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_version.py @@ -6,4 +6,4 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -VERSION = "2.0.0b2" +VERSION = "1.0.0b1" diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_configuration.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_configuration.py index e334994b3258..47e4fabe024d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_configuration.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_configuration.py @@ -6,7 +6,6 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, TYPE_CHECKING from azure.core.configuration import Configuration @@ -15,11 +14,6 @@ from .._version import VERSION -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports - if TYPE_CHECKING: # pylint: disable=unused-import,ungrouped-imports from azure.core.credentials_async import AsyncTokenCredential @@ -35,14 +29,14 @@ class SecurityInsightsConfiguration(Configuration): # pylint: disable=too-many- :type credential: ~azure.core.credentials_async.AsyncTokenCredential :param subscription_id: The ID of the target subscription. Required. :type subscription_id: str - :keyword api_version: Api Version. Default value is "2022-12-01-preview". Note that overriding + :keyword api_version: Api Version. Default value is "2023-08-01-preview". Note that overriding this default value may result in unsupported behavior. :paramtype api_version: str """ def __init__(self, credential: "AsyncTokenCredential", subscription_id: str, **kwargs: Any) -> None: super(SecurityInsightsConfiguration, self).__init__(**kwargs) - api_version: Literal["2022-12-01-preview"] = kwargs.pop("api_version", "2022-12-01-preview") + api_version: str = kwargs.pop("api_version", "2023-08-01-preview") if credential is None: raise ValueError("Parameter 'credential' must not be None.") diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_security_insights.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_security_insights.py index 6a0f5faa2f24..e9eafb98dd82 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_security_insights.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_security_insights.py @@ -17,12 +17,19 @@ from ._configuration import SecurityInsightsConfiguration from .operations import ( ActionsOperations, + AlertRuleOperations, AlertRuleTemplatesOperations, AlertRulesOperations, AutomationRulesOperations, + BillingStatisticsOperations, BookmarkOperations, BookmarkRelationsOperations, BookmarksOperations, + ContentPackageOperations, + ContentPackagesOperations, + ContentTemplateOperations, + ContentTemplatesOperations, + DataConnectorDefinitionsOperations, DataConnectorsCheckRequirementsOperations, DataConnectorsOperations, DomainWhoisOperations, @@ -35,6 +42,10 @@ FileImportsOperations, GetOperations, GetRecommendationsOperations, + GetTriggeredAnalyticsRuleRunsOperations, + HuntCommentsOperations, + HuntRelationsOperations, + HuntsOperations, IPGeodataOperations, IncidentCommentsOperations, IncidentRelationsOperations, @@ -43,7 +54,11 @@ MetadataOperations, OfficeConsentsOperations, Operations, + ProductPackageOperations, + ProductPackagesOperations, ProductSettingsOperations, + ProductTemplateOperations, + ProductTemplatesOperations, SecurityMLAnalyticsSettingsOperations, SentinelOnboardingStatesOperations, SourceControlOperations, @@ -51,9 +66,15 @@ ThreatIntelligenceIndicatorMetricsOperations, ThreatIntelligenceIndicatorOperations, ThreatIntelligenceIndicatorsOperations, + TriggeredAnalyticsRuleRunOperations, UpdateOperations, WatchlistItemsOperations, WatchlistsOperations, + WorkspaceManagerAssignmentJobsOperations, + WorkspaceManagerAssignmentsOperations, + WorkspaceManagerConfigurationsOperations, + WorkspaceManagerGroupsOperations, + WorkspaceManagerMembersOperations, ) if TYPE_CHECKING: @@ -73,8 +94,13 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to azure.mgmt.securityinsight.aio.operations.AlertRuleTemplatesOperations :ivar automation_rules: AutomationRulesOperations operations :vartype automation_rules: azure.mgmt.securityinsight.aio.operations.AutomationRulesOperations + :ivar entities: EntitiesOperations operations + :vartype entities: azure.mgmt.securityinsight.aio.operations.EntitiesOperations :ivar incidents: IncidentsOperations operations :vartype incidents: azure.mgmt.securityinsight.aio.operations.IncidentsOperations + :ivar billing_statistics: BillingStatisticsOperations operations + :vartype billing_statistics: + azure.mgmt.securityinsight.aio.operations.BillingStatisticsOperations :ivar bookmarks: BookmarksOperations operations :vartype bookmarks: azure.mgmt.securityinsight.aio.operations.BookmarksOperations :ivar bookmark_relations: BookmarkRelationsOperations operations @@ -82,12 +108,28 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to azure.mgmt.securityinsight.aio.operations.BookmarkRelationsOperations :ivar bookmark: BookmarkOperations operations :vartype bookmark: azure.mgmt.securityinsight.aio.operations.BookmarkOperations + :ivar content_packages: ContentPackagesOperations operations + :vartype content_packages: azure.mgmt.securityinsight.aio.operations.ContentPackagesOperations + :ivar content_package: ContentPackageOperations operations + :vartype content_package: azure.mgmt.securityinsight.aio.operations.ContentPackageOperations + :ivar product_packages: ProductPackagesOperations operations + :vartype product_packages: azure.mgmt.securityinsight.aio.operations.ProductPackagesOperations + :ivar product_package: ProductPackageOperations operations + :vartype product_package: azure.mgmt.securityinsight.aio.operations.ProductPackageOperations + :ivar product_templates: ProductTemplatesOperations operations + :vartype product_templates: + azure.mgmt.securityinsight.aio.operations.ProductTemplatesOperations + :ivar product_template: ProductTemplateOperations operations + :vartype product_template: azure.mgmt.securityinsight.aio.operations.ProductTemplateOperations + :ivar content_templates: ContentTemplatesOperations operations + :vartype content_templates: + azure.mgmt.securityinsight.aio.operations.ContentTemplatesOperations + :ivar content_template: ContentTemplateOperations operations + :vartype content_template: azure.mgmt.securityinsight.aio.operations.ContentTemplateOperations :ivar ip_geodata: IPGeodataOperations operations :vartype ip_geodata: azure.mgmt.securityinsight.aio.operations.IPGeodataOperations :ivar domain_whois: DomainWhoisOperations operations :vartype domain_whois: azure.mgmt.securityinsight.aio.operations.DomainWhoisOperations - :ivar entities: EntitiesOperations operations - :vartype entities: azure.mgmt.securityinsight.aio.operations.EntitiesOperations :ivar entities_get_timeline: EntitiesGetTimelineOperations operations :vartype entities_get_timeline: azure.mgmt.securityinsight.aio.operations.EntitiesGetTimelineOperations @@ -103,6 +145,12 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to azure.mgmt.securityinsight.aio.operations.EntityQueryTemplatesOperations :ivar file_imports: FileImportsOperations operations :vartype file_imports: azure.mgmt.securityinsight.aio.operations.FileImportsOperations + :ivar hunts: HuntsOperations operations + :vartype hunts: azure.mgmt.securityinsight.aio.operations.HuntsOperations + :ivar hunt_relations: HuntRelationsOperations operations + :vartype hunt_relations: azure.mgmt.securityinsight.aio.operations.HuntRelationsOperations + :ivar hunt_comments: HuntCommentsOperations operations + :vartype hunt_comments: azure.mgmt.securityinsight.aio.operations.HuntCommentsOperations :ivar incident_comments: IncidentCommentsOperations operations :vartype incident_comments: azure.mgmt.securityinsight.aio.operations.IncidentCommentsOperations @@ -144,10 +192,36 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to operations :vartype threat_intelligence_indicator_metrics: azure.mgmt.securityinsight.aio.operations.ThreatIntelligenceIndicatorMetricsOperations + :ivar triggered_analytics_rule_run: TriggeredAnalyticsRuleRunOperations operations + :vartype triggered_analytics_rule_run: + azure.mgmt.securityinsight.aio.operations.TriggeredAnalyticsRuleRunOperations + :ivar get_triggered_analytics_rule_runs: GetTriggeredAnalyticsRuleRunsOperations operations + :vartype get_triggered_analytics_rule_runs: + azure.mgmt.securityinsight.aio.operations.GetTriggeredAnalyticsRuleRunsOperations + :ivar alert_rule: AlertRuleOperations operations + :vartype alert_rule: azure.mgmt.securityinsight.aio.operations.AlertRuleOperations :ivar watchlists: WatchlistsOperations operations :vartype watchlists: azure.mgmt.securityinsight.aio.operations.WatchlistsOperations :ivar watchlist_items: WatchlistItemsOperations operations :vartype watchlist_items: azure.mgmt.securityinsight.aio.operations.WatchlistItemsOperations + :ivar workspace_manager_assignments: WorkspaceManagerAssignmentsOperations operations + :vartype workspace_manager_assignments: + azure.mgmt.securityinsight.aio.operations.WorkspaceManagerAssignmentsOperations + :ivar workspace_manager_assignment_jobs: WorkspaceManagerAssignmentJobsOperations operations + :vartype workspace_manager_assignment_jobs: + azure.mgmt.securityinsight.aio.operations.WorkspaceManagerAssignmentJobsOperations + :ivar workspace_manager_configurations: WorkspaceManagerConfigurationsOperations operations + :vartype workspace_manager_configurations: + azure.mgmt.securityinsight.aio.operations.WorkspaceManagerConfigurationsOperations + :ivar workspace_manager_groups: WorkspaceManagerGroupsOperations operations + :vartype workspace_manager_groups: + azure.mgmt.securityinsight.aio.operations.WorkspaceManagerGroupsOperations + :ivar workspace_manager_members: WorkspaceManagerMembersOperations operations + :vartype workspace_manager_members: + azure.mgmt.securityinsight.aio.operations.WorkspaceManagerMembersOperations + :ivar data_connector_definitions: DataConnectorDefinitionsOperations operations + :vartype data_connector_definitions: + azure.mgmt.securityinsight.aio.operations.DataConnectorDefinitionsOperations :ivar data_connectors: DataConnectorsOperations operations :vartype data_connectors: azure.mgmt.securityinsight.aio.operations.DataConnectorsOperations :ivar data_connectors_check_requirements: DataConnectorsCheckRequirementsOperations operations @@ -161,7 +235,7 @@ class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,to :type subscription_id: str :param base_url: Service URL. Default value is "https://management.azure.com". :type base_url: str - :keyword api_version: Api Version. Default value is "2022-12-01-preview". Note that overriding + :keyword api_version: Api Version. Default value is "2023-08-01-preview". Note that overriding this default value may result in unsupported behavior. :paramtype api_version: str :keyword int polling_interval: Default waiting time between two polls for LRO operations if no @@ -176,7 +250,7 @@ def __init__( **kwargs: Any ) -> None: self._config = SecurityInsightsConfiguration(credential=credential, subscription_id=subscription_id, **kwargs) - self._client = AsyncARMPipelineClient(base_url=base_url, config=self._config, **kwargs) + self._client: AsyncARMPipelineClient = AsyncARMPipelineClient(base_url=base_url, config=self._config, **kwargs) client_models = {k: v for k, v in _models.__dict__.items() if isinstance(v, type)} self._serialize = Serializer(client_models) @@ -190,15 +264,38 @@ def __init__( self.automation_rules = AutomationRulesOperations( self._client, self._config, self._serialize, self._deserialize ) + self.entities = EntitiesOperations(self._client, self._config, self._serialize, self._deserialize) self.incidents = IncidentsOperations(self._client, self._config, self._serialize, self._deserialize) + self.billing_statistics = BillingStatisticsOperations( + self._client, self._config, self._serialize, self._deserialize + ) self.bookmarks = BookmarksOperations(self._client, self._config, self._serialize, self._deserialize) self.bookmark_relations = BookmarkRelationsOperations( self._client, self._config, self._serialize, self._deserialize ) self.bookmark = BookmarkOperations(self._client, self._config, self._serialize, self._deserialize) + self.content_packages = ContentPackagesOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.content_package = ContentPackageOperations(self._client, self._config, self._serialize, self._deserialize) + self.product_packages = ProductPackagesOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.product_package = ProductPackageOperations(self._client, self._config, self._serialize, self._deserialize) + self.product_templates = ProductTemplatesOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.product_template = ProductTemplateOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.content_templates = ContentTemplatesOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.content_template = ContentTemplateOperations( + self._client, self._config, self._serialize, self._deserialize + ) self.ip_geodata = IPGeodataOperations(self._client, self._config, self._serialize, self._deserialize) self.domain_whois = DomainWhoisOperations(self._client, self._config, self._serialize, self._deserialize) - self.entities = EntitiesOperations(self._client, self._config, self._serialize, self._deserialize) self.entities_get_timeline = EntitiesGetTimelineOperations( self._client, self._config, self._serialize, self._deserialize ) @@ -213,6 +310,9 @@ def __init__( self._client, self._config, self._serialize, self._deserialize ) self.file_imports = FileImportsOperations(self._client, self._config, self._serialize, self._deserialize) + self.hunts = HuntsOperations(self._client, self._config, self._serialize, self._deserialize) + self.hunt_relations = HuntRelationsOperations(self._client, self._config, self._serialize, self._deserialize) + self.hunt_comments = HuntCommentsOperations(self._client, self._config, self._serialize, self._deserialize) self.incident_comments = IncidentCommentsOperations( self._client, self._config, self._serialize, self._deserialize ) @@ -247,8 +347,33 @@ def __init__( self.threat_intelligence_indicator_metrics = ThreatIntelligenceIndicatorMetricsOperations( self._client, self._config, self._serialize, self._deserialize ) + self.triggered_analytics_rule_run = TriggeredAnalyticsRuleRunOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.get_triggered_analytics_rule_runs = GetTriggeredAnalyticsRuleRunsOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.alert_rule = AlertRuleOperations(self._client, self._config, self._serialize, self._deserialize) self.watchlists = WatchlistsOperations(self._client, self._config, self._serialize, self._deserialize) self.watchlist_items = WatchlistItemsOperations(self._client, self._config, self._serialize, self._deserialize) + self.workspace_manager_assignments = WorkspaceManagerAssignmentsOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.workspace_manager_assignment_jobs = WorkspaceManagerAssignmentJobsOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.workspace_manager_configurations = WorkspaceManagerConfigurationsOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.workspace_manager_groups = WorkspaceManagerGroupsOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.workspace_manager_members = WorkspaceManagerMembersOperations( + self._client, self._config, self._serialize, self._deserialize + ) + self.data_connector_definitions = DataConnectorDefinitionsOperations( + self._client, self._config, self._serialize, self._deserialize + ) self.data_connectors = DataConnectorsOperations(self._client, self._config, self._serialize, self._deserialize) self.data_connectors_check_requirements = DataConnectorsCheckRequirementsOperations( self._client, self._config, self._serialize, self._deserialize @@ -284,5 +409,5 @@ async def __aenter__(self) -> "SecurityInsights": await self._client.__aenter__() return self - async def __aexit__(self, *exc_details) -> None: + async def __aexit__(self, *exc_details: Any) -> None: await self._client.__aexit__(*exc_details) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/__init__.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/__init__.py index 802d895ef601..3cef9c159131 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/__init__.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/__init__.py @@ -10,19 +10,31 @@ from ._actions_operations import ActionsOperations from ._alert_rule_templates_operations import AlertRuleTemplatesOperations from ._automation_rules_operations import AutomationRulesOperations +from ._entities_operations import EntitiesOperations from ._incidents_operations import IncidentsOperations +from ._billing_statistics_operations import BillingStatisticsOperations from ._bookmarks_operations import BookmarksOperations from ._bookmark_relations_operations import BookmarkRelationsOperations from ._bookmark_operations import BookmarkOperations +from ._content_packages_operations import ContentPackagesOperations +from ._content_package_operations import ContentPackageOperations +from ._product_packages_operations import ProductPackagesOperations +from ._product_package_operations import ProductPackageOperations +from ._product_templates_operations import ProductTemplatesOperations +from ._product_template_operations import ProductTemplateOperations +from ._content_templates_operations import ContentTemplatesOperations +from ._content_template_operations import ContentTemplateOperations from ._ip_geodata_operations import IPGeodataOperations from ._domain_whois_operations import DomainWhoisOperations -from ._entities_operations import EntitiesOperations from ._entities_get_timeline_operations import EntitiesGetTimelineOperations from ._entities_relations_operations import EntitiesRelationsOperations from ._entity_relations_operations import EntityRelationsOperations from ._entity_queries_operations import EntityQueriesOperations from ._entity_query_templates_operations import EntityQueryTemplatesOperations from ._file_imports_operations import FileImportsOperations +from ._hunts_operations import HuntsOperations +from ._hunt_relations_operations import HuntRelationsOperations +from ._hunt_comments_operations import HuntCommentsOperations from ._incident_comments_operations import IncidentCommentsOperations from ._incident_relations_operations import IncidentRelationsOperations from ._incident_tasks_operations import IncidentTasksOperations @@ -39,8 +51,17 @@ from ._threat_intelligence_indicator_operations import ThreatIntelligenceIndicatorOperations from ._threat_intelligence_indicators_operations import ThreatIntelligenceIndicatorsOperations from ._threat_intelligence_indicator_metrics_operations import ThreatIntelligenceIndicatorMetricsOperations +from ._triggered_analytics_rule_run_operations import TriggeredAnalyticsRuleRunOperations +from ._get_triggered_analytics_rule_runs_operations import GetTriggeredAnalyticsRuleRunsOperations +from ._alert_rule_operations import AlertRuleOperations from ._watchlists_operations import WatchlistsOperations from ._watchlist_items_operations import WatchlistItemsOperations +from ._workspace_manager_assignments_operations import WorkspaceManagerAssignmentsOperations +from ._workspace_manager_assignment_jobs_operations import WorkspaceManagerAssignmentJobsOperations +from ._workspace_manager_configurations_operations import WorkspaceManagerConfigurationsOperations +from ._workspace_manager_groups_operations import WorkspaceManagerGroupsOperations +from ._workspace_manager_members_operations import WorkspaceManagerMembersOperations +from ._data_connector_definitions_operations import DataConnectorDefinitionsOperations from ._data_connectors_operations import DataConnectorsOperations from ._data_connectors_check_requirements_operations import DataConnectorsCheckRequirementsOperations from ._operations import Operations @@ -54,19 +75,31 @@ "ActionsOperations", "AlertRuleTemplatesOperations", "AutomationRulesOperations", + "EntitiesOperations", "IncidentsOperations", + "BillingStatisticsOperations", "BookmarksOperations", "BookmarkRelationsOperations", "BookmarkOperations", + "ContentPackagesOperations", + "ContentPackageOperations", + "ProductPackagesOperations", + "ProductPackageOperations", + "ProductTemplatesOperations", + "ProductTemplateOperations", + "ContentTemplatesOperations", + "ContentTemplateOperations", "IPGeodataOperations", "DomainWhoisOperations", - "EntitiesOperations", "EntitiesGetTimelineOperations", "EntitiesRelationsOperations", "EntityRelationsOperations", "EntityQueriesOperations", "EntityQueryTemplatesOperations", "FileImportsOperations", + "HuntsOperations", + "HuntRelationsOperations", + "HuntCommentsOperations", "IncidentCommentsOperations", "IncidentRelationsOperations", "IncidentTasksOperations", @@ -83,8 +116,17 @@ "ThreatIntelligenceIndicatorOperations", "ThreatIntelligenceIndicatorsOperations", "ThreatIntelligenceIndicatorMetricsOperations", + "TriggeredAnalyticsRuleRunOperations", + "GetTriggeredAnalyticsRuleRunsOperations", + "AlertRuleOperations", "WatchlistsOperations", "WatchlistItemsOperations", + "WorkspaceManagerAssignmentsOperations", + "WorkspaceManagerAssignmentJobsOperations", + "WorkspaceManagerConfigurationsOperations", + "WorkspaceManagerGroupsOperations", + "WorkspaceManagerMembersOperations", + "DataConnectorDefinitionsOperations", "DataConnectorsOperations", "DataConnectorsCheckRequirementsOperations", "Operations", diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_actions_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_actions_operations.py index 9e3b782688be..b0a1ad37203f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_actions_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_actions_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_by_alert_rule_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -85,9 +81,7 @@ def list_by_alert_rule( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.ActionsList] = kwargs.pop("cls", None) error_map = { @@ -142,8 +136,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -190,9 +185,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.ActionResponse] = kwargs.pop("cls", None) request = build_get_request( @@ -209,8 +202,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -319,7 +313,7 @@ async def create_or_update( :type rule_id: str :param action_id: Action ID. Required. :type action_id: str - :param action: The action. Is either a model type or a IO type. Required. + :param action: The action. Is either a ActionRequest type or a IO type. Required. :type action: ~azure.mgmt.securityinsight.models.ActionRequest or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -340,16 +334,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.ActionResponse] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(action, (IO, bytes)): + if isinstance(action, (IOBase, bytes)): _content = action else: _json = self._serialize.body(action, "ActionRequest") @@ -371,8 +363,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -427,9 +420,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -446,8 +437,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_operations.py new file mode 100644 index 000000000000..12aff61ad0db --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_operations.py @@ -0,0 +1,287 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, cast, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.polling import AsyncLROPoller, AsyncNoPolling, AsyncPollingMethod +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat +from azure.mgmt.core.polling.async_arm_polling import AsyncARMPolling + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._alert_rule_operations import build_trigger_rule_run_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class AlertRuleOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`alert_rule` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + async def _trigger_rule_run_initial( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + analytics_rule_run_trigger_parameter: Union[_models.AnalyticsRuleRunTrigger, IO], + **kwargs: Any + ) -> None: + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[None] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(analytics_rule_run_trigger_parameter, (IOBase, bytes)): + _content = analytics_rule_run_trigger_parameter + else: + _json = self._serialize.body(analytics_rule_run_trigger_parameter, "AnalyticsRuleRunTrigger") + + request = build_trigger_rule_run_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self._trigger_rule_run_initial.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [202]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + response_headers = {} + response_headers["Location"] = self._deserialize("str", response.headers.get("Location")) + + if cls: + return cls(pipeline_response, None, response_headers) + + _trigger_rule_run_initial.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/triggerRuleRun" + } + + @overload + async def begin_trigger_rule_run( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + analytics_rule_run_trigger_parameter: _models.AnalyticsRuleRunTrigger, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> AsyncLROPoller[None]: + """triggers analytics rule run. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_id: Alert rule ID. Required. + :type rule_id: str + :param analytics_rule_run_trigger_parameter: The Analytics Rule Run Trigger parameter. + Required. + :type analytics_rule_run_trigger_parameter: + ~azure.mgmt.securityinsight.models.AnalyticsRuleRunTrigger + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :keyword str continuation_token: A continuation token to restart a poller from a saved state. + :keyword polling: By default, your polling method will be AsyncARMPolling. Pass in False for + this operation to not poll, or pass in your own initialized polling object for a personal + polling strategy. + :paramtype polling: bool or ~azure.core.polling.AsyncPollingMethod + :keyword int polling_interval: Default waiting time between two polls for LRO operations if no + Retry-After header is present. + :return: An instance of AsyncLROPoller that returns either None or the result of cls(response) + :rtype: ~azure.core.polling.AsyncLROPoller[None] + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def begin_trigger_rule_run( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + analytics_rule_run_trigger_parameter: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> AsyncLROPoller[None]: + """triggers analytics rule run. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_id: Alert rule ID. Required. + :type rule_id: str + :param analytics_rule_run_trigger_parameter: The Analytics Rule Run Trigger parameter. + Required. + :type analytics_rule_run_trigger_parameter: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :keyword str continuation_token: A continuation token to restart a poller from a saved state. + :keyword polling: By default, your polling method will be AsyncARMPolling. Pass in False for + this operation to not poll, or pass in your own initialized polling object for a personal + polling strategy. + :paramtype polling: bool or ~azure.core.polling.AsyncPollingMethod + :keyword int polling_interval: Default waiting time between two polls for LRO operations if no + Retry-After header is present. + :return: An instance of AsyncLROPoller that returns either None or the result of cls(response) + :rtype: ~azure.core.polling.AsyncLROPoller[None] + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def begin_trigger_rule_run( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + analytics_rule_run_trigger_parameter: Union[_models.AnalyticsRuleRunTrigger, IO], + **kwargs: Any + ) -> AsyncLROPoller[None]: + """triggers analytics rule run. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_id: Alert rule ID. Required. + :type rule_id: str + :param analytics_rule_run_trigger_parameter: The Analytics Rule Run Trigger parameter. Is + either a AnalyticsRuleRunTrigger type or a IO type. Required. + :type analytics_rule_run_trigger_parameter: + ~azure.mgmt.securityinsight.models.AnalyticsRuleRunTrigger or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :keyword str continuation_token: A continuation token to restart a poller from a saved state. + :keyword polling: By default, your polling method will be AsyncARMPolling. Pass in False for + this operation to not poll, or pass in your own initialized polling object for a personal + polling strategy. + :paramtype polling: bool or ~azure.core.polling.AsyncPollingMethod + :keyword int polling_interval: Default waiting time between two polls for LRO operations if no + Retry-After header is present. + :return: An instance of AsyncLROPoller that returns either None or the result of cls(response) + :rtype: ~azure.core.polling.AsyncLROPoller[None] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[None] = kwargs.pop("cls", None) + polling: Union[bool, AsyncPollingMethod] = kwargs.pop("polling", True) + lro_delay = kwargs.pop("polling_interval", self._config.polling_interval) + cont_token: Optional[str] = kwargs.pop("continuation_token", None) + if cont_token is None: + raw_result = await self._trigger_rule_run_initial( # type: ignore + resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + analytics_rule_run_trigger_parameter=analytics_rule_run_trigger_parameter, + api_version=api_version, + content_type=content_type, + cls=lambda x, y, z: x, + headers=_headers, + params=_params, + **kwargs + ) + kwargs.pop("error_map", None) + + def get_long_running_output(pipeline_response): # pylint: disable=inconsistent-return-statements + if cls: + return cls(pipeline_response, None, {}) + + if polling is True: + polling_method: AsyncPollingMethod = cast( + AsyncPollingMethod, AsyncARMPolling(lro_delay, lro_options={"final-state-via": "location"}, **kwargs) + ) + elif polling is False: + polling_method = cast(AsyncPollingMethod, AsyncNoPolling()) + else: + polling_method = polling + if cont_token: + return AsyncLROPoller.from_continuation_token( + polling_method=polling_method, + continuation_token=cont_token, + client=self._client, + deserialization_callback=get_long_running_output, + ) + return AsyncLROPoller(self._client, raw_result, get_long_running_output, polling_method) # type: ignore + + begin_trigger_rule_run.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/triggerRuleRun" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_templates_operations.py index c4517e99abe7..a0bcf9d8d054 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_templates_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_templates_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar import urllib.parse @@ -31,10 +30,6 @@ from ..._vendor import _convert_request from ...operations._alert_rule_templates_operations import build_get_request, build_list_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -78,9 +73,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AlertRuleTemplatesList] = kwargs.pop("cls", None) error_map = { @@ -134,8 +127,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -180,9 +174,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AlertRuleTemplate] = kwargs.pop("cls", None) request = build_get_request( @@ -198,8 +190,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rules_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rules_operations.py index 856b3843f35a..6fa74b0a68ed 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rules_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rules_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -80,9 +76,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AlertRulesList] = kwargs.pop("cls", None) error_map = { @@ -136,8 +130,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -182,9 +177,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AlertRule] = kwargs.pop("cls", None) request = build_get_request( @@ -200,8 +193,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -301,7 +295,7 @@ async def create_or_update( :type workspace_name: str :param rule_id: Alert rule ID. Required. :type rule_id: str - :param alert_rule: The alert rule. Is either a model type or a IO type. Required. + :param alert_rule: The alert rule. Is either a AlertRule type or a IO type. Required. :type alert_rule: ~azure.mgmt.securityinsight.models.AlertRule or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -322,16 +316,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.AlertRule] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(alert_rule, (IO, bytes)): + if isinstance(alert_rule, (IOBase, bytes)): _content = alert_rule else: _json = self._serialize.body(alert_rule, "AlertRule") @@ -352,8 +344,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -406,9 +399,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -424,8 +415,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_automation_rules_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_automation_rules_operations.py index 9040a09fd9bf..1401e9728256 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_automation_rules_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_automation_rules_operations.py @@ -6,6 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- +from io import IOBase import sys from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -40,10 +41,6 @@ from collections.abc import MutableMapping else: from typing import MutableMapping # type: ignore # pylint: disable=ungrouped-imports -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports JSON = MutableMapping[str, Any] # pylint: disable=unsubscriptable-object T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -97,9 +94,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AutomationRule] = kwargs.pop("cls", None) request = build_get_request( @@ -115,8 +110,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -216,8 +212,8 @@ async def create_or_update( :type workspace_name: str :param automation_rule_id: Automation rule ID. Required. :type automation_rule_id: str - :param automation_rule_to_upsert: The automation rule. Is either a model type or a IO type. - Default value is None. + :param automation_rule_to_upsert: The automation rule. Is either a AutomationRule type or a IO + type. Default value is None. :type automation_rule_to_upsert: ~azure.mgmt.securityinsight.models.AutomationRule or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -238,16 +234,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.AutomationRule] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(automation_rule_to_upsert, (IO, bytes)): + if isinstance(automation_rule_to_upsert, (IOBase, bytes)): _content = automation_rule_to_upsert else: if automation_rule_to_upsert is not None: @@ -271,8 +265,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -325,9 +320,7 @@ async def delete( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[JSON] = kwargs.pop("cls", None) request = build_delete_request( @@ -343,8 +336,9 @@ async def delete( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -388,9 +382,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AutomationRulesList] = kwargs.pop("cls", None) error_map = { @@ -444,8 +436,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_billing_statistics_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_billing_statistics_operations.py new file mode 100644 index 000000000000..797f6490f5ce --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_billing_statistics_operations.py @@ -0,0 +1,215 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._billing_statistics_operations import build_get_request, build_list_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class BillingStatisticsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`billing_statistics` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, resource_group_name: str, workspace_name: str, **kwargs: Any + ) -> AsyncIterable["_models.BillingStatistic"]: + """Gets all Microsoft Sentinel billing statistics. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either BillingStatistic or the result of cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.BillingStatistic] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.BillingStatisticList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("BillingStatisticList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics" + } + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, billing_statistic_name: str, **kwargs: Any + ) -> _models.BillingStatistic: + """Gets a billing statistic. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param billing_statistic_name: The name of the billing statistic. Required. + :type billing_statistic_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: BillingStatistic or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.BillingStatistic + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.BillingStatistic] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + billing_statistic_name=billing_statistic_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("BillingStatistic", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics/{billingStatisticName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_operations.py index e87871dba5df..bf09c0d0a737 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload from azure.core.exceptions import ( @@ -28,10 +28,6 @@ from ..._vendor import _convert_request from ...operations._bookmark_operations import build_expand_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -138,7 +134,7 @@ async def expand( :param bookmark_id: Bookmark ID. Required. :type bookmark_id: str :param parameters: The parameters required to execute an expand operation on the given - bookmark. Is either a model type or a IO type. Required. + bookmark. Is either a BookmarkExpandParameters type or a IO type. Required. :type parameters: ~azure.mgmt.securityinsight.models.BookmarkExpandParameters or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -159,16 +155,14 @@ async def expand( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.BookmarkExpandResponse] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(parameters, (IO, bytes)): + if isinstance(parameters, (IOBase, bytes)): _content = parameters else: _json = self._serialize.body(parameters, "BookmarkExpandParameters") @@ -189,8 +183,9 @@ async def expand( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_relations_operations.py index 237aca3682c1..b440c1c6eaef 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_relations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_relations_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -104,9 +100,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.RelationList] = kwargs.pop("cls", None) error_map = { @@ -165,8 +159,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -213,9 +208,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) request = build_get_request( @@ -232,8 +225,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -342,7 +336,7 @@ async def create_or_update( :type bookmark_id: str :param relation_name: Relation Name. Required. :type relation_name: str - :param relation: The relation model. Is either a model type or a IO type. Required. + :param relation: The relation model. Is either a Relation type or a IO type. Required. :type relation: ~azure.mgmt.securityinsight.models.Relation or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -363,16 +357,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(relation, (IO, bytes)): + if isinstance(relation, (IOBase, bytes)): _content = relation else: _json = self._serialize.body(relation, "Relation") @@ -394,8 +386,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -450,9 +443,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -469,8 +460,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmarks_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmarks_operations.py index b9783e8fa1e7..8a4af9d80b9f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmarks_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmarks_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -80,9 +76,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.BookmarkList] = kwargs.pop("cls", None) error_map = { @@ -136,8 +130,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -182,9 +177,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Bookmark] = kwargs.pop("cls", None) request = build_get_request( @@ -200,8 +193,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -301,7 +295,7 @@ async def create_or_update( :type workspace_name: str :param bookmark_id: Bookmark ID. Required. :type bookmark_id: str - :param bookmark: The bookmark. Is either a model type or a IO type. Required. + :param bookmark: The bookmark. Is either a Bookmark type or a IO type. Required. :type bookmark: ~azure.mgmt.securityinsight.models.Bookmark or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -322,16 +316,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Bookmark] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(bookmark, (IO, bytes)): + if isinstance(bookmark, (IOBase, bytes)): _content = bookmark else: _json = self._serialize.body(bookmark, "Bookmark") @@ -352,8 +344,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -406,9 +399,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -424,8 +415,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_package_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_package_operations.py new file mode 100644 index 000000000000..07d65f75b889 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_package_operations.py @@ -0,0 +1,271 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._content_package_operations import build_install_request, build_uninstall_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class ContentPackageOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`content_package` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @overload + async def install( + self, + resource_group_name: str, + workspace_name: str, + package_id: str, + package_installation_properties: _models.PackageModel, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.PackageModel: + """Install a package to the workspace. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :param package_installation_properties: Package installation properties. Required. + :type package_installation_properties: ~azure.mgmt.securityinsight.models.PackageModel + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: PackageModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.PackageModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def install( + self, + resource_group_name: str, + workspace_name: str, + package_id: str, + package_installation_properties: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.PackageModel: + """Install a package to the workspace. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :param package_installation_properties: Package installation properties. Required. + :type package_installation_properties: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: PackageModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.PackageModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def install( + self, + resource_group_name: str, + workspace_name: str, + package_id: str, + package_installation_properties: Union[_models.PackageModel, IO], + **kwargs: Any + ) -> _models.PackageModel: + """Install a package to the workspace. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :param package_installation_properties: Package installation properties. Is either a + PackageModel type or a IO type. Required. + :type package_installation_properties: ~azure.mgmt.securityinsight.models.PackageModel or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: PackageModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.PackageModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.PackageModel] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(package_installation_properties, (IOBase, bytes)): + _content = package_installation_properties + else: + _json = self._serialize.body(package_installation_properties, "PackageModel") + + request = build_install_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + package_id=package_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.install.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("PackageModel", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("PackageModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + install.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}" + } + + @distributed_trace_async + async def uninstall( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, package_id: str, **kwargs: Any + ) -> None: + """Uninstall a package from the workspace. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_uninstall_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + package_id=package_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.uninstall.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + uninstall.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_packages_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_packages_operations.py new file mode 100644 index 000000000000..35f290407300 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_packages_operations.py @@ -0,0 +1,236 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._content_packages_operations import build_get_request, build_list_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class ContentPackagesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`content_packages` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.PackageModel"]: + """Gets all installed packages. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either PackageModel or the result of cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.PackageModel] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.PackageList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("PackageList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages" + } + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, package_id: str, **kwargs: Any + ) -> _models.PackageModel: + """Gets an installed packages by its id. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: PackageModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.PackageModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.PackageModel] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + package_id=package_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("PackageModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_template_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_template_operations.py new file mode 100644 index 000000000000..87447ae6a4cf --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_template_operations.py @@ -0,0 +1,338 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._content_template_operations import build_delete_request, build_get_request, build_install_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class ContentTemplateOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`content_template` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @overload + async def install( + self, + resource_group_name: str, + workspace_name: str, + template_id: str, + template_installation_properties: _models.TemplateModel, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.TemplateModel: + """Install a template. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :param template_installation_properties: Template installation properties. Required. + :type template_installation_properties: ~azure.mgmt.securityinsight.models.TemplateModel + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TemplateModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TemplateModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def install( + self, + resource_group_name: str, + workspace_name: str, + template_id: str, + template_installation_properties: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.TemplateModel: + """Install a template. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :param template_installation_properties: Template installation properties. Required. + :type template_installation_properties: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TemplateModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TemplateModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def install( + self, + resource_group_name: str, + workspace_name: str, + template_id: str, + template_installation_properties: Union[_models.TemplateModel, IO], + **kwargs: Any + ) -> _models.TemplateModel: + """Install a template. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :param template_installation_properties: Template installation properties. Is either a + TemplateModel type or a IO type. Required. + :type template_installation_properties: ~azure.mgmt.securityinsight.models.TemplateModel or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TemplateModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TemplateModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.TemplateModel] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(template_installation_properties, (IOBase, bytes)): + _content = template_installation_properties + else: + _json = self._serialize.body(template_installation_properties, "TemplateModel") + + request = build_install_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + template_id=template_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.install.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("TemplateModel", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("TemplateModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + install.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}" + } + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, template_id: str, **kwargs: Any + ) -> _models.TemplateModel: + """Gets a template byt its identifier. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TemplateModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TemplateModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.TemplateModel] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + template_id=template_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("TemplateModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}" + } + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, template_id: str, **kwargs: Any + ) -> None: + """Delete an installed template. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + template_id=template_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_templates_operations.py new file mode 100644 index 000000000000..74c509c70c9e --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_content_templates_operations.py @@ -0,0 +1,168 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._content_templates_operations import build_list_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class ContentTemplatesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`content_templates` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.TemplateModel"]: + """Gets all installed templates. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either TemplateModel or the result of cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.TemplateModel] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.TemplateList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("TemplateList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connector_definitions_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connector_definitions_operations.py new file mode 100644 index 000000000000..fe5e39ff25ba --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connector_definitions_operations.py @@ -0,0 +1,440 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._data_connector_definitions_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class DataConnectorDefinitionsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`data_connector_definitions` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, resource_group_name: str, workspace_name: str, **kwargs: Any + ) -> AsyncIterable["_models.DataConnectorDefinition"]: + """Gets all data connector definitions. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either DataConnectorDefinition or the result of + cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.DataConnectorDefinition] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.DataConnectorDefinitionArmCollectionWrapper] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("DataConnectorDefinitionArmCollectionWrapper", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions" + } + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, data_connector_definition_name: str, **kwargs: Any + ) -> _models.DataConnectorDefinition: + """Gets a data connector definition. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_definition_name: The data connector definition name. Required. + :type data_connector_definition_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorDefinition or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorDefinition + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.DataConnectorDefinition] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_definition_name=data_connector_definition_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("DataConnectorDefinition", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}" + } + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + data_connector_definition_name: str, + connector_definition_input: _models.DataConnectorDefinition, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.DataConnectorDefinition: + """Creates or updates the data connector definition. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_definition_name: The data connector definition name. Required. + :type data_connector_definition_name: str + :param connector_definition_input: The data connector definition. Required. + :type connector_definition_input: ~azure.mgmt.securityinsight.models.DataConnectorDefinition + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorDefinition or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorDefinition + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + data_connector_definition_name: str, + connector_definition_input: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.DataConnectorDefinition: + """Creates or updates the data connector definition. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_definition_name: The data connector definition name. Required. + :type data_connector_definition_name: str + :param connector_definition_input: The data connector definition. Required. + :type connector_definition_input: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorDefinition or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorDefinition + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + data_connector_definition_name: str, + connector_definition_input: Union[_models.DataConnectorDefinition, IO], + **kwargs: Any + ) -> _models.DataConnectorDefinition: + """Creates or updates the data connector definition. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_definition_name: The data connector definition name. Required. + :type data_connector_definition_name: str + :param connector_definition_input: The data connector definition. Is either a + DataConnectorDefinition type or a IO type. Required. + :type connector_definition_input: ~azure.mgmt.securityinsight.models.DataConnectorDefinition or + IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorDefinition or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorDefinition + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.DataConnectorDefinition] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(connector_definition_input, (IOBase, bytes)): + _content = connector_definition_input + else: + _json = self._serialize.body(connector_definition_input, "DataConnectorDefinition") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_definition_name=data_connector_definition_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("DataConnectorDefinition", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("DataConnectorDefinition", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}" + } + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, data_connector_definition_name: str, **kwargs: Any + ) -> None: + """Delete the data connector definition. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_definition_name: The data connector definition name. Required. + :type data_connector_definition_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_definition_name=data_connector_definition_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_check_requirements_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_check_requirements_operations.py index ad27dbca1787..afd1aa6ef510 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_check_requirements_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_check_requirements_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload from azure.core.exceptions import ( @@ -28,10 +28,6 @@ from ..._vendor import _convert_request from ...operations._data_connectors_check_requirements_operations import build_post_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -130,7 +126,7 @@ async def post( :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param data_connectors_check_requirements: The parameters for requirements check message. Is - either a model type or a IO type. Required. + either a DataConnectorsCheckRequirements type or a IO type. Required. :type data_connectors_check_requirements: ~azure.mgmt.securityinsight.models.DataConnectorsCheckRequirements or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -152,16 +148,14 @@ async def post( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.DataConnectorRequirementsState] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(data_connectors_check_requirements, (IO, bytes)): + if isinstance(data_connectors_check_requirements, (IOBase, bytes)): _content = data_connectors_check_requirements else: _json = self._serialize.body(data_connectors_check_requirements, "DataConnectorsCheckRequirements") @@ -181,8 +175,9 @@ async def post( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_operations.py index 3e9a9ea01f82..4dbbffc3b02c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -38,10 +38,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -85,9 +81,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.DataConnectorList] = kwargs.pop("cls", None) error_map = { @@ -141,8 +135,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -187,9 +182,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.DataConnector] = kwargs.pop("cls", None) request = build_get_request( @@ -205,8 +198,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -306,7 +300,8 @@ async def create_or_update( :type workspace_name: str :param data_connector_id: Connector ID. Required. :type data_connector_id: str - :param data_connector: The data connector. Is either a model type or a IO type. Required. + :param data_connector: The data connector. Is either a DataConnector type or a IO type. + Required. :type data_connector: ~azure.mgmt.securityinsight.models.DataConnector or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -327,16 +322,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.DataConnector] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(data_connector, (IO, bytes)): + if isinstance(data_connector, (IOBase, bytes)): _content = data_connector else: _json = self._serialize.body(data_connector, "DataConnector") @@ -357,8 +350,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -411,9 +405,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -429,8 +421,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -526,7 +519,8 @@ async def connect( # pylint: disable=inconsistent-return-statements :type workspace_name: str :param data_connector_id: Connector ID. Required. :type data_connector_id: str - :param connect_body: The data connector. Is either a model type or a IO type. Required. + :param connect_body: The data connector. Is either a DataConnectorConnectBody type or a IO + type. Required. :type connect_body: ~azure.mgmt.securityinsight.models.DataConnectorConnectBody or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -547,16 +541,14 @@ async def connect( # pylint: disable=inconsistent-return-statements _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[None] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(connect_body, (IO, bytes)): + if isinstance(connect_body, (IOBase, bytes)): _content = connect_body else: _json = self._serialize.body(connect_body, "DataConnectorConnectBody") @@ -577,8 +569,9 @@ async def connect( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -623,9 +616,7 @@ async def disconnect( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_disconnect_request( @@ -641,8 +632,9 @@ async def disconnect( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_domain_whois_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_domain_whois_operations.py index 30b1d059703f..a2164cdfb3c7 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_domain_whois_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_domain_whois_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -28,10 +27,6 @@ from ..._vendor import _convert_request from ...operations._domain_whois_operations import build_get_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -80,9 +75,7 @@ async def get(self, resource_group_name: str, domain: str, **kwargs: Any) -> _mo _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EnrichmentDomainWhois] = kwargs.pop("cls", None) request = build_get_request( @@ -97,8 +90,9 @@ async def get(self, resource_group_name: str, domain: str, **kwargs: Any) -> _mo request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_get_timeline_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_get_timeline_operations.py index 62111c6a7259..8ecceaff5105 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_get_timeline_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_get_timeline_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload from azure.core.exceptions import ( @@ -28,10 +28,6 @@ from ..._vendor import _convert_request from ...operations._entities_get_timeline_operations import build_list_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -138,7 +134,7 @@ async def list( :param entity_id: entity ID. Required. :type entity_id: str :param parameters: The parameters required to execute an timeline operation on the given - entity. Is either a model type or a IO type. Required. + entity. Is either a EntityTimelineParameters type or a IO type. Required. :type parameters: ~azure.mgmt.securityinsight.models.EntityTimelineParameters or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -159,16 +155,14 @@ async def list( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.EntityTimelineResponse] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(parameters, (IO, bytes)): + if isinstance(parameters, (IOBase, bytes)): _content = parameters else: _json = self._serialize.body(parameters, "EntityTimelineParameters") @@ -189,8 +183,9 @@ async def list( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_operations.py index ddabc83cb09f..2c05241bcce4 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -35,12 +35,9 @@ build_get_request, build_list_request, build_queries_request, + build_run_playbook_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -64,6 +61,159 @@ def __init__(self, *args, **kwargs) -> None: self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + @overload + async def run_playbook( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + entity_identifier: str, + request_body: Optional[_models.EntityManualTriggerRequestBody] = None, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> None: + """Triggers playbook on a specific entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_identifier: Entity identifier. Required. + :type entity_identifier: str + :param request_body: Describes the request body for triggering a playbook on an entity. Default + value is None. + :type request_body: ~azure.mgmt.securityinsight.models.EntityManualTriggerRequestBody + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def run_playbook( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + entity_identifier: str, + request_body: Optional[IO] = None, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> None: + """Triggers playbook on a specific entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_identifier: Entity identifier. Required. + :type entity_identifier: str + :param request_body: Describes the request body for triggering a playbook on an entity. Default + value is None. + :type request_body: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def run_playbook( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + entity_identifier: str, + request_body: Optional[Union[_models.EntityManualTriggerRequestBody, IO]] = None, + **kwargs: Any + ) -> None: + """Triggers playbook on a specific entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_identifier: Entity identifier. Required. + :type entity_identifier: str + :param request_body: Describes the request body for triggering a playbook on an entity. Is + either a EntityManualTriggerRequestBody type or a IO type. Default value is None. + :type request_body: ~azure.mgmt.securityinsight.models.EntityManualTriggerRequestBody or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[None] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(request_body, (IOBase, bytes)): + _content = request_body + else: + if request_body is not None: + _json = self._serialize.body(request_body, "EntityManualTriggerRequestBody") + else: + _json = None + + request = build_run_playbook_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_identifier=entity_identifier, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.run_playbook.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + run_playbook.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityIdentifier}/runPlaybook" + } + @distributed_trace def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> AsyncIterable["_models.Entity"]: """Gets all entities. @@ -81,9 +231,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EntityList] = kwargs.pop("cls", None) error_map = { @@ -137,8 +285,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -181,9 +330,7 @@ async def get(self, resource_group_name: str, workspace_name: str, entity_id: st _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Entity] = kwargs.pop("cls", None) request = build_get_request( @@ -199,8 +346,9 @@ async def get(self, resource_group_name: str, workspace_name: str, entity_id: st request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -303,7 +451,7 @@ async def expand( :param entity_id: entity ID. Required. :type entity_id: str :param parameters: The parameters required to execute an expand operation on the given entity. - Is either a model type or a IO type. Required. + Is either a EntityExpandParameters type or a IO type. Required. :type parameters: ~azure.mgmt.securityinsight.models.EntityExpandParameters or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -324,16 +472,14 @@ async def expand( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.EntityExpandResponse] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(parameters, (IO, bytes)): + if isinstance(parameters, (IOBase, bytes)): _content = parameters else: _json = self._serialize.body(parameters, "EntityExpandParameters") @@ -354,8 +500,9 @@ async def expand( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -411,9 +558,7 @@ async def queries( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.GetQueriesResponse] = kwargs.pop("cls", None) request = build_queries_request( @@ -430,8 +575,9 @@ async def queries( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -532,7 +678,7 @@ async def get_insights( :param entity_id: entity ID. Required. :type entity_id: str :param parameters: The parameters required to execute insights on the given entity. Is either a - model type or a IO type. Required. + EntityGetInsightsParameters type or a IO type. Required. :type parameters: ~azure.mgmt.securityinsight.models.EntityGetInsightsParameters or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -553,16 +699,14 @@ async def get_insights( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.EntityGetInsightsResponse] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(parameters, (IO, bytes)): + if isinstance(parameters, (IOBase, bytes)): _content = parameters else: _json = self._serialize.body(parameters, "EntityGetInsightsParameters") @@ -583,8 +727,9 @@ async def get_insights( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_relations_operations.py index d232b818621f..49bc5d6ea8b9 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_relations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_relations_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar import urllib.parse @@ -30,10 +29,6 @@ from ..._vendor import _convert_request from ...operations._entities_relations_operations import build_list_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -98,9 +93,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.RelationList] = kwargs.pop("cls", None) error_map = { @@ -159,8 +152,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_queries_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_queries_operations.py index 2a53846738ea..7c02322b5cec 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_queries_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_queries_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -68,7 +64,7 @@ def list( self, resource_group_name: str, workspace_name: str, - kind: Optional[Union[str, _models.Enum13]] = None, + kind: Optional[Union[str, _models.Enum20]] = None, **kwargs: Any ) -> AsyncIterable["_models.EntityQuery"]: """Gets all entity queries. @@ -80,7 +76,7 @@ def list( :type workspace_name: str :param kind: The entity query kind we want to fetch. Known values are: "Expansion" and "Activity". Default value is None. - :type kind: str or ~azure.mgmt.securityinsight.models.Enum13 + :type kind: str or ~azure.mgmt.securityinsight.models.Enum20 :keyword callable cls: A custom type or function that will be passed the direct response :return: An iterator like instance of either EntityQuery or the result of cls(response) :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.EntityQuery] @@ -89,9 +85,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EntityQueryList] = kwargs.pop("cls", None) error_map = { @@ -146,8 +140,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -192,9 +187,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EntityQuery] = kwargs.pop("cls", None) request = build_get_request( @@ -210,8 +203,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -311,8 +305,8 @@ async def create_or_update( :type workspace_name: str :param entity_query_id: entity query ID. Required. :type entity_query_id: str - :param entity_query: The entity query we want to create or update. Is either a model type or a - IO type. Required. + :param entity_query: The entity query we want to create or update. Is either a + CustomEntityQuery type or a IO type. Required. :type entity_query: ~azure.mgmt.securityinsight.models.CustomEntityQuery or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -333,16 +327,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.EntityQuery] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(entity_query, (IO, bytes)): + if isinstance(entity_query, (IOBase, bytes)): _content = entity_query else: _json = self._serialize.body(entity_query, "CustomEntityQuery") @@ -363,8 +355,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -417,9 +410,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -435,8 +426,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_query_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_query_templates_operations.py index e2f34e18fc04..7c111a25b0bc 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_query_templates_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_query_templates_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar, Union import urllib.parse @@ -31,10 +30,6 @@ from ..._vendor import _convert_request from ...operations._entity_query_templates_operations import build_get_request, build_list_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -63,7 +58,7 @@ def list( self, resource_group_name: str, workspace_name: str, - kind: Optional[Union[str, _models.Enum15]] = None, + kind: Optional[Union[str, _models.Enum22]] = None, **kwargs: Any ) -> AsyncIterable["_models.EntityQueryTemplate"]: """Gets all entity query templates. @@ -74,7 +69,7 @@ def list( :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param kind: The entity template query kind we want to fetch. "Activity" Default value is None. - :type kind: str or ~azure.mgmt.securityinsight.models.Enum15 + :type kind: str or ~azure.mgmt.securityinsight.models.Enum22 :keyword callable cls: A custom type or function that will be passed the direct response :return: An iterator like instance of either EntityQueryTemplate or the result of cls(response) :rtype: @@ -84,9 +79,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EntityQueryTemplateList] = kwargs.pop("cls", None) error_map = { @@ -141,8 +134,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -187,9 +181,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EntityQueryTemplate] = kwargs.pop("cls", None) request = build_get_request( @@ -205,8 +197,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_relations_operations.py index 9cb8ac64c04b..1327848f537e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_relations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_relations_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -28,10 +27,6 @@ from ..._vendor import _convert_request from ...operations._entity_relations_operations import build_get_relation_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -86,9 +81,7 @@ async def get_relation( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) request = build_get_relation_request( @@ -105,8 +98,9 @@ async def get_relation( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_file_imports_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_file_imports_operations.py index 5636b9487428..ea78a0255ac8 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_file_imports_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_file_imports_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, cast, overload import urllib.parse @@ -38,10 +38,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -103,9 +99,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.FileImportList] = kwargs.pop("cls", None) error_map = { @@ -163,8 +157,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -209,9 +204,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.FileImport] = kwargs.pop("cls", None) request = build_get_request( @@ -227,8 +220,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -328,7 +322,7 @@ async def create( :type workspace_name: str :param file_import_id: File import ID. Required. :type file_import_id: str - :param file_import: The file import. Is either a model type or a IO type. Required. + :param file_import: The file import. Is either a FileImport type or a IO type. Required. :type file_import: ~azure.mgmt.securityinsight.models.FileImport or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -349,16 +343,14 @@ async def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.FileImport] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(file_import, (IO, bytes)): + if isinstance(file_import, (IOBase, bytes)): _content = file_import else: _json = self._serialize.body(file_import, "FileImport") @@ -379,8 +371,9 @@ async def create( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -414,9 +407,7 @@ async def _delete_initial( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[Optional[_models.FileImport]] = kwargs.pop("cls", None) request = build_delete_request( @@ -432,8 +423,9 @@ async def _delete_initial( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -484,9 +476,7 @@ async def begin_delete( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.FileImport] = kwargs.pop("cls", None) polling: Union[bool, AsyncPollingMethod] = kwargs.pop("polling", True) lro_delay = kwargs.pop("polling_interval", self._config.polling_interval) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_operations.py index 015f667e45a7..013a6ddb21ed 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -28,10 +27,6 @@ from ..._vendor import _convert_request from ...operations._get_operations import build_single_recommendation_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -84,9 +79,7 @@ async def single_recommendation( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Recommendation] = kwargs.pop("cls", None) request = build_single_recommendation_request( @@ -102,8 +95,9 @@ async def single_recommendation( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_recommendations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_recommendations_operations.py index e46e68a6f58a..6120eb8f0ad8 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_recommendations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_recommendations_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -28,10 +27,6 @@ from ..._vendor import _convert_request from ...operations._get_recommendations_operations import build_list_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -80,9 +75,7 @@ async def list(self, resource_group_name: str, workspace_name: str, **kwargs: An _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.RecommendationList] = kwargs.pop("cls", None) request = build_list_request( @@ -97,8 +90,9 @@ async def list(self, resource_group_name: str, workspace_name: str, **kwargs: An request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_triggered_analytics_rule_runs_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_triggered_analytics_rule_runs_operations.py new file mode 100644 index 000000000000..103226cf45fd --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_get_triggered_analytics_rule_runs_operations.py @@ -0,0 +1,146 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._get_triggered_analytics_rule_runs_operations import build_list_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class GetTriggeredAnalyticsRuleRunsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`get_triggered_analytics_rule_runs` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, resource_group_name: str, workspace_name: str, **kwargs: Any + ) -> AsyncIterable["_models.TriggeredAnalyticsRuleRun"]: + """Gets the triggered analytics rule runs. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either TriggeredAnalyticsRuleRun or the result of + cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.TriggeredAnalyticsRuleRun] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.TriggeredAnalyticsRuleRuns] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("TriggeredAnalyticsRuleRuns", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunt_comments_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunt_comments_operations.py new file mode 100644 index 000000000000..ca55b561c49b --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunt_comments_operations.py @@ -0,0 +1,479 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._hunt_comments_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class HuntCommentsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`hunt_comments` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.HuntComment"]: + """Gets all hunt comments. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either HuntComment or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.HuntComment] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.HuntCommentList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("HuntCommentList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments" + } + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, hunt_id: str, hunt_comment_id: str, **kwargs: Any + ) -> _models.HuntComment: + """Gets a hunt comment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_comment_id: The hunt comment id (GUID). Required. + :type hunt_comment_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntComment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntComment + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.HuntComment] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_comment_id=hunt_comment_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("HuntComment", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}" + } + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, hunt_id: str, hunt_comment_id: str, **kwargs: Any + ) -> None: + """Delete a hunt comment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_comment_id: The hunt comment id (GUID). Required. + :type hunt_comment_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_comment_id=hunt_comment_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}" + } + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_comment_id: str, + hunt_comment: _models.HuntComment, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.HuntComment: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_comment_id: The hunt comment id (GUID). Required. + :type hunt_comment_id: str + :param hunt_comment: The hunt comment. Required. + :type hunt_comment: ~azure.mgmt.securityinsight.models.HuntComment + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntComment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntComment + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_comment_id: str, + hunt_comment: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.HuntComment: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_comment_id: The hunt comment id (GUID). Required. + :type hunt_comment_id: str + :param hunt_comment: The hunt comment. Required. + :type hunt_comment: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntComment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntComment + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_comment_id: str, + hunt_comment: Union[_models.HuntComment, IO], + **kwargs: Any + ) -> _models.HuntComment: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_comment_id: The hunt comment id (GUID). Required. + :type hunt_comment_id: str + :param hunt_comment: The hunt comment. Is either a HuntComment type or a IO type. Required. + :type hunt_comment: ~azure.mgmt.securityinsight.models.HuntComment or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntComment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntComment + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.HuntComment] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(hunt_comment, (IOBase, bytes)): + _content = hunt_comment + else: + _json = self._serialize.body(hunt_comment, "HuntComment") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_comment_id=hunt_comment_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("HuntComment", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("HuntComment", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunt_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunt_relations_operations.py new file mode 100644 index 000000000000..0bb0f4ba9fef --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunt_relations_operations.py @@ -0,0 +1,480 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._hunt_relations_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class HuntRelationsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`hunt_relations` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.HuntRelation"]: + """Gets all hunt relations. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either HuntRelation or the result of cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.HuntRelation] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.HuntRelationList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("HuntRelationList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations" + } + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, hunt_id: str, hunt_relation_id: str, **kwargs: Any + ) -> _models.HuntRelation: + """Gets a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_relation_id: The hunt relation id (GUID). Required. + :type hunt_relation_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntRelation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntRelation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.HuntRelation] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_relation_id=hunt_relation_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("HuntRelation", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}" + } + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, hunt_id: str, hunt_relation_id: str, **kwargs: Any + ) -> None: + """Delete a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_relation_id: The hunt relation id (GUID). Required. + :type hunt_relation_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_relation_id=hunt_relation_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}" + } + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_relation_id: str, + hunt_relation: _models.HuntRelation, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.HuntRelation: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_relation_id: The hunt relation id (GUID). Required. + :type hunt_relation_id: str + :param hunt_relation: The hunt relation. Required. + :type hunt_relation: ~azure.mgmt.securityinsight.models.HuntRelation + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntRelation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntRelation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_relation_id: str, + hunt_relation: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.HuntRelation: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_relation_id: The hunt relation id (GUID). Required. + :type hunt_relation_id: str + :param hunt_relation: The hunt relation. Required. + :type hunt_relation: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntRelation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntRelation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_relation_id: str, + hunt_relation: Union[_models.HuntRelation, IO], + **kwargs: Any + ) -> _models.HuntRelation: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_relation_id: The hunt relation id (GUID). Required. + :type hunt_relation_id: str + :param hunt_relation: The hunt relation. Is either a HuntRelation type or a IO type. Required. + :type hunt_relation: ~azure.mgmt.securityinsight.models.HuntRelation or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntRelation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntRelation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.HuntRelation] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(hunt_relation, (IOBase, bytes)): + _content = hunt_relation + else: + _json = self._serialize.body(hunt_relation, "HuntRelation") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_relation_id=hunt_relation_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("HuntRelation", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("HuntRelation", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunts_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunts_operations.py new file mode 100644 index 000000000000..28288197e609 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_hunts_operations.py @@ -0,0 +1,452 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._hunts_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class HuntsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`hunts` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.Hunt"]: + """Gets all hunts, without relations and comments. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either Hunt or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.Hunt] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.HuntList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("HuntList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts" + } + + @distributed_trace_async + async def get(self, resource_group_name: str, workspace_name: str, hunt_id: str, **kwargs: Any) -> _models.Hunt: + """Gets a hunt, without relations and comments. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Hunt or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Hunt + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.Hunt] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Hunt", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}" + } + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, hunt_id: str, **kwargs: Any + ) -> None: + """Delete a hunt. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}" + } + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt: _models.Hunt, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Hunt: + """Create or update a hunt. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt: The hunt. Required. + :type hunt: ~azure.mgmt.securityinsight.models.Hunt + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Hunt or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Hunt + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Hunt: + """Create or update a hunt. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt: The hunt. Required. + :type hunt: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Hunt or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Hunt + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, resource_group_name: str, workspace_name: str, hunt_id: str, hunt: Union[_models.Hunt, IO], **kwargs: Any + ) -> _models.Hunt: + """Create or update a hunt. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt: The hunt. Is either a Hunt type or a IO type. Required. + :type hunt: ~azure.mgmt.securityinsight.models.Hunt or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Hunt or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Hunt + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.Hunt] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(hunt, (IOBase, bytes)): + _content = hunt + else: + _json = self._serialize.body(hunt, "Hunt") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("Hunt", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("Hunt", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_comments_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_comments_operations.py index 0a69a9384b3f..1b014d5a98a6 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_comments_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_comments_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -105,9 +101,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentCommentList] = kwargs.pop("cls", None) error_map = { @@ -166,8 +160,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -214,9 +209,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentComment] = kwargs.pop("cls", None) request = build_get_request( @@ -233,8 +226,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -343,7 +337,8 @@ async def create_or_update( :type incident_id: str :param incident_comment_id: Incident comment ID. Required. :type incident_comment_id: str - :param incident_comment: The incident comment. Is either a model type or a IO type. Required. + :param incident_comment: The incident comment. Is either a IncidentComment type or a IO type. + Required. :type incident_comment: ~azure.mgmt.securityinsight.models.IncidentComment or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -364,16 +359,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.IncidentComment] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(incident_comment, (IO, bytes)): + if isinstance(incident_comment, (IOBase, bytes)): _content = incident_comment else: _json = self._serialize.body(incident_comment, "IncidentComment") @@ -395,8 +388,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -451,9 +445,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -470,8 +462,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_relations_operations.py index 3fa719c8adf6..d94ab4774ec5 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_relations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_relations_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -104,9 +100,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.RelationList] = kwargs.pop("cls", None) error_map = { @@ -165,8 +159,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -213,9 +208,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) request = build_get_request( @@ -232,8 +225,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -342,7 +336,7 @@ async def create_or_update( :type incident_id: str :param relation_name: Relation Name. Required. :type relation_name: str - :param relation: The relation model. Is either a model type or a IO type. Required. + :param relation: The relation model. Is either a Relation type or a IO type. Required. :type relation: ~azure.mgmt.securityinsight.models.Relation or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -363,16 +357,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(relation, (IO, bytes)): + if isinstance(relation, (IOBase, bytes)): _content = relation else: _json = self._serialize.body(relation, "Relation") @@ -394,8 +386,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -450,9 +443,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -469,8 +460,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_tasks_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_tasks_operations.py index 3ab32b7e4d51..a718ca42cd8c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_tasks_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_tasks_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -85,9 +81,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentTaskList] = kwargs.pop("cls", None) error_map = { @@ -142,8 +136,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -190,9 +185,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentTask] = kwargs.pop("cls", None) request = build_get_request( @@ -209,8 +202,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -319,7 +313,7 @@ async def create_or_update( :type incident_id: str :param incident_task_id: Incident task ID. Required. :type incident_task_id: str - :param incident_task: The incident task. Is either a model type or a IO type. Required. + :param incident_task: The incident task. Is either a IncidentTask type or a IO type. Required. :type incident_task: ~azure.mgmt.securityinsight.models.IncidentTask or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -340,16 +334,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.IncidentTask] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(incident_task, (IO, bytes)): + if isinstance(incident_task, (IOBase, bytes)): _content = incident_task else: _json = self._serialize.body(incident_task, "IncidentTask") @@ -371,8 +363,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -427,9 +420,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -446,8 +437,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incidents_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incidents_operations.py index a0452b513c88..ba9f77da5319 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incidents_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incidents_operations.py @@ -6,6 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- +from io import IOBase import sys from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -45,10 +46,6 @@ from collections.abc import MutableMapping else: from typing import MutableMapping # type: ignore # pylint: disable=ungrouped-imports -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports JSON = MutableMapping[str, Any] # pylint: disable=unsubscriptable-object T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -153,7 +150,8 @@ async def run_playbook( :type workspace_name: str :param incident_identifier: Required. :type incident_identifier: str - :param request_body: Is either a model type or a IO type. Default value is None. + :param request_body: Is either a ManualTriggerRequestBody type or a IO type. Default value is + None. :type request_body: ~azure.mgmt.securityinsight.models.ManualTriggerRequestBody or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -174,16 +172,14 @@ async def run_playbook( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[JSON] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(request_body, (IO, bytes)): + if isinstance(request_body, (IOBase, bytes)): _content = request_body else: if request_body is not None: @@ -207,8 +203,9 @@ async def run_playbook( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -266,9 +263,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentList] = kwargs.pop("cls", None) error_map = { @@ -326,8 +321,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -372,9 +368,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Incident] = kwargs.pop("cls", None) request = build_get_request( @@ -390,8 +384,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -491,7 +486,7 @@ async def create_or_update( :type workspace_name: str :param incident_id: Incident ID. Required. :type incident_id: str - :param incident: The incident. Is either a model type or a IO type. Required. + :param incident: The incident. Is either a Incident type or a IO type. Required. :type incident: ~azure.mgmt.securityinsight.models.Incident or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -512,16 +507,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Incident] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(incident, (IO, bytes)): + if isinstance(incident, (IOBase, bytes)): _content = incident else: _json = self._serialize.body(incident, "Incident") @@ -542,8 +535,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -596,9 +590,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -614,8 +606,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -714,7 +707,8 @@ async def create_team( :type workspace_name: str :param incident_id: Incident ID. Required. :type incident_id: str - :param team_properties: Team properties. Is either a model type or a IO type. Required. + :param team_properties: Team properties. Is either a TeamInformation type or a IO type. + Required. :type team_properties: ~azure.mgmt.securityinsight.models.TeamInformation or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -735,16 +729,14 @@ async def create_team( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.TeamInformation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(team_properties, (IO, bytes)): + if isinstance(team_properties, (IOBase, bytes)): _content = team_properties else: _json = self._serialize.body(team_properties, "TeamInformation") @@ -765,8 +757,9 @@ async def create_team( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -815,9 +808,7 @@ async def list_alerts( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentAlertList] = kwargs.pop("cls", None) request = build_list_alerts_request( @@ -833,8 +824,9 @@ async def list_alerts( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -883,9 +875,7 @@ async def list_bookmarks( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentBookmarkList] = kwargs.pop("cls", None) request = build_list_bookmarks_request( @@ -901,8 +891,9 @@ async def list_bookmarks( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -951,9 +942,7 @@ async def list_entities( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentEntitiesResponse] = kwargs.pop("cls", None) request = build_list_entities_request( @@ -969,8 +958,9 @@ async def list_entities( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_ip_geodata_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_ip_geodata_operations.py index e1f7121e301e..e00105460c38 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_ip_geodata_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_ip_geodata_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -28,10 +27,6 @@ from ..._vendor import _convert_request from ...operations._ip_geodata_operations import build_get_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -80,9 +75,7 @@ async def get(self, resource_group_name: str, ip_address: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EnrichmentIpGeodata] = kwargs.pop("cls", None) request = build_get_request( @@ -97,8 +90,9 @@ async def get(self, resource_group_name: str, ip_address: str, **kwargs: Any) -> request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_metadata_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_metadata_operations.py index f9d87e686bcd..9d268bccbecb 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_metadata_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_metadata_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -37,10 +37,6 @@ build_update_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -101,9 +97,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.MetadataList] = kwargs.pop("cls", None) error_map = { @@ -161,8 +155,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -207,9 +202,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.MetadataModel] = kwargs.pop("cls", None) request = build_get_request( @@ -225,8 +218,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -275,9 +269,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -293,8 +285,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -390,7 +383,7 @@ async def create( :type workspace_name: str :param metadata_name: The Metadata name. Required. :type metadata_name: str - :param metadata: Metadata resource. Is either a model type or a IO type. Required. + :param metadata: Metadata resource. Is either a MetadataModel type or a IO type. Required. :type metadata: ~azure.mgmt.securityinsight.models.MetadataModel or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -411,16 +404,14 @@ async def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.MetadataModel] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(metadata, (IO, bytes)): + if isinstance(metadata, (IOBase, bytes)): _content = metadata else: _json = self._serialize.body(metadata, "MetadataModel") @@ -441,8 +432,9 @@ async def create( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -546,7 +538,8 @@ async def update( :type workspace_name: str :param metadata_name: The Metadata name. Required. :type metadata_name: str - :param metadata_patch: Partial metadata request. Is either a model type or a IO type. Required. + :param metadata_patch: Partial metadata request. Is either a MetadataPatch type or a IO type. + Required. :type metadata_patch: ~azure.mgmt.securityinsight.models.MetadataPatch or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -567,16 +560,14 @@ async def update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.MetadataModel] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(metadata_patch, (IO, bytes)): + if isinstance(metadata_patch, (IOBase, bytes)): _content = metadata_patch else: _json = self._serialize.body(metadata_patch, "MetadataPatch") @@ -597,8 +588,9 @@ async def update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_office_consents_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_office_consents_operations.py index fffada186187..06c618c659ee 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_office_consents_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_office_consents_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar import urllib.parse @@ -31,10 +30,6 @@ from ..._vendor import _convert_request from ...operations._office_consents_operations import build_delete_request, build_get_request, build_list_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -78,9 +73,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.OfficeConsentList] = kwargs.pop("cls", None) error_map = { @@ -134,8 +127,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -180,9 +174,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.OfficeConsent] = kwargs.pop("cls", None) request = build_get_request( @@ -198,8 +190,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -248,9 +241,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -266,8 +257,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_operations.py index 376f9dc326f2..126066cd2908 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar import urllib.parse @@ -30,10 +29,6 @@ from ..._vendor import _convert_request from ...operations._operations import build_list_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -69,9 +64,7 @@ def list(self, **kwargs: Any) -> AsyncIterable["_models.Operation"]: _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.OperationsList] = kwargs.pop("cls", None) error_map = { @@ -122,8 +115,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_package_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_package_operations.py new file mode 100644 index 000000000000..299b609ce05d --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_package_operations.py @@ -0,0 +1,118 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Optional, TypeVar + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._product_package_operations import build_get_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class ProductPackageOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`product_package` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, package_id: str, **kwargs: Any + ) -> _models.ProductPackageModel: + """Gets a package by its identifier from the catalog. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ProductPackageModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ProductPackageModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.ProductPackageModel] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + package_id=package_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("ProductPackageModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages/{packageId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_packages_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_packages_operations.py new file mode 100644 index 000000000000..1ca81b185d5a --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_packages_operations.py @@ -0,0 +1,168 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._product_packages_operations import build_list_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class ProductPackagesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`product_packages` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.ProductPackageModel"]: + """Gets all packages from the catalog. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either ProductPackageModel or the result of cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.ProductPackageModel] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.ProductPackageList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("ProductPackageList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_settings_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_settings_operations.py index 3324a16bab68..8bd1f37e35ba 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_settings_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_settings_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload from azure.core.exceptions import ( @@ -33,10 +33,6 @@ build_update_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -85,9 +81,7 @@ async def list(self, resource_group_name: str, workspace_name: str, **kwargs: An _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SettingList] = kwargs.pop("cls", None) request = build_list_request( @@ -102,8 +96,9 @@ async def list(self, resource_group_name: str, workspace_name: str, **kwargs: An request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -153,9 +148,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Settings] = kwargs.pop("cls", None) request = build_get_request( @@ -171,8 +164,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -222,9 +216,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -240,8 +232,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -340,7 +333,7 @@ async def update( :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. Required. :type settings_name: str - :param settings: The setting. Is either a model type or a IO type. Required. + :param settings: The setting. Is either a Settings type or a IO type. Required. :type settings: ~azure.mgmt.securityinsight.models.Settings or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -361,16 +354,14 @@ async def update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Settings] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(settings, (IO, bytes)): + if isinstance(settings, (IOBase, bytes)): _content = settings else: _json = self._serialize.body(settings, "Settings") @@ -391,8 +382,9 @@ async def update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_template_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_template_operations.py new file mode 100644 index 000000000000..249ab76033f7 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_template_operations.py @@ -0,0 +1,118 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Optional, TypeVar + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._product_template_operations import build_get_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class ProductTemplateOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`product_template` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, template_id: str, **kwargs: Any + ) -> _models.ProductTemplateModel: + """Gets a template by its identifier. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ProductTemplateModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ProductTemplateModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.ProductTemplateModel] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + template_id=template_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("ProductTemplateModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentproducttemplates/{templateId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_templates_operations.py new file mode 100644 index 000000000000..5b73b7b1c7e7 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_templates_operations.py @@ -0,0 +1,169 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._product_templates_operations import build_list_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class ProductTemplatesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`product_templates` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.ProductTemplateModel"]: + """Gets all templates in the catalog. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either ProductTemplateModel or the result of + cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.ProductTemplateModel] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.ProductTemplateList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("ProductTemplateList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductTemplates" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_security_ml_analytics_settings_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_security_ml_analytics_settings_operations.py index eb537fb84c40..88826758caba 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_security_ml_analytics_settings_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_security_ml_analytics_settings_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -84,9 +80,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SecurityMLAnalyticsSettingsList] = kwargs.pop("cls", None) error_map = { @@ -140,8 +134,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -186,9 +181,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SecurityMLAnalyticsSetting] = kwargs.pop("cls", None) request = build_get_request( @@ -204,8 +197,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -306,8 +300,8 @@ async def create_or_update( :type workspace_name: str :param settings_resource_name: Security ML Analytics Settings resource name. Required. :type settings_resource_name: str - :param security_ml_analytics_setting: The security ML Analytics setting. Is either a model type - or a IO type. Required. + :param security_ml_analytics_setting: The security ML Analytics setting. Is either a + SecurityMLAnalyticsSetting type or a IO type. Required. :type security_ml_analytics_setting: ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -329,16 +323,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.SecurityMLAnalyticsSetting] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(security_ml_analytics_setting, (IO, bytes)): + if isinstance(security_ml_analytics_setting, (IOBase, bytes)): _content = security_ml_analytics_setting else: _json = self._serialize.body(security_ml_analytics_setting, "SecurityMLAnalyticsSetting") @@ -359,8 +351,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -413,9 +406,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -431,8 +422,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_sentinel_onboarding_states_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_sentinel_onboarding_states_operations.py index aac64f7fdd94..5ab389dd046e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_sentinel_onboarding_states_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_sentinel_onboarding_states_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload from azure.core.exceptions import ( @@ -33,10 +33,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -90,9 +86,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SentinelOnboardingState] = kwargs.pop("cls", None) request = build_get_request( @@ -108,8 +102,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -216,7 +211,7 @@ async def create( Required. :type sentinel_onboarding_state_name: str :param sentinel_onboarding_state_parameter: The Sentinel onboarding state parameter. Is either - a model type or a IO type. Default value is None. + a SentinelOnboardingState type or a IO type. Default value is None. :type sentinel_onboarding_state_parameter: ~azure.mgmt.securityinsight.models.SentinelOnboardingState or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -238,16 +233,14 @@ async def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.SentinelOnboardingState] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(sentinel_onboarding_state_parameter, (IO, bytes)): + if isinstance(sentinel_onboarding_state_parameter, (IOBase, bytes)): _content = sentinel_onboarding_state_parameter else: if sentinel_onboarding_state_parameter is not None: @@ -271,8 +264,9 @@ async def create( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -326,9 +320,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -344,8 +336,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -388,9 +381,7 @@ async def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SentinelOnboardingStatesList] = kwargs.pop("cls", None) request = build_list_request( @@ -405,8 +396,9 @@ async def list( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_control_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_control_operations.py index 121de431e0c8..65c64a2b0ce8 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_control_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_control_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar, Union import urllib.parse @@ -30,10 +29,6 @@ from ..._vendor import _convert_request from ...operations._source_control_operations import build_list_repositories_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -68,7 +63,7 @@ def list_repositories( :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param repo_type: The repo type. Known values are: "Github" and "DevOps". Required. + :param repo_type: The repo type. Known values are: "Github" and "AzureDevOps". Required. :type repo_type: str or ~azure.mgmt.securityinsight.models.RepoType :keyword callable cls: A custom type or function that will be passed the direct response :return: An iterator like instance of either Repo or the result of cls(response) @@ -78,9 +73,7 @@ def list_repositories( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: str = kwargs.pop("content_type", _headers.pop("Content-Type", "application/json")) cls: ClsType[_models.RepoList] = kwargs.pop("cls", None) @@ -138,8 +131,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_controls_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_controls_operations.py index a2a445e2e5e2..9fbdd82c21a3 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_controls_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_controls_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -83,9 +79,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SourceControlList] = kwargs.pop("cls", None) error_map = { @@ -139,8 +133,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -185,9 +180,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SourceControl] = kwargs.pop("cls", None) request = build_get_request( @@ -203,8 +196,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -224,11 +218,78 @@ async def get( "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" } + @overload + async def create( + self, + resource_group_name: str, + workspace_name: str, + source_control_id: str, + source_control: _models.SourceControl, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.SourceControl: + """Creates a source control. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param source_control_id: Source control Id. Required. + :type source_control_id: str + :param source_control: The SourceControl. Required. + :type source_control: ~azure.mgmt.securityinsight.models.SourceControl + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SourceControl or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create( + self, + resource_group_name: str, + workspace_name: str, + source_control_id: str, + source_control: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.SourceControl: + """Creates a source control. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param source_control_id: Source control Id. Required. + :type source_control_id: str + :param source_control: The SourceControl. Required. + :type source_control: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SourceControl or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :raises ~azure.core.exceptions.HttpResponseError: + """ + @distributed_trace_async - async def delete( # pylint: disable=inconsistent-return-statements - self, resource_group_name: str, workspace_name: str, source_control_id: str, **kwargs: Any - ) -> None: - """Delete a source control. + async def create( + self, + resource_group_name: str, + workspace_name: str, + source_control_id: str, + source_control: Union[_models.SourceControl, IO], + **kwargs: Any + ) -> _models.SourceControl: + """Creates a source control. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -237,9 +298,15 @@ async def delete( # pylint: disable=inconsistent-return-statements :type workspace_name: str :param source_control_id: Source control Id. Required. :type source_control_id: str + :param source_control: The SourceControl. Is either a SourceControl type or a IO type. + Required. + :type source_control: ~azure.mgmt.securityinsight.models.SourceControl or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None + :return: SourceControl or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SourceControl :raises ~azure.core.exceptions.HttpResponseError: """ error_map = { @@ -250,56 +317,75 @@ async def delete( # pylint: disable=inconsistent-return-statements } error_map.update(kwargs.pop("error_map", {}) or {}) - _headers = kwargs.pop("headers", {}) or {} + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[None] = kwargs.pop("cls", None) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.SourceControl] = kwargs.pop("cls", None) - request = build_delete_request( + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(source_control, (IOBase, bytes)): + _content = source_control + else: + _json = self._serialize.body(source_control, "SourceControl") + + request = build_create_request( resource_group_name=resource_group_name, workspace_name=workspace_name, source_control_id=source_control_id, subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata["url"], + content_type=content_type, + json=_json, + content=_content, + template_url=self.create.metadata["url"], headers=_headers, params=_params, ) request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response - if response.status_code not in [200, 204]: + if response.status_code not in [200, 201]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) + if response.status_code == 200: + deserialized = self._deserialize("SourceControl", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("SourceControl", pipeline_response) + if cls: - return cls(pipeline_response, None, {}) + return cls(pipeline_response, deserialized, {}) # type: ignore - delete.metadata = { + return deserialized # type: ignore + + create.metadata = { "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" } @overload - async def create( + async def delete( self, resource_group_name: str, workspace_name: str, source_control_id: str, - source_control: _models.SourceControl, + repository_access: _models.Paths1J3Lu7WSubscriptionsSubscriptionidResourcegroupsResourcegroupnameProvidersMicrosoftOperationalinsightsWorkspacesWorkspacenameProvidersMicrosoftSecurityinsightsSourcecontrolsSourcecontrolidDeletePostRequestbodyContentApplicationJsonSchema, *, content_type: str = "application/json", **kwargs: Any - ) -> _models.SourceControl: - """Creates a source control. + ) -> _models.Warning: + """Delete a source control. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -308,29 +394,30 @@ async def create( :type workspace_name: str :param source_control_id: Source control Id. Required. :type source_control_id: str - :param source_control: The SourceControl. Required. - :type source_control: ~azure.mgmt.securityinsight.models.SourceControl + :param repository_access: The repository access credentials. Required. + :type repository_access: + ~azure.mgmt.securityinsight.models.Paths1J3Lu7WSubscriptionsSubscriptionidResourcegroupsResourcegroupnameProvidersMicrosoftOperationalinsightsWorkspacesWorkspacenameProvidersMicrosoftSecurityinsightsSourcecontrolsSourcecontrolidDeletePostRequestbodyContentApplicationJsonSchema :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: SourceControl or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :return: Warning or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Warning :raises ~azure.core.exceptions.HttpResponseError: """ @overload - async def create( + async def delete( self, resource_group_name: str, workspace_name: str, source_control_id: str, - source_control: IO, + repository_access: IO, *, content_type: str = "application/json", **kwargs: Any - ) -> _models.SourceControl: - """Creates a source control. + ) -> _models.Warning: + """Delete a source control. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -339,27 +426,30 @@ async def create( :type workspace_name: str :param source_control_id: Source control Id. Required. :type source_control_id: str - :param source_control: The SourceControl. Required. - :type source_control: IO + :param repository_access: The repository access credentials. Required. + :type repository_access: IO :keyword content_type: Body Parameter content-type. Content type parameter for binary body. Default value is "application/json". :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: SourceControl or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :return: Warning or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Warning :raises ~azure.core.exceptions.HttpResponseError: """ @distributed_trace_async - async def create( + async def delete( self, resource_group_name: str, workspace_name: str, source_control_id: str, - source_control: Union[_models.SourceControl, IO], + repository_access: Union[ + _models.Paths1J3Lu7WSubscriptionsSubscriptionidResourcegroupsResourcegroupnameProvidersMicrosoftOperationalinsightsWorkspacesWorkspacenameProvidersMicrosoftSecurityinsightsSourcecontrolsSourcecontrolidDeletePostRequestbodyContentApplicationJsonSchema, + IO, + ], **kwargs: Any - ) -> _models.SourceControl: - """Creates a source control. + ) -> _models.Warning: + """Delete a source control. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -368,14 +458,18 @@ async def create( :type workspace_name: str :param source_control_id: Source control Id. Required. :type source_control_id: str - :param source_control: The SourceControl. Is either a model type or a IO type. Required. - :type source_control: ~azure.mgmt.securityinsight.models.SourceControl or IO + :param repository_access: The repository access credentials. Is either a + Paths1J3Lu7WSubscriptionsSubscriptionidResourcegroupsResourcegroupnameProvidersMicrosoftOperationalinsightsWorkspacesWorkspacenameProvidersMicrosoftSecurityinsightsSourcecontrolsSourcecontrolidDeletePostRequestbodyContentApplicationJsonSchema + type or a IO type. Required. + :type repository_access: + ~azure.mgmt.securityinsight.models.Paths1J3Lu7WSubscriptionsSubscriptionidResourcegroupsResourcegroupnameProvidersMicrosoftOperationalinsightsWorkspacesWorkspacenameProvidersMicrosoftSecurityinsightsSourcecontrolsSourcecontrolidDeletePostRequestbodyContentApplicationJsonSchema + or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: SourceControl or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :return: Warning or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Warning :raises ~azure.core.exceptions.HttpResponseError: """ error_map = { @@ -389,21 +483,22 @@ async def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.SourceControl] = kwargs.pop("cls", None) + cls: ClsType[_models.Warning] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(source_control, (IO, bytes)): - _content = source_control + if isinstance(repository_access, (IOBase, bytes)): + _content = repository_access else: - _json = self._serialize.body(source_control, "SourceControl") + _json = self._serialize.body( + repository_access, + "Paths1J3Lu7WSubscriptionsSubscriptionidResourcegroupsResourcegroupnameProvidersMicrosoftOperationalinsightsWorkspacesWorkspacenameProvidersMicrosoftSecurityinsightsSourcecontrolsSourcecontrolidDeletePostRequestbodyContentApplicationJsonSchema", + ) - request = build_create_request( + request = build_delete_request( resource_group_name=resource_group_name, workspace_name=workspace_name, source_control_id=source_control_id, @@ -412,34 +507,31 @@ async def create( content_type=content_type, json=_json, content=_content, - template_url=self.create.metadata["url"], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response - if response.status_code not in [200, 201]: + if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - if response.status_code == 200: - deserialized = self._deserialize("SourceControl", pipeline_response) - - if response.status_code == 201: - deserialized = self._deserialize("SourceControl", pipeline_response) + deserialized = self._deserialize("Warning", pipeline_response) if cls: - return cls(pipeline_response, deserialized, {}) # type: ignore + return cls(pipeline_response, deserialized, {}) - return deserialized # type: ignore + return deserialized - create.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}/delete" } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_metrics_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_metrics_operations.py index 5847ff70bdcb..6978118f5076 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_metrics_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_metrics_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -28,10 +27,6 @@ from ..._vendor import _convert_request from ...operations._threat_intelligence_indicator_metrics_operations import build_list_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -82,9 +77,7 @@ async def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.ThreatIntelligenceMetricsList] = kwargs.pop("cls", None) request = build_list_request( @@ -99,8 +92,9 @@ async def list( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_operations.py index e33a32402aa2..9985a2e6d9ea 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -39,10 +39,6 @@ build_replace_tags_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -141,7 +137,7 @@ async def create_indicator( :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param threat_intelligence_properties: Properties of threat intelligence indicators to create - and update. Is either a model type or a IO type. Required. + and update. Is either a ThreatIntelligenceIndicatorModel type or a IO type. Required. :type threat_intelligence_properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -163,16 +159,14 @@ async def create_indicator( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.ThreatIntelligenceInformation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(threat_intelligence_properties, (IO, bytes)): + if isinstance(threat_intelligence_properties, (IOBase, bytes)): _content = threat_intelligence_properties else: _json = self._serialize.body(threat_intelligence_properties, "ThreatIntelligenceIndicatorModel") @@ -192,8 +186,9 @@ async def create_indicator( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -246,9 +241,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.ThreatIntelligenceInformation] = kwargs.pop("cls", None) request = build_get_request( @@ -264,8 +257,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -369,7 +363,7 @@ async def create( :param name: Threat intelligence indicator name field. Required. :type name: str :param threat_intelligence_properties: Properties of threat intelligence indicators to create - and update. Is either a model type or a IO type. Required. + and update. Is either a ThreatIntelligenceIndicatorModel type or a IO type. Required. :type threat_intelligence_properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -391,16 +385,14 @@ async def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.ThreatIntelligenceInformation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(threat_intelligence_properties, (IO, bytes)): + if isinstance(threat_intelligence_properties, (IOBase, bytes)): _content = threat_intelligence_properties else: _json = self._serialize.body(threat_intelligence_properties, "ThreatIntelligenceIndicatorModel") @@ -421,8 +413,9 @@ async def create( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -475,9 +468,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -493,8 +484,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -589,7 +581,8 @@ def query_indicators( :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param threat_intelligence_filtering_criteria: Filtering criteria for querying threat - intelligence indicators. Is either a model type or a IO type. Required. + intelligence indicators. Is either a ThreatIntelligenceFilteringCriteria type or a IO type. + Required. :type threat_intelligence_filtering_criteria: ~azure.mgmt.securityinsight.models.ThreatIntelligenceFilteringCriteria or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -605,9 +598,7 @@ def query_indicators( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.ThreatIntelligenceInformationList] = kwargs.pop("cls", None) @@ -621,7 +612,7 @@ def query_indicators( content_type = content_type or "application/json" _json = None _content = None - if isinstance(threat_intelligence_filtering_criteria, (IO, bytes)): + if isinstance(threat_intelligence_filtering_criteria, (IOBase, bytes)): _content = threat_intelligence_filtering_criteria else: _json = self._serialize.body(threat_intelligence_filtering_criteria, "ThreatIntelligenceFilteringCriteria") @@ -672,8 +663,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -773,7 +765,7 @@ async def append_tags( # pylint: disable=inconsistent-return-statements :param name: Threat intelligence indicator name field. Required. :type name: str :param threat_intelligence_append_tags: The threat intelligence append tags request body. Is - either a model type or a IO type. Required. + either a ThreatIntelligenceAppendTags type or a IO type. Required. :type threat_intelligence_append_tags: ~azure.mgmt.securityinsight.models.ThreatIntelligenceAppendTags or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -795,16 +787,14 @@ async def append_tags( # pylint: disable=inconsistent-return-statements _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[None] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(threat_intelligence_append_tags, (IO, bytes)): + if isinstance(threat_intelligence_append_tags, (IOBase, bytes)): _content = threat_intelligence_append_tags else: _json = self._serialize.body(threat_intelligence_append_tags, "ThreatIntelligenceAppendTags") @@ -825,8 +815,9 @@ async def append_tags( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -926,7 +917,7 @@ async def replace_tags( :param name: Threat intelligence indicator name field. Required. :type name: str :param threat_intelligence_replace_tags: Tags in the threat intelligence indicator to be - replaced. Is either a model type or a IO type. Required. + replaced. Is either a ThreatIntelligenceIndicatorModel type or a IO type. Required. :type threat_intelligence_replace_tags: ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -948,16 +939,14 @@ async def replace_tags( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.ThreatIntelligenceInformation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(threat_intelligence_replace_tags, (IO, bytes)): + if isinstance(threat_intelligence_replace_tags, (IOBase, bytes)): _content = threat_intelligence_replace_tags else: _json = self._serialize.body(threat_intelligence_replace_tags, "ThreatIntelligenceIndicatorModel") @@ -978,8 +967,9 @@ async def replace_tags( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicators_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicators_operations.py index 43499935ceb1..e748fc3edbf9 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicators_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicators_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar import urllib.parse @@ -30,10 +29,6 @@ from ..._vendor import _convert_request from ...operations._threat_intelligence_indicators_operations import build_list_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -97,9 +92,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.ThreatIntelligenceInformationList] = kwargs.pop("cls", None) error_map = { @@ -157,8 +150,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_triggered_analytics_rule_run_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_triggered_analytics_rule_run_operations.py new file mode 100644 index 000000000000..38205bcfa831 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_triggered_analytics_rule_run_operations.py @@ -0,0 +1,118 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Optional, TypeVar + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._triggered_analytics_rule_run_operations import build_get_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class TriggeredAnalyticsRuleRunOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`triggered_analytics_rule_run` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, rule_run_id: str, **kwargs: Any + ) -> _models.TriggeredAnalyticsRuleRun: + """Gets the triggered analytics rule run. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_run_id: the triggered rule id. Required. + :type rule_run_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TriggeredAnalyticsRuleRun or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TriggeredAnalyticsRuleRun + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.TriggeredAnalyticsRuleRun] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_run_id=rule_run_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("TriggeredAnalyticsRuleRun", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/{ruleRunId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_update_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_update_operations.py index 18154771938c..a471a2ca1e55 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_update_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_update_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, List, Optional, TypeVar, Union, cast, overload from azure.core.exceptions import ( @@ -30,10 +30,6 @@ from ..._vendor import _convert_request from ...operations._update_operations import build_recommendation_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -76,16 +72,14 @@ async def _recommendation_initial( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Recommendation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(recommendation_patch, (IO, bytes)): + if isinstance(recommendation_patch, (IOBase, bytes)): _content = recommendation_patch else: _json = self._serialize.body(recommendation_patch, "[RecommendationPatch]") @@ -106,8 +100,9 @@ async def _recommendation_initial( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -223,8 +218,8 @@ async def begin_recommendation( :type workspace_name: str :param recommendation_id: Recommendation Id. Required. :type recommendation_id: str - :param recommendation_patch: Recommendation Fields to Update. Is either a list type or a IO - type. Required. + :param recommendation_patch: Recommendation Fields to Update. Is either a [RecommendationPatch] + type or a IO type. Required. :type recommendation_patch: list[~azure.mgmt.securityinsight.models.RecommendationPatch] or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -245,9 +240,7 @@ async def begin_recommendation( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Recommendation] = kwargs.pop("cls", None) polling: Union[bool, AsyncPollingMethod] = kwargs.pop("polling", True) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlist_items_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlist_items_operations.py index 913eefeee849..35d13d6dedd4 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlist_items_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlist_items_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -95,9 +91,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.WatchlistItemList] = kwargs.pop("cls", None) error_map = { @@ -153,8 +147,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -201,9 +196,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.WatchlistItem] = kwargs.pop("cls", None) request = build_get_request( @@ -220,8 +213,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -272,9 +266,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -291,8 +283,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -397,7 +390,8 @@ async def create_or_update( :type watchlist_alias: str :param watchlist_item_id: Watchlist Item Id (GUID). Required. :type watchlist_item_id: str - :param watchlist_item: The watchlist item. Is either a model type or a IO type. Required. + :param watchlist_item: The watchlist item. Is either a WatchlistItem type or a IO type. + Required. :type watchlist_item: ~azure.mgmt.securityinsight.models.WatchlistItem or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -418,16 +412,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.WatchlistItem] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(watchlist_item, (IO, bytes)): + if isinstance(watchlist_item, (IOBase, bytes)): _content = watchlist_item else: _json = self._serialize.body(watchlist_item, "WatchlistItem") @@ -449,8 +441,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlists_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlists_operations.py index 2028bb0b5458..10f7cc6bca5a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlists_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlists_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload import urllib.parse @@ -36,10 +36,6 @@ build_list_request, ) -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] @@ -87,9 +83,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.WatchlistList] = kwargs.pop("cls", None) error_map = { @@ -144,8 +138,9 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -190,9 +185,7 @@ async def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Watchlist] = kwargs.pop("cls", None) request = build_get_request( @@ -208,8 +201,9 @@ async def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -258,9 +252,7 @@ async def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -276,8 +268,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -394,7 +387,7 @@ async def create_or_update( :type workspace_name: str :param watchlist_alias: Watchlist Alias. Required. :type watchlist_alias: str - :param watchlist: The watchlist. Is either a model type or a IO type. Required. + :param watchlist: The watchlist. Is either a Watchlist type or a IO type. Required. :type watchlist: ~azure.mgmt.securityinsight.models.Watchlist or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -415,16 +408,14 @@ async def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Watchlist] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(watchlist, (IO, bytes)): + if isinstance(watchlist, (IOBase, bytes)): _content = watchlist else: _json = self._serialize.body(watchlist, "Watchlist") @@ -445,8 +436,9 @@ async def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_assignment_jobs_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_assignment_jobs_operations.py new file mode 100644 index 000000000000..22b6d7cce4d8 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_assignment_jobs_operations.py @@ -0,0 +1,393 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._workspace_manager_assignment_jobs_operations import ( + build_create_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class WorkspaceManagerAssignmentJobsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`workspace_manager_assignment_jobs` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.Job"]: + """Get all jobs for the specified workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either Job or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.Job] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.JobList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + subscription_id=self._config.subscription_id, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("JobList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs" + } + + @distributed_trace_async + async def create( + self, resource_group_name: str, workspace_name: str, workspace_manager_assignment_name: str, **kwargs: Any + ) -> _models.Job: + """Create a job for the specified workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Job or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Job + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.Job] = kwargs.pop("cls", None) + + request = build_create_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.create.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Job", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + create.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs" + } + + @distributed_trace_async + async def get( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + job_name: str, + **kwargs: Any + ) -> _models.Job: + """Gets a job. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param job_name: The job name. Required. + :type job_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Job or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Job + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.Job] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + job_name=job_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Job", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs/{jobName}" + } + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + job_name: str, + **kwargs: Any + ) -> None: + """Deletes the specified job from the specified workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param job_name: The job name. Required. + :type job_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + job_name=job_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs/{jobName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_assignments_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_assignments_operations.py new file mode 100644 index 000000000000..cdcea494e7e5 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_assignments_operations.py @@ -0,0 +1,468 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._workspace_manager_assignments_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class WorkspaceManagerAssignmentsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`workspace_manager_assignments` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.WorkspaceManagerAssignment"]: + """Get all workspace manager assignments for the Sentinel workspace manager. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either WorkspaceManagerAssignment or the result of + cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerAssignmentList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("WorkspaceManagerAssignmentList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments" + } + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, workspace_manager_assignment_name: str, **kwargs: Any + ) -> _models.WorkspaceManagerAssignment: + """Gets a workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerAssignment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerAssignment] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("WorkspaceManagerAssignment", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}" + } + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + workspace_manager_assignment: _models.WorkspaceManagerAssignment, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerAssignment: + """Creates or updates a workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param workspace_manager_assignment: The workspace manager assignment. Required. + :type workspace_manager_assignment: + ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerAssignment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + workspace_manager_assignment: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerAssignment: + """Creates or updates a workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param workspace_manager_assignment: The workspace manager assignment. Required. + :type workspace_manager_assignment: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerAssignment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + workspace_manager_assignment: Union[_models.WorkspaceManagerAssignment, IO], + **kwargs: Any + ) -> _models.WorkspaceManagerAssignment: + """Creates or updates a workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param workspace_manager_assignment: The workspace manager assignment. Is either a + WorkspaceManagerAssignment type or a IO type. Required. + :type workspace_manager_assignment: + ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerAssignment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.WorkspaceManagerAssignment] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(workspace_manager_assignment, (IOBase, bytes)): + _content = workspace_manager_assignment + else: + _json = self._serialize.body(workspace_manager_assignment, "WorkspaceManagerAssignment") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("WorkspaceManagerAssignment", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("WorkspaceManagerAssignment", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}" + } + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, workspace_manager_assignment_name: str, **kwargs: Any + ) -> None: + """Deletes a workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_configurations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_configurations_operations.py new file mode 100644 index 000000000000..893c2ecdf078 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_configurations_operations.py @@ -0,0 +1,468 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._workspace_manager_configurations_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class WorkspaceManagerConfigurationsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`workspace_manager_configurations` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.WorkspaceManagerConfiguration"]: + """Gets all workspace manager configurations for a Sentinel workspace. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either WorkspaceManagerConfiguration or the result of + cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerConfigurationList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("WorkspaceManagerConfigurationList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations" + } + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, workspace_manager_configuration_name: str, **kwargs: Any + ) -> _models.WorkspaceManagerConfiguration: + """Gets a workspace manager configuration. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_configuration_name: The name of the workspace manager configuration. + Required. + :type workspace_manager_configuration_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerConfiguration or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerConfiguration] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_configuration_name=workspace_manager_configuration_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("WorkspaceManagerConfiguration", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}" + } + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, workspace_manager_configuration_name: str, **kwargs: Any + ) -> None: + """Deletes a workspace manager configuration. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_configuration_name: The name of the workspace manager configuration. + Required. + :type workspace_manager_configuration_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_configuration_name=workspace_manager_configuration_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}" + } + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_configuration_name: str, + workspace_manager_configuration: _models.WorkspaceManagerConfiguration, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerConfiguration: + """Creates or updates a workspace manager configuration. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_configuration_name: The name of the workspace manager configuration. + Required. + :type workspace_manager_configuration_name: str + :param workspace_manager_configuration: The workspace manager configuration. Required. + :type workspace_manager_configuration: + ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerConfiguration or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_configuration_name: str, + workspace_manager_configuration: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerConfiguration: + """Creates or updates a workspace manager configuration. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_configuration_name: The name of the workspace manager configuration. + Required. + :type workspace_manager_configuration_name: str + :param workspace_manager_configuration: The workspace manager configuration. Required. + :type workspace_manager_configuration: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerConfiguration or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_configuration_name: str, + workspace_manager_configuration: Union[_models.WorkspaceManagerConfiguration, IO], + **kwargs: Any + ) -> _models.WorkspaceManagerConfiguration: + """Creates or updates a workspace manager configuration. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_configuration_name: The name of the workspace manager configuration. + Required. + :type workspace_manager_configuration_name: str + :param workspace_manager_configuration: The workspace manager configuration. Is either a + WorkspaceManagerConfiguration type or a IO type. Required. + :type workspace_manager_configuration: + ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerConfiguration or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.WorkspaceManagerConfiguration] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(workspace_manager_configuration, (IOBase, bytes)): + _content = workspace_manager_configuration + else: + _json = self._serialize.body(workspace_manager_configuration, "WorkspaceManagerConfiguration") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_configuration_name=workspace_manager_configuration_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("WorkspaceManagerConfiguration", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("WorkspaceManagerConfiguration", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_groups_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_groups_operations.py new file mode 100644 index 000000000000..5e3f0ee9b406 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_groups_operations.py @@ -0,0 +1,461 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._workspace_manager_groups_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class WorkspaceManagerGroupsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`workspace_manager_groups` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.WorkspaceManagerGroup"]: + """Gets all workspace manager groups in the Sentinel workspace manager. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either WorkspaceManagerGroup or the result of + cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.WorkspaceManagerGroup] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerGroupList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("WorkspaceManagerGroupList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups" + } + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, workspace_manager_group_name: str, **kwargs: Any + ) -> _models.WorkspaceManagerGroup: + """Gets a workspace manager group. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_group_name: The name of the workspace manager group. Required. + :type workspace_manager_group_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerGroup or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerGroup] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_group_name=workspace_manager_group_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("WorkspaceManagerGroup", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}" + } + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_group_name: str, + workspace_manager_group: _models.WorkspaceManagerGroup, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerGroup: + """Creates or updates a workspace manager group. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_group_name: The name of the workspace manager group. Required. + :type workspace_manager_group_name: str + :param workspace_manager_group: The workspace manager group object. Required. + :type workspace_manager_group: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerGroup or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_group_name: str, + workspace_manager_group: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerGroup: + """Creates or updates a workspace manager group. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_group_name: The name of the workspace manager group. Required. + :type workspace_manager_group_name: str + :param workspace_manager_group: The workspace manager group object. Required. + :type workspace_manager_group: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerGroup or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_group_name: str, + workspace_manager_group: Union[_models.WorkspaceManagerGroup, IO], + **kwargs: Any + ) -> _models.WorkspaceManagerGroup: + """Creates or updates a workspace manager group. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_group_name: The name of the workspace manager group. Required. + :type workspace_manager_group_name: str + :param workspace_manager_group: The workspace manager group object. Is either a + WorkspaceManagerGroup type or a IO type. Required. + :type workspace_manager_group: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerGroup or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.WorkspaceManagerGroup] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(workspace_manager_group, (IOBase, bytes)): + _content = workspace_manager_group + else: + _json = self._serialize.body(workspace_manager_group, "WorkspaceManagerGroup") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_group_name=workspace_manager_group_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("WorkspaceManagerGroup", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("WorkspaceManagerGroup", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}" + } + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, workspace_manager_group_name: str, **kwargs: Any + ) -> None: + """Deletes a workspace manager group. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_group_name: The name of the workspace manager group. Required. + :type workspace_manager_group_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_group_name=workspace_manager_group_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_members_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_members_operations.py new file mode 100644 index 000000000000..876ac8ea781d --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_workspace_manager_members_operations.py @@ -0,0 +1,461 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._workspace_manager_members_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class WorkspaceManagerMembersOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`workspace_manager_members` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.WorkspaceManagerMember"]: + """Gets all workspace manager members that exist for the given Sentinel workspace manager. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either WorkspaceManagerMember or the result of + cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.WorkspaceManagerMember] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerMembersList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("WorkspaceManagerMembersList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/" + } + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, workspace_manager_member_name: str, **kwargs: Any + ) -> _models.WorkspaceManagerMember: + """Gets a workspace manager member. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_member_name: The name of the workspace manager member. Required. + :type workspace_manager_member_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerMember or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerMember] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_member_name=workspace_manager_member_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("WorkspaceManagerMember", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}" + } + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_member_name: str, + workspace_manager_member: _models.WorkspaceManagerMember, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerMember: + """Creates or updates a workspace manager member. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_member_name: The name of the workspace manager member. Required. + :type workspace_manager_member_name: str + :param workspace_manager_member: The workspace manager member object. Required. + :type workspace_manager_member: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerMember or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_member_name: str, + workspace_manager_member: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerMember: + """Creates or updates a workspace manager member. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_member_name: The name of the workspace manager member. Required. + :type workspace_manager_member_name: str + :param workspace_manager_member: The workspace manager member object. Required. + :type workspace_manager_member: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerMember or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_member_name: str, + workspace_manager_member: Union[_models.WorkspaceManagerMember, IO], + **kwargs: Any + ) -> _models.WorkspaceManagerMember: + """Creates or updates a workspace manager member. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_member_name: The name of the workspace manager member. Required. + :type workspace_manager_member_name: str + :param workspace_manager_member: The workspace manager member object. Is either a + WorkspaceManagerMember type or a IO type. Required. + :type workspace_manager_member: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerMember or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.WorkspaceManagerMember] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(workspace_manager_member, (IOBase, bytes)): + _content = workspace_manager_member + else: + _json = self._serialize.body(workspace_manager_member, "WorkspaceManagerMember") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_member_name=workspace_manager_member_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("WorkspaceManagerMember", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("WorkspaceManagerMember", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}" + } + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, workspace_manager_member_name: str, **kwargs: Any + ) -> None: + """Deletes a workspace manager member. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_member_name: The name of the workspace manager member. Required. + :type workspace_manager_member_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_member_name=workspace_manager_member_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = await self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py index 805bb3d2b327..9de9d7f4d8c9 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py @@ -42,9 +42,11 @@ from ._models_py3 import AlertRuleTemplatesList from ._models_py3 import AlertRulesList from ._models_py3 import AlertsDataTypeOfDataConnector +from ._models_py3 import AnalyticsRuleRunTrigger from ._models_py3 import Anomalies from ._models_py3 import AnomalySecurityMLAnalyticsSettings from ._models_py3 import AnomalyTimelineItem +from ._models_py3 import AssignmentItem from ._models_py3 import AutomationRule from ._models_py3 import AutomationRuleAction from ._models_py3 import AutomationRuleAddIncidentTaskAction @@ -68,8 +70,11 @@ from ._models_py3 import AwsS3DataConnectorDataTypes from ._models_py3 import AwsS3DataConnectorDataTypesLogs from ._models_py3 import AzureDevOpsResourceInfo +from ._models_py3 import AzureEntityResource from ._models_py3 import AzureResourceEntity from ._models_py3 import AzureResourceEntityProperties +from ._models_py3 import BillingStatistic +from ._models_py3 import BillingStatisticList from ._models_py3 import Bookmark from ._models_py3 import BookmarkEntityMappings from ._models_py3 import BookmarkExpandParameters @@ -97,15 +102,26 @@ from ._models_py3 import CodelessUiDataConnector from ._models_py3 import ConnectedEntity from ._models_py3 import ConnectivityCriteria +from ._models_py3 import ConnectivityCriterion +from ._models_py3 import ConnectorDataType +from ._models_py3 import ConnectorDefinitionsAvailability +from ._models_py3 import ConnectorDefinitionsPermissions +from ._models_py3 import ConnectorDefinitionsResourceProvider from ._models_py3 import ConnectorInstructionModelBase from ._models_py3 import Content -from ._models_py3 import ContentPathMap from ._models_py3 import CustomEntityQuery +from ._models_py3 import CustomPermissionDetails +from ._models_py3 import CustomizableConnectionsConfig +from ._models_py3 import CustomizableConnectorDefinition +from ._models_py3 import CustomizableConnectorUiConfig from ._models_py3 import Customs from ._models_py3 import CustomsPermission +from ._models_py3 import DCRConfiguration from ._models_py3 import DataConnector from ._models_py3 import DataConnectorConnectBody from ._models_py3 import DataConnectorDataTypeCommon +from ._models_py3 import DataConnectorDefinition +from ._models_py3 import DataConnectorDefinitionArmCollectionWrapper from ._models_py3 import DataConnectorList from ._models_py3 import DataConnectorRequirementsState from ._models_py3 import DataConnectorTenantId @@ -141,6 +157,7 @@ from ._models_py3 import EntityInsightItem from ._models_py3 import EntityInsightItemQueryTimeInterval from ._models_py3 import EntityList +from ._models_py3 import EntityManualTriggerRequestBody from ._models_py3 import EntityMapping from ._models_py3 import EntityQuery from ._models_py3 import EntityQueryItem @@ -152,6 +169,10 @@ from ._models_py3 import EntityTimelineItem from ._models_py3 import EntityTimelineParameters from ._models_py3 import EntityTimelineResponse +from ._models_py3 import Error +from ._models_py3 import ErrorAdditionalInfo +from ._models_py3 import ErrorDetail +from ._models_py3 import ErrorResponse from ._models_py3 import EventGroupingSettings from ._models_py3 import ExpansionEntityQuery from ._models_py3 import ExpansionResultAggregation @@ -175,15 +196,26 @@ from ._models_py3 import FusionTemplateSourceSetting from ._models_py3 import FusionTemplateSourceSubType from ._models_py3 import FusionTemplateSubTypeSeverityFilter +from ._models_py3 import GCPAuthProperties +from ._models_py3 import GCPDataConnector +from ._models_py3 import GCPRequestProperties from ._models_py3 import GeoLocation from ._models_py3 import GetInsightsErrorKind from ._models_py3 import GetInsightsResultsMetadata from ._models_py3 import GetQueriesResponse from ._models_py3 import GitHubResourceInfo from ._models_py3 import GraphQueries +from ._models_py3 import GraphQuery from ._models_py3 import GroupingConfiguration from ._models_py3 import HostEntity from ._models_py3 import HostEntityProperties +from ._models_py3 import Hunt +from ._models_py3 import HuntComment +from ._models_py3 import HuntCommentList +from ._models_py3 import HuntList +from ._models_py3 import HuntOwner +from ._models_py3 import HuntRelation +from ._models_py3 import HuntRelationList from ._models_py3 import HuntingBookmark from ._models_py3 import HuntingBookmarkProperties from ._models_py3 import Incident @@ -213,6 +245,8 @@ from ._models_py3 import InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem from ._models_py3 import InsightsTableResult from ._models_py3 import InsightsTableResultColumnsItem +from ._models_py3 import InstructionStep +from ._models_py3 import InstructionStepDetails from ._models_py3 import InstructionSteps from ._models_py3 import InstructionStepsInstructionsItem from ._models_py3 import Instructions @@ -223,6 +257,9 @@ from ._models_py3 import IoTDeviceEntityProperties from ._models_py3 import IpEntity from ._models_py3 import IpEntityProperties +from ._models_py3 import Job +from ._models_py3 import JobItem +from ._models_py3 import JobList from ._models_py3 import LastDataReceivedDataType from ._models_py3 import MCASCheckRequirements from ._models_py3 import MCASCheckRequirementsProperties @@ -240,12 +277,12 @@ from ._models_py3 import MSTICheckRequirementsProperties from ._models_py3 import MSTIDataConnector from ._models_py3 import MSTIDataConnectorDataTypes -from ._models_py3 import MSTIDataConnectorDataTypesBingSafetyPhishingURL from ._models_py3 import MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed from ._models_py3 import MSTIDataConnectorProperties from ._models_py3 import MTPCheckRequirementsProperties from ._models_py3 import MTPDataConnector from ._models_py3 import MTPDataConnectorDataTypes +from ._models_py3 import MTPDataConnectorDataTypesAlerts from ._models_py3 import MTPDataConnectorDataTypesIncidents from ._models_py3 import MTPDataConnectorProperties from ._models_py3 import MailClusterEntity @@ -265,12 +302,19 @@ from ._models_py3 import MetadataPatch from ._models_py3 import MetadataSource from ._models_py3 import MetadataSupport +from ._models_py3 import MicrosoftPurviewInformationProtectionCheckRequirements +from ._models_py3 import MicrosoftPurviewInformationProtectionCheckRequirementsProperties +from ._models_py3 import MicrosoftPurviewInformationProtectionConnectorDataTypes +from ._models_py3 import MicrosoftPurviewInformationProtectionConnectorDataTypesLogs +from ._models_py3 import MicrosoftPurviewInformationProtectionDataConnector +from ._models_py3 import MicrosoftPurviewInformationProtectionDataConnectorProperties from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRule from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleCommonProperties from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleProperties from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleTemplate from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties from ._models_py3 import MtpCheckRequirements +from ._models_py3 import MtpFilteredProviders from ._models_py3 import NicEntity from ._models_py3 import NicEntityProperties from ._models_py3 import NrtAlertRule @@ -307,16 +351,32 @@ from ._models_py3 import Operation from ._models_py3 import OperationDisplay from ._models_py3 import OperationsList +from ._models_py3 import PackageBaseProperties +from ._models_py3 import PackageList +from ._models_py3 import PackageModel +from ._models_py3 import PackageProperties +from ._models_py3 import ( + Paths1J3Lu7WSubscriptionsSubscriptionidResourcegroupsResourcegroupnameProvidersMicrosoftOperationalinsightsWorkspacesWorkspacenameProvidersMicrosoftSecurityinsightsSourcecontrolsSourcecontrolidDeletePostRequestbodyContentApplicationJsonSchema, +) from ._models_py3 import Permissions from ._models_py3 import PermissionsCustomsItem from ._models_py3 import PermissionsResourceProviderItem from ._models_py3 import PlaybookActionProperties from ._models_py3 import ProcessEntity from ._models_py3 import ProcessEntityProperties +from ._models_py3 import ProductPackageAdditionalProperties +from ._models_py3 import ProductPackageList +from ._models_py3 import ProductPackageModel +from ._models_py3 import ProductPackageProperties +from ._models_py3 import ProductTemplateAdditionalProperties +from ._models_py3 import ProductTemplateList +from ._models_py3 import ProductTemplateModel +from ._models_py3 import ProductTemplateProperties from ._models_py3 import PropertyArrayChangedConditionProperties from ._models_py3 import PropertyArrayConditionProperties from ._models_py3 import PropertyChangedConditionProperties from ._models_py3 import PropertyConditionProperties +from ._models_py3 import PullRequest from ._models_py3 import QueryBasedAlertRuleTemplateProperties from ._models_py3 import Recommendation from ._models_py3 import RecommendationList @@ -331,12 +391,16 @@ from ._models_py3 import Repo from ._models_py3 import RepoList from ._models_py3 import Repository +from ._models_py3 import RepositoryAccess from ._models_py3 import RepositoryResourceInfo from ._models_py3 import RequiredPermissions from ._models_py3 import Resource from ._models_py3 import ResourceProvider +from ._models_py3 import ResourceProviderRequiredPermissions from ._models_py3 import ResourceWithEtag from ._models_py3 import SampleQueries +from ._models_py3 import SampleQuery +from ._models_py3 import SapSolutionUsageStatistic from ._models_py3 import ScheduledAlertRule from ._models_py3 import ScheduledAlertRuleCommonProperties from ._models_py3 import ScheduledAlertRuleProperties @@ -353,6 +417,7 @@ from ._models_py3 import SentinelEntityMapping from ._models_py3 import SentinelOnboardingState from ._models_py3 import SentinelOnboardingStatesList +from ._models_py3 import ServicePrincipal from ._models_py3 import SettingList from ._models_py3 import Settings from ._models_py3 import SourceControl @@ -368,6 +433,11 @@ from ._models_py3 import TIDataConnectorProperties from ._models_py3 import TeamInformation from ._models_py3 import TeamProperties +from ._models_py3 import TemplateAdditionalProperties +from ._models_py3 import TemplateBaseProperties +from ._models_py3 import TemplateList +from ._models_py3 import TemplateModel +from ._models_py3 import TemplateProperties from ._models_py3 import ThreatIntelligence from ._models_py3 import ThreatIntelligenceAlertRule from ._models_py3 import ThreatIntelligenceAlertRuleTemplate @@ -397,16 +467,28 @@ from ._models_py3 import TimelineAggregation from ._models_py3 import TimelineError from ._models_py3 import TimelineResultsMetadata +from ._models_py3 import TriggeredAnalyticsRuleRun +from ._models_py3 import TriggeredAnalyticsRuleRuns from ._models_py3 import Ueba from ._models_py3 import UrlEntity from ._models_py3 import UrlEntityProperties from ._models_py3 import UserInfo from ._models_py3 import ValidationError +from ._models_py3 import Warning +from ._models_py3 import WarningBody from ._models_py3 import Watchlist from ._models_py3 import WatchlistItem from ._models_py3 import WatchlistItemList from ._models_py3 import WatchlistList from ._models_py3 import Webhook +from ._models_py3 import WorkspaceManagerAssignment +from ._models_py3 import WorkspaceManagerAssignmentList +from ._models_py3 import WorkspaceManagerConfiguration +from ._models_py3 import WorkspaceManagerConfigurationList +from ._models_py3 import WorkspaceManagerGroup +from ._models_py3 import WorkspaceManagerGroupList +from ._models_py3 import WorkspaceManagerMember +from ._models_py3 import WorkspaceManagerMembersList from ._security_insights_enums import ActionType from ._security_insights_enums import AlertDetail @@ -425,6 +507,7 @@ from ._security_insights_enums import AutomationRulePropertyChangedConditionSupportedPropertyType from ._security_insights_enums import AutomationRulePropertyConditionSupportedOperator from ._security_insights_enums import AutomationRulePropertyConditionSupportedProperty +from ._security_insights_enums import BillingStatisticKind from ._security_insights_enums import Category from ._security_insights_enums import ConditionType from ._security_insights_enums import ConfidenceLevel @@ -436,6 +519,7 @@ from ._security_insights_enums import CreatedByType from ._security_insights_enums import CustomEntityQueryKind from ._security_insights_enums import DataConnectorAuthorizationState +from ._security_insights_enums import DataConnectorDefinitionKind from ._security_insights_enums import DataConnectorKind from ._security_insights_enums import DataConnectorLicenseState from ._security_insights_enums import DataTypeState @@ -448,21 +532,23 @@ from ._security_insights_enums import DeviceImportance from ._security_insights_enums import ElevationToken from ._security_insights_enums import EntityItemQueryKind -from ._security_insights_enums import EntityKind +from ._security_insights_enums import EntityKindEnum from ._security_insights_enums import EntityMappingType from ._security_insights_enums import EntityProviders from ._security_insights_enums import EntityQueryKind from ._security_insights_enums import EntityQueryTemplateKind from ._security_insights_enums import EntityTimelineKind from ._security_insights_enums import EntityType -from ._security_insights_enums import Enum13 -from ._security_insights_enums import Enum15 +from ._security_insights_enums import Enum20 +from ._security_insights_enums import Enum22 from ._security_insights_enums import EventGroupingAggregationKind from ._security_insights_enums import FileFormat from ._security_insights_enums import FileHashAlgorithm from ._security_insights_enums import FileImportContentType from ._security_insights_enums import FileImportState +from ._security_insights_enums import Flag from ._security_insights_enums import GetInsightsError +from ._security_insights_enums import HypothesisStatus from ._security_insights_enums import IncidentClassification from ._security_insights_enums import IncidentClassificationReason from ._security_insights_enums import IncidentLabelType @@ -474,17 +560,23 @@ from ._security_insights_enums import Kind from ._security_insights_enums import MatchingMethod from ._security_insights_enums import MicrosoftSecurityProductName +from ._security_insights_enums import Mode +from ._security_insights_enums import MtpProvider from ._security_insights_enums import OSFamily from ._security_insights_enums import Operator from ._security_insights_enums import OutputType from ._security_insights_enums import OwnerType +from ._security_insights_enums import PackageKind from ._security_insights_enums import PermissionProviderScope from ._security_insights_enums import PollingFrequency from ._security_insights_enums import Priority from ._security_insights_enums import ProviderName +from ._security_insights_enums import ProviderPermissionsScope +from ._security_insights_enums import ProvisioningState from ._security_insights_enums import RegistryHive from ._security_insights_enums import RegistryValueKind from ._security_insights_enums import RepoType +from ._security_insights_enums import RepositoryAccessKind from ._security_insights_enums import SecurityMLAnalyticsSettingsKind from ._security_insights_enums import SettingKind from ._security_insights_enums import SettingType @@ -492,15 +584,17 @@ from ._security_insights_enums import SourceKind from ._security_insights_enums import SourceType from ._security_insights_enums import State +from ._security_insights_enums import Status from ._security_insights_enums import SupportTier from ._security_insights_enums import TemplateStatus -from ._security_insights_enums import ThreatIntelligenceResourceKindEnum -from ._security_insights_enums import ThreatIntelligenceSortingCriteriaEnum +from ._security_insights_enums import ThreatIntelligenceResourceInnerKind +from ._security_insights_enums import ThreatIntelligenceSortingOrder from ._security_insights_enums import TriggerOperator from ._security_insights_enums import TriggersOn from ._security_insights_enums import TriggersWhen from ._security_insights_enums import UebaDataSources from ._security_insights_enums import Version +from ._security_insights_enums import WarningCode from ._patch import __all__ as _patch_all from ._patch import * # pylint: disable=unused-wildcard-import from ._patch import patch_sdk as _patch_sdk @@ -542,9 +636,11 @@ "AlertRuleTemplatesList", "AlertRulesList", "AlertsDataTypeOfDataConnector", + "AnalyticsRuleRunTrigger", "Anomalies", "AnomalySecurityMLAnalyticsSettings", "AnomalyTimelineItem", + "AssignmentItem", "AutomationRule", "AutomationRuleAction", "AutomationRuleAddIncidentTaskAction", @@ -568,8 +664,11 @@ "AwsS3DataConnectorDataTypes", "AwsS3DataConnectorDataTypesLogs", "AzureDevOpsResourceInfo", + "AzureEntityResource", "AzureResourceEntity", "AzureResourceEntityProperties", + "BillingStatistic", + "BillingStatisticList", "Bookmark", "BookmarkEntityMappings", "BookmarkExpandParameters", @@ -597,15 +696,26 @@ "CodelessUiDataConnector", "ConnectedEntity", "ConnectivityCriteria", + "ConnectivityCriterion", + "ConnectorDataType", + "ConnectorDefinitionsAvailability", + "ConnectorDefinitionsPermissions", + "ConnectorDefinitionsResourceProvider", "ConnectorInstructionModelBase", "Content", - "ContentPathMap", "CustomEntityQuery", + "CustomPermissionDetails", + "CustomizableConnectionsConfig", + "CustomizableConnectorDefinition", + "CustomizableConnectorUiConfig", "Customs", "CustomsPermission", + "DCRConfiguration", "DataConnector", "DataConnectorConnectBody", "DataConnectorDataTypeCommon", + "DataConnectorDefinition", + "DataConnectorDefinitionArmCollectionWrapper", "DataConnectorList", "DataConnectorRequirementsState", "DataConnectorTenantId", @@ -641,6 +751,7 @@ "EntityInsightItem", "EntityInsightItemQueryTimeInterval", "EntityList", + "EntityManualTriggerRequestBody", "EntityMapping", "EntityQuery", "EntityQueryItem", @@ -652,6 +763,10 @@ "EntityTimelineItem", "EntityTimelineParameters", "EntityTimelineResponse", + "Error", + "ErrorAdditionalInfo", + "ErrorDetail", + "ErrorResponse", "EventGroupingSettings", "ExpansionEntityQuery", "ExpansionResultAggregation", @@ -675,15 +790,26 @@ "FusionTemplateSourceSetting", "FusionTemplateSourceSubType", "FusionTemplateSubTypeSeverityFilter", + "GCPAuthProperties", + "GCPDataConnector", + "GCPRequestProperties", "GeoLocation", "GetInsightsErrorKind", "GetInsightsResultsMetadata", "GetQueriesResponse", "GitHubResourceInfo", "GraphQueries", + "GraphQuery", "GroupingConfiguration", "HostEntity", "HostEntityProperties", + "Hunt", + "HuntComment", + "HuntCommentList", + "HuntList", + "HuntOwner", + "HuntRelation", + "HuntRelationList", "HuntingBookmark", "HuntingBookmarkProperties", "Incident", @@ -713,6 +839,8 @@ "InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem", "InsightsTableResult", "InsightsTableResultColumnsItem", + "InstructionStep", + "InstructionStepDetails", "InstructionSteps", "InstructionStepsInstructionsItem", "Instructions", @@ -723,6 +851,9 @@ "IoTDeviceEntityProperties", "IpEntity", "IpEntityProperties", + "Job", + "JobItem", + "JobList", "LastDataReceivedDataType", "MCASCheckRequirements", "MCASCheckRequirementsProperties", @@ -740,12 +871,12 @@ "MSTICheckRequirementsProperties", "MSTIDataConnector", "MSTIDataConnectorDataTypes", - "MSTIDataConnectorDataTypesBingSafetyPhishingURL", "MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed", "MSTIDataConnectorProperties", "MTPCheckRequirementsProperties", "MTPDataConnector", "MTPDataConnectorDataTypes", + "MTPDataConnectorDataTypesAlerts", "MTPDataConnectorDataTypesIncidents", "MTPDataConnectorProperties", "MailClusterEntity", @@ -765,12 +896,19 @@ "MetadataPatch", "MetadataSource", "MetadataSupport", + "MicrosoftPurviewInformationProtectionCheckRequirements", + "MicrosoftPurviewInformationProtectionCheckRequirementsProperties", + "MicrosoftPurviewInformationProtectionConnectorDataTypes", + "MicrosoftPurviewInformationProtectionConnectorDataTypesLogs", + "MicrosoftPurviewInformationProtectionDataConnector", + "MicrosoftPurviewInformationProtectionDataConnectorProperties", "MicrosoftSecurityIncidentCreationAlertRule", "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties", "MicrosoftSecurityIncidentCreationAlertRuleProperties", "MicrosoftSecurityIncidentCreationAlertRuleTemplate", "MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties", "MtpCheckRequirements", + "MtpFilteredProviders", "NicEntity", "NicEntityProperties", "NrtAlertRule", @@ -807,16 +945,30 @@ "Operation", "OperationDisplay", "OperationsList", + "PackageBaseProperties", + "PackageList", + "PackageModel", + "PackageProperties", + "Paths1J3Lu7WSubscriptionsSubscriptionidResourcegroupsResourcegroupnameProvidersMicrosoftOperationalinsightsWorkspacesWorkspacenameProvidersMicrosoftSecurityinsightsSourcecontrolsSourcecontrolidDeletePostRequestbodyContentApplicationJsonSchema", "Permissions", "PermissionsCustomsItem", "PermissionsResourceProviderItem", "PlaybookActionProperties", "ProcessEntity", "ProcessEntityProperties", + "ProductPackageAdditionalProperties", + "ProductPackageList", + "ProductPackageModel", + "ProductPackageProperties", + "ProductTemplateAdditionalProperties", + "ProductTemplateList", + "ProductTemplateModel", + "ProductTemplateProperties", "PropertyArrayChangedConditionProperties", "PropertyArrayConditionProperties", "PropertyChangedConditionProperties", "PropertyConditionProperties", + "PullRequest", "QueryBasedAlertRuleTemplateProperties", "Recommendation", "RecommendationList", @@ -831,12 +983,16 @@ "Repo", "RepoList", "Repository", + "RepositoryAccess", "RepositoryResourceInfo", "RequiredPermissions", "Resource", "ResourceProvider", + "ResourceProviderRequiredPermissions", "ResourceWithEtag", "SampleQueries", + "SampleQuery", + "SapSolutionUsageStatistic", "ScheduledAlertRule", "ScheduledAlertRuleCommonProperties", "ScheduledAlertRuleProperties", @@ -853,6 +1009,7 @@ "SentinelEntityMapping", "SentinelOnboardingState", "SentinelOnboardingStatesList", + "ServicePrincipal", "SettingList", "Settings", "SourceControl", @@ -868,6 +1025,11 @@ "TIDataConnectorProperties", "TeamInformation", "TeamProperties", + "TemplateAdditionalProperties", + "TemplateBaseProperties", + "TemplateList", + "TemplateModel", + "TemplateProperties", "ThreatIntelligence", "ThreatIntelligenceAlertRule", "ThreatIntelligenceAlertRuleTemplate", @@ -897,16 +1059,28 @@ "TimelineAggregation", "TimelineError", "TimelineResultsMetadata", + "TriggeredAnalyticsRuleRun", + "TriggeredAnalyticsRuleRuns", "Ueba", "UrlEntity", "UrlEntityProperties", "UserInfo", "ValidationError", + "Warning", + "WarningBody", "Watchlist", "WatchlistItem", "WatchlistItemList", "WatchlistList", "Webhook", + "WorkspaceManagerAssignment", + "WorkspaceManagerAssignmentList", + "WorkspaceManagerConfiguration", + "WorkspaceManagerConfigurationList", + "WorkspaceManagerGroup", + "WorkspaceManagerGroupList", + "WorkspaceManagerMember", + "WorkspaceManagerMembersList", "ActionType", "AlertDetail", "AlertProperty", @@ -924,6 +1098,7 @@ "AutomationRulePropertyChangedConditionSupportedPropertyType", "AutomationRulePropertyConditionSupportedOperator", "AutomationRulePropertyConditionSupportedProperty", + "BillingStatisticKind", "Category", "ConditionType", "ConfidenceLevel", @@ -935,6 +1110,7 @@ "CreatedByType", "CustomEntityQueryKind", "DataConnectorAuthorizationState", + "DataConnectorDefinitionKind", "DataConnectorKind", "DataConnectorLicenseState", "DataTypeState", @@ -947,21 +1123,23 @@ "DeviceImportance", "ElevationToken", "EntityItemQueryKind", - "EntityKind", + "EntityKindEnum", "EntityMappingType", "EntityProviders", "EntityQueryKind", "EntityQueryTemplateKind", "EntityTimelineKind", "EntityType", - "Enum13", - "Enum15", + "Enum20", + "Enum22", "EventGroupingAggregationKind", "FileFormat", "FileHashAlgorithm", "FileImportContentType", "FileImportState", + "Flag", "GetInsightsError", + "HypothesisStatus", "IncidentClassification", "IncidentClassificationReason", "IncidentLabelType", @@ -973,17 +1151,23 @@ "Kind", "MatchingMethod", "MicrosoftSecurityProductName", + "Mode", + "MtpProvider", "OSFamily", "Operator", "OutputType", "OwnerType", + "PackageKind", "PermissionProviderScope", "PollingFrequency", "Priority", "ProviderName", + "ProviderPermissionsScope", + "ProvisioningState", "RegistryHive", "RegistryValueKind", "RepoType", + "RepositoryAccessKind", "SecurityMLAnalyticsSettingsKind", "SettingKind", "SettingType", @@ -991,15 +1175,17 @@ "SourceKind", "SourceType", "State", + "Status", "SupportTier", "TemplateStatus", - "ThreatIntelligenceResourceKindEnum", - "ThreatIntelligenceSortingCriteriaEnum", + "ThreatIntelligenceResourceInnerKind", + "ThreatIntelligenceSortingOrder", "TriggerOperator", "TriggersOn", "TriggersWhen", "UebaDataSources", "Version", + "WarningCode", ] __all__.extend([p for p in _patch_all if p not in __all__]) _patch_sdk() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py index 5a15e9c34571..2cf9cccf42e0 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py @@ -34,7 +34,8 @@ class DataConnectorsCheckRequirements(_serialization.Model): You probably want to use the sub-classes and not this class directly. Known sub-classes are: AwsCloudTrailCheckRequirements, AwsS3CheckRequirements, AADCheckRequirements, AATPCheckRequirements, ASCCheckRequirements, Dynamics365CheckRequirements, - IoTCheckRequirements, MCASCheckRequirements, MDATPCheckRequirements, MSTICheckRequirements, + IoTCheckRequirements, MCASCheckRequirements, MDATPCheckRequirements, + MicrosoftPurviewInformationProtectionCheckRequirements, MSTICheckRequirements, MtpCheckRequirements, Office365ProjectCheckRequirements, OfficeATPCheckRequirements, OfficeIRMCheckRequirements, OfficePowerBICheckRequirements, TICheckRequirements, TiTaxiiCheckRequirements @@ -44,10 +45,10 @@ class DataConnectorsCheckRequirements(_serialization.Model): :ivar kind: Describes the kind of connector to be checked. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind """ @@ -70,6 +71,7 @@ class DataConnectorsCheckRequirements(_serialization.Model): "IOT": "IoTCheckRequirements", "MicrosoftCloudAppSecurity": "MCASCheckRequirements", "MicrosoftDefenderAdvancedThreatProtection": "MDATPCheckRequirements", + "MicrosoftPurviewInformationProtection": "MicrosoftPurviewInformationProtectionCheckRequirements", "MicrosoftThreatIntelligence": "MSTICheckRequirements", "MicrosoftThreatProtection": "MtpCheckRequirements", "Office365Project": "Office365ProjectCheckRequirements", @@ -81,24 +83,24 @@ class DataConnectorsCheckRequirements(_serialization.Model): } } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: Optional[str] = None class AADCheckRequirements(DataConnectorsCheckRequirements): - """Represents AAD (Azure Active Directory) requirements check request. + """Represents AADIP (Azure Active Directory Identity Protection) requirements check request. All required parameters must be populated in order to send to Azure. :ivar kind: Describes the kind of connector to be checked. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str @@ -113,7 +115,7 @@ class AADCheckRequirements(DataConnectorsCheckRequirements): "tenant_id": {"key": "properties.tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str @@ -140,7 +142,7 @@ class DataConnectorTenantId(_serialization.Model): "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. Required. :paramtype tenant_id: str @@ -150,7 +152,7 @@ def __init__(self, *, tenant_id: str, **kwargs): class AADCheckRequirementsProperties(DataConnectorTenantId): - """AAD (Azure Active Directory) requirements check properties. + """AADIP (Azure Active Directory Identity Protection) requirements check properties. All required parameters must be populated in order to send to Azure. @@ -166,7 +168,7 @@ class AADCheckRequirementsProperties(DataConnectorTenantId): "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. Required. :paramtype tenant_id: str @@ -206,7 +208,7 @@ class Resource(_serialization.Model): "system_data": {"key": "systemData", "type": "SystemData"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.id = None @@ -250,7 +252,7 @@ class ResourceWithEtag(Resource): "etag": {"key": "etag", "type": "str"}, } - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -265,10 +267,10 @@ class DataConnector(ResourceWithEtag): You probably want to use the sub-classes and not this class directly. Known sub-classes are: CodelessApiPollingDataConnector, AwsCloudTrailDataConnector, AwsS3DataConnector, AADDataConnector, AATPDataConnector, ASCDataConnector, Dynamics365DataConnector, - CodelessUiDataConnector, IoTDataConnector, MCASDataConnector, MDATPDataConnector, - MSTIDataConnector, MTPDataConnector, OfficeDataConnector, Office365ProjectDataConnector, - OfficeATPDataConnector, OfficeIRMDataConnector, OfficePowerBIDataConnector, TIDataConnector, - TiTaxiiDataConnector + GCPDataConnector, CodelessUiDataConnector, IoTDataConnector, MCASDataConnector, + MDATPDataConnector, MicrosoftPurviewInformationProtectionDataConnector, MSTIDataConnector, + MTPDataConnector, OfficeDataConnector, Office365ProjectDataConnector, OfficeATPDataConnector, + OfficeIRMDataConnector, OfficePowerBIDataConnector, TIDataConnector, TiTaxiiDataConnector Variables are only populated by the server, and will be ignored when sending a request. @@ -290,10 +292,10 @@ class DataConnector(ResourceWithEtag): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind """ @@ -323,10 +325,12 @@ class DataConnector(ResourceWithEtag): "AzureAdvancedThreatProtection": "AATPDataConnector", "AzureSecurityCenter": "ASCDataConnector", "Dynamics365": "Dynamics365DataConnector", + "GCP": "GCPDataConnector", "GenericUI": "CodelessUiDataConnector", "IOT": "IoTDataConnector", "MicrosoftCloudAppSecurity": "MCASDataConnector", "MicrosoftDefenderAdvancedThreatProtection": "MDATPDataConnector", + "MicrosoftPurviewInformationProtection": "MicrosoftPurviewInformationProtectionDataConnector", "MicrosoftThreatIntelligence": "MSTIDataConnector", "MicrosoftThreatProtection": "MTPDataConnector", "Office365": "OfficeDataConnector", @@ -339,7 +343,7 @@ class DataConnector(ResourceWithEtag): } } - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -349,7 +353,7 @@ def __init__(self, *, etag: Optional[str] = None, **kwargs): class AADDataConnector(DataConnector): - """Represents AAD (Azure Active Directory) data connector. + """Represents AADIP (Azure Active Directory Identity Protection) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -371,10 +375,10 @@ class AADDataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str @@ -407,8 +411,8 @@ def __init__( etag: Optional[str] = None, tenant_id: Optional[str] = None, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -434,7 +438,7 @@ class DataConnectorWithAlertsProperties(_serialization.Model): "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, } - def __init__(self, *, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs): + def __init__(self, *, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs: Any) -> None: """ :keyword data_types: The available data types for the connector. :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector @@ -444,7 +448,7 @@ def __init__(self, *, data_types: Optional["_models.AlertsDataTypeOfDataConnecto class AADDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): - """AAD (Azure Active Directory) data connector properties. + """AADIP (Azure Active Directory Identity Protection) data connector properties. All required parameters must be populated in order to send to Azure. @@ -464,8 +468,8 @@ class AADDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsP } def __init__( - self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs - ): + self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs: Any + ) -> None: """ :keyword data_types: The available data types for the connector. :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector @@ -485,10 +489,10 @@ class AATPCheckRequirements(DataConnectorsCheckRequirements): :ivar kind: Describes the kind of connector to be checked. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str @@ -503,7 +507,7 @@ class AATPCheckRequirements(DataConnectorsCheckRequirements): "tenant_id": {"key": "properties.tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str @@ -530,7 +534,7 @@ class AATPCheckRequirementsProperties(DataConnectorTenantId): "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. Required. :paramtype tenant_id: str @@ -561,10 +565,10 @@ class AATPDataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str @@ -597,8 +601,8 @@ def __init__( etag: Optional[str] = None, tenant_id: Optional[str] = None, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -634,8 +638,8 @@ class AATPDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlerts } def __init__( - self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs - ): + self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs: Any + ) -> None: """ :keyword data_types: The available data types for the connector. :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector @@ -675,7 +679,7 @@ class Entity(Resource): "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum """ _validation = { @@ -721,7 +725,7 @@ class Entity(Resource): } } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: Optional[str] = None @@ -749,7 +753,7 @@ class AccountEntity(Entity): # pylint: disable=too-many-instance-attributes "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. :vartype additional_data: dict[str, any] @@ -831,7 +835,7 @@ class AccountEntity(Entity): # pylint: disable=too-many-instance-attributes "dns_domain": {"key": "properties.dnsDomain", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: str = "Account" @@ -874,7 +878,7 @@ class EntityCommonProperties(_serialization.Model): "friendly_name": {"key": "friendlyName", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.additional_data = None @@ -957,7 +961,7 @@ class AccountEntityProperties(EntityCommonProperties): # pylint: disable=too-ma "dns_domain": {"key": "dnsDomain", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.aad_tenant_id = None @@ -993,7 +997,7 @@ class ActionPropertiesBase(_serialization.Model): "logic_app_resource_id": {"key": "logicAppResourceId", "type": "str"}, } - def __init__(self, *, logic_app_resource_id: str, **kwargs): + def __init__(self, *, logic_app_resource_id: str, **kwargs: Any) -> None: """ :keyword logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. @@ -1052,8 +1056,8 @@ def __init__( etag: Optional[str] = None, logic_app_resource_id: Optional[str] = None, trigger_uri: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -1091,7 +1095,7 @@ class ActionRequestProperties(ActionPropertiesBase): "trigger_uri": {"key": "triggerUri", "type": "str"}, } - def __init__(self, *, logic_app_resource_id: str, trigger_uri: str, **kwargs): + def __init__(self, *, logic_app_resource_id: str, trigger_uri: str, **kwargs: Any) -> None: """ :keyword logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. @@ -1152,8 +1156,8 @@ def __init__( etag: Optional[str] = None, logic_app_resource_id: Optional[str] = None, workflow_id: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -1190,7 +1194,7 @@ class ActionResponseProperties(ActionPropertiesBase): "workflow_id": {"key": "workflowId", "type": "str"}, } - def __init__(self, *, logic_app_resource_id: str, workflow_id: Optional[str] = None, **kwargs): + def __init__(self, *, logic_app_resource_id: str, workflow_id: Optional[str] = None, **kwargs: Any) -> None: """ :keyword logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. @@ -1226,7 +1230,7 @@ class ActionsList(_serialization.Model): "value": {"key": "value", "type": "[ActionResponse]"}, } - def __init__(self, *, value: List["_models.ActionResponse"], **kwargs): + def __init__(self, *, value: List["_models.ActionResponse"], **kwargs: Any) -> None: """ :keyword value: Array of actions. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.ActionResponse] @@ -1282,7 +1286,7 @@ class CustomEntityQuery(ResourceWithEtag): _subtype_map = {"kind": {"Activity": "ActivityCustomEntityQuery"}} - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -1389,8 +1393,8 @@ def __init__( entities_filter: Optional[Dict[str, List[str]]] = None, template_name: Optional[str] = None, enabled: Optional[bool] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -1445,7 +1449,7 @@ class ActivityEntityQueriesPropertiesQueryDefinitions(_serialization.Model): "query": {"key": "query", "type": "str"}, } - def __init__(self, *, query: Optional[str] = None, **kwargs): + def __init__(self, *, query: Optional[str] = None, **kwargs: Any) -> None: """ :keyword query: The Activity query to run on a given entity. :paramtype query: str @@ -1501,7 +1505,7 @@ class EntityQuery(ResourceWithEtag): _subtype_map = {"kind": {"Activity": "ActivityEntityQuery", "Expansion": "ExpansionEntityQuery"}} - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -1609,8 +1613,8 @@ def __init__( entities_filter: Optional[Dict[str, List[str]]] = None, template_name: Optional[str] = None, enabled: Optional[bool] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -1697,7 +1701,7 @@ class EntityQueryTemplate(Resource): _subtype_map = {"kind": {"Activity": "ActivityEntityQueryTemplate"}} - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: Optional[str] = None @@ -1785,8 +1789,8 @@ def __init__( input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, required_input_fields_sets: Optional[List[List[str]]] = None, entities_filter: Optional[Dict[str, List[str]]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword title: The entity query title. :paramtype title: str @@ -1838,7 +1842,7 @@ class ActivityEntityQueryTemplatePropertiesQueryDefinitions(_serialization.Model "summarize_by": {"key": "summarizeBy", "type": "str"}, } - def __init__(self, *, query: Optional[str] = None, summarize_by: Optional[str] = None, **kwargs): + def __init__(self, *, query: Optional[str] = None, summarize_by: Optional[str] = None, **kwargs: Any) -> None: """ :keyword query: The Activity query to run on a given entity. :paramtype query: str @@ -1881,7 +1885,7 @@ class EntityTimelineItem(_serialization.Model): } } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: Optional[str] = None @@ -1943,8 +1947,8 @@ def __init__( last_activity_time_utc: datetime.datetime, content: str, title: str, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword query_id: The activity query id. Required. :paramtype query_id: str @@ -1994,7 +1998,7 @@ class AddIncidentTaskActionProperties(_serialization.Model): "description": {"key": "description", "type": "str"}, } - def __init__(self, *, title: str, description: Optional[str] = None, **kwargs): + def __init__(self, *, title: str, description: Optional[str] = None, **kwargs: Any) -> None: """ :keyword title: The title of the task. Required. :paramtype title: str @@ -2040,8 +2044,8 @@ def __init__( alert_tactics_column_name: Optional[str] = None, alert_severity_column_name: Optional[str] = None, alert_dynamic_properties: Optional[List["_models.AlertPropertyMapping"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword alert_display_name_format: the format containing columns name(s) to override the alert name. @@ -2086,8 +2090,8 @@ def __init__( *, alert_property: Optional[Union[str, "_models.AlertProperty"]] = None, value: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword alert_property: The V3 alert property. Known values are: "AlertLink", "ConfidenceLevel", "ConfidenceScore", "ExtendedLinks", "ProductName", "ProviderName", @@ -2159,7 +2163,7 @@ class AlertRule(ResourceWithEtag): } } - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -2191,7 +2195,7 @@ class AlertRulesList(_serialization.Model): "value": {"key": "value", "type": "[AlertRule]"}, } - def __init__(self, *, value: List["_models.AlertRule"], **kwargs): + def __init__(self, *, value: List["_models.AlertRule"], **kwargs: Any) -> None: """ :keyword value: Array of alert rules. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.AlertRule] @@ -2257,7 +2261,7 @@ class AlertRuleTemplate(Resource): } } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: Optional[str] = None @@ -2277,7 +2281,9 @@ class AlertRuleTemplateDataSource(_serialization.Model): "data_types": {"key": "dataTypes", "type": "[str]"}, } - def __init__(self, *, connector_id: Optional[str] = None, data_types: Optional[List[str]] = None, **kwargs): + def __init__( + self, *, connector_id: Optional[str] = None, data_types: Optional[List[str]] = None, **kwargs: Any + ) -> None: """ :keyword connector_id: The connector id that provides the following data types. :paramtype connector_id: str @@ -2336,8 +2342,8 @@ def __init__( display_name: Optional[str] = None, required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, status: Optional[Union[str, "_models.TemplateStatus"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword alert_rules_created_by_template_count: the number of alert rules that were created by this template. @@ -2386,7 +2392,7 @@ class AlertRuleTemplatesList(_serialization.Model): "value": {"key": "value", "type": "[AlertRuleTemplate]"}, } - def __init__(self, *, value: List["_models.AlertRuleTemplate"], **kwargs): + def __init__(self, *, value: List["_models.AlertRuleTemplate"], **kwargs: Any) -> None: """ :keyword value: Array of alert rule templates. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.AlertRuleTemplate] @@ -2451,8 +2457,8 @@ def __init__( status: Optional[Union[str, "_models.TemplateStatus"]] = None, tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, techniques: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword alert_rules_created_by_template_count: the number of alert rules that were created by this template. @@ -2501,7 +2507,7 @@ class AlertsDataTypeOfDataConnector(_serialization.Model): "alerts": {"key": "alerts", "type": "DataConnectorDataTypeCommon"}, } - def __init__(self, *, alerts: "_models.DataConnectorDataTypeCommon", **kwargs): + def __init__(self, *, alerts: "_models.DataConnectorDataTypeCommon", **kwargs: Any) -> None: """ :keyword alerts: Alerts data type connection. Required. :paramtype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon @@ -2510,6 +2516,32 @@ def __init__(self, *, alerts: "_models.DataConnectorDataTypeCommon", **kwargs): self.alerts = alerts +class AnalyticsRuleRunTrigger(_serialization.Model): + """Analytics Rule Run Trigger request. + + All required parameters must be populated in order to send to Azure. + + :ivar execution_time_utc: Required. + :vartype execution_time_utc: ~datetime.datetime + """ + + _validation = { + "execution_time_utc": {"required": True}, + } + + _attribute_map = { + "execution_time_utc": {"key": "properties.executionTimeUtc", "type": "iso-8601"}, + } + + def __init__(self, *, execution_time_utc: datetime.datetime, **kwargs: Any) -> None: + """ + :keyword execution_time_utc: Required. + :paramtype execution_time_utc: ~datetime.datetime + """ + super().__init__(**kwargs) + self.execution_time_utc = execution_time_utc + + class Settings(ResourceWithEtag): """The Setting. @@ -2559,7 +2591,7 @@ class Settings(ResourceWithEtag): "kind": {"Anomalies": "Anomalies", "EntityAnalytics": "EntityAnalytics", "EyesOn": "EyesOn", "Ueba": "Ueba"} } - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -2614,7 +2646,7 @@ class Anomalies(Settings): "is_enabled": {"key": "properties.isEnabled", "type": "bool"}, } - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -2670,7 +2702,7 @@ class SecurityMLAnalyticsSetting(ResourceWithEtag): _subtype_map = {"kind": {"Anomaly": "AnomalySecurityMLAnalyticsSettings"}} - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -2788,8 +2820,8 @@ def __init__( is_default_settings: Optional[bool] = None, anomaly_settings_version: Optional[int] = None, settings_definition_id: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -2915,8 +2947,8 @@ def __init__( intent: Optional[str] = None, techniques: Optional[List[str]] = None, reasons: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword azure_resource_id: The anomaly azure resource id. Required. :paramtype azure_resource_id: str @@ -2964,10 +2996,10 @@ class ASCCheckRequirements(DataConnectorsCheckRequirements): :ivar kind: Describes the kind of connector to be checked. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar subscription_id: The subscription id to connect to, and get the data from. :vartype subscription_id: str @@ -2982,7 +3014,7 @@ class ASCCheckRequirements(DataConnectorsCheckRequirements): "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, } - def __init__(self, *, subscription_id: Optional[str] = None, **kwargs): + def __init__(self, *, subscription_id: Optional[str] = None, **kwargs: Any) -> None: """ :keyword subscription_id: The subscription id to connect to, and get the data from. :paramtype subscription_id: str @@ -3015,10 +3047,10 @@ class ASCDataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar data_types: The available data types for the connector. :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector @@ -3051,8 +3083,8 @@ def __init__( etag: Optional[str] = None, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, subscription_id: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -3086,8 +3118,8 @@ def __init__( *, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, subscription_id: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword data_types: The available data types for the connector. :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector @@ -3098,6 +3130,26 @@ def __init__( self.subscription_id = subscription_id +class AssignmentItem(_serialization.Model): + """An entity describing a content item. + + :ivar resource_id: The resource id of the content item. + :vartype resource_id: str + """ + + _attribute_map = { + "resource_id": {"key": "resourceId", "type": "str"}, + } + + def __init__(self, *, resource_id: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword resource_id: The resource id of the content item. + :paramtype resource_id: str + """ + super().__init__(**kwargs) + self.resource_id = resource_id + + class AutomationRule(ResourceWithEtag): # pylint: disable=too-many-instance-attributes """AutomationRule. @@ -3175,8 +3227,8 @@ def __init__( triggering_logic: "_models.AutomationRuleTriggeringLogic", actions: List["_models.AutomationRuleAction"], etag: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -3234,7 +3286,7 @@ class AutomationRuleAction(_serialization.Model): } } - def __init__(self, *, order: int, **kwargs): + def __init__(self, *, order: int, **kwargs: Any) -> None: """ :keyword order: Required. :paramtype order: int @@ -3271,8 +3323,12 @@ class AutomationRuleAddIncidentTaskAction(AutomationRuleAction): } def __init__( - self, *, order: int, action_configuration: Optional["_models.AddIncidentTaskActionProperties"] = None, **kwargs - ): + self, + *, + order: int, + action_configuration: Optional["_models.AddIncidentTaskActionProperties"] = None, + **kwargs: Any + ) -> None: """ :keyword order: Required. :paramtype order: int @@ -3288,7 +3344,7 @@ def __init__( class AutomationRuleBooleanCondition(_serialization.Model): """AutomationRuleBooleanCondition. - :ivar operator: Known values are: "And" and "Or". + :ivar operator: Known values are: "And", "Or", "And", and "Or". :vartype operator: str or ~azure.mgmt.securityinsight.models.AutomationRuleBooleanConditionSupportedOperator :ivar inner_conditions: @@ -3309,10 +3365,10 @@ def __init__( *, operator: Optional[Union[str, "_models.AutomationRuleBooleanConditionSupportedOperator"]] = None, inner_conditions: Optional[List["_models.AutomationRuleCondition"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ - :keyword operator: Known values are: "And" and "Or". + :keyword operator: Known values are: "And", "Or", "And", and "Or". :paramtype operator: str or ~azure.mgmt.securityinsight.models.AutomationRuleBooleanConditionSupportedOperator :keyword inner_conditions: @@ -3355,7 +3411,7 @@ class AutomationRuleCondition(_serialization.Model): } } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.condition_type: Optional[str] = None @@ -3387,8 +3443,8 @@ class AutomationRuleModifyPropertiesAction(AutomationRuleAction): } def __init__( - self, *, order: int, action_configuration: Optional["_models.IncidentPropertiesAction"] = None, **kwargs - ): + self, *, order: int, action_configuration: Optional["_models.IncidentPropertiesAction"] = None, **kwargs: Any + ) -> None: """ :keyword order: Required. :paramtype order: int @@ -3425,8 +3481,8 @@ def __init__( change_type: Optional[ Union[str, "_models.AutomationRulePropertyArrayChangedConditionSupportedChangeType"] ] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword array_type: Known values are: "Alerts", "Labels", "Tactics", and "Comments". :paramtype array_type: str or @@ -3471,8 +3527,8 @@ def __init__( Union[str, "_models.AutomationRulePropertyArrayConditionSupportedArrayConditionType"] ] = None, item_conditions: Optional[List["_models.AutomationRuleCondition"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword array_type: Known values are: "CustomDetails" and "CustomDetailValues". :paramtype array_type: str or @@ -3523,8 +3579,8 @@ def __init__( change_type: Optional[Union[str, "_models.AutomationRulePropertyChangedConditionSupportedChangedType"]] = None, operator: Optional[Union[str, "_models.AutomationRulePropertyConditionSupportedOperator"]] = None, property_values: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword property_name: Known values are: "IncidentSeverity", "IncidentStatus", and "IncidentOwner". @@ -3588,8 +3644,8 @@ def __init__( property_name: Optional[Union[str, "_models.AutomationRulePropertyConditionSupportedProperty"]] = None, operator: Optional[Union[str, "_models.AutomationRulePropertyConditionSupportedOperator"]] = None, property_values: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword property_name: The property to evaluate in an automation rule property condition. Known values are: "IncidentTitle", "IncidentDescription", "IncidentSeverity", "IncidentStatus", @@ -3648,8 +3704,8 @@ class AutomationRuleRunPlaybookAction(AutomationRuleAction): } def __init__( - self, *, order: int, action_configuration: Optional["_models.PlaybookActionProperties"] = None, **kwargs - ): + self, *, order: int, action_configuration: Optional["_models.PlaybookActionProperties"] = None, **kwargs: Any + ) -> None: """ :keyword order: Required. :paramtype order: int @@ -3676,8 +3732,8 @@ class AutomationRulesList(_serialization.Model): } def __init__( - self, *, value: Optional[List["_models.AutomationRule"]] = None, next_link: Optional[str] = None, **kwargs - ): + self, *, value: Optional[List["_models.AutomationRule"]] = None, next_link: Optional[str] = None, **kwargs: Any + ) -> None: """ :keyword value: :paramtype value: list[~azure.mgmt.securityinsight.models.AutomationRule] @@ -3731,8 +3787,8 @@ def __init__( triggers_when: Union[str, "_models.TriggersWhen"], expiration_time_utc: Optional[datetime.datetime] = None, conditions: Optional[List["_models.AutomationRuleCondition"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword is_enabled: Determines whether the automation rule is enabled or disabled. Required. :paramtype is_enabled: bool @@ -3769,7 +3825,9 @@ class Availability(_serialization.Model): "is_preview": {"key": "isPreview", "type": "bool"}, } - def __init__(self, *, status: Optional[Literal[1]] = None, is_preview: Optional[bool] = None, **kwargs): + def __init__( + self, *, status: Optional[Literal[1]] = None, is_preview: Optional[bool] = None, **kwargs: Any + ) -> None: """ :keyword status: The connector Availability Status. Default value is 1. :paramtype status: int @@ -3789,10 +3847,10 @@ class AwsCloudTrailCheckRequirements(DataConnectorsCheckRequirements): :ivar kind: Describes the kind of connector to be checked. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind """ @@ -3804,7 +3862,7 @@ class AwsCloudTrailCheckRequirements(DataConnectorsCheckRequirements): "kind": {"key": "kind", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: str = "AmazonWebServicesCloudTrail" @@ -3833,10 +3891,10 @@ class AwsCloudTrailDataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar aws_role_arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. @@ -3870,8 +3928,8 @@ def __init__( etag: Optional[str] = None, aws_role_arn: Optional[str] = None, data_types: Optional["_models.AwsCloudTrailDataConnectorDataTypes"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -3904,7 +3962,7 @@ class AwsCloudTrailDataConnectorDataTypes(_serialization.Model): "logs": {"key": "logs", "type": "AwsCloudTrailDataConnectorDataTypesLogs"}, } - def __init__(self, *, logs: "_models.AwsCloudTrailDataConnectorDataTypesLogs", **kwargs): + def __init__(self, *, logs: "_models.AwsCloudTrailDataConnectorDataTypesLogs", **kwargs: Any) -> None: """ :keyword logs: Logs data type. Required. :paramtype logs: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypesLogs @@ -3931,7 +3989,7 @@ class DataConnectorDataTypeCommon(_serialization.Model): "state": {"key": "state", "type": "str"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: """ :keyword state: Describe whether this data type connection is enabled or not. Required. Known values are: "Enabled" and "Disabled". @@ -3959,7 +4017,7 @@ class AwsCloudTrailDataConnectorDataTypesLogs(DataConnectorDataTypeCommon): "state": {"key": "state", "type": "str"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: """ :keyword state: Describe whether this data type connection is enabled or not. Required. Known values are: "Enabled" and "Disabled". @@ -3976,10 +4034,10 @@ class AwsS3CheckRequirements(DataConnectorsCheckRequirements): :ivar kind: Describes the kind of connector to be checked. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind """ @@ -3991,7 +4049,7 @@ class AwsS3CheckRequirements(DataConnectorsCheckRequirements): "kind": {"key": "kind", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: str = "AmazonWebServicesS3" @@ -4020,10 +4078,10 @@ class AwsS3DataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar destination_table: The logs destination table name in LogAnalytics. :vartype destination_table: str @@ -4064,8 +4122,8 @@ def __init__( sqs_urls: Optional[List[str]] = None, role_arn: Optional[str] = None, data_types: Optional["_models.AwsS3DataConnectorDataTypes"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -4103,7 +4161,7 @@ class AwsS3DataConnectorDataTypes(_serialization.Model): "logs": {"key": "logs", "type": "AwsS3DataConnectorDataTypesLogs"}, } - def __init__(self, *, logs: "_models.AwsS3DataConnectorDataTypesLogs", **kwargs): + def __init__(self, *, logs: "_models.AwsS3DataConnectorDataTypesLogs", **kwargs: Any) -> None: """ :keyword logs: Logs data type. Required. :paramtype logs: ~azure.mgmt.securityinsight.models.AwsS3DataConnectorDataTypesLogs @@ -4130,7 +4188,7 @@ class AwsS3DataConnectorDataTypesLogs(DataConnectorDataTypeCommon): "state": {"key": "state", "type": "str"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: """ :keyword state: Describe whether this data type connection is enabled or not. Required. Known values are: "Enabled" and "Disabled". @@ -4153,7 +4211,9 @@ class AzureDevOpsResourceInfo(_serialization.Model): "service_connection_id": {"key": "serviceConnectionId", "type": "str"}, } - def __init__(self, *, pipeline_id: Optional[str] = None, service_connection_id: Optional[str] = None, **kwargs): + def __init__( + self, *, pipeline_id: Optional[str] = None, service_connection_id: Optional[str] = None, **kwargs: Any + ) -> None: """ :keyword pipeline_id: Id of the pipeline created for the source-control. :paramtype pipeline_id: str @@ -4165,6 +4225,48 @@ def __init__(self, *, pipeline_id: Optional[str] = None, service_connection_id: self.service_connection_id = service_connection_id +class AzureEntityResource(Resource): + """The resource model definition for an Azure Resource Manager resource with an etag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Resource Etag. + :vartype etag: str + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "etag": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.etag = None + + class AzureResourceEntity(Entity): """Represents an azure resource entity. @@ -4187,7 +4289,7 @@ class AzureResourceEntity(Entity): "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. :vartype additional_data: dict[str, any] @@ -4224,7 +4326,7 @@ class AzureResourceEntity(Entity): "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: str = "AzureResource" @@ -4265,13 +4367,99 @@ class AzureResourceEntityProperties(EntityCommonProperties): "subscription_id": {"key": "subscriptionId", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.resource_id = None self.subscription_id = None +class BillingStatistic(AzureEntityResource): + """Billing statistic. + + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + SapSolutionUsageStatistic + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Resource Etag. + :vartype etag: str + :ivar kind: The kind of the billing statistic. Required. "SapSolutionUsage" + :vartype kind: str or ~azure.mgmt.securityinsight.models.BillingStatisticKind + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "etag": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + } + + _subtype_map = {"kind": {"SapSolutionUsage": "SapSolutionUsageStatistic"}} + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.kind: Optional[str] = None + + +class BillingStatisticList(_serialization.Model): + """List of all Microsoft Sentinel billing statistics. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of billing statistics. + :vartype next_link: str + :ivar value: Array of billing statistics. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.BillingStatistic] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[BillingStatistic]"}, + } + + def __init__(self, *, value: List["_models.BillingStatistic"], **kwargs: Any) -> None: + """ + :keyword value: Array of billing statistics. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.BillingStatistic] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + class Bookmark(ResourceWithEtag): # pylint: disable=too-many-instance-attributes """Represents a bookmark in Azure Security Insights. @@ -4375,8 +4563,8 @@ def __init__( entity_mappings: Optional[List["_models.BookmarkEntityMappings"]] = None, tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, techniques: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -4451,8 +4639,8 @@ def __init__( *, entity_type: Optional[str] = None, field_mappings: Optional[List["_models.EntityFieldMapping"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword entity_type: The entity type. :paramtype entity_type: str @@ -4489,8 +4677,8 @@ def __init__( end_time: Optional[datetime.datetime] = None, expansion_id: Optional[str] = None, start_time: Optional[datetime.datetime] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword end_time: The end date filter, so the only expansion results returned are before this date. @@ -4526,8 +4714,8 @@ def __init__( *, meta_data: Optional["_models.ExpansionResultsMetadata"] = None, value: Optional["_models.BookmarkExpandResponseValue"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword meta_data: The metadata from the expansion operation results. :paramtype meta_data: ~azure.mgmt.securityinsight.models.ExpansionResultsMetadata @@ -4558,8 +4746,8 @@ def __init__( *, entities: Optional[List["_models.Entity"]] = None, edges: Optional[List["_models.ConnectedEntity"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword entities: Array of the expansion result entities. :paramtype entities: list[~azure.mgmt.securityinsight.models.Entity] @@ -4594,7 +4782,7 @@ class BookmarkList(_serialization.Model): "value": {"key": "value", "type": "[Bookmark]"}, } - def __init__(self, *, value: List["_models.Bookmark"], **kwargs): + def __init__(self, *, value: List["_models.Bookmark"], **kwargs: Any) -> None: """ :keyword value: Array of bookmarks. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.Bookmark] @@ -4658,8 +4846,8 @@ def __init__( event_time: Optional[datetime.datetime] = None, created_by: Optional["_models.UserInfo"] = None, labels: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword azure_resource_id: The bookmark azure resource id. Required. :paramtype azure_resource_id: str @@ -4691,7 +4879,8 @@ def __init__( class BooleanConditionProperties(AutomationRuleCondition): - """Describes an automation rule condition that applies a boolean operator (e.g AND, OR) to conditions. + """Describes an automation rule condition that applies a boolean operator (e.g AND, OR) to + conditions. All required parameters must be populated in order to send to Azure. @@ -4712,7 +4901,9 @@ class BooleanConditionProperties(AutomationRuleCondition): "condition_properties": {"key": "conditionProperties", "type": "AutomationRuleBooleanCondition"}, } - def __init__(self, *, condition_properties: Optional["_models.AutomationRuleBooleanCondition"] = None, **kwargs): + def __init__( + self, *, condition_properties: Optional["_models.AutomationRuleBooleanCondition"] = None, **kwargs: Any + ) -> None: """ :keyword condition_properties: :paramtype condition_properties: @@ -4750,8 +4941,8 @@ def __init__( name: Optional[str] = None, object_id: Optional[str] = None, user_principal_name: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword email: The email of the client. :paramtype email: str @@ -4791,7 +4982,7 @@ class CloudApplicationEntity(Entity): "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. :vartype additional_data: dict[str, any] @@ -4833,7 +5024,7 @@ class CloudApplicationEntity(Entity): "instance_name": {"key": "properties.instanceName", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: str = "CloudApplication" @@ -4880,7 +5071,7 @@ class CloudApplicationEntityProperties(EntityCommonProperties): "instance_name": {"key": "instanceName", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.app_id = None @@ -4911,7 +5102,7 @@ class CloudErrorBody(_serialization.Model): "message": {"key": "message", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.code = None @@ -4941,10 +5132,10 @@ class CodelessApiPollingDataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar connector_ui_config: Config to describe the instructions blade. :vartype connector_ui_config: @@ -4979,8 +5170,8 @@ def __init__( etag: Optional[str] = None, connector_ui_config: Optional["_models.CodelessUiConnectorConfigProperties"] = None, polling_config: Optional["_models.CodelessConnectorPollingConfigProperties"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -5070,8 +5261,8 @@ def __init__( token_endpoint_query_parameters: Optional[JSON] = None, is_client_secret_in_header: Optional[bool] = None, scope: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword auth_type: The authentication type. Required. :paramtype auth_type: str @@ -5161,8 +5352,8 @@ def __init__( is_active: Optional[bool] = None, paging: Optional["_models.CodelessConnectorPollingPagingProperties"] = None, response: Optional["_models.CodelessConnectorPollingResponseProperties"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword is_active: The poller active status. :paramtype is_active: bool @@ -5243,8 +5434,8 @@ def __init__( search_the_latest_time_stamp_from_events_list: Optional[str] = None, page_size_para_name: Optional[str] = None, page_size: Optional[int] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword paging_type: Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp'. Required. @@ -5352,8 +5543,8 @@ def __init__( query_parameters_template: Optional[str] = None, start_time_attribute_name: Optional[str] = None, end_time_attribute_name: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword api_endpoint: Describe the endpoint we should pull the data from. Required. :paramtype api_endpoint: str @@ -5437,8 +5628,8 @@ def __init__( success_status_json_path: Optional[str] = None, success_status_value: Optional[str] = None, is_gzip_compressed: Optional[bool] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword events_json_paths: Describes the path we should extract the data in the response. Required. @@ -5547,8 +5738,8 @@ def __init__( permissions: "_models.Permissions", instruction_steps: List["_models.CodelessUiConnectorConfigPropertiesInstructionStepsItem"], custom_image: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword title: Connector blade title. Required. :paramtype title: str @@ -5616,8 +5807,8 @@ def __init__( *, type: Optional[Union[str, "_models.ConnectivityType"]] = None, value: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword type: type of connectivity. "IsConnectedQuery" :paramtype type: str or ~azure.mgmt.securityinsight.models.ConnectivityType @@ -5648,8 +5839,8 @@ def __init__( *, type: Optional[Union[str, "_models.ConnectivityType"]] = None, value: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword type: type of connectivity. "IsConnectedQuery" :paramtype type: str or ~azure.mgmt.securityinsight.models.ConnectivityType @@ -5674,7 +5865,9 @@ class LastDataReceivedDataType(_serialization.Model): "last_data_received_query": {"key": "lastDataReceivedQuery", "type": "str"}, } - def __init__(self, *, name: Optional[str] = None, last_data_received_query: Optional[str] = None, **kwargs): + def __init__( + self, *, name: Optional[str] = None, last_data_received_query: Optional[str] = None, **kwargs: Any + ) -> None: """ :keyword name: Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder. @@ -5702,7 +5895,9 @@ class CodelessUiConnectorConfigPropertiesDataTypesItem(LastDataReceivedDataType) "last_data_received_query": {"key": "lastDataReceivedQuery", "type": "str"}, } - def __init__(self, *, name: Optional[str] = None, last_data_received_query: Optional[str] = None, **kwargs): + def __init__( + self, *, name: Optional[str] = None, last_data_received_query: Optional[str] = None, **kwargs: Any + ) -> None: """ :keyword name: Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder. @@ -5736,8 +5931,8 @@ def __init__( metric_name: Optional[str] = None, legend: Optional[str] = None, base_query: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword metric_name: the metric that the query is checking. :paramtype metric_name: str @@ -5775,8 +5970,8 @@ def __init__( metric_name: Optional[str] = None, legend: Optional[str] = None, base_query: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword metric_name: the metric that the query is checking. :paramtype metric_name: str @@ -5812,8 +6007,8 @@ def __init__( title: Optional[str] = None, description: Optional[str] = None, instructions: Optional[List["_models.InstructionStepsInstructionsItem"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword title: Instruction step title. :paramtype title: str @@ -5853,8 +6048,8 @@ def __init__( title: Optional[str] = None, description: Optional[str] = None, instructions: Optional[List["_models.InstructionStepsInstructionsItem"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword title: Instruction step title. :paramtype title: str @@ -5881,7 +6076,7 @@ class SampleQueries(_serialization.Model): "query": {"key": "query", "type": "str"}, } - def __init__(self, *, description: Optional[str] = None, query: Optional[str] = None, **kwargs): + def __init__(self, *, description: Optional[str] = None, query: Optional[str] = None, **kwargs: Any) -> None: """ :keyword description: The sample query description. :paramtype description: str @@ -5907,7 +6102,7 @@ class CodelessUiConnectorConfigPropertiesSampleQueriesItem(SampleQueries): "query": {"key": "query", "type": "str"}, } - def __init__(self, *, description: Optional[str] = None, query: Optional[str] = None, **kwargs): + def __init__(self, *, description: Optional[str] = None, query: Optional[str] = None, **kwargs: Any) -> None: """ :keyword description: The sample query description. :paramtype description: str @@ -5940,10 +6135,10 @@ class CodelessUiDataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar connector_ui_config: Config to describe the instructions blade. :vartype connector_ui_config: @@ -5973,8 +6168,8 @@ def __init__( *, etag: Optional[str] = None, connector_ui_config: Optional["_models.CodelessUiConnectorConfigProperties"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -6001,7 +6196,9 @@ class ConnectedEntity(_serialization.Model): "additional_data": {"key": "additionalData", "type": "object"}, } - def __init__(self, *, target_entity_id: Optional[str] = None, additional_data: Optional[JSON] = None, **kwargs): + def __init__( + self, *, target_entity_id: Optional[str] = None, additional_data: Optional[JSON] = None, **kwargs: Any + ) -> None: """ :keyword target_entity_id: Entity Id of the connected entity. :paramtype target_entity_id: str @@ -6013,16 +6210,16 @@ def __init__(self, *, target_entity_id: Optional[str] = None, additional_data: O self.additional_data = additional_data -class ConnectorInstructionModelBase(_serialization.Model): - """Instruction step details. +class ConnectivityCriterion(_serialization.Model): + """The criteria by which we determine whether the connector is connected or not. + For Example, use a KQL query to check if the expected data type is flowing). All required parameters must be populated in order to send to Azure. - :ivar parameters: The parameters for the setting. - :vartype parameters: JSON - :ivar type: The kind of the setting. Required. Known values are: "CopyableLabel", - "InstructionStepsGroup", and "InfoMessage". - :vartype type: str or ~azure.mgmt.securityinsight.models.SettingType + :ivar type: Gets or sets the type of connectivity. Required. + :vartype type: str + :ivar value: Gets or sets the queries for checking connectivity. + :vartype value: list[str] """ _validation = { @@ -6030,435 +6227,387 @@ class ConnectorInstructionModelBase(_serialization.Model): } _attribute_map = { - "parameters": {"key": "parameters", "type": "object"}, "type": {"key": "type", "type": "str"}, + "value": {"key": "value", "type": "[str]"}, } - def __init__(self, *, type: Union[str, "_models.SettingType"], parameters: Optional[JSON] = None, **kwargs): + def __init__(self, *, type: str, value: Optional[List[str]] = None, **kwargs: Any) -> None: """ - :keyword parameters: The parameters for the setting. - :paramtype parameters: JSON - :keyword type: The kind of the setting. Required. Known values are: "CopyableLabel", - "InstructionStepsGroup", and "InfoMessage". - :paramtype type: str or ~azure.mgmt.securityinsight.models.SettingType + :keyword type: Gets or sets the type of connectivity. Required. + :paramtype type: str + :keyword value: Gets or sets the queries for checking connectivity. + :paramtype value: list[str] """ super().__init__(**kwargs) - self.parameters = parameters self.type = type + self.value = value -class Content(_serialization.Model): - """Content section of the recommendation. +class ConnectorDataType(_serialization.Model): + """The data type which is created by the connector, + including a query indicated when was the last time that data type was received in the + workspace. All required parameters must be populated in order to send to Azure. - :ivar title: Title of the content. Required. - :vartype title: str - :ivar description: Description of the content. Required. - :vartype description: str + :ivar name: Gets or sets the name of the data type to show in the graph. Required. + :vartype name: str + :ivar last_data_received_query: Gets or sets the query to indicate when relevant data was last + received in the workspace. Required. + :vartype last_data_received_query: str """ _validation = { - "title": {"required": True}, - "description": {"required": True}, + "name": {"required": True}, + "last_data_received_query": {"required": True}, } _attribute_map = { - "title": {"key": "title", "type": "str"}, - "description": {"key": "description", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "last_data_received_query": {"key": "lastDataReceivedQuery", "type": "str"}, } - def __init__(self, *, title: str, description: str, **kwargs): + def __init__(self, *, name: str, last_data_received_query: str, **kwargs: Any) -> None: """ - :keyword title: Title of the content. Required. - :paramtype title: str - :keyword description: Description of the content. Required. - :paramtype description: str + :keyword name: Gets or sets the name of the data type to show in the graph. Required. + :paramtype name: str + :keyword last_data_received_query: Gets or sets the query to indicate when relevant data was + last received in the workspace. Required. + :paramtype last_data_received_query: str """ super().__init__(**kwargs) - self.title = title - self.description = description + self.name = name + self.last_data_received_query = last_data_received_query -class ContentPathMap(_serialization.Model): - """The mapping of content type to a repo path. +class ConnectorDefinitionsAvailability(_serialization.Model): + """The exposure status of the connector to the customers. - :ivar content_type: Content type. Known values are: "AnalyticRule" and "Workbook". - :vartype content_type: str or ~azure.mgmt.securityinsight.models.ContentType - :ivar path: The path to the content. - :vartype path: str + :ivar status: The exposure status of the connector to the customers. Available values are 0-4 + (0=None, 1=Available, 2=FeatureFlag, 3=Internal). + :vartype status: int + :ivar is_preview: Gets or sets a value indicating whether the connector is preview. + :vartype is_preview: bool """ _attribute_map = { - "content_type": {"key": "contentType", "type": "str"}, - "path": {"key": "path", "type": "str"}, + "status": {"key": "status", "type": "int"}, + "is_preview": {"key": "isPreview", "type": "bool"}, } - def __init__( - self, *, content_type: Optional[Union[str, "_models.ContentType"]] = None, path: Optional[str] = None, **kwargs - ): + def __init__(self, *, status: Optional[int] = None, is_preview: Optional[bool] = None, **kwargs: Any) -> None: """ - :keyword content_type: Content type. Known values are: "AnalyticRule" and "Workbook". - :paramtype content_type: str or ~azure.mgmt.securityinsight.models.ContentType - :keyword path: The path to the content. - :paramtype path: str + :keyword status: The exposure status of the connector to the customers. Available values are + 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal). + :paramtype status: int + :keyword is_preview: Gets or sets a value indicating whether the connector is preview. + :paramtype is_preview: bool """ super().__init__(**kwargs) - self.content_type = content_type - self.path = path + self.status = status + self.is_preview = is_preview -class CustomsPermission(_serialization.Model): - """Customs permissions required for the connector. +class ConnectorDefinitionsPermissions(_serialization.Model): + """The required Permissions for the connector. - :ivar name: Customs permissions name. - :vartype name: str - :ivar description: Customs permissions description. - :vartype description: str + :ivar tenant: Gets or sets the required tenant permissions for the connector. + :vartype tenant: list[str] + :ivar licenses: Gets or sets the required licenses for the user to create connections. + :vartype licenses: list[str] + :ivar resource_provider: Gets or sets the resource provider permissions required for the user + to create connections. + :vartype resource_provider: + list[~azure.mgmt.securityinsight.models.ConnectorDefinitionsResourceProvider] + :ivar customs: Gets or sets the customs permissions required for the user to create + connections. + :vartype customs: list[~azure.mgmt.securityinsight.models.CustomPermissionDetails] """ _attribute_map = { - "name": {"key": "name", "type": "str"}, - "description": {"key": "description", "type": "str"}, + "tenant": {"key": "tenant", "type": "[str]"}, + "licenses": {"key": "licenses", "type": "[str]"}, + "resource_provider": {"key": "resourceProvider", "type": "[ConnectorDefinitionsResourceProvider]"}, + "customs": {"key": "customs", "type": "[CustomPermissionDetails]"}, } - def __init__(self, *, name: Optional[str] = None, description: Optional[str] = None, **kwargs): - """ - :keyword name: Customs permissions name. - :paramtype name: str - :keyword description: Customs permissions description. - :paramtype description: str + def __init__( + self, + *, + tenant: Optional[List[str]] = None, + licenses: Optional[List[str]] = None, + resource_provider: Optional[List["_models.ConnectorDefinitionsResourceProvider"]] = None, + customs: Optional[List["_models.CustomPermissionDetails"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword tenant: Gets or sets the required tenant permissions for the connector. + :paramtype tenant: list[str] + :keyword licenses: Gets or sets the required licenses for the user to create connections. + :paramtype licenses: list[str] + :keyword resource_provider: Gets or sets the resource provider permissions required for the + user to create connections. + :paramtype resource_provider: + list[~azure.mgmt.securityinsight.models.ConnectorDefinitionsResourceProvider] + :keyword customs: Gets or sets the customs permissions required for the user to create + connections. + :paramtype customs: list[~azure.mgmt.securityinsight.models.CustomPermissionDetails] """ super().__init__(**kwargs) - self.name = name - self.description = description + self.tenant = tenant + self.licenses = licenses + self.resource_provider = resource_provider + self.customs = customs -class Customs(CustomsPermission): - """Customs permissions required for the connector. +class ConnectorDefinitionsResourceProvider(_serialization.Model): + """The resource provider details include the required permissions for the user to create + connections. + The user should have the required permissions(Read\Write, ..) in the specified scope + ProviderPermissionsScope against the specified resource provider. - :ivar name: Customs permissions name. - :vartype name: str - :ivar description: Customs permissions description. - :vartype description: str + All required parameters must be populated in order to send to Azure. + + :ivar provider: Gets or sets the provider name. Required. + :vartype provider: str + :ivar permissions_display_text: Gets or sets the permissions description text. Required. + :vartype permissions_display_text: str + :ivar provider_display_name: Gets or sets the permissions provider display name. Required. + :vartype provider_display_name: str + :ivar scope: The scope on which the user should have permissions, in order to be able to create + connections. Required. Known values are: "Subscription", "ResourceGroup", and "Workspace". + :vartype scope: str or ~azure.mgmt.securityinsight.models.ProviderPermissionsScope + :ivar required_permissions: Required permissions for the connector resource provider that + define in ResourceProviders. + For more information about the permissions see :code:`here`. + Required. + :vartype required_permissions: + ~azure.mgmt.securityinsight.models.ResourceProviderRequiredPermissions """ + _validation = { + "provider": {"required": True}, + "permissions_display_text": {"required": True}, + "provider_display_name": {"required": True}, + "scope": {"required": True}, + "required_permissions": {"required": True}, + } + _attribute_map = { - "name": {"key": "name", "type": "str"}, - "description": {"key": "description", "type": "str"}, + "provider": {"key": "provider", "type": "str"}, + "permissions_display_text": {"key": "permissionsDisplayText", "type": "str"}, + "provider_display_name": {"key": "providerDisplayName", "type": "str"}, + "scope": {"key": "scope", "type": "str"}, + "required_permissions": {"key": "requiredPermissions", "type": "ResourceProviderRequiredPermissions"}, } - def __init__(self, *, name: Optional[str] = None, description: Optional[str] = None, **kwargs): - """ - :keyword name: Customs permissions name. - :paramtype name: str - :keyword description: Customs permissions description. - :paramtype description: str + def __init__( + self, + *, + provider: str, + permissions_display_text: str, + provider_display_name: str, + scope: Union[str, "_models.ProviderPermissionsScope"], + required_permissions: "_models.ResourceProviderRequiredPermissions", + **kwargs: Any + ) -> None: + """ + :keyword provider: Gets or sets the provider name. Required. + :paramtype provider: str + :keyword permissions_display_text: Gets or sets the permissions description text. Required. + :paramtype permissions_display_text: str + :keyword provider_display_name: Gets or sets the permissions provider display name. Required. + :paramtype provider_display_name: str + :keyword scope: The scope on which the user should have permissions, in order to be able to + create connections. Required. Known values are: "Subscription", "ResourceGroup", and + "Workspace". + :paramtype scope: str or ~azure.mgmt.securityinsight.models.ProviderPermissionsScope + :keyword required_permissions: Required permissions for the connector resource provider that + define in ResourceProviders. + For more information about the permissions see :code:`here`. + Required. + :paramtype required_permissions: + ~azure.mgmt.securityinsight.models.ResourceProviderRequiredPermissions """ - super().__init__(name=name, description=description, **kwargs) - + super().__init__(**kwargs) + self.provider = provider + self.permissions_display_text = permissions_display_text + self.provider_display_name = provider_display_name + self.scope = scope + self.required_permissions = required_permissions -class DataConnectorConnectBody(_serialization.Model): # pylint: disable=too-many-instance-attributes - """Represents Codeless API Polling data connector. - :ivar kind: The authentication kind used to poll the data. Known values are: "Basic", "OAuth2", - and "APIKey". - :vartype kind: str or ~azure.mgmt.securityinsight.models.ConnectAuthKind - :ivar api_key: The API key of the audit server. - :vartype api_key: str - :ivar data_collection_endpoint: Used in v2 logs connector. Represents the data collection - ingestion endpoint in log analytics. - :vartype data_collection_endpoint: str - :ivar data_collection_rule_immutable_id: Used in v2 logs connector. The data collection rule - immutable id, the rule defines the transformation and data destination. - :vartype data_collection_rule_immutable_id: str - :ivar output_stream: Used in v2 logs connector. The stream we are sending the data to, this is - the name of the streamDeclarations defined in the DCR. - :vartype output_stream: str - :ivar client_secret: The client secret of the OAuth 2.0 application. - :vartype client_secret: str - :ivar client_id: The client id of the OAuth 2.0 application. - :vartype client_id: str - :ivar authorization_code: The authorization code used in OAuth 2.0 code flow to issue a token. - :vartype authorization_code: str - :ivar user_name: The user name in the audit log server. - :vartype user_name: str - :ivar password: The user password in the audit log server. - :vartype password: str - :ivar request_config_user_input_values: - :vartype request_config_user_input_values: list[JSON] +class ConnectorInstructionModelBase(_serialization.Model): + """Instruction step details. + + All required parameters must be populated in order to send to Azure. + + :ivar parameters: The parameters for the setting. + :vartype parameters: JSON + :ivar type: The kind of the setting. Required. Known values are: "CopyableLabel", + "InstructionStepsGroup", and "InfoMessage". + :vartype type: str or ~azure.mgmt.securityinsight.models.SettingType """ + _validation = { + "type": {"required": True}, + } + _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "api_key": {"key": "apiKey", "type": "str"}, - "data_collection_endpoint": {"key": "dataCollectionEndpoint", "type": "str"}, - "data_collection_rule_immutable_id": {"key": "dataCollectionRuleImmutableId", "type": "str"}, - "output_stream": {"key": "outputStream", "type": "str"}, - "client_secret": {"key": "clientSecret", "type": "str"}, - "client_id": {"key": "clientId", "type": "str"}, - "authorization_code": {"key": "authorizationCode", "type": "str"}, - "user_name": {"key": "userName", "type": "str"}, - "password": {"key": "password", "type": "str"}, - "request_config_user_input_values": {"key": "requestConfigUserInputValues", "type": "[object]"}, + "parameters": {"key": "parameters", "type": "object"}, + "type": {"key": "type", "type": "str"}, } def __init__( - self, - *, - kind: Optional[Union[str, "_models.ConnectAuthKind"]] = None, - api_key: Optional[str] = None, - data_collection_endpoint: Optional[str] = None, - data_collection_rule_immutable_id: Optional[str] = None, - output_stream: Optional[str] = None, - client_secret: Optional[str] = None, - client_id: Optional[str] = None, - authorization_code: Optional[str] = None, - user_name: Optional[str] = None, - password: Optional[str] = None, - request_config_user_input_values: Optional[List[JSON]] = None, - **kwargs - ): + self, *, type: Union[str, "_models.SettingType"], parameters: Optional[JSON] = None, **kwargs: Any + ) -> None: """ - :keyword kind: The authentication kind used to poll the data. Known values are: "Basic", - "OAuth2", and "APIKey". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.ConnectAuthKind - :keyword api_key: The API key of the audit server. - :paramtype api_key: str - :keyword data_collection_endpoint: Used in v2 logs connector. Represents the data collection - ingestion endpoint in log analytics. - :paramtype data_collection_endpoint: str - :keyword data_collection_rule_immutable_id: Used in v2 logs connector. The data collection rule - immutable id, the rule defines the transformation and data destination. - :paramtype data_collection_rule_immutable_id: str - :keyword output_stream: Used in v2 logs connector. The stream we are sending the data to, this - is the name of the streamDeclarations defined in the DCR. - :paramtype output_stream: str - :keyword client_secret: The client secret of the OAuth 2.0 application. - :paramtype client_secret: str - :keyword client_id: The client id of the OAuth 2.0 application. - :paramtype client_id: str - :keyword authorization_code: The authorization code used in OAuth 2.0 code flow to issue a - token. - :paramtype authorization_code: str - :keyword user_name: The user name in the audit log server. - :paramtype user_name: str - :keyword password: The user password in the audit log server. - :paramtype password: str - :keyword request_config_user_input_values: - :paramtype request_config_user_input_values: list[JSON] + :keyword parameters: The parameters for the setting. + :paramtype parameters: JSON + :keyword type: The kind of the setting. Required. Known values are: "CopyableLabel", + "InstructionStepsGroup", and "InfoMessage". + :paramtype type: str or ~azure.mgmt.securityinsight.models.SettingType """ super().__init__(**kwargs) - self.kind = kind - self.api_key = api_key - self.data_collection_endpoint = data_collection_endpoint - self.data_collection_rule_immutable_id = data_collection_rule_immutable_id - self.output_stream = output_stream - self.client_secret = client_secret - self.client_id = client_id - self.authorization_code = authorization_code - self.user_name = user_name - self.password = password - self.request_config_user_input_values = request_config_user_input_values - + self.parameters = parameters + self.type = type -class DataConnectorList(_serialization.Model): - """List all the data connectors. - Variables are only populated by the server, and will be ignored when sending a request. +class Content(_serialization.Model): + """Content section of the recommendation. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of data connectors. - :vartype next_link: str - :ivar value: Array of data connectors. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.DataConnector] + :ivar title: Title of the content. Required. + :vartype title: str + :ivar description: Description of the content. Required. + :vartype description: str """ _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, + "title": {"required": True}, + "description": {"required": True}, } _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[DataConnector]"}, + "title": {"key": "title", "type": "str"}, + "description": {"key": "description", "type": "str"}, } - def __init__(self, *, value: List["_models.DataConnector"], **kwargs): + def __init__(self, *, title: str, description: str, **kwargs: Any) -> None: """ - :keyword value: Array of data connectors. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.DataConnector] + :keyword title: Title of the content. Required. + :paramtype title: str + :keyword description: Description of the content. Required. + :paramtype description: str """ super().__init__(**kwargs) - self.next_link = None - self.value = value + self.title = title + self.description = description -class DataConnectorRequirementsState(_serialization.Model): - """Data connector requirements status. +class CustomizableConnectionsConfig(_serialization.Model): + """The UiConfig for 'Customizable' connector definition kind. - :ivar authorization_state: Authorization state for this connector. Known values are: "Valid" - and "Invalid". - :vartype authorization_state: str or - ~azure.mgmt.securityinsight.models.DataConnectorAuthorizationState - :ivar license_state: License state for this connector. Known values are: "Valid", "Invalid", - and "Unknown". - :vartype license_state: str or ~azure.mgmt.securityinsight.models.DataConnectorLicenseState + All required parameters must be populated in order to send to Azure. + + :ivar template_spec_name: Gets or sets the template name. The template includes ARM templates + that can be created by the connector, usually it will be the dataConnectors ARM templates. + Required. + :vartype template_spec_name: str + :ivar template_spec_version: Gets or sets the template version. Required. + :vartype template_spec_version: str """ + _validation = { + "template_spec_name": {"required": True}, + "template_spec_version": {"required": True}, + } + _attribute_map = { - "authorization_state": {"key": "authorizationState", "type": "str"}, - "license_state": {"key": "licenseState", "type": "str"}, + "template_spec_name": {"key": "templateSpecName", "type": "str"}, + "template_spec_version": {"key": "templateSpecVersion", "type": "str"}, } - def __init__( - self, - *, - authorization_state: Optional[Union[str, "_models.DataConnectorAuthorizationState"]] = None, - license_state: Optional[Union[str, "_models.DataConnectorLicenseState"]] = None, - **kwargs - ): + def __init__(self, *, template_spec_name: str, template_spec_version: str, **kwargs: Any) -> None: """ - :keyword authorization_state: Authorization state for this connector. Known values are: "Valid" - and "Invalid". - :paramtype authorization_state: str or - ~azure.mgmt.securityinsight.models.DataConnectorAuthorizationState - :keyword license_state: License state for this connector. Known values are: "Valid", "Invalid", - and "Unknown". - :paramtype license_state: str or ~azure.mgmt.securityinsight.models.DataConnectorLicenseState + :keyword template_spec_name: Gets or sets the template name. The template includes ARM + templates that can be created by the connector, usually it will be the dataConnectors ARM + templates. Required. + :paramtype template_spec_name: str + :keyword template_spec_version: Gets or sets the template version. Required. + :paramtype template_spec_version: str """ super().__init__(**kwargs) - self.authorization_state = authorization_state - self.license_state = license_state + self.template_spec_name = template_spec_name + self.template_spec_version = template_spec_version -class DataTypeDefinitions(_serialization.Model): - """The data type definition. +class DataConnectorDefinition(ResourceWithEtag): + """An Azure resource, which encapsulate the entire info requires to display a data connector page + in Azure portal, + and the info required to define data connections. - :ivar data_type: The data type name. - :vartype data_type: str + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + CustomizableConnectorDefinition + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. "Customizable" + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorDefinitionKind """ + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + _attribute_map = { - "data_type": {"key": "dataType", "type": "str"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, } - def __init__(self, *, data_type: Optional[str] = None, **kwargs): + _subtype_map = {"kind": {"Customizable": "CustomizableConnectorDefinition"}} + + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword data_type: The data type name. - :paramtype data_type: str + :keyword etag: Etag of the azure resource. + :paramtype etag: str """ - super().__init__(**kwargs) - self.data_type = data_type + super().__init__(etag=etag, **kwargs) + self.kind: Optional[str] = None -class Deployment(_serialization.Model): - """Description about a deployment. +class CustomizableConnectorDefinition(DataConnectorDefinition): + """Connector definition for kind 'Customizable'. - :ivar deployment_id: Deployment identifier. - :vartype deployment_id: str - :ivar deployment_state: Current status of the deployment. Known values are: "In_Progress", - "Completed", "Queued", and "Canceling". - :vartype deployment_state: str or ~azure.mgmt.securityinsight.models.DeploymentState - :ivar deployment_result: The outcome of the deployment. Known values are: "Success", - "Canceled", and "Failed". - :vartype deployment_result: str or ~azure.mgmt.securityinsight.models.DeploymentResult - :ivar deployment_time: The time when the deployment finished. - :vartype deployment_time: ~datetime.datetime - :ivar deployment_logs_url: Url to access repository action logs. - :vartype deployment_logs_url: str - """ + Variables are only populated by the server, and will be ignored when sending a request. - _attribute_map = { - "deployment_id": {"key": "deploymentId", "type": "str"}, - "deployment_state": {"key": "deploymentState", "type": "str"}, - "deployment_result": {"key": "deploymentResult", "type": "str"}, - "deployment_time": {"key": "deploymentTime", "type": "iso-8601"}, - "deployment_logs_url": {"key": "deploymentLogsUrl", "type": "str"}, - } - - def __init__( - self, - *, - deployment_id: Optional[str] = None, - deployment_state: Optional[Union[str, "_models.DeploymentState"]] = None, - deployment_result: Optional[Union[str, "_models.DeploymentResult"]] = None, - deployment_time: Optional[datetime.datetime] = None, - deployment_logs_url: Optional[str] = None, - **kwargs - ): - """ - :keyword deployment_id: Deployment identifier. - :paramtype deployment_id: str - :keyword deployment_state: Current status of the deployment. Known values are: "In_Progress", - "Completed", "Queued", and "Canceling". - :paramtype deployment_state: str or ~azure.mgmt.securityinsight.models.DeploymentState - :keyword deployment_result: The outcome of the deployment. Known values are: "Success", - "Canceled", and "Failed". - :paramtype deployment_result: str or ~azure.mgmt.securityinsight.models.DeploymentResult - :keyword deployment_time: The time when the deployment finished. - :paramtype deployment_time: ~datetime.datetime - :keyword deployment_logs_url: Url to access repository action logs. - :paramtype deployment_logs_url: str - """ - super().__init__(**kwargs) - self.deployment_id = deployment_id - self.deployment_state = deployment_state - self.deployment_result = deployment_result - self.deployment_time = deployment_time - self.deployment_logs_url = deployment_logs_url - - -class DeploymentInfo(_serialization.Model): - """Information regarding a deployment. - - :ivar deployment_fetch_status: Status while fetching the last deployment. Known values are: - "Success", "Unauthorized", and "NotFound". - :vartype deployment_fetch_status: str or - ~azure.mgmt.securityinsight.models.DeploymentFetchStatus - :ivar deployment: Deployment information. - :vartype deployment: ~azure.mgmt.securityinsight.models.Deployment - :ivar message: Additional details about the deployment that can be shown to the user. - :vartype message: str - """ - - _attribute_map = { - "deployment_fetch_status": {"key": "deploymentFetchStatus", "type": "str"}, - "deployment": {"key": "deployment", "type": "Deployment"}, - "message": {"key": "message", "type": "str"}, - } - - def __init__( - self, - *, - deployment_fetch_status: Optional[Union[str, "_models.DeploymentFetchStatus"]] = None, - deployment: Optional["_models.Deployment"] = None, - message: Optional[str] = None, - **kwargs - ): - """ - :keyword deployment_fetch_status: Status while fetching the last deployment. Known values are: - "Success", "Unauthorized", and "NotFound". - :paramtype deployment_fetch_status: str or - ~azure.mgmt.securityinsight.models.DeploymentFetchStatus - :keyword deployment: Deployment information. - :paramtype deployment: ~azure.mgmt.securityinsight.models.Deployment - :keyword message: Additional details about the deployment that can be shown to the user. - :paramtype message: str - """ - super().__init__(**kwargs) - self.deployment_fetch_status = deployment_fetch_status - self.deployment = deployment - self.message = message - - -class DnsEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a dns entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. + All required parameters must be populated in order to send to Azure. :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. @@ -6471,25 +6620,19 @@ class DnsEntity(Entity): # pylint: disable=too-many-instance-attributes :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar dns_server_ip_entity_id: An ip entity id for the dns server resolving the request. - :vartype dns_server_ip_entity_id: str - :ivar domain_name: The name of the dns record associated with the alert. - :vartype domain_name: str - :ivar host_ip_address_entity_id: An ip entity id for the dns request client. - :vartype host_ip_address_entity_id: str - :ivar ip_address_entity_ids: Ip entity identifiers for the resolved ip address. - :vartype ip_address_entity_ids: list[str] + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. "Customizable" + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorDefinitionKind + :ivar created_time_utc: Gets or sets the connector definition created date in UTC format. + :vartype created_time_utc: ~datetime.datetime + :ivar last_modified_utc: Gets or sets the connector definition last modified date in UTC + format. + :vartype last_modified_utc: ~datetime.datetime + :ivar connector_ui_config: The UiConfig for 'Customizable' connector definition kind. + :vartype connector_ui_config: ~azure.mgmt.securityinsight.models.CustomizableConnectorUiConfig + :ivar connections_config: The UiConfig for 'Customizable' connector definition kind. + :vartype connections_config: ~azure.mgmt.securityinsight.models.CustomizableConnectionsConfig """ _validation = { @@ -6498,12 +6641,6 @@ class DnsEntity(Entity): # pylint: disable=too-many-instance-attributes "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "dns_server_ip_entity_id": {"readonly": True}, - "domain_name": {"readonly": True}, - "host_ip_address_entity_id": {"readonly": True}, - "ip_address_entity_ids": {"readonly": True}, } _attribute_map = { @@ -6511,752 +6648,654 @@ class DnsEntity(Entity): # pylint: disable=too-many-instance-attributes "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "dns_server_ip_entity_id": {"key": "properties.dnsServerIpEntityId", "type": "str"}, - "domain_name": {"key": "properties.domainName", "type": "str"}, - "host_ip_address_entity_id": {"key": "properties.hostIpAddressEntityId", "type": "str"}, - "ip_address_entity_ids": {"key": "properties.ipAddressEntityIds", "type": "[str]"}, + "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, + "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, + "connector_ui_config": {"key": "properties.connectorUiConfig", "type": "CustomizableConnectorUiConfig"}, + "connections_config": {"key": "properties.connectionsConfig", "type": "CustomizableConnectionsConfig"}, } - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: str = "DnsResolution" - self.additional_data = None - self.friendly_name = None - self.dns_server_ip_entity_id = None - self.domain_name = None - self.host_ip_address_entity_id = None - self.ip_address_entity_ids = None + def __init__( + self, + *, + etag: Optional[str] = None, + created_time_utc: Optional[datetime.datetime] = None, + last_modified_utc: Optional[datetime.datetime] = None, + connector_ui_config: Optional["_models.CustomizableConnectorUiConfig"] = None, + connections_config: Optional["_models.CustomizableConnectionsConfig"] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword created_time_utc: Gets or sets the connector definition created date in UTC format. + :paramtype created_time_utc: ~datetime.datetime + :keyword last_modified_utc: Gets or sets the connector definition last modified date in UTC + format. + :paramtype last_modified_utc: ~datetime.datetime + :keyword connector_ui_config: The UiConfig for 'Customizable' connector definition kind. + :paramtype connector_ui_config: + ~azure.mgmt.securityinsight.models.CustomizableConnectorUiConfig + :keyword connections_config: The UiConfig for 'Customizable' connector definition kind. + :paramtype connections_config: ~azure.mgmt.securityinsight.models.CustomizableConnectionsConfig + """ + super().__init__(etag=etag, **kwargs) + self.kind: str = "Customizable" + self.created_time_utc = created_time_utc + self.last_modified_utc = last_modified_utc + self.connector_ui_config = connector_ui_config + self.connections_config = connections_config -class DnsEntityProperties(EntityCommonProperties): - """Dns entity property bag. +class CustomizableConnectorUiConfig(_serialization.Model): # pylint: disable=too-many-instance-attributes + """The UiConfig for 'Customizable' connector definition kind. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar dns_server_ip_entity_id: An ip entity id for the dns server resolving the request. - :vartype dns_server_ip_entity_id: str - :ivar domain_name: The name of the dns record associated with the alert. - :vartype domain_name: str - :ivar host_ip_address_entity_id: An ip entity id for the dns request client. - :vartype host_ip_address_entity_id: str - :ivar ip_address_entity_ids: Ip entity identifiers for the resolved ip address. - :vartype ip_address_entity_ids: list[str] + :ivar id: Gets or sets custom connector id. optional field. + :vartype id: str + :ivar title: Gets or sets the connector blade title. Required. + :vartype title: str + :ivar publisher: Gets or sets the connector publisher name. Required. + :vartype publisher: str + :ivar description_markdown: Gets or sets the connector description in markdown format. + Required. + :vartype description_markdown: str + :ivar graph_queries_table_name: Gets or sets the name of the table the connector will insert + the data to. + This name can be used in other queries by specifying {{graphQueriesTableName}} placeholder + in Query and LastDataReceivedQuery values. + :vartype graph_queries_table_name: str + :ivar graph_queries: Gets or sets the graph queries to show the current data volume over time. + Required. + :vartype graph_queries: list[~azure.mgmt.securityinsight.models.GraphQuery] + :ivar sample_queries: Gets or sets the sample queries for the connector. Required. + :vartype sample_queries: list[~azure.mgmt.securityinsight.models.SampleQuery] + :ivar data_types: Gets or sets the data types to check for last data received. Required. + :vartype data_types: list[~azure.mgmt.securityinsight.models.ConnectorDataType] + :ivar connectivity_criteria: Gets or sets the way the connector checks whether the connector is + connected. Required. + :vartype connectivity_criteria: list[~azure.mgmt.securityinsight.models.ConnectivityCriterion] + :ivar availability: The exposure status of the connector to the customers. + :vartype availability: ~azure.mgmt.securityinsight.models.ConnectorDefinitionsAvailability + :ivar permissions: The required Permissions for the connector. Required. + :vartype permissions: ~azure.mgmt.securityinsight.models.ConnectorDefinitionsPermissions + :ivar instruction_steps: Gets or sets the instruction steps to enable the connector. Required. + :vartype instruction_steps: list[~azure.mgmt.securityinsight.models.InstructionStep] + :ivar logo: Gets or sets the connector logo to be used when displaying the connector within + Azure Sentinel's connector's gallery. + The logo value should be in SVG format. + :vartype logo: str + :ivar is_connectivity_criterias_match_some: Gets or sets a value indicating whether to use + 'OR'(SOME) or 'AND' between ConnectivityCriteria items. + :vartype is_connectivity_criterias_match_some: bool """ _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "dns_server_ip_entity_id": {"readonly": True}, - "domain_name": {"readonly": True}, - "host_ip_address_entity_id": {"readonly": True}, - "ip_address_entity_ids": {"readonly": True}, + "title": {"required": True}, + "publisher": {"required": True}, + "description_markdown": {"required": True}, + "graph_queries": {"required": True}, + "sample_queries": {"required": True}, + "data_types": {"required": True}, + "connectivity_criteria": {"required": True}, + "permissions": {"required": True}, + "instruction_steps": {"required": True}, } _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "dns_server_ip_entity_id": {"key": "dnsServerIpEntityId", "type": "str"}, - "domain_name": {"key": "domainName", "type": "str"}, - "host_ip_address_entity_id": {"key": "hostIpAddressEntityId", "type": "str"}, - "ip_address_entity_ids": {"key": "ipAddressEntityIds", "type": "[str]"}, + "id": {"key": "id", "type": "str"}, + "title": {"key": "title", "type": "str"}, + "publisher": {"key": "publisher", "type": "str"}, + "description_markdown": {"key": "descriptionMarkdown", "type": "str"}, + "graph_queries_table_name": {"key": "graphQueriesTableName", "type": "str"}, + "graph_queries": {"key": "graphQueries", "type": "[GraphQuery]"}, + "sample_queries": {"key": "sampleQueries", "type": "[SampleQuery]"}, + "data_types": {"key": "dataTypes", "type": "[ConnectorDataType]"}, + "connectivity_criteria": {"key": "connectivityCriteria", "type": "[ConnectivityCriterion]"}, + "availability": {"key": "availability", "type": "ConnectorDefinitionsAvailability"}, + "permissions": {"key": "permissions", "type": "ConnectorDefinitionsPermissions"}, + "instruction_steps": {"key": "instructionSteps", "type": "[InstructionStep]"}, + "logo": {"key": "logo", "type": "str"}, + "is_connectivity_criterias_match_some": {"key": "isConnectivityCriteriasMatchSome", "type": "bool"}, } - def __init__(self, **kwargs): - """ """ + def __init__( + self, + *, + title: str, + publisher: str, + description_markdown: str, + graph_queries: List["_models.GraphQuery"], + sample_queries: List["_models.SampleQuery"], + data_types: List["_models.ConnectorDataType"], + connectivity_criteria: List["_models.ConnectivityCriterion"], + permissions: "_models.ConnectorDefinitionsPermissions", + instruction_steps: List["_models.InstructionStep"], + id: Optional[str] = None, # pylint: disable=redefined-builtin + graph_queries_table_name: Optional[str] = None, + availability: Optional["_models.ConnectorDefinitionsAvailability"] = None, + logo: Optional[str] = None, + is_connectivity_criterias_match_some: Optional[bool] = None, + **kwargs: Any + ) -> None: + """ + :keyword id: Gets or sets custom connector id. optional field. + :paramtype id: str + :keyword title: Gets or sets the connector blade title. Required. + :paramtype title: str + :keyword publisher: Gets or sets the connector publisher name. Required. + :paramtype publisher: str + :keyword description_markdown: Gets or sets the connector description in markdown format. + Required. + :paramtype description_markdown: str + :keyword graph_queries_table_name: Gets or sets the name of the table the connector will insert + the data to. + This name can be used in other queries by specifying {{graphQueriesTableName}} placeholder + in Query and LastDataReceivedQuery values. + :paramtype graph_queries_table_name: str + :keyword graph_queries: Gets or sets the graph queries to show the current data volume over + time. Required. + :paramtype graph_queries: list[~azure.mgmt.securityinsight.models.GraphQuery] + :keyword sample_queries: Gets or sets the sample queries for the connector. Required. + :paramtype sample_queries: list[~azure.mgmt.securityinsight.models.SampleQuery] + :keyword data_types: Gets or sets the data types to check for last data received. Required. + :paramtype data_types: list[~azure.mgmt.securityinsight.models.ConnectorDataType] + :keyword connectivity_criteria: Gets or sets the way the connector checks whether the connector + is connected. Required. + :paramtype connectivity_criteria: + list[~azure.mgmt.securityinsight.models.ConnectivityCriterion] + :keyword availability: The exposure status of the connector to the customers. + :paramtype availability: ~azure.mgmt.securityinsight.models.ConnectorDefinitionsAvailability + :keyword permissions: The required Permissions for the connector. Required. + :paramtype permissions: ~azure.mgmt.securityinsight.models.ConnectorDefinitionsPermissions + :keyword instruction_steps: Gets or sets the instruction steps to enable the connector. + Required. + :paramtype instruction_steps: list[~azure.mgmt.securityinsight.models.InstructionStep] + :keyword logo: Gets or sets the connector logo to be used when displaying the connector within + Azure Sentinel's connector's gallery. + The logo value should be in SVG format. + :paramtype logo: str + :keyword is_connectivity_criterias_match_some: Gets or sets a value indicating whether to use + 'OR'(SOME) or 'AND' between ConnectivityCriteria items. + :paramtype is_connectivity_criterias_match_some: bool + """ super().__init__(**kwargs) - self.dns_server_ip_entity_id = None - self.domain_name = None - self.host_ip_address_entity_id = None - self.ip_address_entity_ids = None + self.id = id + self.title = title + self.publisher = publisher + self.description_markdown = description_markdown + self.graph_queries_table_name = graph_queries_table_name + self.graph_queries = graph_queries + self.sample_queries = sample_queries + self.data_types = data_types + self.connectivity_criteria = connectivity_criteria + self.availability = availability + self.permissions = permissions + self.instruction_steps = instruction_steps + self.logo = logo + self.is_connectivity_criterias_match_some = is_connectivity_criterias_match_some -class Dynamics365CheckRequirements(DataConnectorsCheckRequirements): - """Represents Dynamics365 requirements check request. +class CustomPermissionDetails(_serialization.Model): + """The Custom permissions required for the connector. All required parameters must be populated in order to send to Azure. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str + :ivar name: Gets or sets the custom permissions name. Required. + :vartype name: str + :ivar description: Gets or sets the custom permissions description. Required. + :vartype description: str """ _validation = { - "kind": {"required": True}, + "name": {"required": True}, + "description": {"required": True}, } _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "description": {"key": "description", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, name: str, description: str, **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str + :keyword name: Gets or sets the custom permissions name. Required. + :paramtype name: str + :keyword description: Gets or sets the custom permissions description. Required. + :paramtype description: str """ super().__init__(**kwargs) - self.kind: str = "Dynamics365" - self.tenant_id = tenant_id - + self.name = name + self.description = description -class Dynamics365CheckRequirementsProperties(DataConnectorTenantId): - """Dynamics365 requirements check properties. - All required parameters must be populated in order to send to Azure. +class CustomsPermission(_serialization.Model): + """Customs permissions required for the connector. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str + :ivar name: Customs permissions name. + :vartype name: str + :ivar description: Customs permissions description. + :vartype description: str """ - _validation = { - "tenant_id": {"required": True}, - } - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "description": {"key": "description", "type": "str"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__(self, *, name: Optional[str] = None, description: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str + :keyword name: Customs permissions name. + :paramtype name: str + :keyword description: Customs permissions description. + :paramtype description: str """ - super().__init__(tenant_id=tenant_id, **kwargs) - - -class Dynamics365DataConnector(DataConnector): - """Represents Dynamics365 data connector. + super().__init__(**kwargs) + self.name = name + self.description = description - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class Customs(CustomsPermission): + """Customs permissions required for the connector. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. + :ivar name: Customs permissions name. :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes + :ivar description: Customs permissions description. + :vartype description: str """ - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - _attribute_map = { - "id": {"key": "id", "type": "str"}, "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "Dynamics365DataConnectorDataTypes"}, + "description": {"key": "description", "type": "str"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.Dynamics365DataConnectorDataTypes"] = None, - **kwargs - ): + def __init__(self, *, name: Optional[str] = None, description: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes + :keyword name: Customs permissions name. + :paramtype name: str + :keyword description: Customs permissions description. + :paramtype description: str """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "Dynamics365" - self.tenant_id = tenant_id - self.data_types = data_types - + super().__init__(name=name, description=description, **kwargs) -class Dynamics365DataConnectorDataTypes(_serialization.Model): - """The available data types for Dynamics365 data connector. - All required parameters must be populated in order to send to Azure. +class DataConnectorConnectBody(_serialization.Model): # pylint: disable=too-many-instance-attributes + """Represents Codeless API Polling data connector. - :ivar dynamics365_cds_activities: Common Data Service data type connection. Required. - :vartype dynamics365_cds_activities: - ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypesDynamics365CdsActivities + :ivar kind: The authentication kind used to poll the data. Known values are: "Basic", "OAuth2", + and "APIKey". + :vartype kind: str or ~azure.mgmt.securityinsight.models.ConnectAuthKind + :ivar api_key: The API key of the audit server. + :vartype api_key: str + :ivar data_collection_endpoint: Used in v2 logs connector. Represents the data collection + ingestion endpoint in log analytics. + :vartype data_collection_endpoint: str + :ivar data_collection_rule_immutable_id: Used in v2 logs connector. The data collection rule + immutable id, the rule defines the transformation and data destination. + :vartype data_collection_rule_immutable_id: str + :ivar output_stream: Used in v2 logs connector. The stream we are sending the data to, this is + the name of the streamDeclarations defined in the DCR. + :vartype output_stream: str + :ivar client_secret: The client secret of the OAuth 2.0 application. + :vartype client_secret: str + :ivar client_id: The client id of the OAuth 2.0 application. + :vartype client_id: str + :ivar authorization_code: The authorization code used in OAuth 2.0 code flow to issue a token. + :vartype authorization_code: str + :ivar user_name: The user name in the audit log server. + :vartype user_name: str + :ivar password: The user password in the audit log server. + :vartype password: str + :ivar request_config_user_input_values: + :vartype request_config_user_input_values: list[JSON] """ - _validation = { - "dynamics365_cds_activities": {"required": True}, - } - _attribute_map = { - "dynamics365_cds_activities": { - "key": "dynamics365CdsActivities", - "type": "Dynamics365DataConnectorDataTypesDynamics365CdsActivities", - }, + "kind": {"key": "kind", "type": "str"}, + "api_key": {"key": "apiKey", "type": "str"}, + "data_collection_endpoint": {"key": "dataCollectionEndpoint", "type": "str"}, + "data_collection_rule_immutable_id": {"key": "dataCollectionRuleImmutableId", "type": "str"}, + "output_stream": {"key": "outputStream", "type": "str"}, + "client_secret": {"key": "clientSecret", "type": "str"}, + "client_id": {"key": "clientId", "type": "str"}, + "authorization_code": {"key": "authorizationCode", "type": "str"}, + "user_name": {"key": "userName", "type": "str"}, + "password": {"key": "password", "type": "str"}, + "request_config_user_input_values": {"key": "requestConfigUserInputValues", "type": "[object]"}, } def __init__( self, *, - dynamics365_cds_activities: "_models.Dynamics365DataConnectorDataTypesDynamics365CdsActivities", - **kwargs - ): + kind: Optional[Union[str, "_models.ConnectAuthKind"]] = None, + api_key: Optional[str] = None, + data_collection_endpoint: Optional[str] = None, + data_collection_rule_immutable_id: Optional[str] = None, + output_stream: Optional[str] = None, + client_secret: Optional[str] = None, + client_id: Optional[str] = None, + authorization_code: Optional[str] = None, + user_name: Optional[str] = None, + password: Optional[str] = None, + request_config_user_input_values: Optional[List[JSON]] = None, + **kwargs: Any + ) -> None: """ - :keyword dynamics365_cds_activities: Common Data Service data type connection. Required. - :paramtype dynamics365_cds_activities: - ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypesDynamics365CdsActivities + :keyword kind: The authentication kind used to poll the data. Known values are: "Basic", + "OAuth2", and "APIKey". + :paramtype kind: str or ~azure.mgmt.securityinsight.models.ConnectAuthKind + :keyword api_key: The API key of the audit server. + :paramtype api_key: str + :keyword data_collection_endpoint: Used in v2 logs connector. Represents the data collection + ingestion endpoint in log analytics. + :paramtype data_collection_endpoint: str + :keyword data_collection_rule_immutable_id: Used in v2 logs connector. The data collection rule + immutable id, the rule defines the transformation and data destination. + :paramtype data_collection_rule_immutable_id: str + :keyword output_stream: Used in v2 logs connector. The stream we are sending the data to, this + is the name of the streamDeclarations defined in the DCR. + :paramtype output_stream: str + :keyword client_secret: The client secret of the OAuth 2.0 application. + :paramtype client_secret: str + :keyword client_id: The client id of the OAuth 2.0 application. + :paramtype client_id: str + :keyword authorization_code: The authorization code used in OAuth 2.0 code flow to issue a + token. + :paramtype authorization_code: str + :keyword user_name: The user name in the audit log server. + :paramtype user_name: str + :keyword password: The user password in the audit log server. + :paramtype password: str + :keyword request_config_user_input_values: + :paramtype request_config_user_input_values: list[JSON] """ super().__init__(**kwargs) - self.dynamics365_cds_activities = dynamics365_cds_activities - + self.kind = kind + self.api_key = api_key + self.data_collection_endpoint = data_collection_endpoint + self.data_collection_rule_immutable_id = data_collection_rule_immutable_id + self.output_stream = output_stream + self.client_secret = client_secret + self.client_id = client_id + self.authorization_code = authorization_code + self.user_name = user_name + self.password = password + self.request_config_user_input_values = request_config_user_input_values -class Dynamics365DataConnectorDataTypesDynamics365CdsActivities(DataConnectorDataTypeCommon): - """Common Data Service data type connection. - All required parameters must be populated in order to send to Azure. +class DataConnectorDefinitionArmCollectionWrapper(_serialization.Model): + """Encapsulate the data connector definition object. - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :ivar value: + :vartype value: list[~azure.mgmt.securityinsight.models.DataConnectorDefinition] + :ivar next_link: + :vartype next_link: str """ - _validation = { - "state": {"required": True}, - } - _attribute_map = { - "state": {"key": "state", "type": "str"}, + "value": {"key": "value", "type": "[DataConnectorDefinition]"}, + "next_link": {"key": "nextLink", "type": "str"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__( + self, + *, + value: Optional[List["_models.DataConnectorDefinition"]] = None, + next_link: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword value: + :paramtype value: list[~azure.mgmt.securityinsight.models.DataConnectorDefinition] + :keyword next_link: + :paramtype next_link: str """ - super().__init__(state=state, **kwargs) + super().__init__(**kwargs) + self.value = value + self.next_link = next_link -class Dynamics365DataConnectorProperties(DataConnectorTenantId): - """Dynamics365 data connector properties. +class DataConnectorList(_serialization.Model): + """List all the data connectors. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes + :ivar next_link: URL to fetch the next set of data connectors. + :vartype next_link: str + :ivar value: Array of data connectors. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.DataConnector] """ _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "Dynamics365DataConnectorDataTypes"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[DataConnector]"}, } - def __init__(self, *, tenant_id: str, data_types: "_models.Dynamics365DataConnectorDataTypes", **kwargs): + def __init__(self, *, value: List["_models.DataConnector"], **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes + :keyword value: Array of data connectors. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.DataConnector] """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.data_types = data_types + super().__init__(**kwargs) + self.next_link = None + self.value = value -class EnrichmentDomainWhois(_serialization.Model): - """Whois information for a given domain and associated metadata. +class DataConnectorRequirementsState(_serialization.Model): + """Data connector requirements status. - :ivar domain: The domain for this whois record. - :vartype domain: str - :ivar server: The hostname of this registrar's whois server. - :vartype server: str - :ivar created: The timestamp at which this record was created. - :vartype created: ~datetime.datetime - :ivar updated: The timestamp at which this record was last updated. - :vartype updated: ~datetime.datetime - :ivar expires: The timestamp at which this record will expire. - :vartype expires: ~datetime.datetime - :ivar parsed_whois: The whois record for a given domain. - :vartype parsed_whois: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisDetails + :ivar authorization_state: Authorization state for this connector. Known values are: "Valid" + and "Invalid". + :vartype authorization_state: str or + ~azure.mgmt.securityinsight.models.DataConnectorAuthorizationState + :ivar license_state: License state for this connector. Known values are: "Valid", "Invalid", + and "Unknown". + :vartype license_state: str or ~azure.mgmt.securityinsight.models.DataConnectorLicenseState """ _attribute_map = { - "domain": {"key": "domain", "type": "str"}, - "server": {"key": "server", "type": "str"}, - "created": {"key": "created", "type": "iso-8601"}, - "updated": {"key": "updated", "type": "iso-8601"}, - "expires": {"key": "expires", "type": "iso-8601"}, - "parsed_whois": {"key": "parsedWhois", "type": "EnrichmentDomainWhoisDetails"}, + "authorization_state": {"key": "authorizationState", "type": "str"}, + "license_state": {"key": "licenseState", "type": "str"}, } def __init__( self, *, - domain: Optional[str] = None, - server: Optional[str] = None, - created: Optional[datetime.datetime] = None, - updated: Optional[datetime.datetime] = None, - expires: Optional[datetime.datetime] = None, - parsed_whois: Optional["_models.EnrichmentDomainWhoisDetails"] = None, - **kwargs - ): + authorization_state: Optional[Union[str, "_models.DataConnectorAuthorizationState"]] = None, + license_state: Optional[Union[str, "_models.DataConnectorLicenseState"]] = None, + **kwargs: Any + ) -> None: """ - :keyword domain: The domain for this whois record. - :paramtype domain: str - :keyword server: The hostname of this registrar's whois server. - :paramtype server: str - :keyword created: The timestamp at which this record was created. - :paramtype created: ~datetime.datetime - :keyword updated: The timestamp at which this record was last updated. - :paramtype updated: ~datetime.datetime - :keyword expires: The timestamp at which this record will expire. - :paramtype expires: ~datetime.datetime - :keyword parsed_whois: The whois record for a given domain. - :paramtype parsed_whois: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisDetails + :keyword authorization_state: Authorization state for this connector. Known values are: "Valid" + and "Invalid". + :paramtype authorization_state: str or + ~azure.mgmt.securityinsight.models.DataConnectorAuthorizationState + :keyword license_state: License state for this connector. Known values are: "Valid", "Invalid", + and "Unknown". + :paramtype license_state: str or ~azure.mgmt.securityinsight.models.DataConnectorLicenseState """ super().__init__(**kwargs) - self.domain = domain - self.server = server - self.created = created - self.updated = updated - self.expires = expires - self.parsed_whois = parsed_whois + self.authorization_state = authorization_state + self.license_state = license_state -class EnrichmentDomainWhoisContact(_serialization.Model): - """An individual contact associated with this domain. +class DataTypeDefinitions(_serialization.Model): + """The data type definition. - :ivar name: The name of this contact. - :vartype name: str - :ivar org: The organization for this contact. - :vartype org: str - :ivar street: A list describing the street address for this contact. - :vartype street: list[str] - :ivar city: The city for this contact. - :vartype city: str - :ivar state: The state for this contact. - :vartype state: str - :ivar postal: The postal code for this contact. - :vartype postal: str - :ivar country: The country for this contact. - :vartype country: str - :ivar phone: The phone number for this contact. - :vartype phone: str - :ivar fax: The fax number for this contact. - :vartype fax: str - :ivar email: The email address for this contact. - :vartype email: str + :ivar data_type: The data type name. + :vartype data_type: str """ _attribute_map = { - "name": {"key": "name", "type": "str"}, - "org": {"key": "org", "type": "str"}, - "street": {"key": "street", "type": "[str]"}, - "city": {"key": "city", "type": "str"}, - "state": {"key": "state", "type": "str"}, - "postal": {"key": "postal", "type": "str"}, - "country": {"key": "country", "type": "str"}, - "phone": {"key": "phone", "type": "str"}, - "fax": {"key": "fax", "type": "str"}, - "email": {"key": "email", "type": "str"}, + "data_type": {"key": "dataType", "type": "str"}, } - def __init__( - self, - *, - name: Optional[str] = None, - org: Optional[str] = None, - street: Optional[List[str]] = None, - city: Optional[str] = None, - state: Optional[str] = None, - postal: Optional[str] = None, - country: Optional[str] = None, - phone: Optional[str] = None, - fax: Optional[str] = None, - email: Optional[str] = None, - **kwargs - ): + def __init__(self, *, data_type: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword name: The name of this contact. - :paramtype name: str - :keyword org: The organization for this contact. - :paramtype org: str - :keyword street: A list describing the street address for this contact. - :paramtype street: list[str] - :keyword city: The city for this contact. - :paramtype city: str - :keyword state: The state for this contact. - :paramtype state: str - :keyword postal: The postal code for this contact. - :paramtype postal: str - :keyword country: The country for this contact. - :paramtype country: str - :keyword phone: The phone number for this contact. - :paramtype phone: str - :keyword fax: The fax number for this contact. - :paramtype fax: str - :keyword email: The email address for this contact. - :paramtype email: str + :keyword data_type: The data type name. + :paramtype data_type: str """ super().__init__(**kwargs) - self.name = name - self.org = org - self.street = street - self.city = city - self.state = state - self.postal = postal - self.country = country - self.phone = phone - self.fax = fax - self.email = email + self.data_type = data_type -class EnrichmentDomainWhoisContacts(_serialization.Model): - """The set of contacts associated with this domain. +class DCRConfiguration(_serialization.Model): + """The configuration of the destination of the data. - :ivar admin: The admin contact for this whois record. - :vartype admin: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact - :ivar billing: The billing contact for this whois record. - :vartype billing: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact - :ivar registrant: The registrant contact for this whois record. - :vartype registrant: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact - :ivar tech: The technical contact for this whois record. - :vartype tech: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + All required parameters must be populated in order to send to Azure. + + :ivar data_collection_endpoint: Represents the data collection ingestion endpoint in log + analytics. Required. + :vartype data_collection_endpoint: str + :ivar data_collection_rule_immutable_id: The data collection rule immutable id, the rule + defines the transformation and data destination. Required. + :vartype data_collection_rule_immutable_id: str + :ivar stream_name: The stream we are sending the data to. Required. + :vartype stream_name: str """ + _validation = { + "data_collection_endpoint": {"required": True}, + "data_collection_rule_immutable_id": {"required": True}, + "stream_name": {"required": True}, + } + _attribute_map = { - "admin": {"key": "admin", "type": "EnrichmentDomainWhoisContact"}, - "billing": {"key": "billing", "type": "EnrichmentDomainWhoisContact"}, - "registrant": {"key": "registrant", "type": "EnrichmentDomainWhoisContact"}, - "tech": {"key": "tech", "type": "EnrichmentDomainWhoisContact"}, + "data_collection_endpoint": {"key": "dataCollectionEndpoint", "type": "str"}, + "data_collection_rule_immutable_id": {"key": "dataCollectionRuleImmutableId", "type": "str"}, + "stream_name": {"key": "streamName", "type": "str"}, } def __init__( - self, - *, - admin: Optional["_models.EnrichmentDomainWhoisContact"] = None, - billing: Optional["_models.EnrichmentDomainWhoisContact"] = None, - registrant: Optional["_models.EnrichmentDomainWhoisContact"] = None, - tech: Optional["_models.EnrichmentDomainWhoisContact"] = None, - **kwargs - ): + self, *, data_collection_endpoint: str, data_collection_rule_immutable_id: str, stream_name: str, **kwargs: Any + ) -> None: """ - :keyword admin: The admin contact for this whois record. - :paramtype admin: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact - :keyword billing: The billing contact for this whois record. - :paramtype billing: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact - :keyword registrant: The registrant contact for this whois record. - :paramtype registrant: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact - :keyword tech: The technical contact for this whois record. - :paramtype tech: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + :keyword data_collection_endpoint: Represents the data collection ingestion endpoint in log + analytics. Required. + :paramtype data_collection_endpoint: str + :keyword data_collection_rule_immutable_id: The data collection rule immutable id, the rule + defines the transformation and data destination. Required. + :paramtype data_collection_rule_immutable_id: str + :keyword stream_name: The stream we are sending the data to. Required. + :paramtype stream_name: str """ super().__init__(**kwargs) - self.admin = admin - self.billing = billing - self.registrant = registrant - self.tech = tech + self.data_collection_endpoint = data_collection_endpoint + self.data_collection_rule_immutable_id = data_collection_rule_immutable_id + self.stream_name = stream_name -class EnrichmentDomainWhoisDetails(_serialization.Model): - """The whois record for a given domain. +class Deployment(_serialization.Model): + """Description about a deployment. - :ivar registrar: The registrar associated with this domain. - :vartype registrar: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisRegistrarDetails - :ivar contacts: The set of contacts associated with this domain. - :vartype contacts: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContacts - :ivar name_servers: A list of name servers associated with this domain. - :vartype name_servers: list[str] - :ivar statuses: The set of status flags for this whois record. - :vartype statuses: list[str] + :ivar deployment_id: Deployment identifier. + :vartype deployment_id: str + :ivar deployment_state: Current status of the deployment. Known values are: "In_Progress", + "Completed", "Queued", and "Canceling". + :vartype deployment_state: str or ~azure.mgmt.securityinsight.models.DeploymentState + :ivar deployment_result: The outcome of the deployment. Known values are: "Success", + "Canceled", and "Failed". + :vartype deployment_result: str or ~azure.mgmt.securityinsight.models.DeploymentResult + :ivar deployment_time: The time when the deployment finished. + :vartype deployment_time: ~datetime.datetime + :ivar deployment_logs_url: Url to access repository action logs. + :vartype deployment_logs_url: str """ _attribute_map = { - "registrar": {"key": "registrar", "type": "EnrichmentDomainWhoisRegistrarDetails"}, - "contacts": {"key": "contacts", "type": "EnrichmentDomainWhoisContacts"}, - "name_servers": {"key": "nameServers", "type": "[str]"}, - "statuses": {"key": "statuses", "type": "[str]"}, + "deployment_id": {"key": "deploymentId", "type": "str"}, + "deployment_state": {"key": "deploymentState", "type": "str"}, + "deployment_result": {"key": "deploymentResult", "type": "str"}, + "deployment_time": {"key": "deploymentTime", "type": "iso-8601"}, + "deployment_logs_url": {"key": "deploymentLogsUrl", "type": "str"}, } def __init__( self, *, - registrar: Optional["_models.EnrichmentDomainWhoisRegistrarDetails"] = None, - contacts: Optional["_models.EnrichmentDomainWhoisContacts"] = None, - name_servers: Optional[List[str]] = None, - statuses: Optional[List[str]] = None, - **kwargs - ): + deployment_id: Optional[str] = None, + deployment_state: Optional[Union[str, "_models.DeploymentState"]] = None, + deployment_result: Optional[Union[str, "_models.DeploymentResult"]] = None, + deployment_time: Optional[datetime.datetime] = None, + deployment_logs_url: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword registrar: The registrar associated with this domain. - :paramtype registrar: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisRegistrarDetails - :keyword contacts: The set of contacts associated with this domain. - :paramtype contacts: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContacts - :keyword name_servers: A list of name servers associated with this domain. - :paramtype name_servers: list[str] - :keyword statuses: The set of status flags for this whois record. - :paramtype statuses: list[str] + :keyword deployment_id: Deployment identifier. + :paramtype deployment_id: str + :keyword deployment_state: Current status of the deployment. Known values are: "In_Progress", + "Completed", "Queued", and "Canceling". + :paramtype deployment_state: str or ~azure.mgmt.securityinsight.models.DeploymentState + :keyword deployment_result: The outcome of the deployment. Known values are: "Success", + "Canceled", and "Failed". + :paramtype deployment_result: str or ~azure.mgmt.securityinsight.models.DeploymentResult + :keyword deployment_time: The time when the deployment finished. + :paramtype deployment_time: ~datetime.datetime + :keyword deployment_logs_url: Url to access repository action logs. + :paramtype deployment_logs_url: str """ super().__init__(**kwargs) - self.registrar = registrar - self.contacts = contacts - self.name_servers = name_servers - self.statuses = statuses - - -class EnrichmentDomainWhoisRegistrarDetails(_serialization.Model): - """The registrar associated with this domain. - - :ivar name: The name of this registrar. - :vartype name: str - :ivar abuse_contact_email: This registrar's abuse contact email. - :vartype abuse_contact_email: str - :ivar abuse_contact_phone: This registrar's abuse contact phone number. - :vartype abuse_contact_phone: str - :ivar iana_id: This registrar's Internet Assigned Numbers Authority id. - :vartype iana_id: str - :ivar url: This registrar's URL. - :vartype url: str - :ivar whois_server: The hostname of this registrar's whois server. - :vartype whois_server: str - """ - - _attribute_map = { - "name": {"key": "name", "type": "str"}, - "abuse_contact_email": {"key": "abuseContactEmail", "type": "str"}, - "abuse_contact_phone": {"key": "abuseContactPhone", "type": "str"}, - "iana_id": {"key": "ianaId", "type": "str"}, - "url": {"key": "url", "type": "str"}, - "whois_server": {"key": "whoisServer", "type": "str"}, - } - - def __init__( - self, - *, - name: Optional[str] = None, - abuse_contact_email: Optional[str] = None, - abuse_contact_phone: Optional[str] = None, - iana_id: Optional[str] = None, - url: Optional[str] = None, - whois_server: Optional[str] = None, - **kwargs - ): - """ - :keyword name: The name of this registrar. - :paramtype name: str - :keyword abuse_contact_email: This registrar's abuse contact email. - :paramtype abuse_contact_email: str - :keyword abuse_contact_phone: This registrar's abuse contact phone number. - :paramtype abuse_contact_phone: str - :keyword iana_id: This registrar's Internet Assigned Numbers Authority id. - :paramtype iana_id: str - :keyword url: This registrar's URL. - :paramtype url: str - :keyword whois_server: The hostname of this registrar's whois server. - :paramtype whois_server: str - """ - super().__init__(**kwargs) - self.name = name - self.abuse_contact_email = abuse_contact_email - self.abuse_contact_phone = abuse_contact_phone - self.iana_id = iana_id - self.url = url - self.whois_server = whois_server + self.deployment_id = deployment_id + self.deployment_state = deployment_state + self.deployment_result = deployment_result + self.deployment_time = deployment_time + self.deployment_logs_url = deployment_logs_url -class EnrichmentIpGeodata(_serialization.Model): # pylint: disable=too-many-instance-attributes - """Geodata information for a given IP address. +class DeploymentInfo(_serialization.Model): + """Information regarding a deployment. - :ivar asn: The autonomous system number associated with this IP address. - :vartype asn: str - :ivar carrier: The name of the carrier for this IP address. - :vartype carrier: str - :ivar city: The city this IP address is located in. - :vartype city: str - :ivar city_cf: A numeric rating of confidence that the value in the 'city' field is correct, on - a scale of 0-100. - :vartype city_cf: int - :ivar continent: The continent this IP address is located on. - :vartype continent: str - :ivar country: The county this IP address is located in. - :vartype country: str - :ivar country_cf: A numeric rating of confidence that the value in the 'country' field is - correct on a scale of 0-100. - :vartype country_cf: int - :ivar ip_addr: The dotted-decimal or colon-separated string representation of the IP address. - :vartype ip_addr: str - :ivar ip_routing_type: A description of the connection type of this IP address. - :vartype ip_routing_type: str - :ivar latitude: The latitude of this IP address. - :vartype latitude: str - :ivar longitude: The longitude of this IP address. - :vartype longitude: str - :ivar organization: The name of the organization for this IP address. - :vartype organization: str - :ivar organization_type: The type of the organization for this IP address. - :vartype organization_type: str - :ivar region: The geographic region this IP address is located in. - :vartype region: str - :ivar state: The state this IP address is located in. - :vartype state: str - :ivar state_cf: A numeric rating of confidence that the value in the 'state' field is correct - on a scale of 0-100. - :vartype state_cf: int - :ivar state_code: The abbreviated name for the state this IP address is located in. - :vartype state_code: str + :ivar deployment_fetch_status: Status while fetching the last deployment. Known values are: + "Success", "Unauthorized", and "NotFound". + :vartype deployment_fetch_status: str or + ~azure.mgmt.securityinsight.models.DeploymentFetchStatus + :ivar deployment: Deployment information. + :vartype deployment: ~azure.mgmt.securityinsight.models.Deployment + :ivar message: Additional details about the deployment that can be shown to the user. + :vartype message: str """ _attribute_map = { - "asn": {"key": "asn", "type": "str"}, - "carrier": {"key": "carrier", "type": "str"}, - "city": {"key": "city", "type": "str"}, - "city_cf": {"key": "cityCf", "type": "int"}, - "continent": {"key": "continent", "type": "str"}, - "country": {"key": "country", "type": "str"}, - "country_cf": {"key": "countryCf", "type": "int"}, - "ip_addr": {"key": "ipAddr", "type": "str"}, - "ip_routing_type": {"key": "ipRoutingType", "type": "str"}, - "latitude": {"key": "latitude", "type": "str"}, - "longitude": {"key": "longitude", "type": "str"}, - "organization": {"key": "organization", "type": "str"}, - "organization_type": {"key": "organizationType", "type": "str"}, - "region": {"key": "region", "type": "str"}, - "state": {"key": "state", "type": "str"}, - "state_cf": {"key": "stateCf", "type": "int"}, - "state_code": {"key": "stateCode", "type": "str"}, + "deployment_fetch_status": {"key": "deploymentFetchStatus", "type": "str"}, + "deployment": {"key": "deployment", "type": "Deployment"}, + "message": {"key": "message", "type": "str"}, } def __init__( self, *, - asn: Optional[str] = None, - carrier: Optional[str] = None, - city: Optional[str] = None, - city_cf: Optional[int] = None, - continent: Optional[str] = None, - country: Optional[str] = None, - country_cf: Optional[int] = None, - ip_addr: Optional[str] = None, - ip_routing_type: Optional[str] = None, - latitude: Optional[str] = None, - longitude: Optional[str] = None, - organization: Optional[str] = None, - organization_type: Optional[str] = None, - region: Optional[str] = None, - state: Optional[str] = None, - state_cf: Optional[int] = None, - state_code: Optional[str] = None, - **kwargs - ): + deployment_fetch_status: Optional[Union[str, "_models.DeploymentFetchStatus"]] = None, + deployment: Optional["_models.Deployment"] = None, + message: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword asn: The autonomous system number associated with this IP address. - :paramtype asn: str - :keyword carrier: The name of the carrier for this IP address. - :paramtype carrier: str - :keyword city: The city this IP address is located in. - :paramtype city: str - :keyword city_cf: A numeric rating of confidence that the value in the 'city' field is correct, - on a scale of 0-100. - :paramtype city_cf: int - :keyword continent: The continent this IP address is located on. - :paramtype continent: str - :keyword country: The county this IP address is located in. - :paramtype country: str - :keyword country_cf: A numeric rating of confidence that the value in the 'country' field is - correct on a scale of 0-100. - :paramtype country_cf: int - :keyword ip_addr: The dotted-decimal or colon-separated string representation of the IP - address. - :paramtype ip_addr: str - :keyword ip_routing_type: A description of the connection type of this IP address. - :paramtype ip_routing_type: str - :keyword latitude: The latitude of this IP address. - :paramtype latitude: str - :keyword longitude: The longitude of this IP address. - :paramtype longitude: str - :keyword organization: The name of the organization for this IP address. - :paramtype organization: str - :keyword organization_type: The type of the organization for this IP address. - :paramtype organization_type: str - :keyword region: The geographic region this IP address is located in. - :paramtype region: str - :keyword state: The state this IP address is located in. - :paramtype state: str - :keyword state_cf: A numeric rating of confidence that the value in the 'state' field is - correct on a scale of 0-100. - :paramtype state_cf: int - :keyword state_code: The abbreviated name for the state this IP address is located in. - :paramtype state_code: str + :keyword deployment_fetch_status: Status while fetching the last deployment. Known values are: + "Success", "Unauthorized", and "NotFound". + :paramtype deployment_fetch_status: str or + ~azure.mgmt.securityinsight.models.DeploymentFetchStatus + :keyword deployment: Deployment information. + :paramtype deployment: ~azure.mgmt.securityinsight.models.Deployment + :keyword message: Additional details about the deployment that can be shown to the user. + :paramtype message: str """ super().__init__(**kwargs) - self.asn = asn - self.carrier = carrier - self.city = city - self.city_cf = city_cf - self.continent = continent - self.country = country - self.country_cf = country_cf - self.ip_addr = ip_addr - self.ip_routing_type = ip_routing_type - self.latitude = latitude - self.longitude = longitude - self.organization = organization - self.organization_type = organization_type - self.region = region - self.state = state - self.state_cf = state_cf - self.state_code = state_code + self.deployment_fetch_status = deployment_fetch_status + self.deployment = deployment + self.message = message -class EntityAnalytics(Settings): - """Settings with single toggle. +class DnsEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a dns entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -7273,13 +7312,25 @@ class EntityAnalytics(Settings): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", - "EntityAnalytics", and "Ueba". - :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind - :ivar entity_providers: The relevant entity providers that are synced. - :vartype entity_providers: list[str or ~azure.mgmt.securityinsight.models.EntityProviders] + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar dns_server_ip_entity_id: An ip entity id for the dns server resolving the request. + :vartype dns_server_ip_entity_id: str + :ivar domain_name: The name of the dns record associated with the alert. + :vartype domain_name: str + :ivar host_ip_address_entity_id: An ip entity id for the dns request client. + :vartype host_ip_address_entity_id: str + :ivar ip_address_entity_ids: Ip entity identifiers for the resolved ip address. + :vartype ip_address_entity_ids: list[str] """ _validation = { @@ -7288,6 +7339,12 @@ class EntityAnalytics(Settings): "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "dns_server_ip_entity_id": {"readonly": True}, + "domain_name": {"readonly": True}, + "host_ip_address_entity_id": {"readonly": True}, + "ip_address_entity_ids": {"readonly": True}, } _attribute_map = { @@ -7295,1378 +7352,1433 @@ class EntityAnalytics(Settings): "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "entity_providers": {"key": "properties.entityProviders", "type": "[str]"}, - } + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "dns_server_ip_entity_id": {"key": "properties.dnsServerIpEntityId", "type": "str"}, + "domain_name": {"key": "properties.domainName", "type": "str"}, + "host_ip_address_entity_id": {"key": "properties.hostIpAddressEntityId", "type": "str"}, + "ip_address_entity_ids": {"key": "properties.ipAddressEntityIds", "type": "[str]"}, + } - def __init__( - self, - *, - etag: Optional[str] = None, - entity_providers: Optional[List[Union[str, "_models.EntityProviders"]]] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword entity_providers: The relevant entity providers that are synced. - :paramtype entity_providers: list[str or ~azure.mgmt.securityinsight.models.EntityProviders] - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "EntityAnalytics" - self.entity_providers = entity_providers + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.kind: str = "DnsResolution" + self.additional_data = None + self.friendly_name = None + self.dns_server_ip_entity_id = None + self.domain_name = None + self.host_ip_address_entity_id = None + self.ip_address_entity_ids = None -class EntityEdges(_serialization.Model): - """The edge that connects the entity to the other entity. +class DnsEntityProperties(EntityCommonProperties): + """Dns entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. - :ivar target_entity_id: The target entity Id. - :vartype target_entity_id: str :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar dns_server_ip_entity_id: An ip entity id for the dns server resolving the request. + :vartype dns_server_ip_entity_id: str + :ivar domain_name: The name of the dns record associated with the alert. + :vartype domain_name: str + :ivar host_ip_address_entity_id: An ip entity id for the dns request client. + :vartype host_ip_address_entity_id: str + :ivar ip_address_entity_ids: Ip entity identifiers for the resolved ip address. + :vartype ip_address_entity_ids: list[str] """ + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "dns_server_ip_entity_id": {"readonly": True}, + "domain_name": {"readonly": True}, + "host_ip_address_entity_id": {"readonly": True}, + "ip_address_entity_ids": {"readonly": True}, + } + _attribute_map = { - "target_entity_id": {"key": "targetEntityId", "type": "str"}, "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "dns_server_ip_entity_id": {"key": "dnsServerIpEntityId", "type": "str"}, + "domain_name": {"key": "domainName", "type": "str"}, + "host_ip_address_entity_id": {"key": "hostIpAddressEntityId", "type": "str"}, + "ip_address_entity_ids": {"key": "ipAddressEntityIds", "type": "[str]"}, } - def __init__( - self, *, target_entity_id: Optional[str] = None, additional_data: Optional[Dict[str, Any]] = None, **kwargs - ): - """ - :keyword target_entity_id: The target entity Id. - :paramtype target_entity_id: str - :keyword additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :paramtype additional_data: dict[str, any] - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.target_entity_id = target_entity_id - self.additional_data = additional_data + self.dns_server_ip_entity_id = None + self.domain_name = None + self.host_ip_address_entity_id = None + self.ip_address_entity_ids = None -class EntityExpandParameters(_serialization.Model): - """The parameters required to execute an expand operation on the given entity. +class Dynamics365CheckRequirements(DataConnectorsCheckRequirements): + """Represents Dynamics365 requirements check request. - :ivar end_time: The end date filter, so the only expansion results returned are before this - date. - :vartype end_time: ~datetime.datetime - :ivar expansion_id: The Id of the expansion to perform. - :vartype expansion_id: str - :ivar start_time: The start date filter, so the only expansion results returned are after this - date. - :vartype start_time: ~datetime.datetime + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str """ + _validation = { + "kind": {"required": True}, + } + _attribute_map = { - "end_time": {"key": "endTime", "type": "iso-8601"}, - "expansion_id": {"key": "expansionId", "type": "str"}, - "start_time": {"key": "startTime", "type": "iso-8601"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, } - def __init__( - self, - *, - end_time: Optional[datetime.datetime] = None, - expansion_id: Optional[str] = None, - start_time: Optional[datetime.datetime] = None, - **kwargs - ): + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword end_time: The end date filter, so the only expansion results returned are before this - date. - :paramtype end_time: ~datetime.datetime - :keyword expansion_id: The Id of the expansion to perform. - :paramtype expansion_id: str - :keyword start_time: The start date filter, so the only expansion results returned are after - this date. - :paramtype start_time: ~datetime.datetime + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str """ super().__init__(**kwargs) - self.end_time = end_time - self.expansion_id = expansion_id - self.start_time = start_time + self.kind: str = "Dynamics365" + self.tenant_id = tenant_id -class EntityExpandResponse(_serialization.Model): - """The entity expansion result operation response. +class Dynamics365CheckRequirementsProperties(DataConnectorTenantId): + """Dynamics365 requirements check properties. - :ivar meta_data: The metadata from the expansion operation results. - :vartype meta_data: ~azure.mgmt.securityinsight.models.ExpansionResultsMetadata - :ivar value: The expansion result values. - :vartype value: ~azure.mgmt.securityinsight.models.EntityExpandResponseValue + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str """ + _validation = { + "tenant_id": {"required": True}, + } + _attribute_map = { - "meta_data": {"key": "metaData", "type": "ExpansionResultsMetadata"}, - "value": {"key": "value", "type": "EntityExpandResponseValue"}, + "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__( - self, - *, - meta_data: Optional["_models.ExpansionResultsMetadata"] = None, - value: Optional["_models.EntityExpandResponseValue"] = None, - **kwargs - ): + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: """ - :keyword meta_data: The metadata from the expansion operation results. - :paramtype meta_data: ~azure.mgmt.securityinsight.models.ExpansionResultsMetadata - :keyword value: The expansion result values. - :paramtype value: ~azure.mgmt.securityinsight.models.EntityExpandResponseValue + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str """ - super().__init__(**kwargs) - self.meta_data = meta_data - self.value = value + super().__init__(tenant_id=tenant_id, **kwargs) -class EntityExpandResponseValue(_serialization.Model): - """The expansion result values. +class Dynamics365DataConnector(DataConnector): + """Represents Dynamics365 data connector. - :ivar entities: Array of the expansion result entities. - :vartype entities: list[~azure.mgmt.securityinsight.models.Entity] - :ivar edges: Array of edges that connects the entity to the list of entities. - :vartype edges: list[~azure.mgmt.securityinsight.models.EntityEdges] + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes """ + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + _attribute_map = { - "entities": {"key": "entities", "type": "[Entity]"}, - "edges": {"key": "edges", "type": "[EntityEdges]"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "Dynamics365DataConnectorDataTypes"}, } def __init__( self, *, - entities: Optional[List["_models.Entity"]] = None, - edges: Optional[List["_models.EntityEdges"]] = None, - **kwargs - ): + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.Dynamics365DataConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: """ - :keyword entities: Array of the expansion result entities. - :paramtype entities: list[~azure.mgmt.securityinsight.models.Entity] - :keyword edges: Array of edges that connects the entity to the list of entities. - :paramtype edges: list[~azure.mgmt.securityinsight.models.EntityEdges] + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes """ - super().__init__(**kwargs) - self.entities = entities - self.edges = edges + super().__init__(etag=etag, **kwargs) + self.kind: str = "Dynamics365" + self.tenant_id = tenant_id + self.data_types = data_types -class EntityFieldMapping(_serialization.Model): - """Map identifiers of a single entity. +class Dynamics365DataConnectorDataTypes(_serialization.Model): + """The available data types for Dynamics365 data connector. - :ivar identifier: Alert V3 identifier. - :vartype identifier: str - :ivar value: The value of the identifier. - :vartype value: str + All required parameters must be populated in order to send to Azure. + + :ivar dynamics365_cds_activities: Common Data Service data type connection. Required. + :vartype dynamics365_cds_activities: + ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypesDynamics365CdsActivities """ - _attribute_map = { - "identifier": {"key": "identifier", "type": "str"}, - "value": {"key": "value", "type": "str"}, + _validation = { + "dynamics365_cds_activities": {"required": True}, } - def __init__(self, *, identifier: Optional[str] = None, value: Optional[str] = None, **kwargs): - """ - :keyword identifier: Alert V3 identifier. - :paramtype identifier: str - :keyword value: The value of the identifier. - :paramtype value: str + _attribute_map = { + "dynamics365_cds_activities": { + "key": "dynamics365CdsActivities", + "type": "Dynamics365DataConnectorDataTypesDynamics365CdsActivities", + }, + } + + def __init__( + self, + *, + dynamics365_cds_activities: "_models.Dynamics365DataConnectorDataTypesDynamics365CdsActivities", + **kwargs: Any + ) -> None: + """ + :keyword dynamics365_cds_activities: Common Data Service data type connection. Required. + :paramtype dynamics365_cds_activities: + ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypesDynamics365CdsActivities """ super().__init__(**kwargs) - self.identifier = identifier - self.value = value + self.dynamics365_cds_activities = dynamics365_cds_activities -class EntityGetInsightsParameters(_serialization.Model): - """The parameters required to execute insights operation on the given entity. +class Dynamics365DataConnectorDataTypesDynamics365CdsActivities(DataConnectorDataTypeCommon): + """Common Data Service data type connection. All required parameters must be populated in order to send to Azure. - :ivar start_time: The start timeline date, so the results returned are after this date. - Required. - :vartype start_time: ~datetime.datetime - :ivar end_time: The end timeline date, so the results returned are before this date. Required. - :vartype end_time: ~datetime.datetime - :ivar add_default_extended_time_range: Indicates if query time range should be extended with - default time range of the query. Default value is false. - :vartype add_default_extended_time_range: bool - :ivar insight_query_ids: List of Insights Query Id. If empty, default value is all insights of - this entity. - :vartype insight_query_ids: list[str] + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ _validation = { - "start_time": {"required": True}, - "end_time": {"required": True}, + "state": {"required": True}, } _attribute_map = { - "start_time": {"key": "startTime", "type": "iso-8601"}, - "end_time": {"key": "endTime", "type": "iso-8601"}, - "add_default_extended_time_range": {"key": "addDefaultExtendedTimeRange", "type": "bool"}, - "insight_query_ids": {"key": "insightQueryIds", "type": "[str]"}, + "state": {"key": "state", "type": "str"}, } - def __init__( - self, - *, - start_time: datetime.datetime, - end_time: datetime.datetime, - add_default_extended_time_range: Optional[bool] = None, - insight_query_ids: Optional[List[str]] = None, - **kwargs - ): + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: """ - :keyword start_time: The start timeline date, so the results returned are after this date. - Required. - :paramtype start_time: ~datetime.datetime - :keyword end_time: The end timeline date, so the results returned are before this date. - Required. - :paramtype end_time: ~datetime.datetime - :keyword add_default_extended_time_range: Indicates if query time range should be extended with - default time range of the query. Default value is false. - :paramtype add_default_extended_time_range: bool - :keyword insight_query_ids: List of Insights Query Id. If empty, default value is all insights - of this entity. - :paramtype insight_query_ids: list[str] + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ - super().__init__(**kwargs) - self.start_time = start_time - self.end_time = end_time - self.add_default_extended_time_range = add_default_extended_time_range - self.insight_query_ids = insight_query_ids + super().__init__(state=state, **kwargs) -class EntityGetInsightsResponse(_serialization.Model): - """The Get Insights result operation response. +class Dynamics365DataConnectorProperties(DataConnectorTenantId): + """Dynamics365 data connector properties. - :ivar meta_data: The metadata from the get insights operation results. - :vartype meta_data: ~azure.mgmt.securityinsight.models.GetInsightsResultsMetadata - :ivar value: The insights result values. - :vartype value: list[~azure.mgmt.securityinsight.models.EntityInsightItem] + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes """ + _validation = { + "tenant_id": {"required": True}, + "data_types": {"required": True}, + } + _attribute_map = { - "meta_data": {"key": "metaData", "type": "GetInsightsResultsMetadata"}, - "value": {"key": "value", "type": "[EntityInsightItem]"}, + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "Dynamics365DataConnectorDataTypes"}, } def __init__( - self, - *, - meta_data: Optional["_models.GetInsightsResultsMetadata"] = None, - value: Optional[List["_models.EntityInsightItem"]] = None, - **kwargs - ): + self, *, tenant_id: str, data_types: "_models.Dynamics365DataConnectorDataTypes", **kwargs: Any + ) -> None: """ - :keyword meta_data: The metadata from the get insights operation results. - :paramtype meta_data: ~azure.mgmt.securityinsight.models.GetInsightsResultsMetadata - :keyword value: The insights result values. - :paramtype value: list[~azure.mgmt.securityinsight.models.EntityInsightItem] + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes """ - super().__init__(**kwargs) - self.meta_data = meta_data - self.value = value + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types -class EntityInsightItem(_serialization.Model): - """Entity insight Item. +class EnrichmentDomainWhois(_serialization.Model): + """Whois information for a given domain and associated metadata. - :ivar query_id: The query id of the insight. - :vartype query_id: str - :ivar query_time_interval: The Time interval that the query actually executed on. - :vartype query_time_interval: - ~azure.mgmt.securityinsight.models.EntityInsightItemQueryTimeInterval - :ivar table_query_results: Query results for table insights query. - :vartype table_query_results: ~azure.mgmt.securityinsight.models.InsightsTableResult - :ivar chart_query_results: Query results for table insights query. - :vartype chart_query_results: list[~azure.mgmt.securityinsight.models.InsightsTableResult] + :ivar domain: The domain for this whois record. + :vartype domain: str + :ivar server: The hostname of this registrar's whois server. + :vartype server: str + :ivar created: The timestamp at which this record was created. + :vartype created: ~datetime.datetime + :ivar updated: The timestamp at which this record was last updated. + :vartype updated: ~datetime.datetime + :ivar expires: The timestamp at which this record will expire. + :vartype expires: ~datetime.datetime + :ivar parsed_whois: The whois record for a given domain. + :vartype parsed_whois: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisDetails """ _attribute_map = { - "query_id": {"key": "queryId", "type": "str"}, - "query_time_interval": {"key": "queryTimeInterval", "type": "EntityInsightItemQueryTimeInterval"}, - "table_query_results": {"key": "tableQueryResults", "type": "InsightsTableResult"}, - "chart_query_results": {"key": "chartQueryResults", "type": "[InsightsTableResult]"}, + "domain": {"key": "domain", "type": "str"}, + "server": {"key": "server", "type": "str"}, + "created": {"key": "created", "type": "iso-8601"}, + "updated": {"key": "updated", "type": "iso-8601"}, + "expires": {"key": "expires", "type": "iso-8601"}, + "parsed_whois": {"key": "parsedWhois", "type": "EnrichmentDomainWhoisDetails"}, } def __init__( self, *, - query_id: Optional[str] = None, - query_time_interval: Optional["_models.EntityInsightItemQueryTimeInterval"] = None, - table_query_results: Optional["_models.InsightsTableResult"] = None, - chart_query_results: Optional[List["_models.InsightsTableResult"]] = None, - **kwargs - ): + domain: Optional[str] = None, + server: Optional[str] = None, + created: Optional[datetime.datetime] = None, + updated: Optional[datetime.datetime] = None, + expires: Optional[datetime.datetime] = None, + parsed_whois: Optional["_models.EnrichmentDomainWhoisDetails"] = None, + **kwargs: Any + ) -> None: """ - :keyword query_id: The query id of the insight. - :paramtype query_id: str - :keyword query_time_interval: The Time interval that the query actually executed on. - :paramtype query_time_interval: - ~azure.mgmt.securityinsight.models.EntityInsightItemQueryTimeInterval - :keyword table_query_results: Query results for table insights query. - :paramtype table_query_results: ~azure.mgmt.securityinsight.models.InsightsTableResult - :keyword chart_query_results: Query results for table insights query. - :paramtype chart_query_results: list[~azure.mgmt.securityinsight.models.InsightsTableResult] + :keyword domain: The domain for this whois record. + :paramtype domain: str + :keyword server: The hostname of this registrar's whois server. + :paramtype server: str + :keyword created: The timestamp at which this record was created. + :paramtype created: ~datetime.datetime + :keyword updated: The timestamp at which this record was last updated. + :paramtype updated: ~datetime.datetime + :keyword expires: The timestamp at which this record will expire. + :paramtype expires: ~datetime.datetime + :keyword parsed_whois: The whois record for a given domain. + :paramtype parsed_whois: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisDetails """ super().__init__(**kwargs) - self.query_id = query_id - self.query_time_interval = query_time_interval - self.table_query_results = table_query_results - self.chart_query_results = chart_query_results + self.domain = domain + self.server = server + self.created = created + self.updated = updated + self.expires = expires + self.parsed_whois = parsed_whois -class EntityInsightItemQueryTimeInterval(_serialization.Model): - """The Time interval that the query actually executed on. +class EnrichmentDomainWhoisContact(_serialization.Model): + """An individual contact associated with this domain. - :ivar start_time: Insight query start time. - :vartype start_time: ~datetime.datetime - :ivar end_time: Insight query end time. - :vartype end_time: ~datetime.datetime + :ivar name: The name of this contact. + :vartype name: str + :ivar org: The organization for this contact. + :vartype org: str + :ivar street: A list describing the street address for this contact. + :vartype street: list[str] + :ivar city: The city for this contact. + :vartype city: str + :ivar state: The state for this contact. + :vartype state: str + :ivar postal: The postal code for this contact. + :vartype postal: str + :ivar country: The country for this contact. + :vartype country: str + :ivar phone: The phone number for this contact. + :vartype phone: str + :ivar fax: The fax number for this contact. + :vartype fax: str + :ivar email: The email address for this contact. + :vartype email: str """ _attribute_map = { - "start_time": {"key": "startTime", "type": "iso-8601"}, - "end_time": {"key": "endTime", "type": "iso-8601"}, + "name": {"key": "name", "type": "str"}, + "org": {"key": "org", "type": "str"}, + "street": {"key": "street", "type": "[str]"}, + "city": {"key": "city", "type": "str"}, + "state": {"key": "state", "type": "str"}, + "postal": {"key": "postal", "type": "str"}, + "country": {"key": "country", "type": "str"}, + "phone": {"key": "phone", "type": "str"}, + "fax": {"key": "fax", "type": "str"}, + "email": {"key": "email", "type": "str"}, } def __init__( - self, *, start_time: Optional[datetime.datetime] = None, end_time: Optional[datetime.datetime] = None, **kwargs - ): - """ - :keyword start_time: Insight query start time. - :paramtype start_time: ~datetime.datetime - :keyword end_time: Insight query end time. - :paramtype end_time: ~datetime.datetime + self, + *, + name: Optional[str] = None, + org: Optional[str] = None, + street: Optional[List[str]] = None, + city: Optional[str] = None, + state: Optional[str] = None, + postal: Optional[str] = None, + country: Optional[str] = None, + phone: Optional[str] = None, + fax: Optional[str] = None, + email: Optional[str] = None, + **kwargs: Any + ) -> None: """ - super().__init__(**kwargs) - self.start_time = start_time - self.end_time = end_time - - -class EntityList(_serialization.Model): - """List of all the entities. - - Variables are only populated by the server, and will be ignored when sending a request. + :keyword name: The name of this contact. + :paramtype name: str + :keyword org: The organization for this contact. + :paramtype org: str + :keyword street: A list describing the street address for this contact. + :paramtype street: list[str] + :keyword city: The city for this contact. + :paramtype city: str + :keyword state: The state for this contact. + :paramtype state: str + :keyword postal: The postal code for this contact. + :paramtype postal: str + :keyword country: The country for this contact. + :paramtype country: str + :keyword phone: The phone number for this contact. + :paramtype phone: str + :keyword fax: The fax number for this contact. + :paramtype fax: str + :keyword email: The email address for this contact. + :paramtype email: str + """ + super().__init__(**kwargs) + self.name = name + self.org = org + self.street = street + self.city = city + self.state = state + self.postal = postal + self.country = country + self.phone = phone + self.fax = fax + self.email = email - All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of entities. - :vartype next_link: str - :ivar value: Array of entities. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.Entity] - """ +class EnrichmentDomainWhoisContacts(_serialization.Model): + """The set of contacts associated with this domain. - _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, - } + :ivar admin: The admin contact for this whois record. + :vartype admin: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + :ivar billing: The billing contact for this whois record. + :vartype billing: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + :ivar registrant: The registrant contact for this whois record. + :vartype registrant: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + :ivar tech: The technical contact for this whois record. + :vartype tech: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + """ _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[Entity]"}, + "admin": {"key": "admin", "type": "EnrichmentDomainWhoisContact"}, + "billing": {"key": "billing", "type": "EnrichmentDomainWhoisContact"}, + "registrant": {"key": "registrant", "type": "EnrichmentDomainWhoisContact"}, + "tech": {"key": "tech", "type": "EnrichmentDomainWhoisContact"}, } - def __init__(self, *, value: List["_models.Entity"], **kwargs): + def __init__( + self, + *, + admin: Optional["_models.EnrichmentDomainWhoisContact"] = None, + billing: Optional["_models.EnrichmentDomainWhoisContact"] = None, + registrant: Optional["_models.EnrichmentDomainWhoisContact"] = None, + tech: Optional["_models.EnrichmentDomainWhoisContact"] = None, + **kwargs: Any + ) -> None: """ - :keyword value: Array of entities. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.Entity] + :keyword admin: The admin contact for this whois record. + :paramtype admin: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + :keyword billing: The billing contact for this whois record. + :paramtype billing: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + :keyword registrant: The registrant contact for this whois record. + :paramtype registrant: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + :keyword tech: The technical contact for this whois record. + :paramtype tech: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact """ super().__init__(**kwargs) - self.next_link = None - self.value = value + self.admin = admin + self.billing = billing + self.registrant = registrant + self.tech = tech -class EntityMapping(_serialization.Model): - """Single entity mapping for the alert rule. +class EnrichmentDomainWhoisDetails(_serialization.Model): + """The whois record for a given domain. - :ivar entity_type: The V3 type of the mapped entity. Known values are: "Account", "Host", "IP", - "Malware", "File", "Process", "CloudApplication", "DNS", "AzureResource", "FileHash", - "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "Mailbox", "MailCluster", - "MailMessage", and "SubmissionMail". - :vartype entity_type: str or ~azure.mgmt.securityinsight.models.EntityMappingType - :ivar field_mappings: array of field mappings for the given entity mapping. - :vartype field_mappings: list[~azure.mgmt.securityinsight.models.FieldMapping] + :ivar registrar: The registrar associated with this domain. + :vartype registrar: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisRegistrarDetails + :ivar contacts: The set of contacts associated with this domain. + :vartype contacts: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContacts + :ivar name_servers: A list of name servers associated with this domain. + :vartype name_servers: list[str] + :ivar statuses: The set of status flags for this whois record. + :vartype statuses: list[str] """ _attribute_map = { - "entity_type": {"key": "entityType", "type": "str"}, - "field_mappings": {"key": "fieldMappings", "type": "[FieldMapping]"}, + "registrar": {"key": "registrar", "type": "EnrichmentDomainWhoisRegistrarDetails"}, + "contacts": {"key": "contacts", "type": "EnrichmentDomainWhoisContacts"}, + "name_servers": {"key": "nameServers", "type": "[str]"}, + "statuses": {"key": "statuses", "type": "[str]"}, } def __init__( self, *, - entity_type: Optional[Union[str, "_models.EntityMappingType"]] = None, - field_mappings: Optional[List["_models.FieldMapping"]] = None, - **kwargs - ): + registrar: Optional["_models.EnrichmentDomainWhoisRegistrarDetails"] = None, + contacts: Optional["_models.EnrichmentDomainWhoisContacts"] = None, + name_servers: Optional[List[str]] = None, + statuses: Optional[List[str]] = None, + **kwargs: Any + ) -> None: """ - :keyword entity_type: The V3 type of the mapped entity. Known values are: "Account", "Host", - "IP", "Malware", "File", "Process", "CloudApplication", "DNS", "AzureResource", "FileHash", - "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "Mailbox", "MailCluster", - "MailMessage", and "SubmissionMail". - :paramtype entity_type: str or ~azure.mgmt.securityinsight.models.EntityMappingType - :keyword field_mappings: array of field mappings for the given entity mapping. - :paramtype field_mappings: list[~azure.mgmt.securityinsight.models.FieldMapping] + :keyword registrar: The registrar associated with this domain. + :paramtype registrar: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisRegistrarDetails + :keyword contacts: The set of contacts associated with this domain. + :paramtype contacts: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContacts + :keyword name_servers: A list of name servers associated with this domain. + :paramtype name_servers: list[str] + :keyword statuses: The set of status flags for this whois record. + :paramtype statuses: list[str] """ super().__init__(**kwargs) - self.entity_type = entity_type - self.field_mappings = field_mappings - - -class EntityQueryItem(_serialization.Model): - """An abstract Query item for entity. - - You probably want to use the sub-classes and not this class directly. Known sub-classes are: - InsightQueryItem + self.registrar = registrar + self.contacts = contacts + self.name_servers = name_servers + self.statuses = statuses - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class EnrichmentDomainWhoisRegistrarDetails(_serialization.Model): + """The registrar associated with this domain. - :ivar id: Query Template ARM ID. - :vartype id: str - :ivar name: Query Template ARM Name. + :ivar name: The name of this registrar. :vartype name: str - :ivar type: ARM Type. - :vartype type: str - :ivar kind: The kind of the entity query. Required. Known values are: "Expansion", "Insight", - and "Activity". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind + :ivar abuse_contact_email: This registrar's abuse contact email. + :vartype abuse_contact_email: str + :ivar abuse_contact_phone: This registrar's abuse contact phone number. + :vartype abuse_contact_phone: str + :ivar iana_id: This registrar's Internet Assigned Numbers Authority id. + :vartype iana_id: str + :ivar url: This registrar's URL. + :vartype url: str + :ivar whois_server: The hostname of this registrar's whois server. + :vartype whois_server: str """ - _validation = { - "id": {"readonly": True}, - "kind": {"required": True}, - } - _attribute_map = { - "id": {"key": "id", "type": "str"}, "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, + "abuse_contact_email": {"key": "abuseContactEmail", "type": "str"}, + "abuse_contact_phone": {"key": "abuseContactPhone", "type": "str"}, + "iana_id": {"key": "ianaId", "type": "str"}, + "url": {"key": "url", "type": "str"}, + "whois_server": {"key": "whoisServer", "type": "str"}, } - _subtype_map = {"kind": {"Insight": "InsightQueryItem"}} - - def __init__(self, *, name: Optional[str] = None, type: Optional[str] = None, **kwargs): + def __init__( + self, + *, + name: Optional[str] = None, + abuse_contact_email: Optional[str] = None, + abuse_contact_phone: Optional[str] = None, + iana_id: Optional[str] = None, + url: Optional[str] = None, + whois_server: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword name: Query Template ARM Name. + :keyword name: The name of this registrar. :paramtype name: str - :keyword type: ARM Type. - :paramtype type: str + :keyword abuse_contact_email: This registrar's abuse contact email. + :paramtype abuse_contact_email: str + :keyword abuse_contact_phone: This registrar's abuse contact phone number. + :paramtype abuse_contact_phone: str + :keyword iana_id: This registrar's Internet Assigned Numbers Authority id. + :paramtype iana_id: str + :keyword url: This registrar's URL. + :paramtype url: str + :keyword whois_server: The hostname of this registrar's whois server. + :paramtype whois_server: str """ super().__init__(**kwargs) - self.id = None self.name = name - self.type = type - self.kind: Optional[str] = None - - -class EntityQueryItemProperties(_serialization.Model): - """An properties abstract Query item for entity. + self.abuse_contact_email = abuse_contact_email + self.abuse_contact_phone = abuse_contact_phone + self.iana_id = iana_id + self.url = url + self.whois_server = whois_server - :ivar data_types: Data types for template. - :vartype data_types: - list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] - :ivar input_entity_type: The type of the entity. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", - "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :ivar required_input_fields_sets: Data types for template. - :vartype required_input_fields_sets: list[list[str]] - :ivar entities_filter: The query applied only to entities matching to all filters. - :vartype entities_filter: JSON - """ - _attribute_map = { - "data_types": {"key": "dataTypes", "type": "[EntityQueryItemPropertiesDataTypesItem]"}, - "input_entity_type": {"key": "inputEntityType", "type": "str"}, - "required_input_fields_sets": {"key": "requiredInputFieldsSets", "type": "[[str]]"}, - "entities_filter": {"key": "entitiesFilter", "type": "object"}, - } +class EnrichmentIpGeodata(_serialization.Model): # pylint: disable=too-many-instance-attributes + """Geodata information for a given IP address. - def __init__( - self, - *, - data_types: Optional[List["_models.EntityQueryItemPropertiesDataTypesItem"]] = None, - input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, - required_input_fields_sets: Optional[List[List[str]]] = None, - entities_filter: Optional[JSON] = None, - **kwargs - ): - """ - :keyword data_types: Data types for template. - :paramtype data_types: - list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] - :keyword input_entity_type: The type of the entity. Known values are: "Account", "Host", - "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", - "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :keyword required_input_fields_sets: Data types for template. - :paramtype required_input_fields_sets: list[list[str]] - :keyword entities_filter: The query applied only to entities matching to all filters. - :paramtype entities_filter: JSON - """ - super().__init__(**kwargs) - self.data_types = data_types - self.input_entity_type = input_entity_type - self.required_input_fields_sets = required_input_fields_sets - self.entities_filter = entities_filter - - -class EntityQueryItemPropertiesDataTypesItem(_serialization.Model): - """EntityQueryItemPropertiesDataTypesItem. - - :ivar data_type: Data type name. - :vartype data_type: str + :ivar asn: The autonomous system number associated with this IP address. + :vartype asn: str + :ivar carrier: The name of the carrier for this IP address. + :vartype carrier: str + :ivar city: The city this IP address is located in. + :vartype city: str + :ivar city_cf: A numeric rating of confidence that the value in the 'city' field is correct, on + a scale of 0-100. + :vartype city_cf: int + :ivar continent: The continent this IP address is located on. + :vartype continent: str + :ivar country: The county this IP address is located in. + :vartype country: str + :ivar country_cf: A numeric rating of confidence that the value in the 'country' field is + correct on a scale of 0-100. + :vartype country_cf: int + :ivar ip_addr: The dotted-decimal or colon-separated string representation of the IP address. + :vartype ip_addr: str + :ivar ip_routing_type: A description of the connection type of this IP address. + :vartype ip_routing_type: str + :ivar latitude: The latitude of this IP address. + :vartype latitude: str + :ivar longitude: The longitude of this IP address. + :vartype longitude: str + :ivar organization: The name of the organization for this IP address. + :vartype organization: str + :ivar organization_type: The type of the organization for this IP address. + :vartype organization_type: str + :ivar region: The geographic region this IP address is located in. + :vartype region: str + :ivar state: The state this IP address is located in. + :vartype state: str + :ivar state_cf: A numeric rating of confidence that the value in the 'state' field is correct + on a scale of 0-100. + :vartype state_cf: int + :ivar state_code: The abbreviated name for the state this IP address is located in. + :vartype state_code: str """ _attribute_map = { - "data_type": {"key": "dataType", "type": "str"}, + "asn": {"key": "asn", "type": "str"}, + "carrier": {"key": "carrier", "type": "str"}, + "city": {"key": "city", "type": "str"}, + "city_cf": {"key": "cityCf", "type": "int"}, + "continent": {"key": "continent", "type": "str"}, + "country": {"key": "country", "type": "str"}, + "country_cf": {"key": "countryCf", "type": "int"}, + "ip_addr": {"key": "ipAddr", "type": "str"}, + "ip_routing_type": {"key": "ipRoutingType", "type": "str"}, + "latitude": {"key": "latitude", "type": "str"}, + "longitude": {"key": "longitude", "type": "str"}, + "organization": {"key": "organization", "type": "str"}, + "organization_type": {"key": "organizationType", "type": "str"}, + "region": {"key": "region", "type": "str"}, + "state": {"key": "state", "type": "str"}, + "state_cf": {"key": "stateCf", "type": "int"}, + "state_code": {"key": "stateCode", "type": "str"}, } - def __init__(self, *, data_type: Optional[str] = None, **kwargs): + def __init__( + self, + *, + asn: Optional[str] = None, + carrier: Optional[str] = None, + city: Optional[str] = None, + city_cf: Optional[int] = None, + continent: Optional[str] = None, + country: Optional[str] = None, + country_cf: Optional[int] = None, + ip_addr: Optional[str] = None, + ip_routing_type: Optional[str] = None, + latitude: Optional[str] = None, + longitude: Optional[str] = None, + organization: Optional[str] = None, + organization_type: Optional[str] = None, + region: Optional[str] = None, + state: Optional[str] = None, + state_cf: Optional[int] = None, + state_code: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword data_type: Data type name. - :paramtype data_type: str + :keyword asn: The autonomous system number associated with this IP address. + :paramtype asn: str + :keyword carrier: The name of the carrier for this IP address. + :paramtype carrier: str + :keyword city: The city this IP address is located in. + :paramtype city: str + :keyword city_cf: A numeric rating of confidence that the value in the 'city' field is correct, + on a scale of 0-100. + :paramtype city_cf: int + :keyword continent: The continent this IP address is located on. + :paramtype continent: str + :keyword country: The county this IP address is located in. + :paramtype country: str + :keyword country_cf: A numeric rating of confidence that the value in the 'country' field is + correct on a scale of 0-100. + :paramtype country_cf: int + :keyword ip_addr: The dotted-decimal or colon-separated string representation of the IP + address. + :paramtype ip_addr: str + :keyword ip_routing_type: A description of the connection type of this IP address. + :paramtype ip_routing_type: str + :keyword latitude: The latitude of this IP address. + :paramtype latitude: str + :keyword longitude: The longitude of this IP address. + :paramtype longitude: str + :keyword organization: The name of the organization for this IP address. + :paramtype organization: str + :keyword organization_type: The type of the organization for this IP address. + :paramtype organization_type: str + :keyword region: The geographic region this IP address is located in. + :paramtype region: str + :keyword state: The state this IP address is located in. + :paramtype state: str + :keyword state_cf: A numeric rating of confidence that the value in the 'state' field is + correct on a scale of 0-100. + :paramtype state_cf: int + :keyword state_code: The abbreviated name for the state this IP address is located in. + :paramtype state_code: str """ super().__init__(**kwargs) - self.data_type = data_type + self.asn = asn + self.carrier = carrier + self.city = city + self.city_cf = city_cf + self.continent = continent + self.country = country + self.country_cf = country_cf + self.ip_addr = ip_addr + self.ip_routing_type = ip_routing_type + self.latitude = latitude + self.longitude = longitude + self.organization = organization + self.organization_type = organization_type + self.region = region + self.state = state + self.state_cf = state_cf + self.state_code = state_code -class EntityQueryList(_serialization.Model): - """List of all the entity queries. +class EntityAnalytics(Settings): + """Settings with single toggle. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of entity queries. - :vartype next_link: str - :ivar value: Array of entity queries. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.EntityQuery] + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", + "EntityAnalytics", and "Ueba". + :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind + :ivar entity_providers: The relevant entity providers that are synced. + :vartype entity_providers: list[str or ~azure.mgmt.securityinsight.models.EntityProviders] """ _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[EntityQuery]"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "entity_providers": {"key": "properties.entityProviders", "type": "[str]"}, } - def __init__(self, *, value: List["_models.EntityQuery"], **kwargs): + def __init__( + self, + *, + etag: Optional[str] = None, + entity_providers: Optional[List[Union[str, "_models.EntityProviders"]]] = None, + **kwargs: Any + ) -> None: """ - :keyword value: Array of entity queries. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.EntityQuery] + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword entity_providers: The relevant entity providers that are synced. + :paramtype entity_providers: list[str or ~azure.mgmt.securityinsight.models.EntityProviders] """ - super().__init__(**kwargs) - self.next_link = None - self.value = value - - -class EntityQueryTemplateList(_serialization.Model): - """List of all the entity query templates. + super().__init__(etag=etag, **kwargs) + self.kind: str = "EntityAnalytics" + self.entity_providers = entity_providers - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class EntityEdges(_serialization.Model): + """The edge that connects the entity to the other entity. - :ivar next_link: URL to fetch the next set of entity query templates. - :vartype next_link: str - :ivar value: Array of entity query templates. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.EntityQueryTemplate] + :ivar target_entity_id: The target entity Id. + :vartype target_entity_id: str + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] """ - _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, - } - _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[EntityQueryTemplate]"}, + "target_entity_id": {"key": "targetEntityId", "type": "str"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, } - def __init__(self, *, value: List["_models.EntityQueryTemplate"], **kwargs): + def __init__( + self, *, target_entity_id: Optional[str] = None, additional_data: Optional[Dict[str, Any]] = None, **kwargs: Any + ) -> None: """ - :keyword value: Array of entity query templates. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.EntityQueryTemplate] + :keyword target_entity_id: The target entity Id. + :paramtype target_entity_id: str + :keyword additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :paramtype additional_data: dict[str, any] """ super().__init__(**kwargs) - self.next_link = None - self.value = value - + self.target_entity_id = target_entity_id + self.additional_data = additional_data -class EntityTimelineParameters(_serialization.Model): - """The parameters required to execute s timeline operation on the given entity. - All required parameters must be populated in order to send to Azure. +class EntityExpandParameters(_serialization.Model): + """The parameters required to execute an expand operation on the given entity. - :ivar kinds: Array of timeline Item kinds. - :vartype kinds: list[str or ~azure.mgmt.securityinsight.models.EntityTimelineKind] - :ivar start_time: The start timeline date, so the results returned are after this date. - Required. - :vartype start_time: ~datetime.datetime - :ivar end_time: The end timeline date, so the results returned are before this date. Required. - :vartype end_time: ~datetime.datetime - :ivar number_of_bucket: The number of bucket for timeline queries aggregation. - :vartype number_of_bucket: int + :ivar end_time: The end date filter, so the only expansion results returned are before this + date. + :vartype end_time: ~datetime.datetime + :ivar expansion_id: The Id of the expansion to perform. + :vartype expansion_id: str + :ivar start_time: The start date filter, so the only expansion results returned are after this + date. + :vartype start_time: ~datetime.datetime """ - _validation = { - "start_time": {"required": True}, - "end_time": {"required": True}, - } - _attribute_map = { - "kinds": {"key": "kinds", "type": "[str]"}, - "start_time": {"key": "startTime", "type": "iso-8601"}, "end_time": {"key": "endTime", "type": "iso-8601"}, - "number_of_bucket": {"key": "numberOfBucket", "type": "int"}, + "expansion_id": {"key": "expansionId", "type": "str"}, + "start_time": {"key": "startTime", "type": "iso-8601"}, } def __init__( self, *, - start_time: datetime.datetime, - end_time: datetime.datetime, - kinds: Optional[List[Union[str, "_models.EntityTimelineKind"]]] = None, - number_of_bucket: Optional[int] = None, - **kwargs - ): + end_time: Optional[datetime.datetime] = None, + expansion_id: Optional[str] = None, + start_time: Optional[datetime.datetime] = None, + **kwargs: Any + ) -> None: """ - :keyword kinds: Array of timeline Item kinds. - :paramtype kinds: list[str or ~azure.mgmt.securityinsight.models.EntityTimelineKind] - :keyword start_time: The start timeline date, so the results returned are after this date. - Required. - :paramtype start_time: ~datetime.datetime - :keyword end_time: The end timeline date, so the results returned are before this date. - Required. + :keyword end_time: The end date filter, so the only expansion results returned are before this + date. :paramtype end_time: ~datetime.datetime - :keyword number_of_bucket: The number of bucket for timeline queries aggregation. - :paramtype number_of_bucket: int + :keyword expansion_id: The Id of the expansion to perform. + :paramtype expansion_id: str + :keyword start_time: The start date filter, so the only expansion results returned are after + this date. + :paramtype start_time: ~datetime.datetime """ super().__init__(**kwargs) - self.kinds = kinds - self.start_time = start_time self.end_time = end_time - self.number_of_bucket = number_of_bucket + self.expansion_id = expansion_id + self.start_time = start_time -class EntityTimelineResponse(_serialization.Model): - """The entity timeline result operation response. +class EntityExpandResponse(_serialization.Model): + """The entity expansion result operation response. - :ivar meta_data: The metadata from the timeline operation results. - :vartype meta_data: ~azure.mgmt.securityinsight.models.TimelineResultsMetadata - :ivar value: The timeline result values. - :vartype value: list[~azure.mgmt.securityinsight.models.EntityTimelineItem] + :ivar meta_data: The metadata from the expansion operation results. + :vartype meta_data: ~azure.mgmt.securityinsight.models.ExpansionResultsMetadata + :ivar value: The expansion result values. + :vartype value: ~azure.mgmt.securityinsight.models.EntityExpandResponseValue """ _attribute_map = { - "meta_data": {"key": "metaData", "type": "TimelineResultsMetadata"}, - "value": {"key": "value", "type": "[EntityTimelineItem]"}, + "meta_data": {"key": "metaData", "type": "ExpansionResultsMetadata"}, + "value": {"key": "value", "type": "EntityExpandResponseValue"}, } def __init__( self, *, - meta_data: Optional["_models.TimelineResultsMetadata"] = None, - value: Optional[List["_models.EntityTimelineItem"]] = None, - **kwargs - ): + meta_data: Optional["_models.ExpansionResultsMetadata"] = None, + value: Optional["_models.EntityExpandResponseValue"] = None, + **kwargs: Any + ) -> None: """ - :keyword meta_data: The metadata from the timeline operation results. - :paramtype meta_data: ~azure.mgmt.securityinsight.models.TimelineResultsMetadata - :keyword value: The timeline result values. - :paramtype value: list[~azure.mgmt.securityinsight.models.EntityTimelineItem] + :keyword meta_data: The metadata from the expansion operation results. + :paramtype meta_data: ~azure.mgmt.securityinsight.models.ExpansionResultsMetadata + :keyword value: The expansion result values. + :paramtype value: ~azure.mgmt.securityinsight.models.EntityExpandResponseValue """ super().__init__(**kwargs) self.meta_data = meta_data self.value = value -class EventGroupingSettings(_serialization.Model): - """Event grouping settings property bag. +class EntityExpandResponseValue(_serialization.Model): + """The expansion result values. - :ivar aggregation_kind: The event grouping aggregation kinds. Known values are: "SingleAlert" - and "AlertPerResult". - :vartype aggregation_kind: str or - ~azure.mgmt.securityinsight.models.EventGroupingAggregationKind + :ivar entities: Array of the expansion result entities. + :vartype entities: list[~azure.mgmt.securityinsight.models.Entity] + :ivar edges: Array of edges that connects the entity to the list of entities. + :vartype edges: list[~azure.mgmt.securityinsight.models.EntityEdges] """ _attribute_map = { - "aggregation_kind": {"key": "aggregationKind", "type": "str"}, + "entities": {"key": "entities", "type": "[Entity]"}, + "edges": {"key": "edges", "type": "[EntityEdges]"}, } def __init__( - self, *, aggregation_kind: Optional[Union[str, "_models.EventGroupingAggregationKind"]] = None, **kwargs - ): + self, + *, + entities: Optional[List["_models.Entity"]] = None, + edges: Optional[List["_models.EntityEdges"]] = None, + **kwargs: Any + ) -> None: """ - :keyword aggregation_kind: The event grouping aggregation kinds. Known values are: - "SingleAlert" and "AlertPerResult". - :paramtype aggregation_kind: str or - ~azure.mgmt.securityinsight.models.EventGroupingAggregationKind + :keyword entities: Array of the expansion result entities. + :paramtype entities: list[~azure.mgmt.securityinsight.models.Entity] + :keyword edges: Array of edges that connects the entity to the list of entities. + :paramtype edges: list[~azure.mgmt.securityinsight.models.EntityEdges] """ super().__init__(**kwargs) - self.aggregation_kind = aggregation_kind - - -class ExpansionEntityQuery(EntityQuery): # pylint: disable=too-many-instance-attributes - """Represents Expansion entity query. + self.entities = entities + self.edges = edges - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class EntityFieldMapping(_serialization.Model): + """Map identifiers of a single entity. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: the entity query kind. Required. Known values are: "Expansion", "Insight", and - "Activity". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind - :ivar data_sources: List of the data sources that are required to run the query. - :vartype data_sources: list[str] - :ivar display_name: The query display name. - :vartype display_name: str - :ivar input_entity_type: The type of the query's source entity. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", - "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", - "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", - and "Nic". - :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :ivar input_fields: List of the fields of the source entity that are required to run the query. - :vartype input_fields: list[str] - :ivar output_entity_types: List of the desired output types to be constructed from the result. - :vartype output_entity_types: list[str or ~azure.mgmt.securityinsight.models.EntityType] - :ivar query_template: The template query string to be parsed and formatted. - :vartype query_template: str + :ivar identifier: Alert V3 identifier. + :vartype identifier: str + :ivar value: The value of the identifier. + :vartype value: str """ - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "data_sources": {"key": "properties.dataSources", "type": "[str]"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "input_entity_type": {"key": "properties.inputEntityType", "type": "str"}, - "input_fields": {"key": "properties.inputFields", "type": "[str]"}, - "output_entity_types": {"key": "properties.outputEntityTypes", "type": "[str]"}, - "query_template": {"key": "properties.queryTemplate", "type": "str"}, + "identifier": {"key": "identifier", "type": "str"}, + "value": {"key": "value", "type": "str"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - data_sources: Optional[List[str]] = None, - display_name: Optional[str] = None, - input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, - input_fields: Optional[List[str]] = None, - output_entity_types: Optional[List[Union[str, "_models.EntityType"]]] = None, - query_template: Optional[str] = None, - **kwargs - ): + def __init__(self, *, identifier: Optional[str] = None, value: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword data_sources: List of the data sources that are required to run the query. - :paramtype data_sources: list[str] - :keyword display_name: The query display name. - :paramtype display_name: str - :keyword input_entity_type: The type of the query's source entity. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", - "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", - "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", - and "Nic". - :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :keyword input_fields: List of the fields of the source entity that are required to run the - query. - :paramtype input_fields: list[str] - :keyword output_entity_types: List of the desired output types to be constructed from the - result. - :paramtype output_entity_types: list[str or ~azure.mgmt.securityinsight.models.EntityType] - :keyword query_template: The template query string to be parsed and formatted. - :paramtype query_template: str + :keyword identifier: Alert V3 identifier. + :paramtype identifier: str + :keyword value: The value of the identifier. + :paramtype value: str """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "Expansion" - self.data_sources = data_sources - self.display_name = display_name - self.input_entity_type = input_entity_type - self.input_fields = input_fields - self.output_entity_types = output_entity_types - self.query_template = query_template + super().__init__(**kwargs) + self.identifier = identifier + self.value = value -class ExpansionResultAggregation(_serialization.Model): - """Information of a specific aggregation in the expansion result. +class EntityGetInsightsParameters(_serialization.Model): + """The parameters required to execute insights operation on the given entity. All required parameters must be populated in order to send to Azure. - :ivar aggregation_type: The common type of the aggregation. (for e.g. entity field name). - :vartype aggregation_type: str - :ivar count: Total number of aggregations of the given kind (and aggregationType if given) in - the expansion result. Required. - :vartype count: int - :ivar display_name: The display name of the aggregation by type. - :vartype display_name: str - :ivar entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", - "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", - "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and - "Nic". - :vartype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :ivar start_time: The start timeline date, so the results returned are after this date. + Required. + :vartype start_time: ~datetime.datetime + :ivar end_time: The end timeline date, so the results returned are before this date. Required. + :vartype end_time: ~datetime.datetime + :ivar add_default_extended_time_range: Indicates if query time range should be extended with + default time range of the query. Default value is false. + :vartype add_default_extended_time_range: bool + :ivar insight_query_ids: List of Insights Query Id. If empty, default value is all insights of + this entity. + :vartype insight_query_ids: list[str] """ _validation = { - "count": {"required": True}, - "entity_kind": {"required": True}, + "start_time": {"required": True}, + "end_time": {"required": True}, } _attribute_map = { - "aggregation_type": {"key": "aggregationType", "type": "str"}, - "count": {"key": "count", "type": "int"}, - "display_name": {"key": "displayName", "type": "str"}, - "entity_kind": {"key": "entityKind", "type": "str"}, + "start_time": {"key": "startTime", "type": "iso-8601"}, + "end_time": {"key": "endTime", "type": "iso-8601"}, + "add_default_extended_time_range": {"key": "addDefaultExtendedTimeRange", "type": "bool"}, + "insight_query_ids": {"key": "insightQueryIds", "type": "[str]"}, } def __init__( self, *, - count: int, - entity_kind: Union[str, "_models.EntityKind"], - aggregation_type: Optional[str] = None, - display_name: Optional[str] = None, - **kwargs - ): + start_time: datetime.datetime, + end_time: datetime.datetime, + add_default_extended_time_range: Optional[bool] = None, + insight_query_ids: Optional[List[str]] = None, + **kwargs: Any + ) -> None: """ - :keyword aggregation_type: The common type of the aggregation. (for e.g. entity field name). - :paramtype aggregation_type: str - :keyword count: Total number of aggregations of the given kind (and aggregationType if given) - in the expansion result. Required. - :paramtype count: int - :keyword display_name: The display name of the aggregation by type. - :paramtype display_name: str - :keyword entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", - "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", - "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and - "Nic". - :paramtype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :keyword start_time: The start timeline date, so the results returned are after this date. + Required. + :paramtype start_time: ~datetime.datetime + :keyword end_time: The end timeline date, so the results returned are before this date. + Required. + :paramtype end_time: ~datetime.datetime + :keyword add_default_extended_time_range: Indicates if query time range should be extended with + default time range of the query. Default value is false. + :paramtype add_default_extended_time_range: bool + :keyword insight_query_ids: List of Insights Query Id. If empty, default value is all insights + of this entity. + :paramtype insight_query_ids: list[str] """ super().__init__(**kwargs) - self.aggregation_type = aggregation_type - self.count = count - self.display_name = display_name - self.entity_kind = entity_kind + self.start_time = start_time + self.end_time = end_time + self.add_default_extended_time_range = add_default_extended_time_range + self.insight_query_ids = insight_query_ids -class ExpansionResultsMetadata(_serialization.Model): - """Expansion result metadata. +class EntityGetInsightsResponse(_serialization.Model): + """The Get Insights result operation response. - :ivar aggregations: Information of the aggregated nodes in the expansion result. - :vartype aggregations: list[~azure.mgmt.securityinsight.models.ExpansionResultAggregation] + :ivar meta_data: The metadata from the get insights operation results. + :vartype meta_data: ~azure.mgmt.securityinsight.models.GetInsightsResultsMetadata + :ivar value: The insights result values. + :vartype value: list[~azure.mgmt.securityinsight.models.EntityInsightItem] """ _attribute_map = { - "aggregations": {"key": "aggregations", "type": "[ExpansionResultAggregation]"}, + "meta_data": {"key": "metaData", "type": "GetInsightsResultsMetadata"}, + "value": {"key": "value", "type": "[EntityInsightItem]"}, } - def __init__(self, *, aggregations: Optional[List["_models.ExpansionResultAggregation"]] = None, **kwargs): + def __init__( + self, + *, + meta_data: Optional["_models.GetInsightsResultsMetadata"] = None, + value: Optional[List["_models.EntityInsightItem"]] = None, + **kwargs: Any + ) -> None: """ - :keyword aggregations: Information of the aggregated nodes in the expansion result. - :paramtype aggregations: list[~azure.mgmt.securityinsight.models.ExpansionResultAggregation] + :keyword meta_data: The metadata from the get insights operation results. + :paramtype meta_data: ~azure.mgmt.securityinsight.models.GetInsightsResultsMetadata + :keyword value: The insights result values. + :paramtype value: list[~azure.mgmt.securityinsight.models.EntityInsightItem] """ super().__init__(**kwargs) - self.aggregations = aggregations - - -class EyesOn(Settings): - """Settings with single toggle. + self.meta_data = meta_data + self.value = value - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class EntityInsightItem(_serialization.Model): + """Entity insight Item. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", - "EntityAnalytics", and "Ueba". - :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind - :ivar is_enabled: Determines whether the setting is enable or disabled. - :vartype is_enabled: bool + :ivar query_id: The query id of the insight. + :vartype query_id: str + :ivar query_time_interval: The Time interval that the query actually executed on. + :vartype query_time_interval: + ~azure.mgmt.securityinsight.models.EntityInsightItemQueryTimeInterval + :ivar table_query_results: Query results for table insights query. + :vartype table_query_results: ~azure.mgmt.securityinsight.models.InsightsTableResult + :ivar chart_query_results: Query results for table insights query. + :vartype chart_query_results: list[~azure.mgmt.securityinsight.models.InsightsTableResult] """ - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "is_enabled": {"readonly": True}, - } - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "is_enabled": {"key": "properties.isEnabled", "type": "bool"}, + "query_id": {"key": "queryId", "type": "str"}, + "query_time_interval": {"key": "queryTimeInterval", "type": "EntityInsightItemQueryTimeInterval"}, + "table_query_results": {"key": "tableQueryResults", "type": "InsightsTableResult"}, + "chart_query_results": {"key": "chartQueryResults", "type": "[InsightsTableResult]"}, } - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__( + self, + *, + query_id: Optional[str] = None, + query_time_interval: Optional["_models.EntityInsightItemQueryTimeInterval"] = None, + table_query_results: Optional["_models.InsightsTableResult"] = None, + chart_query_results: Optional[List["_models.InsightsTableResult"]] = None, + **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str + :keyword query_id: The query id of the insight. + :paramtype query_id: str + :keyword query_time_interval: The Time interval that the query actually executed on. + :paramtype query_time_interval: + ~azure.mgmt.securityinsight.models.EntityInsightItemQueryTimeInterval + :keyword table_query_results: Query results for table insights query. + :paramtype table_query_results: ~azure.mgmt.securityinsight.models.InsightsTableResult + :keyword chart_query_results: Query results for table insights query. + :paramtype chart_query_results: list[~azure.mgmt.securityinsight.models.InsightsTableResult] """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "EyesOn" - self.is_enabled = None + super().__init__(**kwargs) + self.query_id = query_id + self.query_time_interval = query_time_interval + self.table_query_results = table_query_results + self.chart_query_results = chart_query_results -class FieldMapping(_serialization.Model): - """A single field mapping of the mapped entity. +class EntityInsightItemQueryTimeInterval(_serialization.Model): + """The Time interval that the query actually executed on. - :ivar identifier: the V3 identifier of the entity. - :vartype identifier: str - :ivar column_name: the column name to be mapped to the identifier. - :vartype column_name: str + :ivar start_time: Insight query start time. + :vartype start_time: ~datetime.datetime + :ivar end_time: Insight query end time. + :vartype end_time: ~datetime.datetime """ _attribute_map = { - "identifier": {"key": "identifier", "type": "str"}, - "column_name": {"key": "columnName", "type": "str"}, + "start_time": {"key": "startTime", "type": "iso-8601"}, + "end_time": {"key": "endTime", "type": "iso-8601"}, } - def __init__(self, *, identifier: Optional[str] = None, column_name: Optional[str] = None, **kwargs): + def __init__( + self, + *, + start_time: Optional[datetime.datetime] = None, + end_time: Optional[datetime.datetime] = None, + **kwargs: Any + ) -> None: """ - :keyword identifier: the V3 identifier of the entity. - :paramtype identifier: str - :keyword column_name: the column name to be mapped to the identifier. - :paramtype column_name: str + :keyword start_time: Insight query start time. + :paramtype start_time: ~datetime.datetime + :keyword end_time: Insight query end time. + :paramtype end_time: ~datetime.datetime """ super().__init__(**kwargs) - self.identifier = identifier - self.column_name = column_name + self.start_time = start_time + self.end_time = end_time -class FileEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a file entity. +class EntityList(_serialization.Model): + """List of all the entities. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar directory: The full path to the file. - :vartype directory: str - :ivar file_hash_entity_ids: The file hash entity identifiers associated with this file. - :vartype file_hash_entity_ids: list[str] - :ivar file_name: The file name without path (some alerts might not include path). - :vartype file_name: str - :ivar host_entity_id: The Host entity id which the file belongs to. - :vartype host_entity_id: str + :ivar next_link: URL to fetch the next set of entities. + :vartype next_link: str + :ivar value: Array of entities. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Entity] """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "directory": {"readonly": True}, - "file_hash_entity_ids": {"readonly": True}, - "file_name": {"readonly": True}, - "host_entity_id": {"readonly": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "directory": {"key": "properties.directory", "type": "str"}, - "file_hash_entity_ids": {"key": "properties.fileHashEntityIds", "type": "[str]"}, - "file_name": {"key": "properties.fileName", "type": "str"}, - "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Entity]"}, } - def __init__(self, **kwargs): - """ """ + def __init__(self, *, value: List["_models.Entity"], **kwargs: Any) -> None: + """ + :keyword value: Array of entities. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Entity] + """ super().__init__(**kwargs) - self.kind: str = "File" - self.additional_data = None - self.friendly_name = None - self.directory = None - self.file_hash_entity_ids = None - self.file_name = None - self.host_entity_id = None - + self.next_link = None + self.value = value -class FileEntityProperties(EntityCommonProperties): - """File entity property bag. - Variables are only populated by the server, and will be ignored when sending a request. +class EntityManualTriggerRequestBody(_serialization.Model): + """Describes the request body for triggering a playbook on an entity. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar directory: The full path to the file. - :vartype directory: str - :ivar file_hash_entity_ids: The file hash entity identifiers associated with this file. - :vartype file_hash_entity_ids: list[str] - :ivar file_name: The file name without path (some alerts might not include path). - :vartype file_name: str - :ivar host_entity_id: The Host entity id which the file belongs to. - :vartype host_entity_id: str + All required parameters must be populated in order to send to Azure. + + :ivar incident_arm_id: Incident ARM id. + :vartype incident_arm_id: str + :ivar tenant_id: The tenant id of the playbook resource. + :vartype tenant_id: str + :ivar logic_apps_resource_id: The resource id of the playbook resource. Required. + :vartype logic_apps_resource_id: str """ _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "directory": {"readonly": True}, - "file_hash_entity_ids": {"readonly": True}, - "file_name": {"readonly": True}, - "host_entity_id": {"readonly": True}, + "logic_apps_resource_id": {"required": True}, } _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "directory": {"key": "directory", "type": "str"}, - "file_hash_entity_ids": {"key": "fileHashEntityIds", "type": "[str]"}, - "file_name": {"key": "fileName", "type": "str"}, - "host_entity_id": {"key": "hostEntityId", "type": "str"}, + "incident_arm_id": {"key": "incidentArmId", "type": "str"}, + "tenant_id": {"key": "tenantId", "type": "str"}, + "logic_apps_resource_id": {"key": "logicAppsResourceId", "type": "str"}, } - def __init__(self, **kwargs): - """ """ + def __init__( + self, + *, + logic_apps_resource_id: str, + incident_arm_id: Optional[str] = None, + tenant_id: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword incident_arm_id: Incident ARM id. + :paramtype incident_arm_id: str + :keyword tenant_id: The tenant id of the playbook resource. + :paramtype tenant_id: str + :keyword logic_apps_resource_id: The resource id of the playbook resource. Required. + :paramtype logic_apps_resource_id: str + """ super().__init__(**kwargs) - self.directory = None - self.file_hash_entity_ids = None - self.file_name = None - self.host_entity_id = None + self.incident_arm_id = incident_arm_id + self.tenant_id = tenant_id + self.logic_apps_resource_id = logic_apps_resource_id -class FileHashEntity(Entity): - """Represents a file hash entity. +class EntityMapping(_serialization.Model): + """Single entity mapping for the alert rule. + + :ivar entity_type: The V3 type of the mapped entity. Known values are: "Account", "Host", "IP", + "Malware", "File", "Process", "CloudApplication", "DNS", "AzureResource", "FileHash", + "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "Mailbox", "MailCluster", + "MailMessage", and "SubmissionMail". + :vartype entity_type: str or ~azure.mgmt.securityinsight.models.EntityMappingType + :ivar field_mappings: array of field mappings for the given entity mapping. + :vartype field_mappings: list[~azure.mgmt.securityinsight.models.FieldMapping] + """ + + _attribute_map = { + "entity_type": {"key": "entityType", "type": "str"}, + "field_mappings": {"key": "fieldMappings", "type": "[FieldMapping]"}, + } + + def __init__( + self, + *, + entity_type: Optional[Union[str, "_models.EntityMappingType"]] = None, + field_mappings: Optional[List["_models.FieldMapping"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword entity_type: The V3 type of the mapped entity. Known values are: "Account", "Host", + "IP", "Malware", "File", "Process", "CloudApplication", "DNS", "AzureResource", "FileHash", + "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "Mailbox", "MailCluster", + "MailMessage", and "SubmissionMail". + :paramtype entity_type: str or ~azure.mgmt.securityinsight.models.EntityMappingType + :keyword field_mappings: array of field mappings for the given entity mapping. + :paramtype field_mappings: list[~azure.mgmt.securityinsight.models.FieldMapping] + """ + super().__init__(**kwargs) + self.entity_type = entity_type + self.field_mappings = field_mappings + + +class EntityQueryItem(_serialization.Model): + """An abstract Query item for entity. + + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + InsightQueryItem Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :ivar id: Query Template ARM ID. :vartype id: str - :ivar name: The name of the resource. + :ivar name: Query Template ARM Name. :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". + :ivar type: ARM Type. :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar algorithm: The hash algorithm type. Known values are: "Unknown", "MD5", "SHA1", "SHA256", - and "SHA256AC". - :vartype algorithm: str or ~azure.mgmt.securityinsight.models.FileHashAlgorithm - :ivar hash_value: The file hash value. - :vartype hash_value: str + :ivar kind: The kind of the entity query. Required. Known values are: "Expansion", "Insight", + and "Activity". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind """ _validation = { "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "algorithm": {"readonly": True}, - "hash_value": {"readonly": True}, } _attribute_map = { "id": {"key": "id", "type": "str"}, "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "algorithm": {"key": "properties.algorithm", "type": "str"}, - "hash_value": {"key": "properties.hashValue", "type": "str"}, } - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: str = "FileHash" - self.additional_data = None - self.friendly_name = None - self.algorithm = None - self.hash_value = None + _subtype_map = {"kind": {"Insight": "InsightQueryItem"}} + def __init__(self, *, name: Optional[str] = None, type: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword name: Query Template ARM Name. + :paramtype name: str + :keyword type: ARM Type. + :paramtype type: str + """ + super().__init__(**kwargs) + self.id = None + self.name = name + self.type = type + self.kind: Optional[str] = None -class FileHashEntityProperties(EntityCommonProperties): - """FileHash entity property bag. - Variables are only populated by the server, and will be ignored when sending a request. +class EntityQueryItemProperties(_serialization.Model): + """An properties abstract Query item for entity. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar algorithm: The hash algorithm type. Known values are: "Unknown", "MD5", "SHA1", "SHA256", - and "SHA256AC". - :vartype algorithm: str or ~azure.mgmt.securityinsight.models.FileHashAlgorithm - :ivar hash_value: The file hash value. - :vartype hash_value: str + :ivar data_types: Data types for template. + :vartype data_types: + list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] + :ivar input_entity_type: The type of the entity. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", + "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :ivar required_input_fields_sets: Data types for template. + :vartype required_input_fields_sets: list[list[str]] + :ivar entities_filter: The query applied only to entities matching to all filters. + :vartype entities_filter: JSON """ - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "algorithm": {"readonly": True}, - "hash_value": {"readonly": True}, + _attribute_map = { + "data_types": {"key": "dataTypes", "type": "[EntityQueryItemPropertiesDataTypesItem]"}, + "input_entity_type": {"key": "inputEntityType", "type": "str"}, + "required_input_fields_sets": {"key": "requiredInputFieldsSets", "type": "[[str]]"}, + "entities_filter": {"key": "entitiesFilter", "type": "object"}, } + def __init__( + self, + *, + data_types: Optional[List["_models.EntityQueryItemPropertiesDataTypesItem"]] = None, + input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, + required_input_fields_sets: Optional[List[List[str]]] = None, + entities_filter: Optional[JSON] = None, + **kwargs: Any + ) -> None: + """ + :keyword data_types: Data types for template. + :paramtype data_types: + list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] + :keyword input_entity_type: The type of the entity. Known values are: "Account", "Host", + "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", + "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :keyword required_input_fields_sets: Data types for template. + :paramtype required_input_fields_sets: list[list[str]] + :keyword entities_filter: The query applied only to entities matching to all filters. + :paramtype entities_filter: JSON + """ + super().__init__(**kwargs) + self.data_types = data_types + self.input_entity_type = input_entity_type + self.required_input_fields_sets = required_input_fields_sets + self.entities_filter = entities_filter + + +class EntityQueryItemPropertiesDataTypesItem(_serialization.Model): + """EntityQueryItemPropertiesDataTypesItem. + + :ivar data_type: Data type name. + :vartype data_type: str + """ + _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "algorithm": {"key": "algorithm", "type": "str"}, - "hash_value": {"key": "hashValue", "type": "str"}, + "data_type": {"key": "dataType", "type": "str"}, } - def __init__(self, **kwargs): - """ """ + def __init__(self, *, data_type: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword data_type: Data type name. + :paramtype data_type: str + """ super().__init__(**kwargs) - self.algorithm = None - self.hash_value = None + self.data_type = data_type -class FileImport(Resource): # pylint: disable=too-many-instance-attributes - """Represents a file import in Azure Security Insights. +class EntityQueryList(_serialization.Model): + """List of all the entity queries. Variables are only populated by the server, and will be ignored when sending a request. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar ingestion_mode: Describes how to ingest the records in the file. Known values are: - "IngestOnlyIfAllAreValid", "IngestAnyValidRecords", and "Unspecified". - :vartype ingestion_mode: str or ~azure.mgmt.securityinsight.models.IngestionMode - :ivar content_type: The content type of this file. Known values are: "BasicIndicator", - "StixIndicator", and "Unspecified". - :vartype content_type: str or ~azure.mgmt.securityinsight.models.FileImportContentType - :ivar created_time_utc: The time the file was imported. - :vartype created_time_utc: ~datetime.datetime - :ivar error_file: Represents the error file (if the import was ingested with errors or failed - the validation). - :vartype error_file: ~azure.mgmt.securityinsight.models.FileMetadata - :ivar errors_preview: An ordered list of some of the errors that were encountered during - validation. - :vartype errors_preview: list[~azure.mgmt.securityinsight.models.ValidationError] - :ivar import_file: Represents the imported file. - :vartype import_file: ~azure.mgmt.securityinsight.models.FileMetadata - :ivar ingested_record_count: The number of records that have been successfully ingested. - :vartype ingested_record_count: int - :ivar source: The source for the data in the file. - :vartype source: str - :ivar state: The state of the file import. Known values are: "FatalError", "Ingested", - "IngestedWithErrors", "InProgress", "Invalid", "WaitingForUpload", and "Unspecified". - :vartype state: str or ~azure.mgmt.securityinsight.models.FileImportState - :ivar total_record_count: The number of records in the file. - :vartype total_record_count: int - :ivar valid_record_count: The number of records that have passed validation. - :vartype valid_record_count: int - :ivar files_valid_until_time_utc: The time the files associated with this import are deleted - from the storage account. - :vartype files_valid_until_time_utc: ~datetime.datetime - :ivar import_valid_until_time_utc: The time the file import record is soft deleted from the - database and history. - :vartype import_valid_until_time_utc: ~datetime.datetime + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of entity queries. + :vartype next_link: str + :ivar value: Array of entity queries. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.EntityQuery] """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "created_time_utc": {"readonly": True}, - "error_file": {"readonly": True}, - "errors_preview": {"readonly": True}, - "ingested_record_count": {"readonly": True}, - "state": {"readonly": True}, - "total_record_count": {"readonly": True}, - "valid_record_count": {"readonly": True}, - "files_valid_until_time_utc": {"readonly": True}, - "import_valid_until_time_utc": {"readonly": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "ingestion_mode": {"key": "properties.ingestionMode", "type": "str"}, - "content_type": {"key": "properties.contentType", "type": "str"}, - "created_time_utc": {"key": "properties.createdTimeUTC", "type": "iso-8601"}, - "error_file": {"key": "properties.errorFile", "type": "FileMetadata"}, - "errors_preview": {"key": "properties.errorsPreview", "type": "[ValidationError]"}, - "import_file": {"key": "properties.importFile", "type": "FileMetadata"}, - "ingested_record_count": {"key": "properties.ingestedRecordCount", "type": "int"}, - "source": {"key": "properties.source", "type": "str"}, - "state": {"key": "properties.state", "type": "str"}, - "total_record_count": {"key": "properties.totalRecordCount", "type": "int"}, - "valid_record_count": {"key": "properties.validRecordCount", "type": "int"}, - "files_valid_until_time_utc": {"key": "properties.filesValidUntilTimeUTC", "type": "iso-8601"}, - "import_valid_until_time_utc": {"key": "properties.importValidUntilTimeUTC", "type": "iso-8601"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[EntityQuery]"}, } - def __init__( - self, - *, - ingestion_mode: Optional[Union[str, "_models.IngestionMode"]] = None, - content_type: Optional[Union[str, "_models.FileImportContentType"]] = None, - import_file: Optional["_models.FileMetadata"] = None, - source: Optional[str] = None, - **kwargs - ): + def __init__(self, *, value: List["_models.EntityQuery"], **kwargs: Any) -> None: """ - :keyword ingestion_mode: Describes how to ingest the records in the file. Known values are: - "IngestOnlyIfAllAreValid", "IngestAnyValidRecords", and "Unspecified". - :paramtype ingestion_mode: str or ~azure.mgmt.securityinsight.models.IngestionMode - :keyword content_type: The content type of this file. Known values are: "BasicIndicator", - "StixIndicator", and "Unspecified". - :paramtype content_type: str or ~azure.mgmt.securityinsight.models.FileImportContentType - :keyword import_file: Represents the imported file. - :paramtype import_file: ~azure.mgmt.securityinsight.models.FileMetadata - :keyword source: The source for the data in the file. - :paramtype source: str + :keyword value: Array of entity queries. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.EntityQuery] """ super().__init__(**kwargs) - self.ingestion_mode = ingestion_mode - self.content_type = content_type - self.created_time_utc = None - self.error_file = None - self.errors_preview = None - self.import_file = import_file - self.ingested_record_count = None - self.source = source - self.state = None - self.total_record_count = None - self.valid_record_count = None - self.files_valid_until_time_utc = None - self.import_valid_until_time_utc = None + self.next_link = None + self.value = value -class FileImportList(_serialization.Model): - """List all the file imports. +class EntityQueryTemplateList(_serialization.Model): + """List of all the entity query templates. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of file imports. + :ivar next_link: URL to fetch the next set of entity query templates. :vartype next_link: str - :ivar value: Array of file imports. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.FileImport] + :ivar value: Array of entity query templates. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.EntityQueryTemplate] """ _validation = { @@ -8676,199 +8788,262 @@ class FileImportList(_serialization.Model): _attribute_map = { "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[FileImport]"}, + "value": {"key": "value", "type": "[EntityQueryTemplate]"}, } - def __init__(self, *, value: List["_models.FileImport"], **kwargs): + def __init__(self, *, value: List["_models.EntityQueryTemplate"], **kwargs: Any) -> None: """ - :keyword value: Array of file imports. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.FileImport] + :keyword value: Array of entity query templates. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.EntityQueryTemplate] """ super().__init__(**kwargs) self.next_link = None self.value = value -class FileMetadata(_serialization.Model): - """Represents a file. +class EntityTimelineParameters(_serialization.Model): + """The parameters required to execute s timeline operation on the given entity. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. - :ivar file_format: The format of the file. Known values are: "CSV", "JSON", and "Unspecified". - :vartype file_format: str or ~azure.mgmt.securityinsight.models.FileFormat - :ivar file_name: The name of the file. - :vartype file_name: str - :ivar file_size: The size of the file. - :vartype file_size: int - :ivar file_content_uri: A URI with a valid SAS token to allow uploading / downloading the file. - :vartype file_content_uri: str - :ivar delete_status: Indicates whether the file was deleted from the storage account. Known - values are: "Deleted", "NotDeleted", and "Unspecified". - :vartype delete_status: str or ~azure.mgmt.securityinsight.models.DeleteStatus + :ivar kinds: Array of timeline Item kinds. + :vartype kinds: list[str or ~azure.mgmt.securityinsight.models.EntityTimelineKind] + :ivar start_time: The start timeline date, so the results returned are after this date. + Required. + :vartype start_time: ~datetime.datetime + :ivar end_time: The end timeline date, so the results returned are before this date. Required. + :vartype end_time: ~datetime.datetime + :ivar number_of_bucket: The number of bucket for timeline queries aggregation. + :vartype number_of_bucket: int """ _validation = { - "file_content_uri": {"readonly": True}, - "delete_status": {"readonly": True}, + "start_time": {"required": True}, + "end_time": {"required": True}, } _attribute_map = { - "file_format": {"key": "fileFormat", "type": "str"}, - "file_name": {"key": "fileName", "type": "str"}, - "file_size": {"key": "fileSize", "type": "int"}, - "file_content_uri": {"key": "fileContentUri", "type": "str"}, - "delete_status": {"key": "deleteStatus", "type": "str"}, + "kinds": {"key": "kinds", "type": "[str]"}, + "start_time": {"key": "startTime", "type": "iso-8601"}, + "end_time": {"key": "endTime", "type": "iso-8601"}, + "number_of_bucket": {"key": "numberOfBucket", "type": "int"}, } def __init__( self, *, - file_format: Optional[Union[str, "_models.FileFormat"]] = None, - file_name: Optional[str] = None, - file_size: Optional[int] = None, - **kwargs - ): + start_time: datetime.datetime, + end_time: datetime.datetime, + kinds: Optional[List[Union[str, "_models.EntityTimelineKind"]]] = None, + number_of_bucket: Optional[int] = None, + **kwargs: Any + ) -> None: """ - :keyword file_format: The format of the file. Known values are: "CSV", "JSON", and - "Unspecified". - :paramtype file_format: str or ~azure.mgmt.securityinsight.models.FileFormat - :keyword file_name: The name of the file. - :paramtype file_name: str - :keyword file_size: The size of the file. - :paramtype file_size: int + :keyword kinds: Array of timeline Item kinds. + :paramtype kinds: list[str or ~azure.mgmt.securityinsight.models.EntityTimelineKind] + :keyword start_time: The start timeline date, so the results returned are after this date. + Required. + :paramtype start_time: ~datetime.datetime + :keyword end_time: The end timeline date, so the results returned are before this date. + Required. + :paramtype end_time: ~datetime.datetime + :keyword number_of_bucket: The number of bucket for timeline queries aggregation. + :paramtype number_of_bucket: int """ super().__init__(**kwargs) - self.file_format = file_format - self.file_name = file_name - self.file_size = file_size - self.file_content_uri = None - self.delete_status = None + self.kinds = kinds + self.start_time = start_time + self.end_time = end_time + self.number_of_bucket = number_of_bucket -class FusionAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes - """Represents Fusion alert rule. +class EntityTimelineResponse(_serialization.Model): + """The entity timeline result operation response. - Variables are only populated by the server, and will be ignored when sending a request. + :ivar meta_data: The metadata from the timeline operation results. + :vartype meta_data: ~azure.mgmt.securityinsight.models.TimelineResultsMetadata + :ivar value: The timeline result values. + :vartype value: list[~azure.mgmt.securityinsight.models.EntityTimelineItem] + """ + + _attribute_map = { + "meta_data": {"key": "metaData", "type": "TimelineResultsMetadata"}, + "value": {"key": "value", "type": "[EntityTimelineItem]"}, + } + + def __init__( + self, + *, + meta_data: Optional["_models.TimelineResultsMetadata"] = None, + value: Optional[List["_models.EntityTimelineItem"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword meta_data: The metadata from the timeline operation results. + :paramtype meta_data: ~azure.mgmt.securityinsight.models.TimelineResultsMetadata + :keyword value: The timeline result values. + :paramtype value: list[~azure.mgmt.securityinsight.models.EntityTimelineItem] + """ + super().__init__(**kwargs) + self.meta_data = meta_data + self.value = value + + +class Error(_serialization.Model): + """The error description for why a publication failed. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. - :vartype alert_rule_template_name: str - :ivar description: The description of the alert rule. - :vartype description: str - :ivar display_name: The display name for alerts created by this alert rule. - :vartype display_name: str - :ivar enabled: Determines whether this alert rule is enabled or disabled. - :vartype enabled: bool - :ivar source_settings: Configuration for all supported source signals in fusion detection. - :vartype source_settings: list[~azure.mgmt.securityinsight.models.FusionSourceSettings] - :ivar scenario_exclusion_patterns: Configuration to exclude scenarios in fusion detection. - :vartype scenario_exclusion_patterns: - list[~azure.mgmt.securityinsight.models.FusionScenarioExclusionPattern] - :ivar last_modified_utc: The last time that this alert has been modified. - :vartype last_modified_utc: ~datetime.datetime - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] + :ivar member_resource_name: The member resource name for which the publication error occured. + Required. + :vartype member_resource_name: str + :ivar error_message: The error message. Required. + :vartype error_message: str + """ + + _validation = { + "member_resource_name": {"required": True}, + "error_message": {"required": True}, + } + + _attribute_map = { + "member_resource_name": {"key": "memberResourceName", "type": "str"}, + "error_message": {"key": "errorMessage", "type": "str"}, + } + + def __init__(self, *, member_resource_name: str, error_message: str, **kwargs: Any) -> None: + """ + :keyword member_resource_name: The member resource name for which the publication error + occured. Required. + :paramtype member_resource_name: str + :keyword error_message: The error message. Required. + :paramtype error_message: str + """ + super().__init__(**kwargs) + self.member_resource_name = member_resource_name + self.error_message = error_message + + +class ErrorAdditionalInfo(_serialization.Model): + """The resource management error additional info. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar type: The additional info type. + :vartype type: str + :ivar info: The additional info. + :vartype info: JSON """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "description": {"readonly": True}, - "display_name": {"readonly": True}, - "last_modified_utc": {"readonly": True}, - "severity": {"readonly": True}, - "tactics": {"readonly": True}, - "techniques": {"readonly": True}, + "info": {"readonly": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "enabled": {"key": "properties.enabled", "type": "bool"}, - "source_settings": {"key": "properties.sourceSettings", "type": "[FusionSourceSettings]"}, - "scenario_exclusion_patterns": { - "key": "properties.scenarioExclusionPatterns", - "type": "[FusionScenarioExclusionPattern]", - }, - "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, - "severity": {"key": "properties.severity", "type": "str"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, + "info": {"key": "info", "type": "object"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.type = None + self.info = None + + +class ErrorDetail(_serialization.Model): + """The error detail. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar code: The error code. + :vartype code: str + :ivar message: The error message. + :vartype message: str + :ivar target: The error target. + :vartype target: str + :ivar details: The error details. + :vartype details: list[~azure.mgmt.securityinsight.models.ErrorDetail] + :ivar additional_info: The error additional info. + :vartype additional_info: list[~azure.mgmt.securityinsight.models.ErrorAdditionalInfo] + """ + + _validation = { + "code": {"readonly": True}, + "message": {"readonly": True}, + "target": {"readonly": True}, + "details": {"readonly": True}, + "additional_info": {"readonly": True}, + } + + _attribute_map = { + "code": {"key": "code", "type": "str"}, + "message": {"key": "message", "type": "str"}, + "target": {"key": "target", "type": "str"}, + "details": {"key": "details", "type": "[ErrorDetail]"}, + "additional_info": {"key": "additionalInfo", "type": "[ErrorAdditionalInfo]"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.code = None + self.message = None + self.target = None + self.details = None + self.additional_info = None + + +class ErrorResponse(_serialization.Model): + """Common error response for all Azure Resource Manager APIs to return error details for failed + operations. (This also follows the OData error response format.). + + :ivar error: The error object. + :vartype error: ~azure.mgmt.securityinsight.models.ErrorDetail + """ + + _attribute_map = { + "error": {"key": "error", "type": "ErrorDetail"}, + } + + def __init__(self, *, error: Optional["_models.ErrorDetail"] = None, **kwargs: Any) -> None: + """ + :keyword error: The error object. + :paramtype error: ~azure.mgmt.securityinsight.models.ErrorDetail + """ + super().__init__(**kwargs) + self.error = error + + +class EventGroupingSettings(_serialization.Model): + """Event grouping settings property bag. + + :ivar aggregation_kind: The event grouping aggregation kinds. Known values are: "SingleAlert" + and "AlertPerResult". + :vartype aggregation_kind: str or + ~azure.mgmt.securityinsight.models.EventGroupingAggregationKind + """ + + _attribute_map = { + "aggregation_kind": {"key": "aggregationKind", "type": "str"}, } def __init__( - self, - *, - etag: Optional[str] = None, - alert_rule_template_name: Optional[str] = None, - enabled: Optional[bool] = None, - source_settings: Optional[List["_models.FusionSourceSettings"]] = None, - scenario_exclusion_patterns: Optional[List["_models.FusionScenarioExclusionPattern"]] = None, - **kwargs - ): + self, *, aggregation_kind: Optional[Union[str, "_models.EventGroupingAggregationKind"]] = None, **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword alert_rule_template_name: The Name of the alert rule template used to create this - rule. - :paramtype alert_rule_template_name: str - :keyword enabled: Determines whether this alert rule is enabled or disabled. - :paramtype enabled: bool - :keyword source_settings: Configuration for all supported source signals in fusion detection. - :paramtype source_settings: list[~azure.mgmt.securityinsight.models.FusionSourceSettings] - :keyword scenario_exclusion_patterns: Configuration to exclude scenarios in fusion detection. - :paramtype scenario_exclusion_patterns: - list[~azure.mgmt.securityinsight.models.FusionScenarioExclusionPattern] + :keyword aggregation_kind: The event grouping aggregation kinds. Known values are: + "SingleAlert" and "AlertPerResult". + :paramtype aggregation_kind: str or + ~azure.mgmt.securityinsight.models.EventGroupingAggregationKind """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "Fusion" - self.alert_rule_template_name = alert_rule_template_name - self.description = None - self.display_name = None - self.enabled = enabled - self.source_settings = source_settings - self.scenario_exclusion_patterns = scenario_exclusion_patterns - self.last_modified_utc = None - self.severity = None - self.tactics = None - self.techniques = None + super().__init__(**kwargs) + self.aggregation_kind = aggregation_kind -class FusionAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes - """Represents Fusion alert rule template. +class ExpansionEntityQuery(EntityQuery): # pylint: disable=too-many-instance-attributes + """Represents Expansion entity query. Variables are only populated by the server, and will be ignored when sending a request. @@ -8885,36 +9060,27 @@ class FusionAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-in :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar last_updated_date_utc: The time that this alert rule template was last updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: the entity query kind. Required. Known values are: "Expansion", "Insight", and + "Activity". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind + :ivar data_sources: List of the data sources that are required to run the query. + :vartype data_sources: list[str] + :ivar display_name: The query display name. :vartype display_name: str - :ivar required_data_connectors: The required data connectors for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar tactics: The tactics of the alert rule template. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - :ivar source_settings: All supported source signal configurations consumed in fusion detection. - :vartype source_settings: list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSetting] + :ivar input_entity_type: The type of the query's source entity. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", + "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", + "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", + and "Nic". + :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :ivar input_fields: List of the fields of the source entity that are required to run the query. + :vartype input_fields: list[str] + :ivar output_entity_types: List of the desired output types to be constructed from the result. + :vartype output_entity_types: list[str or ~azure.mgmt.securityinsight.models.EntityType] + :ivar query_template: The template query string to be parsed and formatted. + :vartype query_template: str """ _validation = { @@ -8923,8 +9089,6 @@ class FusionAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-in "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "created_date_utc": {"readonly": True}, - "last_updated_date_utc": {"readonly": True}, } _attribute_map = { @@ -8932,693 +9096,678 @@ class FusionAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-in "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, - "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, - "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, - "description": {"key": "properties.description", "type": "str"}, + "data_sources": {"key": "properties.dataSources", "type": "[str]"}, "display_name": {"key": "properties.displayName", "type": "str"}, - "required_data_connectors": { - "key": "properties.requiredDataConnectors", - "type": "[AlertRuleTemplateDataSource]", - }, - "status": {"key": "properties.status", "type": "str"}, - "severity": {"key": "properties.severity", "type": "str"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, - "source_settings": {"key": "properties.sourceSettings", "type": "[FusionTemplateSourceSetting]"}, + "input_entity_type": {"key": "properties.inputEntityType", "type": "str"}, + "input_fields": {"key": "properties.inputFields", "type": "[str]"}, + "output_entity_types": {"key": "properties.outputEntityTypes", "type": "[str]"}, + "query_template": {"key": "properties.queryTemplate", "type": "str"}, } def __init__( self, *, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, + etag: Optional[str] = None, + data_sources: Optional[List[str]] = None, display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - source_settings: Optional[List["_models.FusionTemplateSourceSetting"]] = None, - **kwargs - ): + input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, + input_fields: Optional[List[str]] = None, + output_entity_types: Optional[List[Union[str, "_models.EntityType"]]] = None, + query_template: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword data_sources: List of the data sources that are required to run the query. + :paramtype data_sources: list[str] + :keyword display_name: The query display name. :paramtype display_name: str - :keyword required_data_connectors: The required data connectors for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword tactics: The tactics of the alert rule template. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] - :keyword source_settings: All supported source signal configurations consumed in fusion - detection. - :paramtype source_settings: - list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSetting] + :keyword input_entity_type: The type of the query's source entity. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", + "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", + "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", + and "Nic". + :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :keyword input_fields: List of the fields of the source entity that are required to run the + query. + :paramtype input_fields: list[str] + :keyword output_entity_types: List of the desired output types to be constructed from the + result. + :paramtype output_entity_types: list[str or ~azure.mgmt.securityinsight.models.EntityType] + :keyword query_template: The template query string to be parsed and formatted. + :paramtype query_template: str """ - super().__init__(**kwargs) - self.kind: str = "Fusion" - self.alert_rules_created_by_template_count = alert_rules_created_by_template_count - self.created_date_utc = None - self.last_updated_date_utc = None - self.description = description + super().__init__(etag=etag, **kwargs) + self.kind: str = "Expansion" + self.data_sources = data_sources self.display_name = display_name - self.required_data_connectors = required_data_connectors - self.status = status - self.severity = severity - self.tactics = tactics - self.techniques = techniques - self.source_settings = source_settings + self.input_entity_type = input_entity_type + self.input_fields = input_fields + self.output_entity_types = output_entity_types + self.query_template = query_template -class FusionScenarioExclusionPattern(_serialization.Model): - """Represents a Fusion scenario exclusion patterns in Fusion detection. +class ExpansionResultAggregation(_serialization.Model): + """Information of a specific aggregation in the expansion result. All required parameters must be populated in order to send to Azure. - :ivar exclusion_pattern: Scenario exclusion pattern. Required. - :vartype exclusion_pattern: str - :ivar date_added_in_utc: DateTime when scenario exclusion pattern is added in UTC. Required. - :vartype date_added_in_utc: str + :ivar aggregation_type: The common type of the aggregation. (for e.g. entity field name). + :vartype aggregation_type: str + :ivar count: Total number of aggregations of the given kind (and aggregationType if given) in + the expansion result. Required. + :vartype count: int + :ivar display_name: The display name of the aggregation by type. + :vartype display_name: str + :ivar entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", + "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", + "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and + "Nic". + :vartype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum """ _validation = { - "exclusion_pattern": {"required": True}, - "date_added_in_utc": {"required": True}, + "count": {"required": True}, + "entity_kind": {"required": True}, } _attribute_map = { - "exclusion_pattern": {"key": "exclusionPattern", "type": "str"}, - "date_added_in_utc": {"key": "dateAddedInUTC", "type": "str"}, + "aggregation_type": {"key": "aggregationType", "type": "str"}, + "count": {"key": "count", "type": "int"}, + "display_name": {"key": "displayName", "type": "str"}, + "entity_kind": {"key": "entityKind", "type": "str"}, } - def __init__(self, *, exclusion_pattern: str, date_added_in_utc: str, **kwargs): + def __init__( + self, + *, + count: int, + entity_kind: Union[str, "_models.EntityKindEnum"], + aggregation_type: Optional[str] = None, + display_name: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword exclusion_pattern: Scenario exclusion pattern. Required. - :paramtype exclusion_pattern: str - :keyword date_added_in_utc: DateTime when scenario exclusion pattern is added in UTC. Required. - :paramtype date_added_in_utc: str + :keyword aggregation_type: The common type of the aggregation. (for e.g. entity field name). + :paramtype aggregation_type: str + :keyword count: Total number of aggregations of the given kind (and aggregationType if given) + in the expansion result. Required. + :paramtype count: int + :keyword display_name: The display name of the aggregation by type. + :paramtype display_name: str + :keyword entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", + "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", + "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and + "Nic". + :paramtype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum """ super().__init__(**kwargs) - self.exclusion_pattern = exclusion_pattern - self.date_added_in_utc = date_added_in_utc - + self.aggregation_type = aggregation_type + self.count = count + self.display_name = display_name + self.entity_kind = entity_kind -class FusionSourceSettings(_serialization.Model): - """Represents a supported source signal configuration in Fusion detection. - All required parameters must be populated in order to send to Azure. +class ExpansionResultsMetadata(_serialization.Model): + """Expansion result metadata. - :ivar enabled: Determines whether this source signal is enabled or disabled in Fusion - detection. Required. - :vartype enabled: bool - :ivar source_name: Name of the Fusion source signal. Refer to Fusion alert rule template for - supported values. Required. - :vartype source_name: str - :ivar source_sub_types: Configuration for all source subtypes under this source signal consumed - in fusion detection. - :vartype source_sub_types: list[~azure.mgmt.securityinsight.models.FusionSourceSubTypeSetting] + :ivar aggregations: Information of the aggregated nodes in the expansion result. + :vartype aggregations: list[~azure.mgmt.securityinsight.models.ExpansionResultAggregation] """ - _validation = { - "enabled": {"required": True}, - "source_name": {"required": True}, - } - _attribute_map = { - "enabled": {"key": "enabled", "type": "bool"}, - "source_name": {"key": "sourceName", "type": "str"}, - "source_sub_types": {"key": "sourceSubTypes", "type": "[FusionSourceSubTypeSetting]"}, + "aggregations": {"key": "aggregations", "type": "[ExpansionResultAggregation]"}, } def __init__( - self, - *, - enabled: bool, - source_name: str, - source_sub_types: Optional[List["_models.FusionSourceSubTypeSetting"]] = None, - **kwargs - ): + self, *, aggregations: Optional[List["_models.ExpansionResultAggregation"]] = None, **kwargs: Any + ) -> None: """ - :keyword enabled: Determines whether this source signal is enabled or disabled in Fusion - detection. Required. - :paramtype enabled: bool - :keyword source_name: Name of the Fusion source signal. Refer to Fusion alert rule template for - supported values. Required. - :paramtype source_name: str - :keyword source_sub_types: Configuration for all source subtypes under this source signal - consumed in fusion detection. - :paramtype source_sub_types: - list[~azure.mgmt.securityinsight.models.FusionSourceSubTypeSetting] + :keyword aggregations: Information of the aggregated nodes in the expansion result. + :paramtype aggregations: list[~azure.mgmt.securityinsight.models.ExpansionResultAggregation] """ super().__init__(**kwargs) - self.enabled = enabled - self.source_name = source_name - self.source_sub_types = source_sub_types + self.aggregations = aggregations -class FusionSourceSubTypeSetting(_serialization.Model): - """Represents a supported source subtype configuration under a source signal in Fusion detection. +class EyesOn(Settings): + """Settings with single toggle. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar enabled: Determines whether this source subtype under source signal is enabled or - disabled in Fusion detection. Required. - :vartype enabled: bool - :ivar source_sub_type_name: The Name of the source subtype under a given source signal in - Fusion detection. Refer to Fusion alert rule template for supported values. Required. - :vartype source_sub_type_name: str - :ivar source_sub_type_display_name: The display name of source subtype under a source signal - consumed in Fusion detection. - :vartype source_sub_type_display_name: str - :ivar severity_filters: Severity configuration for a source subtype consumed in fusion - detection. Required. - :vartype severity_filters: ~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFilter + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", + "EntityAnalytics", and "Ueba". + :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind + :ivar is_enabled: Determines whether the setting is enable or disabled. + :vartype is_enabled: bool """ _validation = { - "enabled": {"required": True}, - "source_sub_type_name": {"required": True}, - "source_sub_type_display_name": {"readonly": True}, - "severity_filters": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "is_enabled": {"readonly": True}, } _attribute_map = { - "enabled": {"key": "enabled", "type": "bool"}, - "source_sub_type_name": {"key": "sourceSubTypeName", "type": "str"}, - "source_sub_type_display_name": {"key": "sourceSubTypeDisplayName", "type": "str"}, - "severity_filters": {"key": "severityFilters", "type": "FusionSubTypeSeverityFilter"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "is_enabled": {"key": "properties.isEnabled", "type": "bool"}, } - def __init__( - self, - *, - enabled: bool, - source_sub_type_name: str, - severity_filters: "_models.FusionSubTypeSeverityFilter", - **kwargs - ): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword enabled: Determines whether this source subtype under source signal is enabled or - disabled in Fusion detection. Required. - :paramtype enabled: bool - :keyword source_sub_type_name: The Name of the source subtype under a given source signal in - Fusion detection. Refer to Fusion alert rule template for supported values. Required. - :paramtype source_sub_type_name: str - :keyword severity_filters: Severity configuration for a source subtype consumed in fusion - detection. Required. - :paramtype severity_filters: ~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFilter + :keyword etag: Etag of the azure resource. + :paramtype etag: str """ - super().__init__(**kwargs) - self.enabled = enabled - self.source_sub_type_name = source_sub_type_name - self.source_sub_type_display_name = None - self.severity_filters = severity_filters - + super().__init__(etag=etag, **kwargs) + self.kind: str = "EyesOn" + self.is_enabled = None -class FusionSubTypeSeverityFilter(_serialization.Model): - """Represents severity configuration for a source subtype consumed in Fusion detection. - Variables are only populated by the server, and will be ignored when sending a request. +class FieldMapping(_serialization.Model): + """A single field mapping of the mapped entity. - :ivar is_supported: Determines whether this source subtype supports severity configuration or - not. - :vartype is_supported: bool - :ivar filters: Individual Severity configuration settings for a given source subtype consumed - in Fusion detection. - :vartype filters: list[~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFiltersItem] + :ivar identifier: the V3 identifier of the entity. + :vartype identifier: str + :ivar column_name: the column name to be mapped to the identifier. + :vartype column_name: str """ - _validation = { - "is_supported": {"readonly": True}, - } - _attribute_map = { - "is_supported": {"key": "isSupported", "type": "bool"}, - "filters": {"key": "filters", "type": "[FusionSubTypeSeverityFiltersItem]"}, + "identifier": {"key": "identifier", "type": "str"}, + "column_name": {"key": "columnName", "type": "str"}, } - def __init__(self, *, filters: Optional[List["_models.FusionSubTypeSeverityFiltersItem"]] = None, **kwargs): + def __init__(self, *, identifier: Optional[str] = None, column_name: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword filters: Individual Severity configuration settings for a given source subtype - consumed in Fusion detection. - :paramtype filters: list[~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFiltersItem] + :keyword identifier: the V3 identifier of the entity. + :paramtype identifier: str + :keyword column_name: the column name to be mapped to the identifier. + :paramtype column_name: str """ super().__init__(**kwargs) - self.is_supported = None - self.filters = filters + self.identifier = identifier + self.column_name = column_name -class FusionSubTypeSeverityFiltersItem(_serialization.Model): - """Represents a Severity filter setting for a given source subtype consumed in Fusion detection. +class FileEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a file entity. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar severity: The Severity for a given source subtype consumed in Fusion detection. Required. - Known values are: "High", "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar enabled: Determines whether this severity is enabled or disabled for this source subtype - consumed in Fusion detection. Required. - :vartype enabled: bool + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar directory: The full path to the file. + :vartype directory: str + :ivar file_hash_entity_ids: The file hash entity identifiers associated with this file. + :vartype file_hash_entity_ids: list[str] + :ivar file_name: The file name without path (some alerts might not include path). + :vartype file_name: str + :ivar host_entity_id: The Host entity id which the file belongs to. + :vartype host_entity_id: str """ _validation = { - "severity": {"required": True}, - "enabled": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "directory": {"readonly": True}, + "file_hash_entity_ids": {"readonly": True}, + "file_name": {"readonly": True}, + "host_entity_id": {"readonly": True}, } _attribute_map = { - "severity": {"key": "severity", "type": "str"}, - "enabled": {"key": "enabled", "type": "bool"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "directory": {"key": "properties.directory", "type": "str"}, + "file_hash_entity_ids": {"key": "properties.fileHashEntityIds", "type": "[str]"}, + "file_name": {"key": "properties.fileName", "type": "str"}, + "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, } - def __init__(self, *, severity: Union[str, "_models.AlertSeverity"], enabled: bool, **kwargs): - """ - :keyword severity: The Severity for a given source subtype consumed in Fusion detection. - Required. Known values are: "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword enabled: Determines whether this severity is enabled or disabled for this source - subtype consumed in Fusion detection. Required. - :paramtype enabled: bool - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.severity = severity - self.enabled = enabled + self.kind: str = "File" + self.additional_data = None + self.friendly_name = None + self.directory = None + self.file_hash_entity_ids = None + self.file_name = None + self.host_entity_id = None -class FusionTemplateSourceSetting(_serialization.Model): - """Represents a source signal consumed in Fusion detection. +class FileEntityProperties(EntityCommonProperties): + """File entity property bag. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar source_name: The name of a source signal consumed in Fusion detection. Required. - :vartype source_name: str - :ivar source_sub_types: All supported source subtypes under this source signal consumed in - fusion detection. - :vartype source_sub_types: list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSubType] + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar directory: The full path to the file. + :vartype directory: str + :ivar file_hash_entity_ids: The file hash entity identifiers associated with this file. + :vartype file_hash_entity_ids: list[str] + :ivar file_name: The file name without path (some alerts might not include path). + :vartype file_name: str + :ivar host_entity_id: The Host entity id which the file belongs to. + :vartype host_entity_id: str """ _validation = { - "source_name": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "directory": {"readonly": True}, + "file_hash_entity_ids": {"readonly": True}, + "file_name": {"readonly": True}, + "host_entity_id": {"readonly": True}, } _attribute_map = { - "source_name": {"key": "sourceName", "type": "str"}, - "source_sub_types": {"key": "sourceSubTypes", "type": "[FusionTemplateSourceSubType]"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "directory": {"key": "directory", "type": "str"}, + "file_hash_entity_ids": {"key": "fileHashEntityIds", "type": "[str]"}, + "file_name": {"key": "fileName", "type": "str"}, + "host_entity_id": {"key": "hostEntityId", "type": "str"}, } - def __init__( - self, - *, - source_name: str, - source_sub_types: Optional[List["_models.FusionTemplateSourceSubType"]] = None, - **kwargs - ): - """ - :keyword source_name: The name of a source signal consumed in Fusion detection. Required. - :paramtype source_name: str - :keyword source_sub_types: All supported source subtypes under this source signal consumed in - fusion detection. - :paramtype source_sub_types: - list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSubType] - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.source_name = source_name - self.source_sub_types = source_sub_types + self.directory = None + self.file_hash_entity_ids = None + self.file_name = None + self.host_entity_id = None -class FusionTemplateSourceSubType(_serialization.Model): - """Represents a source subtype under a source signal consumed in Fusion detection. +class FileHashEntity(Entity): + """Represents a file hash entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar source_sub_type_name: The name of source subtype under a source signal consumed in Fusion - detection. Required. - :vartype source_sub_type_name: str - :ivar source_sub_type_display_name: The display name of source subtype under a source signal - consumed in Fusion detection. - :vartype source_sub_type_display_name: str - :ivar severity_filter: Severity configuration available for a source subtype consumed in fusion - detection. Required. - :vartype severity_filter: - ~azure.mgmt.securityinsight.models.FusionTemplateSubTypeSeverityFilter + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar algorithm: The hash algorithm type. Known values are: "Unknown", "MD5", "SHA1", "SHA256", + and "SHA256AC". + :vartype algorithm: str or ~azure.mgmt.securityinsight.models.FileHashAlgorithm + :ivar hash_value: The file hash value. + :vartype hash_value: str """ _validation = { - "source_sub_type_name": {"required": True}, - "source_sub_type_display_name": {"readonly": True}, - "severity_filter": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "algorithm": {"readonly": True}, + "hash_value": {"readonly": True}, } _attribute_map = { - "source_sub_type_name": {"key": "sourceSubTypeName", "type": "str"}, - "source_sub_type_display_name": {"key": "sourceSubTypeDisplayName", "type": "str"}, - "severity_filter": {"key": "severityFilter", "type": "FusionTemplateSubTypeSeverityFilter"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "algorithm": {"key": "properties.algorithm", "type": "str"}, + "hash_value": {"key": "properties.hashValue", "type": "str"}, } - def __init__( - self, *, source_sub_type_name: str, severity_filter: "_models.FusionTemplateSubTypeSeverityFilter", **kwargs - ): - """ - :keyword source_sub_type_name: The name of source subtype under a source signal consumed in - Fusion detection. Required. - :paramtype source_sub_type_name: str - :keyword severity_filter: Severity configuration available for a source subtype consumed in - fusion detection. Required. - :paramtype severity_filter: - ~azure.mgmt.securityinsight.models.FusionTemplateSubTypeSeverityFilter - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.source_sub_type_name = source_sub_type_name - self.source_sub_type_display_name = None - self.severity_filter = severity_filter - - -class FusionTemplateSubTypeSeverityFilter(_serialization.Model): - """Represents severity configurations available for a source subtype consumed in Fusion detection. + self.kind: str = "FileHash" + self.additional_data = None + self.friendly_name = None + self.algorithm = None + self.hash_value = None - All required parameters must be populated in order to send to Azure. - :ivar is_supported: Determines whether severity configuration is supported for this source - subtype consumed in Fusion detection. Required. - :vartype is_supported: bool - :ivar severity_filters: List of all supported severities for this source subtype consumed in - Fusion detection. - :vartype severity_filters: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - """ +class FileHashEntityProperties(EntityCommonProperties): + """FileHash entity property bag. - _validation = { - "is_supported": {"required": True}, - } + Variables are only populated by the server, and will be ignored when sending a request. - _attribute_map = { - "is_supported": {"key": "isSupported", "type": "bool"}, - "severity_filters": {"key": "severityFilters", "type": "[str]"}, - } - - def __init__( - self, - *, - is_supported: bool, - severity_filters: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - **kwargs - ): - """ - :keyword is_supported: Determines whether severity configuration is supported for this source - subtype consumed in Fusion detection. Required. - :paramtype is_supported: bool - :keyword severity_filters: List of all supported severities for this source subtype consumed in - Fusion detection. - :paramtype severity_filters: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - """ - super().__init__(**kwargs) - self.is_supported = is_supported - self.severity_filters = severity_filters - - -class GeoLocation(_serialization.Model): - """The geo-location context attached to the ip entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar asn: Autonomous System Number. - :vartype asn: int - :ivar city: City name. - :vartype city: str - :ivar country_code: The country code according to ISO 3166 format. - :vartype country_code: str - :ivar country_name: Country name according to ISO 3166 Alpha 2: the lowercase of the English - Short Name. - :vartype country_name: str - :ivar latitude: The longitude of the identified location, expressed as a floating point number - with range of -180 to 180, with positive numbers representing East and negative numbers - representing West. Latitude and longitude are derived from the city or postal code. - :vartype latitude: float - :ivar longitude: The latitude of the identified location, expressed as a floating point number - with range of - 90 to 90, with positive numbers representing North and negative numbers - representing South. Latitude and longitude are derived from the city or postal code. - :vartype longitude: float - :ivar state: State name. - :vartype state: str + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar algorithm: The hash algorithm type. Known values are: "Unknown", "MD5", "SHA1", "SHA256", + and "SHA256AC". + :vartype algorithm: str or ~azure.mgmt.securityinsight.models.FileHashAlgorithm + :ivar hash_value: The file hash value. + :vartype hash_value: str """ _validation = { - "asn": {"readonly": True}, - "city": {"readonly": True}, - "country_code": {"readonly": True}, - "country_name": {"readonly": True}, - "latitude": {"readonly": True}, - "longitude": {"readonly": True}, - "state": {"readonly": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "algorithm": {"readonly": True}, + "hash_value": {"readonly": True}, } _attribute_map = { - "asn": {"key": "asn", "type": "int"}, - "city": {"key": "city", "type": "str"}, - "country_code": {"key": "countryCode", "type": "str"}, - "country_name": {"key": "countryName", "type": "str"}, - "latitude": {"key": "latitude", "type": "float"}, - "longitude": {"key": "longitude", "type": "float"}, - "state": {"key": "state", "type": "str"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "algorithm": {"key": "algorithm", "type": "str"}, + "hash_value": {"key": "hashValue", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) - self.asn = None - self.city = None - self.country_code = None - self.country_name = None - self.latitude = None - self.longitude = None - self.state = None + self.algorithm = None + self.hash_value = None -class GetInsightsErrorKind(_serialization.Model): - """GetInsights Query Errors. +class FileImport(Resource): # pylint: disable=too-many-instance-attributes + """Represents a file import in Azure Security Insights. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar kind: the query kind. Required. "Insight" - :vartype kind: str or ~azure.mgmt.securityinsight.models.GetInsightsError - :ivar query_id: the query id. - :vartype query_id: str - :ivar error_message: the error message. Required. - :vartype error_message: str + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar ingestion_mode: Describes how to ingest the records in the file. Known values are: + "IngestOnlyIfAllAreValid", "IngestAnyValidRecords", and "Unspecified". + :vartype ingestion_mode: str or ~azure.mgmt.securityinsight.models.IngestionMode + :ivar content_type: The content type of this file. Known values are: "BasicIndicator", + "StixIndicator", and "Unspecified". + :vartype content_type: str or ~azure.mgmt.securityinsight.models.FileImportContentType + :ivar created_time_utc: The time the file was imported. + :vartype created_time_utc: ~datetime.datetime + :ivar error_file: Represents the error file (if the import was ingested with errors or failed + the validation). + :vartype error_file: ~azure.mgmt.securityinsight.models.FileMetadata + :ivar errors_preview: An ordered list of some of the errors that were encountered during + validation. + :vartype errors_preview: list[~azure.mgmt.securityinsight.models.ValidationError] + :ivar import_file: Represents the imported file. + :vartype import_file: ~azure.mgmt.securityinsight.models.FileMetadata + :ivar ingested_record_count: The number of records that have been successfully ingested. + :vartype ingested_record_count: int + :ivar source: The source for the data in the file. + :vartype source: str + :ivar state: The state of the file import. Known values are: "FatalError", "Ingested", + "IngestedWithErrors", "InProgress", "Invalid", "WaitingForUpload", and "Unspecified". + :vartype state: str or ~azure.mgmt.securityinsight.models.FileImportState + :ivar total_record_count: The number of records in the file. + :vartype total_record_count: int + :ivar valid_record_count: The number of records that have passed validation. + :vartype valid_record_count: int + :ivar files_valid_until_time_utc: The time the files associated with this import are deleted + from the storage account. + :vartype files_valid_until_time_utc: ~datetime.datetime + :ivar import_valid_until_time_utc: The time the file import record is soft deleted from the + database and history. + :vartype import_valid_until_time_utc: ~datetime.datetime """ _validation = { - "kind": {"required": True}, - "error_message": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "created_time_utc": {"readonly": True}, + "error_file": {"readonly": True}, + "errors_preview": {"readonly": True}, + "ingested_record_count": {"readonly": True}, + "state": {"readonly": True}, + "total_record_count": {"readonly": True}, + "valid_record_count": {"readonly": True}, + "files_valid_until_time_utc": {"readonly": True}, + "import_valid_until_time_utc": {"readonly": True}, } _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "query_id": {"key": "queryId", "type": "str"}, - "error_message": {"key": "errorMessage", "type": "str"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "ingestion_mode": {"key": "properties.ingestionMode", "type": "str"}, + "content_type": {"key": "properties.contentType", "type": "str"}, + "created_time_utc": {"key": "properties.createdTimeUTC", "type": "iso-8601"}, + "error_file": {"key": "properties.errorFile", "type": "FileMetadata"}, + "errors_preview": {"key": "properties.errorsPreview", "type": "[ValidationError]"}, + "import_file": {"key": "properties.importFile", "type": "FileMetadata"}, + "ingested_record_count": {"key": "properties.ingestedRecordCount", "type": "int"}, + "source": {"key": "properties.source", "type": "str"}, + "state": {"key": "properties.state", "type": "str"}, + "total_record_count": {"key": "properties.totalRecordCount", "type": "int"}, + "valid_record_count": {"key": "properties.validRecordCount", "type": "int"}, + "files_valid_until_time_utc": {"key": "properties.filesValidUntilTimeUTC", "type": "iso-8601"}, + "import_valid_until_time_utc": {"key": "properties.importValidUntilTimeUTC", "type": "iso-8601"}, } def __init__( self, *, - kind: Union[str, "_models.GetInsightsError"], - error_message: str, - query_id: Optional[str] = None, - **kwargs - ): + ingestion_mode: Optional[Union[str, "_models.IngestionMode"]] = None, + content_type: Optional[Union[str, "_models.FileImportContentType"]] = None, + import_file: Optional["_models.FileMetadata"] = None, + source: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword kind: the query kind. Required. "Insight" - :paramtype kind: str or ~azure.mgmt.securityinsight.models.GetInsightsError - :keyword query_id: the query id. - :paramtype query_id: str - :keyword error_message: the error message. Required. - :paramtype error_message: str + :keyword ingestion_mode: Describes how to ingest the records in the file. Known values are: + "IngestOnlyIfAllAreValid", "IngestAnyValidRecords", and "Unspecified". + :paramtype ingestion_mode: str or ~azure.mgmt.securityinsight.models.IngestionMode + :keyword content_type: The content type of this file. Known values are: "BasicIndicator", + "StixIndicator", and "Unspecified". + :paramtype content_type: str or ~azure.mgmt.securityinsight.models.FileImportContentType + :keyword import_file: Represents the imported file. + :paramtype import_file: ~azure.mgmt.securityinsight.models.FileMetadata + :keyword source: The source for the data in the file. + :paramtype source: str """ super().__init__(**kwargs) - self.kind = kind - self.query_id = query_id - self.error_message = error_message + self.ingestion_mode = ingestion_mode + self.content_type = content_type + self.created_time_utc = None + self.error_file = None + self.errors_preview = None + self.import_file = import_file + self.ingested_record_count = None + self.source = source + self.state = None + self.total_record_count = None + self.valid_record_count = None + self.files_valid_until_time_utc = None + self.import_valid_until_time_utc = None -class GetInsightsResultsMetadata(_serialization.Model): - """Get Insights result metadata. +class FileImportList(_serialization.Model): + """List all the file imports. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar total_count: the total items found for the insights request. Required. - :vartype total_count: int - :ivar errors: information about the failed queries. - :vartype errors: list[~azure.mgmt.securityinsight.models.GetInsightsErrorKind] + :ivar next_link: URL to fetch the next set of file imports. + :vartype next_link: str + :ivar value: Array of file imports. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.FileImport] """ _validation = { - "total_count": {"required": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "total_count": {"key": "totalCount", "type": "int"}, - "errors": {"key": "errors", "type": "[GetInsightsErrorKind]"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[FileImport]"}, } - def __init__(self, *, total_count: int, errors: Optional[List["_models.GetInsightsErrorKind"]] = None, **kwargs): + def __init__(self, *, value: List["_models.FileImport"], **kwargs: Any) -> None: """ - :keyword total_count: the total items found for the insights request. Required. - :paramtype total_count: int - :keyword errors: information about the failed queries. - :paramtype errors: list[~azure.mgmt.securityinsight.models.GetInsightsErrorKind] + :keyword value: Array of file imports. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.FileImport] """ super().__init__(**kwargs) - self.total_count = total_count - self.errors = errors - + self.next_link = None + self.value = value -class GetQueriesResponse(_serialization.Model): - """Retrieve queries for entity result operation response. - :ivar value: The query result values. - :vartype value: list[~azure.mgmt.securityinsight.models.EntityQueryItem] - """ +class FileMetadata(_serialization.Model): + """Represents a file. - _attribute_map = { - "value": {"key": "value", "type": "[EntityQueryItem]"}, - } + Variables are only populated by the server, and will be ignored when sending a request. - def __init__(self, *, value: Optional[List["_models.EntityQueryItem"]] = None, **kwargs): - """ - :keyword value: The query result values. - :paramtype value: list[~azure.mgmt.securityinsight.models.EntityQueryItem] - """ - super().__init__(**kwargs) - self.value = value - - -class GitHubResourceInfo(_serialization.Model): - """Resources created in GitHub repository. - - :ivar app_installation_id: GitHub application installation id. - :vartype app_installation_id: str - """ - - _attribute_map = { - "app_installation_id": {"key": "appInstallationId", "type": "str"}, - } - - def __init__(self, *, app_installation_id: Optional[str] = None, **kwargs): - """ - :keyword app_installation_id: GitHub application installation id. - :paramtype app_installation_id: str - """ - super().__init__(**kwargs) - self.app_installation_id = app_installation_id - - -class GroupingConfiguration(_serialization.Model): - """Grouping configuration property bag. - - All required parameters must be populated in order to send to Azure. - - :ivar enabled: Grouping enabled. Required. - :vartype enabled: bool - :ivar reopen_closed_incident: Re-open closed matching incidents. Required. - :vartype reopen_closed_incident: bool - :ivar lookback_duration: Limit the group to alerts created within the lookback duration (in ISO - 8601 duration format). Required. - :vartype lookback_duration: ~datetime.timedelta - :ivar matching_method: Grouping matching method. When method is Selected at least one of - groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. - Required. Known values are: "AllEntities", "AnyAlert", and "Selected". - :vartype matching_method: str or ~azure.mgmt.securityinsight.models.MatchingMethod - :ivar group_by_entities: A list of entity types to group by (when matchingMethod is Selected). - Only entities defined in the current alert rule may be used. - :vartype group_by_entities: list[str or ~azure.mgmt.securityinsight.models.EntityMappingType] - :ivar group_by_alert_details: A list of alert details to group by (when matchingMethod is - Selected). - :vartype group_by_alert_details: list[str or ~azure.mgmt.securityinsight.models.AlertDetail] - :ivar group_by_custom_details: A list of custom details keys to group by (when matchingMethod - is Selected). Only keys defined in the current alert rule may be used. - :vartype group_by_custom_details: list[str] + :ivar file_format: The format of the file. Known values are: "CSV", "JSON", and "Unspecified". + :vartype file_format: str or ~azure.mgmt.securityinsight.models.FileFormat + :ivar file_name: The name of the file. + :vartype file_name: str + :ivar file_size: The size of the file. + :vartype file_size: int + :ivar file_content_uri: A URI with a valid SAS token to allow uploading / downloading the file. + :vartype file_content_uri: str + :ivar delete_status: Indicates whether the file was deleted from the storage account. Known + values are: "Deleted", "NotDeleted", and "Unspecified". + :vartype delete_status: str or ~azure.mgmt.securityinsight.models.DeleteStatus """ _validation = { - "enabled": {"required": True}, - "reopen_closed_incident": {"required": True}, - "lookback_duration": {"required": True}, - "matching_method": {"required": True}, + "file_content_uri": {"readonly": True}, + "delete_status": {"readonly": True}, } _attribute_map = { - "enabled": {"key": "enabled", "type": "bool"}, - "reopen_closed_incident": {"key": "reopenClosedIncident", "type": "bool"}, - "lookback_duration": {"key": "lookbackDuration", "type": "duration"}, - "matching_method": {"key": "matchingMethod", "type": "str"}, - "group_by_entities": {"key": "groupByEntities", "type": "[str]"}, - "group_by_alert_details": {"key": "groupByAlertDetails", "type": "[str]"}, - "group_by_custom_details": {"key": "groupByCustomDetails", "type": "[str]"}, + "file_format": {"key": "fileFormat", "type": "str"}, + "file_name": {"key": "fileName", "type": "str"}, + "file_size": {"key": "fileSize", "type": "int"}, + "file_content_uri": {"key": "fileContentUri", "type": "str"}, + "delete_status": {"key": "deleteStatus", "type": "str"}, } def __init__( self, *, - enabled: bool, - reopen_closed_incident: bool, - lookback_duration: datetime.timedelta, - matching_method: Union[str, "_models.MatchingMethod"], - group_by_entities: Optional[List[Union[str, "_models.EntityMappingType"]]] = None, - group_by_alert_details: Optional[List[Union[str, "_models.AlertDetail"]]] = None, - group_by_custom_details: Optional[List[str]] = None, - **kwargs - ): + file_format: Optional[Union[str, "_models.FileFormat"]] = None, + file_name: Optional[str] = None, + file_size: Optional[int] = None, + **kwargs: Any + ) -> None: """ - :keyword enabled: Grouping enabled. Required. - :paramtype enabled: bool - :keyword reopen_closed_incident: Re-open closed matching incidents. Required. - :paramtype reopen_closed_incident: bool - :keyword lookback_duration: Limit the group to alerts created within the lookback duration (in - ISO 8601 duration format). Required. - :paramtype lookback_duration: ~datetime.timedelta - :keyword matching_method: Grouping matching method. When method is Selected at least one of - groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. - Required. Known values are: "AllEntities", "AnyAlert", and "Selected". - :paramtype matching_method: str or ~azure.mgmt.securityinsight.models.MatchingMethod - :keyword group_by_entities: A list of entity types to group by (when matchingMethod is - Selected). Only entities defined in the current alert rule may be used. - :paramtype group_by_entities: list[str or ~azure.mgmt.securityinsight.models.EntityMappingType] - :keyword group_by_alert_details: A list of alert details to group by (when matchingMethod is - Selected). - :paramtype group_by_alert_details: list[str or ~azure.mgmt.securityinsight.models.AlertDetail] - :keyword group_by_custom_details: A list of custom details keys to group by (when - matchingMethod is Selected). Only keys defined in the current alert rule may be used. - :paramtype group_by_custom_details: list[str] + :keyword file_format: The format of the file. Known values are: "CSV", "JSON", and + "Unspecified". + :paramtype file_format: str or ~azure.mgmt.securityinsight.models.FileFormat + :keyword file_name: The name of the file. + :paramtype file_name: str + :keyword file_size: The size of the file. + :paramtype file_size: int """ super().__init__(**kwargs) - self.enabled = enabled - self.reopen_closed_incident = reopen_closed_incident - self.lookback_duration = lookback_duration - self.matching_method = matching_method - self.group_by_entities = group_by_entities - self.group_by_alert_details = group_by_alert_details - self.group_by_custom_details = group_by_custom_details + self.file_format = file_format + self.file_name = file_name + self.file_size = file_size + self.file_content_uri = None + self.delete_status = None -class HostEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a host entity. +class FusionAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes + """Represents Fusion alert rule. Variables are only populated by the server, and will be ignored when sending a request. @@ -9635,39 +9784,34 @@ class HostEntity(Entity): # pylint: disable=too-many-instance-attributes :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar azure_id: The azure resource id of the VM. - :vartype azure_id: str - :ivar dns_domain: The DNS domain that this host belongs to. Should contain the compete DNS - suffix for the domain. - :vartype dns_domain: str - :ivar host_name: The hostname without the domain suffix. - :vartype host_name: str - :ivar is_domain_joined: Determines whether this host belongs to a domain. - :vartype is_domain_joined: bool - :ivar net_bios_name: The host name (pre-windows2000). - :vartype net_bios_name: str - :ivar nt_domain: The NT domain that this host belongs to. - :vartype nt_domain: str - :ivar oms_agent_id: The OMS agent id, if the host has OMS agent installed. - :vartype oms_agent_id: str - :ivar os_family: The operating system type. Known values are: "Linux", "Windows", "Android", - "IOS", and "Unknown". - :vartype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily - :ivar os_version: A free text representation of the operating system. This field is meant to - hold specific versions the are more fine grained than OSFamily or future values not supported - by OSFamily enumeration. - :vartype os_version: str + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. + :vartype alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. + :vartype display_name: str + :ivar enabled: Determines whether this alert rule is enabled or disabled. + :vartype enabled: bool + :ivar source_settings: Configuration for all supported source signals in fusion detection. + :vartype source_settings: list[~azure.mgmt.securityinsight.models.FusionSourceSettings] + :ivar scenario_exclusion_patterns: Configuration to exclude scenarios in fusion detection. + :vartype scenario_exclusion_patterns: + list[~azure.mgmt.securityinsight.models.FusionScenarioExclusionPattern] + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] """ _validation = { @@ -9676,16 +9820,12 @@ class HostEntity(Entity): # pylint: disable=too-many-instance-attributes "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "azure_id": {"readonly": True}, - "dns_domain": {"readonly": True}, - "host_name": {"readonly": True}, - "is_domain_joined": {"readonly": True}, - "net_bios_name": {"readonly": True}, - "nt_domain": {"readonly": True}, - "oms_agent_id": {"readonly": True}, - "os_version": {"readonly": True}, + "description": {"readonly": True}, + "display_name": {"readonly": True}, + "last_modified_utc": {"readonly": True}, + "severity": {"readonly": True}, + "tactics": {"readonly": True}, + "techniques": {"readonly": True}, } _attribute_map = { @@ -9693,123 +9833,63 @@ class HostEntity(Entity): # pylint: disable=too-many-instance-attributes "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "azure_id": {"key": "properties.azureID", "type": "str"}, - "dns_domain": {"key": "properties.dnsDomain", "type": "str"}, - "host_name": {"key": "properties.hostName", "type": "str"}, - "is_domain_joined": {"key": "properties.isDomainJoined", "type": "bool"}, - "net_bios_name": {"key": "properties.netBiosName", "type": "str"}, - "nt_domain": {"key": "properties.ntDomain", "type": "str"}, - "oms_agent_id": {"key": "properties.omsAgentID", "type": "str"}, - "os_family": {"key": "properties.osFamily", "type": "str"}, - "os_version": {"key": "properties.osVersion", "type": "str"}, + "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "enabled": {"key": "properties.enabled", "type": "bool"}, + "source_settings": {"key": "properties.sourceSettings", "type": "[FusionSourceSettings]"}, + "scenario_exclusion_patterns": { + "key": "properties.scenarioExclusionPatterns", + "type": "[FusionScenarioExclusionPattern]", + }, + "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, + "severity": {"key": "properties.severity", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, } - def __init__(self, *, os_family: Optional[Union[str, "_models.OSFamily"]] = None, **kwargs): - """ - :keyword os_family: The operating system type. Known values are: "Linux", "Windows", "Android", - "IOS", and "Unknown". - :paramtype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily + def __init__( + self, + *, + etag: Optional[str] = None, + alert_rule_template_name: Optional[str] = None, + enabled: Optional[bool] = None, + source_settings: Optional[List["_models.FusionSourceSettings"]] = None, + scenario_exclusion_patterns: Optional[List["_models.FusionScenarioExclusionPattern"]] = None, + **kwargs: Any + ) -> None: """ - super().__init__(**kwargs) - self.kind: str = "Host" - self.additional_data = None - self.friendly_name = None - self.azure_id = None - self.dns_domain = None - self.host_name = None - self.is_domain_joined = None - self.net_bios_name = None - self.nt_domain = None - self.oms_agent_id = None - self.os_family = os_family - self.os_version = None - - -class HostEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """Host entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar azure_id: The azure resource id of the VM. - :vartype azure_id: str - :ivar dns_domain: The DNS domain that this host belongs to. Should contain the compete DNS - suffix for the domain. - :vartype dns_domain: str - :ivar host_name: The hostname without the domain suffix. - :vartype host_name: str - :ivar is_domain_joined: Determines whether this host belongs to a domain. - :vartype is_domain_joined: bool - :ivar net_bios_name: The host name (pre-windows2000). - :vartype net_bios_name: str - :ivar nt_domain: The NT domain that this host belongs to. - :vartype nt_domain: str - :ivar oms_agent_id: The OMS agent id, if the host has OMS agent installed. - :vartype oms_agent_id: str - :ivar os_family: The operating system type. Known values are: "Linux", "Windows", "Android", - "IOS", and "Unknown". - :vartype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily - :ivar os_version: A free text representation of the operating system. This field is meant to - hold specific versions the are more fine grained than OSFamily or future values not supported - by OSFamily enumeration. - :vartype os_version: str - """ - - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "azure_id": {"readonly": True}, - "dns_domain": {"readonly": True}, - "host_name": {"readonly": True}, - "is_domain_joined": {"readonly": True}, - "net_bios_name": {"readonly": True}, - "nt_domain": {"readonly": True}, - "oms_agent_id": {"readonly": True}, - "os_version": {"readonly": True}, - } - - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "azure_id": {"key": "azureID", "type": "str"}, - "dns_domain": {"key": "dnsDomain", "type": "str"}, - "host_name": {"key": "hostName", "type": "str"}, - "is_domain_joined": {"key": "isDomainJoined", "type": "bool"}, - "net_bios_name": {"key": "netBiosName", "type": "str"}, - "nt_domain": {"key": "ntDomain", "type": "str"}, - "oms_agent_id": {"key": "omsAgentID", "type": "str"}, - "os_family": {"key": "osFamily", "type": "str"}, - "os_version": {"key": "osVersion", "type": "str"}, - } - - def __init__(self, *, os_family: Optional[Union[str, "_models.OSFamily"]] = None, **kwargs): - """ - :keyword os_family: The operating system type. Known values are: "Linux", "Windows", "Android", - "IOS", and "Unknown". - :paramtype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword alert_rule_template_name: The Name of the alert rule template used to create this + rule. + :paramtype alert_rule_template_name: str + :keyword enabled: Determines whether this alert rule is enabled or disabled. + :paramtype enabled: bool + :keyword source_settings: Configuration for all supported source signals in fusion detection. + :paramtype source_settings: list[~azure.mgmt.securityinsight.models.FusionSourceSettings] + :keyword scenario_exclusion_patterns: Configuration to exclude scenarios in fusion detection. + :paramtype scenario_exclusion_patterns: + list[~azure.mgmt.securityinsight.models.FusionScenarioExclusionPattern] """ - super().__init__(**kwargs) - self.azure_id = None - self.dns_domain = None - self.host_name = None - self.is_domain_joined = None - self.net_bios_name = None - self.nt_domain = None - self.oms_agent_id = None - self.os_family = os_family - self.os_version = None + super().__init__(etag=etag, **kwargs) + self.kind: str = "Fusion" + self.alert_rule_template_name = alert_rule_template_name + self.description = None + self.display_name = None + self.enabled = enabled + self.source_settings = source_settings + self.scenario_exclusion_patterns = scenario_exclusion_patterns + self.last_modified_utc = None + self.severity = None + self.tactics = None + self.techniques = None -class HuntingBookmark(Entity): # pylint: disable=too-many-instance-attributes - """Represents a Hunting bookmark entity. +class FusionAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes + """Represents Fusion alert rule template. Variables are only populated by the server, and will be ignored when sending a request. @@ -9826,39 +9906,36 @@ class HuntingBookmark(Entity): # pylint: disable=too-many-instance-attributes :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar created: The time the bookmark was created. - :vartype created: ~datetime.datetime - :ivar created_by: Describes a user that created the bookmark. - :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar display_name: The display name of the bookmark. + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar last_updated_date_utc: The time that this alert rule template was last updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. :vartype display_name: str - :ivar event_time: The time of the event. - :vartype event_time: ~datetime.datetime - :ivar labels: List of labels relevant to this bookmark. - :vartype labels: list[str] - :ivar notes: The notes of the bookmark. - :vartype notes: str - :ivar query: The query of the bookmark. - :vartype query: str - :ivar query_result: The query result of the bookmark. - :vartype query_result: str - :ivar updated: The last time the bookmark was updated. - :vartype updated: ~datetime.datetime - :ivar updated_by: Describes a user that updated the bookmark. - :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar incident_info: Describes an incident that relates to bookmark. - :vartype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + :ivar required_data_connectors: The required data connectors for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar tactics: The tactics of the alert rule template. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + :ivar source_settings: All supported source signal configurations consumed in fusion detection. + :vartype source_settings: list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSetting] """ _validation = { @@ -9867,8 +9944,8 @@ class HuntingBookmark(Entity): # pylint: disable=too-many-instance-attributes "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, + "created_date_utc": {"readonly": True}, + "last_updated_date_utc": {"readonly": True}, } _attribute_map = { @@ -9877,1661 +9954,1751 @@ class HuntingBookmark(Entity): # pylint: disable=too-many-instance-attributes "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "created": {"key": "properties.created", "type": "iso-8601"}, - "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, + "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, + "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, + "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, + "description": {"key": "properties.description", "type": "str"}, "display_name": {"key": "properties.displayName", "type": "str"}, - "event_time": {"key": "properties.eventTime", "type": "iso-8601"}, - "labels": {"key": "properties.labels", "type": "[str]"}, - "notes": {"key": "properties.notes", "type": "str"}, - "query": {"key": "properties.query", "type": "str"}, - "query_result": {"key": "properties.queryResult", "type": "str"}, - "updated": {"key": "properties.updated", "type": "iso-8601"}, - "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, - "incident_info": {"key": "properties.incidentInfo", "type": "IncidentInfo"}, + "required_data_connectors": { + "key": "properties.requiredDataConnectors", + "type": "[AlertRuleTemplateDataSource]", + }, + "status": {"key": "properties.status", "type": "str"}, + "severity": {"key": "properties.severity", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + "source_settings": {"key": "properties.sourceSettings", "type": "[FusionTemplateSourceSetting]"}, } def __init__( self, *, - created: Optional[datetime.datetime] = None, - created_by: Optional["_models.UserInfo"] = None, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, display_name: Optional[str] = None, - event_time: Optional[datetime.datetime] = None, - labels: Optional[List[str]] = None, - notes: Optional[str] = None, - query: Optional[str] = None, - query_result: Optional[str] = None, - updated: Optional[datetime.datetime] = None, - updated_by: Optional["_models.UserInfo"] = None, - incident_info: Optional["_models.IncidentInfo"] = None, - **kwargs - ): + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + source_settings: Optional[List["_models.FusionTemplateSourceSetting"]] = None, + **kwargs: Any + ) -> None: """ - :keyword created: The time the bookmark was created. - :paramtype created: ~datetime.datetime - :keyword created_by: Describes a user that created the bookmark. - :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword display_name: The display name of the bookmark. + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. :paramtype display_name: str - :keyword event_time: The time of the event. - :paramtype event_time: ~datetime.datetime - :keyword labels: List of labels relevant to this bookmark. - :paramtype labels: list[str] - :keyword notes: The notes of the bookmark. - :paramtype notes: str - :keyword query: The query of the bookmark. - :paramtype query: str - :keyword query_result: The query result of the bookmark. - :paramtype query_result: str - :keyword updated: The last time the bookmark was updated. - :paramtype updated: ~datetime.datetime - :keyword updated_by: Describes a user that updated the bookmark. - :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword incident_info: Describes an incident that relates to bookmark. - :paramtype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo - """ - super().__init__(**kwargs) - self.kind: str = "Bookmark" - self.additional_data = None - self.friendly_name = None - self.created = created - self.created_by = created_by - self.display_name = display_name - self.event_time = event_time - self.labels = labels - self.notes = notes - self.query = query - self.query_result = query_result - self.updated = updated - self.updated_by = updated_by - self.incident_info = incident_info - + :keyword required_data_connectors: The required data connectors for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword tactics: The tactics of the alert rule template. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + :keyword source_settings: All supported source signal configurations consumed in fusion + detection. + :paramtype source_settings: + list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSetting] + """ + super().__init__(**kwargs) + self.kind: str = "Fusion" + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.created_date_utc = None + self.last_updated_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.severity = severity + self.tactics = tactics + self.techniques = techniques + self.source_settings = source_settings -class HuntingBookmarkProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """Describes bookmark properties. - Variables are only populated by the server, and will be ignored when sending a request. +class FusionScenarioExclusionPattern(_serialization.Model): + """Represents a Fusion scenario exclusion patterns in Fusion detection. All required parameters must be populated in order to send to Azure. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar created: The time the bookmark was created. - :vartype created: ~datetime.datetime - :ivar created_by: Describes a user that created the bookmark. - :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar display_name: The display name of the bookmark. Required. - :vartype display_name: str - :ivar event_time: The time of the event. - :vartype event_time: ~datetime.datetime - :ivar labels: List of labels relevant to this bookmark. - :vartype labels: list[str] - :ivar notes: The notes of the bookmark. - :vartype notes: str - :ivar query: The query of the bookmark. Required. - :vartype query: str - :ivar query_result: The query result of the bookmark. - :vartype query_result: str - :ivar updated: The last time the bookmark was updated. - :vartype updated: ~datetime.datetime - :ivar updated_by: Describes a user that updated the bookmark. - :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar incident_info: Describes an incident that relates to bookmark. - :vartype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + :ivar exclusion_pattern: Scenario exclusion pattern. Required. + :vartype exclusion_pattern: str + :ivar date_added_in_utc: DateTime when scenario exclusion pattern is added in UTC. Required. + :vartype date_added_in_utc: str """ _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "display_name": {"required": True}, - "query": {"required": True}, + "exclusion_pattern": {"required": True}, + "date_added_in_utc": {"required": True}, } _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "created": {"key": "created", "type": "iso-8601"}, - "created_by": {"key": "createdBy", "type": "UserInfo"}, - "display_name": {"key": "displayName", "type": "str"}, - "event_time": {"key": "eventTime", "type": "iso-8601"}, - "labels": {"key": "labels", "type": "[str]"}, - "notes": {"key": "notes", "type": "str"}, - "query": {"key": "query", "type": "str"}, - "query_result": {"key": "queryResult", "type": "str"}, - "updated": {"key": "updated", "type": "iso-8601"}, - "updated_by": {"key": "updatedBy", "type": "UserInfo"}, - "incident_info": {"key": "incidentInfo", "type": "IncidentInfo"}, + "exclusion_pattern": {"key": "exclusionPattern", "type": "str"}, + "date_added_in_utc": {"key": "dateAddedInUTC", "type": "str"}, } - def __init__( - self, - *, - display_name: str, - query: str, - created: Optional[datetime.datetime] = None, - created_by: Optional["_models.UserInfo"] = None, - event_time: Optional[datetime.datetime] = None, - labels: Optional[List[str]] = None, - notes: Optional[str] = None, - query_result: Optional[str] = None, - updated: Optional[datetime.datetime] = None, - updated_by: Optional["_models.UserInfo"] = None, - incident_info: Optional["_models.IncidentInfo"] = None, - **kwargs - ): + def __init__(self, *, exclusion_pattern: str, date_added_in_utc: str, **kwargs: Any) -> None: """ - :keyword created: The time the bookmark was created. - :paramtype created: ~datetime.datetime - :keyword created_by: Describes a user that created the bookmark. - :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword display_name: The display name of the bookmark. Required. - :paramtype display_name: str - :keyword event_time: The time of the event. - :paramtype event_time: ~datetime.datetime - :keyword labels: List of labels relevant to this bookmark. - :paramtype labels: list[str] - :keyword notes: The notes of the bookmark. - :paramtype notes: str - :keyword query: The query of the bookmark. Required. - :paramtype query: str - :keyword query_result: The query result of the bookmark. - :paramtype query_result: str - :keyword updated: The last time the bookmark was updated. - :paramtype updated: ~datetime.datetime - :keyword updated_by: Describes a user that updated the bookmark. - :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword incident_info: Describes an incident that relates to bookmark. - :paramtype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + :keyword exclusion_pattern: Scenario exclusion pattern. Required. + :paramtype exclusion_pattern: str + :keyword date_added_in_utc: DateTime when scenario exclusion pattern is added in UTC. Required. + :paramtype date_added_in_utc: str """ super().__init__(**kwargs) - self.created = created - self.created_by = created_by - self.display_name = display_name - self.event_time = event_time - self.labels = labels - self.notes = notes - self.query = query - self.query_result = query_result - self.updated = updated - self.updated_by = updated_by - self.incident_info = incident_info + self.exclusion_pattern = exclusion_pattern + self.date_added_in_utc = date_added_in_utc -class Incident(ResourceWithEtag): # pylint: disable=too-many-instance-attributes - """Incident. +class FusionSourceSettings(_serialization.Model): + """Represents a supported source signal configuration in Fusion detection. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar title: The title of the incident. - :vartype title: str - :ivar description: The description of the incident. - :vartype description: str - :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and - "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :ivar status: The status of the incident. Known values are: "New", "Active", and "Closed". - :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus - :ivar classification: The reason the incident was closed. Known values are: "Undetermined", - "TruePositive", "BenignPositive", and "FalsePositive". - :vartype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification - :ivar classification_reason: The classification reason the incident was closed with. Known - values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and - "InaccurateData". - :vartype classification_reason: str or - ~azure.mgmt.securityinsight.models.IncidentClassificationReason - :ivar classification_comment: Describes the reason the incident was closed. - :vartype classification_comment: str - :ivar owner: Describes a user that the incident is assigned to. - :vartype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo - :ivar labels: List of labels relevant to this incident. - :vartype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] - :ivar first_activity_time_utc: The time of the first activity in the incident. - :vartype first_activity_time_utc: ~datetime.datetime - :ivar last_activity_time_utc: The time of the last activity in the incident. - :vartype last_activity_time_utc: ~datetime.datetime - :ivar last_modified_time_utc: The last time the incident was updated. - :vartype last_modified_time_utc: ~datetime.datetime - :ivar created_time_utc: The time the incident was created. - :vartype created_time_utc: ~datetime.datetime - :ivar incident_number: A sequential number. - :vartype incident_number: int - :ivar additional_data: Additional data on the incident. - :vartype additional_data: ~azure.mgmt.securityinsight.models.IncidentAdditionalData - :ivar related_analytic_rule_ids: List of resource ids of Analytic rules related to the - incident. - :vartype related_analytic_rule_ids: list[str] - :ivar incident_url: The deep-link url to the incident in Azure portal. - :vartype incident_url: str - :ivar provider_name: The name of the source provider that generated the incident. - :vartype provider_name: str - :ivar provider_incident_id: The incident ID assigned by the incident provider. - :vartype provider_incident_id: str - :ivar team_information: Describes a team for the incident. - :vartype team_information: ~azure.mgmt.securityinsight.models.TeamInformation + :ivar enabled: Determines whether this source signal is enabled or disabled in Fusion + detection. Required. + :vartype enabled: bool + :ivar source_name: Name of the Fusion source signal. Refer to Fusion alert rule template for + supported values. Required. + :vartype source_name: str + :ivar source_sub_types: Configuration for all source subtypes under this source signal consumed + in fusion detection. + :vartype source_sub_types: list[~azure.mgmt.securityinsight.models.FusionSourceSubTypeSetting] """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "last_modified_time_utc": {"readonly": True}, - "created_time_utc": {"readonly": True}, - "incident_number": {"readonly": True}, - "additional_data": {"readonly": True}, - "related_analytic_rule_ids": {"readonly": True}, - "incident_url": {"readonly": True}, + "enabled": {"required": True}, + "source_name": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "title": {"key": "properties.title", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "severity": {"key": "properties.severity", "type": "str"}, - "status": {"key": "properties.status", "type": "str"}, - "classification": {"key": "properties.classification", "type": "str"}, - "classification_reason": {"key": "properties.classificationReason", "type": "str"}, - "classification_comment": {"key": "properties.classificationComment", "type": "str"}, - "owner": {"key": "properties.owner", "type": "IncidentOwnerInfo"}, - "labels": {"key": "properties.labels", "type": "[IncidentLabel]"}, - "first_activity_time_utc": {"key": "properties.firstActivityTimeUtc", "type": "iso-8601"}, - "last_activity_time_utc": {"key": "properties.lastActivityTimeUtc", "type": "iso-8601"}, - "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, - "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, - "incident_number": {"key": "properties.incidentNumber", "type": "int"}, - "additional_data": {"key": "properties.additionalData", "type": "IncidentAdditionalData"}, - "related_analytic_rule_ids": {"key": "properties.relatedAnalyticRuleIds", "type": "[str]"}, - "incident_url": {"key": "properties.incidentUrl", "type": "str"}, - "provider_name": {"key": "properties.providerName", "type": "str"}, - "provider_incident_id": {"key": "properties.providerIncidentId", "type": "str"}, - "team_information": {"key": "properties.teamInformation", "type": "TeamInformation"}, + "enabled": {"key": "enabled", "type": "bool"}, + "source_name": {"key": "sourceName", "type": "str"}, + "source_sub_types": {"key": "sourceSubTypes", "type": "[FusionSourceSubTypeSetting]"}, } - def __init__( # pylint: disable=too-many-locals + def __init__( self, *, - etag: Optional[str] = None, - title: Optional[str] = None, - description: Optional[str] = None, - severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, - status: Optional[Union[str, "_models.IncidentStatus"]] = None, - classification: Optional[Union[str, "_models.IncidentClassification"]] = None, - classification_reason: Optional[Union[str, "_models.IncidentClassificationReason"]] = None, - classification_comment: Optional[str] = None, - owner: Optional["_models.IncidentOwnerInfo"] = None, - labels: Optional[List["_models.IncidentLabel"]] = None, - first_activity_time_utc: Optional[datetime.datetime] = None, - last_activity_time_utc: Optional[datetime.datetime] = None, - provider_name: Optional[str] = None, - provider_incident_id: Optional[str] = None, - team_information: Optional["_models.TeamInformation"] = None, - **kwargs - ): + enabled: bool, + source_name: str, + source_sub_types: Optional[List["_models.FusionSourceSubTypeSetting"]] = None, + **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword title: The title of the incident. - :paramtype title: str - :keyword description: The description of the incident. - :paramtype description: str - :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and - "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :keyword status: The status of the incident. Known values are: "New", "Active", and "Closed". - :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus - :keyword classification: The reason the incident was closed. Known values are: "Undetermined", - "TruePositive", "BenignPositive", and "FalsePositive". - :paramtype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification - :keyword classification_reason: The classification reason the incident was closed with. Known - values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and - "InaccurateData". - :paramtype classification_reason: str or - ~azure.mgmt.securityinsight.models.IncidentClassificationReason - :keyword classification_comment: Describes the reason the incident was closed. - :paramtype classification_comment: str - :keyword owner: Describes a user that the incident is assigned to. - :paramtype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo - :keyword labels: List of labels relevant to this incident. - :paramtype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] - :keyword first_activity_time_utc: The time of the first activity in the incident. - :paramtype first_activity_time_utc: ~datetime.datetime - :keyword last_activity_time_utc: The time of the last activity in the incident. - :paramtype last_activity_time_utc: ~datetime.datetime - :keyword provider_name: The name of the source provider that generated the incident. - :paramtype provider_name: str - :keyword provider_incident_id: The incident ID assigned by the incident provider. - :paramtype provider_incident_id: str - :keyword team_information: Describes a team for the incident. - :paramtype team_information: ~azure.mgmt.securityinsight.models.TeamInformation + :keyword enabled: Determines whether this source signal is enabled or disabled in Fusion + detection. Required. + :paramtype enabled: bool + :keyword source_name: Name of the Fusion source signal. Refer to Fusion alert rule template for + supported values. Required. + :paramtype source_name: str + :keyword source_sub_types: Configuration for all source subtypes under this source signal + consumed in fusion detection. + :paramtype source_sub_types: + list[~azure.mgmt.securityinsight.models.FusionSourceSubTypeSetting] """ - super().__init__(etag=etag, **kwargs) - self.title = title - self.description = description - self.severity = severity - self.status = status - self.classification = classification - self.classification_reason = classification_reason - self.classification_comment = classification_comment - self.owner = owner - self.labels = labels - self.first_activity_time_utc = first_activity_time_utc - self.last_activity_time_utc = last_activity_time_utc - self.last_modified_time_utc = None - self.created_time_utc = None - self.incident_number = None - self.additional_data = None - self.related_analytic_rule_ids = None - self.incident_url = None - self.provider_name = provider_name - self.provider_incident_id = provider_incident_id - self.team_information = team_information + super().__init__(**kwargs) + self.enabled = enabled + self.source_name = source_name + self.source_sub_types = source_sub_types -class IncidentAdditionalData(_serialization.Model): - """Incident additional data property bag. +class FusionSourceSubTypeSetting(_serialization.Model): + """Represents a supported source subtype configuration under a source signal in Fusion detection. Variables are only populated by the server, and will be ignored when sending a request. - :ivar alerts_count: The number of alerts in the incident. - :vartype alerts_count: int - :ivar bookmarks_count: The number of bookmarks in the incident. - :vartype bookmarks_count: int - :ivar comments_count: The number of comments in the incident. - :vartype comments_count: int - :ivar alert_product_names: List of product names of alerts in the incident. - :vartype alert_product_names: list[str] - :ivar tactics: The tactics associated with incident. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques associated with incident's tactics. - :vartype techniques: list[str] - :ivar provider_incident_url: The provider incident url to the incident in Microsoft 365 - Defender portal. - :vartype provider_incident_url: str + All required parameters must be populated in order to send to Azure. + + :ivar enabled: Determines whether this source subtype under source signal is enabled or + disabled in Fusion detection. Required. + :vartype enabled: bool + :ivar source_sub_type_name: The Name of the source subtype under a given source signal in + Fusion detection. Refer to Fusion alert rule template for supported values. Required. + :vartype source_sub_type_name: str + :ivar source_sub_type_display_name: The display name of source subtype under a source signal + consumed in Fusion detection. + :vartype source_sub_type_display_name: str + :ivar severity_filters: Severity configuration for a source subtype consumed in fusion + detection. Required. + :vartype severity_filters: ~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFilter """ _validation = { - "alerts_count": {"readonly": True}, - "bookmarks_count": {"readonly": True}, - "comments_count": {"readonly": True}, - "alert_product_names": {"readonly": True}, - "tactics": {"readonly": True}, - "techniques": {"readonly": True}, - "provider_incident_url": {"readonly": True}, + "enabled": {"required": True}, + "source_sub_type_name": {"required": True}, + "source_sub_type_display_name": {"readonly": True}, + "severity_filters": {"required": True}, } _attribute_map = { - "alerts_count": {"key": "alertsCount", "type": "int"}, - "bookmarks_count": {"key": "bookmarksCount", "type": "int"}, - "comments_count": {"key": "commentsCount", "type": "int"}, - "alert_product_names": {"key": "alertProductNames", "type": "[str]"}, - "tactics": {"key": "tactics", "type": "[str]"}, - "techniques": {"key": "techniques", "type": "[str]"}, - "provider_incident_url": {"key": "providerIncidentUrl", "type": "str"}, + "enabled": {"key": "enabled", "type": "bool"}, + "source_sub_type_name": {"key": "sourceSubTypeName", "type": "str"}, + "source_sub_type_display_name": {"key": "sourceSubTypeDisplayName", "type": "str"}, + "severity_filters": {"key": "severityFilters", "type": "FusionSubTypeSeverityFilter"}, } - def __init__(self, **kwargs): - """ """ + def __init__( + self, + *, + enabled: bool, + source_sub_type_name: str, + severity_filters: "_models.FusionSubTypeSeverityFilter", + **kwargs: Any + ) -> None: + """ + :keyword enabled: Determines whether this source subtype under source signal is enabled or + disabled in Fusion detection. Required. + :paramtype enabled: bool + :keyword source_sub_type_name: The Name of the source subtype under a given source signal in + Fusion detection. Refer to Fusion alert rule template for supported values. Required. + :paramtype source_sub_type_name: str + :keyword severity_filters: Severity configuration for a source subtype consumed in fusion + detection. Required. + :paramtype severity_filters: ~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFilter + """ super().__init__(**kwargs) - self.alerts_count = None - self.bookmarks_count = None - self.comments_count = None - self.alert_product_names = None - self.tactics = None - self.techniques = None - self.provider_incident_url = None + self.enabled = enabled + self.source_sub_type_name = source_sub_type_name + self.source_sub_type_display_name = None + self.severity_filters = severity_filters -class IncidentAlertList(_serialization.Model): - """List of incident alerts. +class FusionSubTypeSeverityFilter(_serialization.Model): + """Represents severity configuration for a source subtype consumed in Fusion detection. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar value: Array of incident alerts. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.SecurityAlert] + :ivar is_supported: Determines whether this source subtype supports severity configuration or + not. + :vartype is_supported: bool + :ivar filters: Individual Severity configuration settings for a given source subtype consumed + in Fusion detection. + :vartype filters: list[~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFiltersItem] """ _validation = { - "value": {"required": True}, + "is_supported": {"readonly": True}, } _attribute_map = { - "value": {"key": "value", "type": "[SecurityAlert]"}, + "is_supported": {"key": "isSupported", "type": "bool"}, + "filters": {"key": "filters", "type": "[FusionSubTypeSeverityFiltersItem]"}, } - def __init__(self, *, value: List["_models.SecurityAlert"], **kwargs): + def __init__( + self, *, filters: Optional[List["_models.FusionSubTypeSeverityFiltersItem"]] = None, **kwargs: Any + ) -> None: """ - :keyword value: Array of incident alerts. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.SecurityAlert] + :keyword filters: Individual Severity configuration settings for a given source subtype + consumed in Fusion detection. + :paramtype filters: list[~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFiltersItem] """ super().__init__(**kwargs) - self.value = value + self.is_supported = None + self.filters = filters -class IncidentBookmarkList(_serialization.Model): - """List of incident bookmarks. +class FusionSubTypeSeverityFiltersItem(_serialization.Model): + """Represents a Severity filter setting for a given source subtype consumed in Fusion detection. All required parameters must be populated in order to send to Azure. - :ivar value: Array of incident bookmarks. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.HuntingBookmark] + :ivar severity: The Severity for a given source subtype consumed in Fusion detection. Required. + Known values are: "High", "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar enabled: Determines whether this severity is enabled or disabled for this source subtype + consumed in Fusion detection. Required. + :vartype enabled: bool """ _validation = { - "value": {"required": True}, + "severity": {"required": True}, + "enabled": {"required": True}, } _attribute_map = { - "value": {"key": "value", "type": "[HuntingBookmark]"}, + "severity": {"key": "severity", "type": "str"}, + "enabled": {"key": "enabled", "type": "bool"}, } - def __init__(self, *, value: List["_models.HuntingBookmark"], **kwargs): + def __init__(self, *, severity: Union[str, "_models.AlertSeverity"], enabled: bool, **kwargs: Any) -> None: """ - :keyword value: Array of incident bookmarks. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.HuntingBookmark] + :keyword severity: The Severity for a given source subtype consumed in Fusion detection. + Required. Known values are: "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword enabled: Determines whether this severity is enabled or disabled for this source + subtype consumed in Fusion detection. Required. + :paramtype enabled: bool """ super().__init__(**kwargs) - self.value = value + self.severity = severity + self.enabled = enabled -class IncidentComment(ResourceWithEtag): - """Represents an incident comment. +class FusionTemplateSourceSetting(_serialization.Model): + """Represents a source signal consumed in Fusion detection. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar message: The comment message. - :vartype message: str - :ivar created_time_utc: The time the comment was created. - :vartype created_time_utc: ~datetime.datetime - :ivar last_modified_time_utc: The time the comment was updated. - :vartype last_modified_time_utc: ~datetime.datetime - :ivar author: Describes the client that created the comment. - :vartype author: ~azure.mgmt.securityinsight.models.ClientInfo - """ + :ivar source_name: The name of a source signal consumed in Fusion detection. Required. + :vartype source_name: str + :ivar source_sub_types: All supported source subtypes under this source signal consumed in + fusion detection. + :vartype source_sub_types: list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSubType] + """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "created_time_utc": {"readonly": True}, - "last_modified_time_utc": {"readonly": True}, - "author": {"readonly": True}, + "source_name": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "message": {"key": "properties.message", "type": "str"}, - "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, - "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, - "author": {"key": "properties.author", "type": "ClientInfo"}, + "source_name": {"key": "sourceName", "type": "str"}, + "source_sub_types": {"key": "sourceSubTypes", "type": "[FusionTemplateSourceSubType]"}, } - def __init__(self, *, etag: Optional[str] = None, message: Optional[str] = None, **kwargs): + def __init__( + self, + *, + source_name: str, + source_sub_types: Optional[List["_models.FusionTemplateSourceSubType"]] = None, + **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword message: The comment message. - :paramtype message: str + :keyword source_name: The name of a source signal consumed in Fusion detection. Required. + :paramtype source_name: str + :keyword source_sub_types: All supported source subtypes under this source signal consumed in + fusion detection. + :paramtype source_sub_types: + list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSubType] """ - super().__init__(etag=etag, **kwargs) - self.message = message - self.created_time_utc = None - self.last_modified_time_utc = None - self.author = None + super().__init__(**kwargs) + self.source_name = source_name + self.source_sub_types = source_sub_types -class IncidentCommentList(_serialization.Model): - """IncidentCommentList. +class FusionTemplateSourceSubType(_serialization.Model): + """Represents a source subtype under a source signal consumed in Fusion detection. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar value: Required. - :vartype value: list[~azure.mgmt.securityinsight.models.IncidentComment] - :ivar next_link: - :vartype next_link: str + :ivar source_sub_type_name: The name of source subtype under a source signal consumed in Fusion + detection. Required. + :vartype source_sub_type_name: str + :ivar source_sub_type_display_name: The display name of source subtype under a source signal + consumed in Fusion detection. + :vartype source_sub_type_display_name: str + :ivar severity_filter: Severity configuration available for a source subtype consumed in fusion + detection. Required. + :vartype severity_filter: + ~azure.mgmt.securityinsight.models.FusionTemplateSubTypeSeverityFilter """ _validation = { - "value": {"required": True}, - "next_link": {"readonly": True}, + "source_sub_type_name": {"required": True}, + "source_sub_type_display_name": {"readonly": True}, + "severity_filter": {"required": True}, } _attribute_map = { - "value": {"key": "value", "type": "[IncidentComment]"}, - "next_link": {"key": "nextLink", "type": "str"}, + "source_sub_type_name": {"key": "sourceSubTypeName", "type": "str"}, + "source_sub_type_display_name": {"key": "sourceSubTypeDisplayName", "type": "str"}, + "severity_filter": {"key": "severityFilter", "type": "FusionTemplateSubTypeSeverityFilter"}, } - def __init__(self, *, value: List["_models.IncidentComment"], **kwargs): + def __init__( + self, + *, + source_sub_type_name: str, + severity_filter: "_models.FusionTemplateSubTypeSeverityFilter", + **kwargs: Any + ) -> None: """ - :keyword value: Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.IncidentComment] + :keyword source_sub_type_name: The name of source subtype under a source signal consumed in + Fusion detection. Required. + :paramtype source_sub_type_name: str + :keyword severity_filter: Severity configuration available for a source subtype consumed in + fusion detection. Required. + :paramtype severity_filter: + ~azure.mgmt.securityinsight.models.FusionTemplateSubTypeSeverityFilter """ super().__init__(**kwargs) - self.value = value - self.next_link = None + self.source_sub_type_name = source_sub_type_name + self.source_sub_type_display_name = None + self.severity_filter = severity_filter -class IncidentConfiguration(_serialization.Model): - """Incident Configuration property bag. +class FusionTemplateSubTypeSeverityFilter(_serialization.Model): + """Represents severity configurations available for a source subtype consumed in Fusion detection. All required parameters must be populated in order to send to Azure. - :ivar create_incident: Create incidents from alerts triggered by this analytics rule. Required. - :vartype create_incident: bool - :ivar grouping_configuration: Set how the alerts that are triggered by this analytics rule, are - grouped into incidents. - :vartype grouping_configuration: ~azure.mgmt.securityinsight.models.GroupingConfiguration + :ivar is_supported: Determines whether severity configuration is supported for this source + subtype consumed in Fusion detection. Required. + :vartype is_supported: bool + :ivar severity_filters: List of all supported severities for this source subtype consumed in + Fusion detection. + :vartype severity_filters: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] """ _validation = { - "create_incident": {"required": True}, + "is_supported": {"required": True}, } _attribute_map = { - "create_incident": {"key": "createIncident", "type": "bool"}, - "grouping_configuration": {"key": "groupingConfiguration", "type": "GroupingConfiguration"}, + "is_supported": {"key": "isSupported", "type": "bool"}, + "severity_filters": {"key": "severityFilters", "type": "[str]"}, } def __init__( self, *, - create_incident: bool, - grouping_configuration: Optional["_models.GroupingConfiguration"] = None, - **kwargs - ): + is_supported: bool, + severity_filters: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + **kwargs: Any + ) -> None: """ - :keyword create_incident: Create incidents from alerts triggered by this analytics rule. - Required. - :paramtype create_incident: bool - :keyword grouping_configuration: Set how the alerts that are triggered by this analytics rule, - are grouped into incidents. - :paramtype grouping_configuration: ~azure.mgmt.securityinsight.models.GroupingConfiguration + :keyword is_supported: Determines whether severity configuration is supported for this source + subtype consumed in Fusion detection. Required. + :paramtype is_supported: bool + :keyword severity_filters: List of all supported severities for this source subtype consumed in + Fusion detection. + :paramtype severity_filters: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] """ super().__init__(**kwargs) - self.create_incident = create_incident - self.grouping_configuration = grouping_configuration + self.is_supported = is_supported + self.severity_filters = severity_filters -class IncidentEntitiesResponse(_serialization.Model): - """The incident related entities response. +class GCPAuthProperties(_serialization.Model): + """Google Cloud Platform auth section properties. - :ivar entities: Array of the incident related entities. - :vartype entities: list[~azure.mgmt.securityinsight.models.Entity] - :ivar meta_data: The metadata from the incident related entities results. - :vartype meta_data: list[~azure.mgmt.securityinsight.models.IncidentEntitiesResultsMetadata] + All required parameters must be populated in order to send to Azure. + + :ivar service_account_email: The service account that is used to access the GCP project. + Required. + :vartype service_account_email: str + :ivar project_number: The GCP project number. Required. + :vartype project_number: str + :ivar workload_identity_provider_id: The workload identity provider id that is used to gain + access to the GCP project. Required. + :vartype workload_identity_provider_id: str """ + _validation = { + "service_account_email": {"required": True}, + "project_number": {"required": True}, + "workload_identity_provider_id": {"required": True}, + } + _attribute_map = { - "entities": {"key": "entities", "type": "[Entity]"}, - "meta_data": {"key": "metaData", "type": "[IncidentEntitiesResultsMetadata]"}, + "service_account_email": {"key": "serviceAccountEmail", "type": "str"}, + "project_number": {"key": "projectNumber", "type": "str"}, + "workload_identity_provider_id": {"key": "workloadIdentityProviderId", "type": "str"}, } def __init__( - self, - *, - entities: Optional[List["_models.Entity"]] = None, - meta_data: Optional[List["_models.IncidentEntitiesResultsMetadata"]] = None, - **kwargs - ): + self, *, service_account_email: str, project_number: str, workload_identity_provider_id: str, **kwargs: Any + ) -> None: """ - :keyword entities: Array of the incident related entities. - :paramtype entities: list[~azure.mgmt.securityinsight.models.Entity] - :keyword meta_data: The metadata from the incident related entities results. - :paramtype meta_data: list[~azure.mgmt.securityinsight.models.IncidentEntitiesResultsMetadata] + :keyword service_account_email: The service account that is used to access the GCP project. + Required. + :paramtype service_account_email: str + :keyword project_number: The GCP project number. Required. + :paramtype project_number: str + :keyword workload_identity_provider_id: The workload identity provider id that is used to gain + access to the GCP project. Required. + :paramtype workload_identity_provider_id: str """ super().__init__(**kwargs) - self.entities = entities - self.meta_data = meta_data + self.service_account_email = service_account_email + self.project_number = project_number + self.workload_identity_provider_id = workload_identity_provider_id -class IncidentEntitiesResultsMetadata(_serialization.Model): - """Information of a specific aggregation in the incident related entities result. +class GCPDataConnector(DataConnector): + """Represents Google Cloud Platform data connector. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", - "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", - "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and - "Nic". - :vartype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar count: Total number of aggregations of the given kind in the incident related entities - result. Required. - :vartype count: int + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar connector_definition_name: The name of the connector definition that represents the UI + config. + :vartype connector_definition_name: str + :ivar auth: The auth section of the connector. + :vartype auth: ~azure.mgmt.securityinsight.models.GCPAuthProperties + :ivar request: The request section of the connector. + :vartype request: ~azure.mgmt.securityinsight.models.GCPRequestProperties + :ivar dcr_config: The configuration of the destination of the data. + :vartype dcr_config: ~azure.mgmt.securityinsight.models.DCRConfiguration """ _validation = { - "entity_kind": {"required": True}, - "count": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - "entity_kind": {"key": "entityKind", "type": "str"}, - "count": {"key": "count", "type": "int"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "connector_definition_name": {"key": "properties.connectorDefinitionName", "type": "str"}, + "auth": {"key": "properties.auth", "type": "GCPAuthProperties"}, + "request": {"key": "properties.request", "type": "GCPRequestProperties"}, + "dcr_config": {"key": "properties.dcrConfig", "type": "DCRConfiguration"}, } - def __init__(self, *, entity_kind: Union[str, "_models.EntityKind"], count: int, **kwargs): + def __init__( + self, + *, + etag: Optional[str] = None, + connector_definition_name: Optional[str] = None, + auth: Optional["_models.GCPAuthProperties"] = None, + request: Optional["_models.GCPRequestProperties"] = None, + dcr_config: Optional["_models.DCRConfiguration"] = None, + **kwargs: Any + ) -> None: """ - :keyword entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", - "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", - "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and - "Nic". - :paramtype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :keyword count: Total number of aggregations of the given kind in the incident related entities - result. Required. - :paramtype count: int + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword connector_definition_name: The name of the connector definition that represents the UI + config. + :paramtype connector_definition_name: str + :keyword auth: The auth section of the connector. + :paramtype auth: ~azure.mgmt.securityinsight.models.GCPAuthProperties + :keyword request: The request section of the connector. + :paramtype request: ~azure.mgmt.securityinsight.models.GCPRequestProperties + :keyword dcr_config: The configuration of the destination of the data. + :paramtype dcr_config: ~azure.mgmt.securityinsight.models.DCRConfiguration """ - super().__init__(**kwargs) - self.entity_kind = entity_kind - self.count = count + super().__init__(etag=etag, **kwargs) + self.kind: str = "GCP" + self.connector_definition_name = connector_definition_name + self.auth = auth + self.request = request + self.dcr_config = dcr_config -class IncidentInfo(_serialization.Model): - """Describes related incident information for the bookmark. +class GCPRequestProperties(_serialization.Model): + """Google Cloud Platform request section properties. - :ivar incident_id: Incident Id. - :vartype incident_id: str - :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and - "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :ivar title: The title of the incident. - :vartype title: str - :ivar relation_name: Relation Name. - :vartype relation_name: str + All required parameters must be populated in order to send to Azure. + + :ivar project_id: The GCP project id. Required. + :vartype project_id: str + :ivar subscription_names: The GCP pub/sub subscription names. Required. + :vartype subscription_names: list[str] """ + _validation = { + "project_id": {"required": True}, + "subscription_names": {"required": True}, + } + _attribute_map = { - "incident_id": {"key": "incidentId", "type": "str"}, - "severity": {"key": "severity", "type": "str"}, - "title": {"key": "title", "type": "str"}, - "relation_name": {"key": "relationName", "type": "str"}, + "project_id": {"key": "projectId", "type": "str"}, + "subscription_names": {"key": "subscriptionNames", "type": "[str]"}, } - def __init__( - self, - *, - incident_id: Optional[str] = None, - severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, - title: Optional[str] = None, - relation_name: Optional[str] = None, - **kwargs - ): + def __init__(self, *, project_id: str, subscription_names: List[str], **kwargs: Any) -> None: """ - :keyword incident_id: Incident Id. - :paramtype incident_id: str - :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and - "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :keyword title: The title of the incident. - :paramtype title: str - :keyword relation_name: Relation Name. - :paramtype relation_name: str + :keyword project_id: The GCP project id. Required. + :paramtype project_id: str + :keyword subscription_names: The GCP pub/sub subscription names. Required. + :paramtype subscription_names: list[str] """ super().__init__(**kwargs) - self.incident_id = incident_id - self.severity = severity - self.title = title - self.relation_name = relation_name + self.project_id = project_id + self.subscription_names = subscription_names -class IncidentLabel(_serialization.Model): - """Represents an incident label. +class GeoLocation(_serialization.Model): + """The geo-location context attached to the ip entity. Variables are only populated by the server, and will be ignored when sending a request. + :ivar asn: Autonomous System Number. + :vartype asn: int + :ivar city: City name. + :vartype city: str + :ivar country_code: The country code according to ISO 3166 format. + :vartype country_code: str + :ivar country_name: Country name according to ISO 3166 Alpha 2: the lowercase of the English + Short Name. + :vartype country_name: str + :ivar latitude: The latitude of the identified location, expressed as a floating point number + with range of - 90 to 90. Latitude and longitude are derived from the city or postal code. + :vartype latitude: float + :ivar longitude: The longitude of the identified location, expressed as a floating point number + with range of -180 to 180. Latitude and longitude are derived from the city or postal code. + :vartype longitude: float + :ivar state: State name. + :vartype state: str + """ + + _validation = { + "asn": {"readonly": True}, + "city": {"readonly": True}, + "country_code": {"readonly": True}, + "country_name": {"readonly": True}, + "latitude": {"readonly": True}, + "longitude": {"readonly": True}, + "state": {"readonly": True}, + } + + _attribute_map = { + "asn": {"key": "asn", "type": "int"}, + "city": {"key": "city", "type": "str"}, + "country_code": {"key": "countryCode", "type": "str"}, + "country_name": {"key": "countryName", "type": "str"}, + "latitude": {"key": "latitude", "type": "float"}, + "longitude": {"key": "longitude", "type": "float"}, + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.asn = None + self.city = None + self.country_code = None + self.country_name = None + self.latitude = None + self.longitude = None + self.state = None + + +class GetInsightsErrorKind(_serialization.Model): + """GetInsights Query Errors. + All required parameters must be populated in order to send to Azure. - :ivar label_name: The name of the label. Required. - :vartype label_name: str - :ivar label_type: The type of the label. Known values are: "User" and "AutoAssigned". - :vartype label_type: str or ~azure.mgmt.securityinsight.models.IncidentLabelType + :ivar kind: the query kind. Required. "Insight" + :vartype kind: str or ~azure.mgmt.securityinsight.models.GetInsightsError + :ivar query_id: the query id. + :vartype query_id: str + :ivar error_message: the error message. Required. + :vartype error_message: str """ _validation = { - "label_name": {"required": True}, - "label_type": {"readonly": True}, + "kind": {"required": True}, + "error_message": {"required": True}, } _attribute_map = { - "label_name": {"key": "labelName", "type": "str"}, - "label_type": {"key": "labelType", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "query_id": {"key": "queryId", "type": "str"}, + "error_message": {"key": "errorMessage", "type": "str"}, } - def __init__(self, *, label_name: str, **kwargs): + def __init__( + self, + *, + kind: Union[str, "_models.GetInsightsError"], + error_message: str, + query_id: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword label_name: The name of the label. Required. - :paramtype label_name: str + :keyword kind: the query kind. Required. "Insight" + :paramtype kind: str or ~azure.mgmt.securityinsight.models.GetInsightsError + :keyword query_id: the query id. + :paramtype query_id: str + :keyword error_message: the error message. Required. + :paramtype error_message: str """ super().__init__(**kwargs) - self.label_name = label_name - self.label_type = None - + self.kind = kind + self.query_id = query_id + self.error_message = error_message -class IncidentList(_serialization.Model): - """List all the incidents. - Variables are only populated by the server, and will be ignored when sending a request. +class GetInsightsResultsMetadata(_serialization.Model): + """Get Insights result metadata. All required parameters must be populated in order to send to Azure. - :ivar value: Required. - :vartype value: list[~azure.mgmt.securityinsight.models.Incident] - :ivar next_link: URL to fetch the next set of incidents. - :vartype next_link: str + :ivar total_count: the total items found for the insights request. Required. + :vartype total_count: int + :ivar errors: information about the failed queries. + :vartype errors: list[~azure.mgmt.securityinsight.models.GetInsightsErrorKind] """ _validation = { - "value": {"required": True}, - "next_link": {"readonly": True}, + "total_count": {"required": True}, } _attribute_map = { - "value": {"key": "value", "type": "[Incident]"}, - "next_link": {"key": "nextLink", "type": "str"}, + "total_count": {"key": "totalCount", "type": "int"}, + "errors": {"key": "errors", "type": "[GetInsightsErrorKind]"}, } - def __init__(self, *, value: List["_models.Incident"], **kwargs): + def __init__( + self, *, total_count: int, errors: Optional[List["_models.GetInsightsErrorKind"]] = None, **kwargs: Any + ) -> None: """ - :keyword value: Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.Incident] + :keyword total_count: the total items found for the insights request. Required. + :paramtype total_count: int + :keyword errors: information about the failed queries. + :paramtype errors: list[~azure.mgmt.securityinsight.models.GetInsightsErrorKind] """ super().__init__(**kwargs) - self.value = value - self.next_link = None + self.total_count = total_count + self.errors = errors -class IncidentOwnerInfo(_serialization.Model): - """Information on the user an incident is assigned to. +class GetQueriesResponse(_serialization.Model): + """Retrieve queries for entity result operation response. - :ivar email: The email of the user the incident is assigned to. - :vartype email: str - :ivar assigned_to: The name of the user the incident is assigned to. - :vartype assigned_to: str - :ivar object_id: The object id of the user the incident is assigned to. - :vartype object_id: str - :ivar user_principal_name: The user principal name of the user the incident is assigned to. - :vartype user_principal_name: str - :ivar owner_type: The type of the owner the incident is assigned to. Known values are: - "Unknown", "User", and "Group". - :vartype owner_type: str or ~azure.mgmt.securityinsight.models.OwnerType + :ivar value: The query result values. + :vartype value: list[~azure.mgmt.securityinsight.models.EntityQueryItem] """ _attribute_map = { - "email": {"key": "email", "type": "str"}, - "assigned_to": {"key": "assignedTo", "type": "str"}, - "object_id": {"key": "objectId", "type": "str"}, - "user_principal_name": {"key": "userPrincipalName", "type": "str"}, - "owner_type": {"key": "ownerType", "type": "str"}, + "value": {"key": "value", "type": "[EntityQueryItem]"}, } - def __init__( - self, - *, - email: Optional[str] = None, - assigned_to: Optional[str] = None, - object_id: Optional[str] = None, - user_principal_name: Optional[str] = None, - owner_type: Optional[Union[str, "_models.OwnerType"]] = None, - **kwargs - ): + def __init__(self, *, value: Optional[List["_models.EntityQueryItem"]] = None, **kwargs: Any) -> None: """ - :keyword email: The email of the user the incident is assigned to. - :paramtype email: str - :keyword assigned_to: The name of the user the incident is assigned to. - :paramtype assigned_to: str - :keyword object_id: The object id of the user the incident is assigned to. - :paramtype object_id: str - :keyword user_principal_name: The user principal name of the user the incident is assigned to. - :paramtype user_principal_name: str - :keyword owner_type: The type of the owner the incident is assigned to. Known values are: - "Unknown", "User", and "Group". - :paramtype owner_type: str or ~azure.mgmt.securityinsight.models.OwnerType + :keyword value: The query result values. + :paramtype value: list[~azure.mgmt.securityinsight.models.EntityQueryItem] """ super().__init__(**kwargs) - self.email = email - self.assigned_to = assigned_to - self.object_id = object_id - self.user_principal_name = user_principal_name - self.owner_type = owner_type + self.value = value -class IncidentPropertiesAction(_serialization.Model): - """IncidentPropertiesAction. +class GitHubResourceInfo(_serialization.Model): + """Resources created in GitHub repository. - :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and - "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :ivar status: The status of the incident. Known values are: "New", "Active", and "Closed". - :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus - :ivar classification: The reason the incident was closed. Known values are: "Undetermined", - "TruePositive", "BenignPositive", and "FalsePositive". - :vartype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification - :ivar classification_reason: The classification reason the incident was closed with. Known - values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and - "InaccurateData". - :vartype classification_reason: str or - ~azure.mgmt.securityinsight.models.IncidentClassificationReason - :ivar classification_comment: Describes the reason the incident was closed. - :vartype classification_comment: str - :ivar owner: Information on the user an incident is assigned to. - :vartype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo - :ivar labels: List of labels to add to the incident. - :vartype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + :ivar app_installation_id: GitHub application installation id. + :vartype app_installation_id: str """ _attribute_map = { - "severity": {"key": "severity", "type": "str"}, - "status": {"key": "status", "type": "str"}, - "classification": {"key": "classification", "type": "str"}, - "classification_reason": {"key": "classificationReason", "type": "str"}, - "classification_comment": {"key": "classificationComment", "type": "str"}, - "owner": {"key": "owner", "type": "IncidentOwnerInfo"}, - "labels": {"key": "labels", "type": "[IncidentLabel]"}, + "app_installation_id": {"key": "appInstallationId", "type": "str"}, } - def __init__( - self, - *, - severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, - status: Optional[Union[str, "_models.IncidentStatus"]] = None, - classification: Optional[Union[str, "_models.IncidentClassification"]] = None, - classification_reason: Optional[Union[str, "_models.IncidentClassificationReason"]] = None, - classification_comment: Optional[str] = None, - owner: Optional["_models.IncidentOwnerInfo"] = None, - labels: Optional[List["_models.IncidentLabel"]] = None, - **kwargs - ): + def __init__(self, *, app_installation_id: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and - "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :keyword status: The status of the incident. Known values are: "New", "Active", and "Closed". - :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus - :keyword classification: The reason the incident was closed. Known values are: "Undetermined", - "TruePositive", "BenignPositive", and "FalsePositive". - :paramtype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification - :keyword classification_reason: The classification reason the incident was closed with. Known - values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and - "InaccurateData". - :paramtype classification_reason: str or - ~azure.mgmt.securityinsight.models.IncidentClassificationReason - :keyword classification_comment: Describes the reason the incident was closed. - :paramtype classification_comment: str - :keyword owner: Information on the user an incident is assigned to. - :paramtype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo - :keyword labels: List of labels to add to the incident. - :paramtype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + :keyword app_installation_id: GitHub application installation id. + :paramtype app_installation_id: str """ super().__init__(**kwargs) - self.severity = severity - self.status = status - self.classification = classification - self.classification_reason = classification_reason - self.classification_comment = classification_comment - self.owner = owner - self.labels = labels + self.app_installation_id = app_installation_id -class IncidentTask(ResourceWithEtag): # pylint: disable=too-many-instance-attributes - """IncidentTask. - - Variables are only populated by the server, and will be ignored when sending a request. +class GraphQuery(_serialization.Model): + """The graph query to show the volume of data arriving into the workspace over time. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar title: The title of the task. Required. - :vartype title: str - :ivar description: The description of the task. - :vartype description: str - :ivar status: Required. Known values are: "New" and "Completed". - :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentTaskStatus - :ivar created_time_utc: The time the task was created. - :vartype created_time_utc: ~datetime.datetime - :ivar last_modified_time_utc: The last time the task was updated. - :vartype last_modified_time_utc: ~datetime.datetime - :ivar created_by: Information on the client (user or application) that made some action. - :vartype created_by: ~azure.mgmt.securityinsight.models.ClientInfo - :ivar last_modified_by: Information on the client (user or application) that made some action. - :vartype last_modified_by: ~azure.mgmt.securityinsight.models.ClientInfo + :ivar metric_name: Gets or sets the metric name that the query is checking. For example: 'Total + data receive'. Required. + :vartype metric_name: str + :ivar legend: Gets or sets the legend for the graph. Required. + :vartype legend: str + :ivar base_query: Gets or sets the base query for the graph. + The base query is wrapped by Sentinel UI infra with a KQL query, that measures the volume over + time. Required. + :vartype base_query: str """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "title": {"required": True}, - "status": {"required": True}, - "created_time_utc": {"readonly": True}, - "last_modified_time_utc": {"readonly": True}, + "metric_name": {"required": True}, + "legend": {"required": True}, + "base_query": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "title": {"key": "properties.title", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "status": {"key": "properties.status", "type": "str"}, - "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, - "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, - "created_by": {"key": "properties.createdBy", "type": "ClientInfo"}, - "last_modified_by": {"key": "properties.lastModifiedBy", "type": "ClientInfo"}, + "metric_name": {"key": "metricName", "type": "str"}, + "legend": {"key": "legend", "type": "str"}, + "base_query": {"key": "baseQuery", "type": "str"}, } - def __init__( - self, - *, - title: str, - status: Union[str, "_models.IncidentTaskStatus"], - etag: Optional[str] = None, - description: Optional[str] = None, - created_by: Optional["_models.ClientInfo"] = None, - last_modified_by: Optional["_models.ClientInfo"] = None, - **kwargs - ): + def __init__(self, *, metric_name: str, legend: str, base_query: str, **kwargs: Any) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword title: The title of the task. Required. - :paramtype title: str - :keyword description: The description of the task. - :paramtype description: str - :keyword status: Required. Known values are: "New" and "Completed". - :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentTaskStatus - :keyword created_by: Information on the client (user or application) that made some action. - :paramtype created_by: ~azure.mgmt.securityinsight.models.ClientInfo - :keyword last_modified_by: Information on the client (user or application) that made some - action. - :paramtype last_modified_by: ~azure.mgmt.securityinsight.models.ClientInfo + :keyword metric_name: Gets or sets the metric name that the query is checking. For example: + 'Total data receive'. Required. + :paramtype metric_name: str + :keyword legend: Gets or sets the legend for the graph. Required. + :paramtype legend: str + :keyword base_query: Gets or sets the base query for the graph. + The base query is wrapped by Sentinel UI infra with a KQL query, that measures the volume over + time. Required. + :paramtype base_query: str """ - super().__init__(etag=etag, **kwargs) - self.title = title - self.description = description - self.status = status - self.created_time_utc = None - self.last_modified_time_utc = None - self.created_by = created_by - self.last_modified_by = last_modified_by + super().__init__(**kwargs) + self.metric_name = metric_name + self.legend = legend + self.base_query = base_query -class IncidentTaskList(_serialization.Model): - """IncidentTaskList. +class GroupingConfiguration(_serialization.Model): + """Grouping configuration property bag. - :ivar value: - :vartype value: list[~azure.mgmt.securityinsight.models.IncidentTask] - :ivar next_link: - :vartype next_link: str + All required parameters must be populated in order to send to Azure. + + :ivar enabled: Grouping enabled. Required. + :vartype enabled: bool + :ivar reopen_closed_incident: Re-open closed matching incidents. Required. + :vartype reopen_closed_incident: bool + :ivar lookback_duration: Limit the group to alerts created within the lookback duration (in ISO + 8601 duration format). Required. + :vartype lookback_duration: ~datetime.timedelta + :ivar matching_method: Grouping matching method. When method is Selected at least one of + groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. + Required. Known values are: "AllEntities", "AnyAlert", and "Selected". + :vartype matching_method: str or ~azure.mgmt.securityinsight.models.MatchingMethod + :ivar group_by_entities: A list of entity types to group by (when matchingMethod is Selected). + Only entities defined in the current alert rule may be used. + :vartype group_by_entities: list[str or ~azure.mgmt.securityinsight.models.EntityMappingType] + :ivar group_by_alert_details: A list of alert details to group by (when matchingMethod is + Selected). + :vartype group_by_alert_details: list[str or ~azure.mgmt.securityinsight.models.AlertDetail] + :ivar group_by_custom_details: A list of custom details keys to group by (when matchingMethod + is Selected). Only keys defined in the current alert rule may be used. + :vartype group_by_custom_details: list[str] """ + _validation = { + "enabled": {"required": True}, + "reopen_closed_incident": {"required": True}, + "lookback_duration": {"required": True}, + "matching_method": {"required": True}, + } + _attribute_map = { - "value": {"key": "value", "type": "[IncidentTask]"}, - "next_link": {"key": "nextLink", "type": "str"}, + "enabled": {"key": "enabled", "type": "bool"}, + "reopen_closed_incident": {"key": "reopenClosedIncident", "type": "bool"}, + "lookback_duration": {"key": "lookbackDuration", "type": "duration"}, + "matching_method": {"key": "matchingMethod", "type": "str"}, + "group_by_entities": {"key": "groupByEntities", "type": "[str]"}, + "group_by_alert_details": {"key": "groupByAlertDetails", "type": "[str]"}, + "group_by_custom_details": {"key": "groupByCustomDetails", "type": "[str]"}, } def __init__( - self, *, value: Optional[List["_models.IncidentTask"]] = None, next_link: Optional[str] = None, **kwargs - ): + self, + *, + enabled: bool, + reopen_closed_incident: bool, + lookback_duration: datetime.timedelta, + matching_method: Union[str, "_models.MatchingMethod"], + group_by_entities: Optional[List[Union[str, "_models.EntityMappingType"]]] = None, + group_by_alert_details: Optional[List[Union[str, "_models.AlertDetail"]]] = None, + group_by_custom_details: Optional[List[str]] = None, + **kwargs: Any + ) -> None: """ - :keyword value: - :paramtype value: list[~azure.mgmt.securityinsight.models.IncidentTask] - :keyword next_link: - :paramtype next_link: str + :keyword enabled: Grouping enabled. Required. + :paramtype enabled: bool + :keyword reopen_closed_incident: Re-open closed matching incidents. Required. + :paramtype reopen_closed_incident: bool + :keyword lookback_duration: Limit the group to alerts created within the lookback duration (in + ISO 8601 duration format). Required. + :paramtype lookback_duration: ~datetime.timedelta + :keyword matching_method: Grouping matching method. When method is Selected at least one of + groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. + Required. Known values are: "AllEntities", "AnyAlert", and "Selected". + :paramtype matching_method: str or ~azure.mgmt.securityinsight.models.MatchingMethod + :keyword group_by_entities: A list of entity types to group by (when matchingMethod is + Selected). Only entities defined in the current alert rule may be used. + :paramtype group_by_entities: list[str or ~azure.mgmt.securityinsight.models.EntityMappingType] + :keyword group_by_alert_details: A list of alert details to group by (when matchingMethod is + Selected). + :paramtype group_by_alert_details: list[str or ~azure.mgmt.securityinsight.models.AlertDetail] + :keyword group_by_custom_details: A list of custom details keys to group by (when + matchingMethod is Selected). Only keys defined in the current alert rule may be used. + :paramtype group_by_custom_details: list[str] """ super().__init__(**kwargs) - self.value = value - self.next_link = next_link + self.enabled = enabled + self.reopen_closed_incident = reopen_closed_incident + self.lookback_duration = lookback_duration + self.matching_method = matching_method + self.group_by_entities = group_by_entities + self.group_by_alert_details = group_by_alert_details + self.group_by_custom_details = group_by_custom_details -class InsightQueryItem(EntityQueryItem): - """Represents Insight Query. +class HostEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a host entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar id: Query Template ARM ID. + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str - :ivar name: Query Template ARM Name. + :ivar name: The name of the resource. :vartype name: str - :ivar type: ARM Type. + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". :vartype type: str - :ivar kind: The kind of the entity query. Required. Known values are: "Expansion", "Insight", - and "Activity". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind - :ivar properties: Properties bag for InsightQueryItem. - :vartype properties: ~azure.mgmt.securityinsight.models.InsightQueryItemProperties + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar azure_id: The azure resource id of the VM. + :vartype azure_id: str + :ivar dns_domain: The DNS domain that this host belongs to. Should contain the compete DNS + suffix for the domain. + :vartype dns_domain: str + :ivar host_name: The hostname without the domain suffix. + :vartype host_name: str + :ivar is_domain_joined: Determines whether this host belongs to a domain. + :vartype is_domain_joined: bool + :ivar net_bios_name: The host name (pre-windows2000). + :vartype net_bios_name: str + :ivar nt_domain: The NT domain that this host belongs to. + :vartype nt_domain: str + :ivar oms_agent_id: The OMS agent id, if the host has OMS agent installed. + :vartype oms_agent_id: str + :ivar os_family: The operating system type. Known values are: "Linux", "Windows", "Android", + "IOS", and "Unknown". + :vartype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily + :ivar os_version: A free text representation of the operating system. This field is meant to + hold specific versions the are more fine grained than OSFamily or future values not supported + by OSFamily enumeration. + :vartype os_version: str """ _validation = { "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "azure_id": {"readonly": True}, + "dns_domain": {"readonly": True}, + "host_name": {"readonly": True}, + "is_domain_joined": {"readonly": True}, + "net_bios_name": {"readonly": True}, + "nt_domain": {"readonly": True}, + "oms_agent_id": {"readonly": True}, + "os_version": {"readonly": True}, } _attribute_map = { "id": {"key": "id", "type": "str"}, "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, "kind": {"key": "kind", "type": "str"}, - "properties": {"key": "properties", "type": "InsightQueryItemProperties"}, - } - - def __init__( - self, - *, - name: Optional[str] = None, - type: Optional[str] = None, - properties: Optional["_models.InsightQueryItemProperties"] = None, - **kwargs - ): - """ - :keyword name: Query Template ARM Name. - :paramtype name: str - :keyword type: ARM Type. - :paramtype type: str - :keyword properties: Properties bag for InsightQueryItem. - :paramtype properties: ~azure.mgmt.securityinsight.models.InsightQueryItemProperties + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "azure_id": {"key": "properties.azureID", "type": "str"}, + "dns_domain": {"key": "properties.dnsDomain", "type": "str"}, + "host_name": {"key": "properties.hostName", "type": "str"}, + "is_domain_joined": {"key": "properties.isDomainJoined", "type": "bool"}, + "net_bios_name": {"key": "properties.netBiosName", "type": "str"}, + "nt_domain": {"key": "properties.ntDomain", "type": "str"}, + "oms_agent_id": {"key": "properties.omsAgentID", "type": "str"}, + "os_family": {"key": "properties.osFamily", "type": "str"}, + "os_version": {"key": "properties.osVersion", "type": "str"}, + } + + def __init__(self, *, os_family: Optional[Union[str, "_models.OSFamily"]] = None, **kwargs: Any) -> None: """ - super().__init__(name=name, type=type, **kwargs) - self.kind: str = "Insight" - self.properties = properties + :keyword os_family: The operating system type. Known values are: "Linux", "Windows", "Android", + "IOS", and "Unknown". + :paramtype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily + """ + super().__init__(**kwargs) + self.kind: str = "Host" + self.additional_data = None + self.friendly_name = None + self.azure_id = None + self.dns_domain = None + self.host_name = None + self.is_domain_joined = None + self.net_bios_name = None + self.nt_domain = None + self.oms_agent_id = None + self.os_family = os_family + self.os_version = None -class InsightQueryItemProperties(EntityQueryItemProperties): # pylint: disable=too-many-instance-attributes - """Represents Insight Query. +class HostEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Host entity property bag. - :ivar data_types: Data types for template. - :vartype data_types: - list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] - :ivar input_entity_type: The type of the entity. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", - "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :ivar required_input_fields_sets: Data types for template. - :vartype required_input_fields_sets: list[list[str]] - :ivar entities_filter: The query applied only to entities matching to all filters. - :vartype entities_filter: JSON - :ivar display_name: The insight display name. + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar azure_id: The azure resource id of the VM. + :vartype azure_id: str + :ivar dns_domain: The DNS domain that this host belongs to. Should contain the compete DNS + suffix for the domain. + :vartype dns_domain: str + :ivar host_name: The hostname without the domain suffix. + :vartype host_name: str + :ivar is_domain_joined: Determines whether this host belongs to a domain. + :vartype is_domain_joined: bool + :ivar net_bios_name: The host name (pre-windows2000). + :vartype net_bios_name: str + :ivar nt_domain: The NT domain that this host belongs to. + :vartype nt_domain: str + :ivar oms_agent_id: The OMS agent id, if the host has OMS agent installed. + :vartype oms_agent_id: str + :ivar os_family: The operating system type. Known values are: "Linux", "Windows", "Android", + "IOS", and "Unknown". + :vartype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily + :ivar os_version: A free text representation of the operating system. This field is meant to + hold specific versions the are more fine grained than OSFamily or future values not supported + by OSFamily enumeration. + :vartype os_version: str + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "azure_id": {"readonly": True}, + "dns_domain": {"readonly": True}, + "host_name": {"readonly": True}, + "is_domain_joined": {"readonly": True}, + "net_bios_name": {"readonly": True}, + "nt_domain": {"readonly": True}, + "oms_agent_id": {"readonly": True}, + "os_version": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "azure_id": {"key": "azureID", "type": "str"}, + "dns_domain": {"key": "dnsDomain", "type": "str"}, + "host_name": {"key": "hostName", "type": "str"}, + "is_domain_joined": {"key": "isDomainJoined", "type": "bool"}, + "net_bios_name": {"key": "netBiosName", "type": "str"}, + "nt_domain": {"key": "ntDomain", "type": "str"}, + "oms_agent_id": {"key": "omsAgentID", "type": "str"}, + "os_family": {"key": "osFamily", "type": "str"}, + "os_version": {"key": "osVersion", "type": "str"}, + } + + def __init__(self, *, os_family: Optional[Union[str, "_models.OSFamily"]] = None, **kwargs: Any) -> None: + """ + :keyword os_family: The operating system type. Known values are: "Linux", "Windows", "Android", + "IOS", and "Unknown". + :paramtype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily + """ + super().__init__(**kwargs) + self.azure_id = None + self.dns_domain = None + self.host_name = None + self.is_domain_joined = None + self.net_bios_name = None + self.nt_domain = None + self.oms_agent_id = None + self.os_family = os_family + self.os_version = None + + +class Hunt(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Represents a Hunt in Azure Security Insights. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar display_name: The display name of the hunt. :vartype display_name: str - :ivar description: The insight description. + :ivar description: The description of the hunt. :vartype description: str - :ivar base_query: The base query of the insight. - :vartype base_query: str - :ivar table_query: The insight table query. - :vartype table_query: ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQuery - :ivar chart_query: The insight chart query. - :vartype chart_query: JSON - :ivar additional_query: The activity query definitions. - :vartype additional_query: - ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesAdditionalQuery - :ivar default_time_range: The insight chart query. - :vartype default_time_range: - ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesDefaultTimeRange - :ivar reference_time_range: The insight chart query. - :vartype reference_time_range: - ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesReferenceTimeRange + :ivar status: The status of the hunt. Known values are: "New", "Active", "Closed", "Backlog", + "Approved", "Succeeded", "Failed", and "InProgress". + :vartype status: str or ~azure.mgmt.securityinsight.models.Status + :ivar hypothesis_status: The hypothesis status of the hunt. Known values are: "Unknown", + "Invalidated", and "Validated". + :vartype hypothesis_status: str or ~azure.mgmt.securityinsight.models.HypothesisStatus + :ivar attack_tactics: A list of mitre attack tactics the hunt is associated with. + :vartype attack_tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar attack_techniques: A list of a mitre attack techniques the hunt is associated with. + :vartype attack_techniques: list[str] + :ivar labels: List of labels relevant to this hunt. + :vartype labels: list[str] + :ivar owner: Describes a user that the hunt is assigned to. + :vartype owner: ~azure.mgmt.securityinsight.models.HuntOwner """ + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + } + _attribute_map = { - "data_types": {"key": "dataTypes", "type": "[EntityQueryItemPropertiesDataTypesItem]"}, - "input_entity_type": {"key": "inputEntityType", "type": "str"}, - "required_input_fields_sets": {"key": "requiredInputFieldsSets", "type": "[[str]]"}, - "entities_filter": {"key": "entitiesFilter", "type": "object"}, - "display_name": {"key": "displayName", "type": "str"}, - "description": {"key": "description", "type": "str"}, - "base_query": {"key": "baseQuery", "type": "str"}, - "table_query": {"key": "tableQuery", "type": "InsightQueryItemPropertiesTableQuery"}, - "chart_query": {"key": "chartQuery", "type": "object"}, - "additional_query": {"key": "additionalQuery", "type": "InsightQueryItemPropertiesAdditionalQuery"}, - "default_time_range": {"key": "defaultTimeRange", "type": "InsightQueryItemPropertiesDefaultTimeRange"}, - "reference_time_range": {"key": "referenceTimeRange", "type": "InsightQueryItemPropertiesReferenceTimeRange"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "status": {"key": "properties.status", "type": "str"}, + "hypothesis_status": {"key": "properties.hypothesisStatus", "type": "str"}, + "attack_tactics": {"key": "properties.attackTactics", "type": "[str]"}, + "attack_techniques": {"key": "properties.attackTechniques", "type": "[str]"}, + "labels": {"key": "properties.labels", "type": "[str]"}, + "owner": {"key": "properties.owner", "type": "HuntOwner"}, } def __init__( self, *, - data_types: Optional[List["_models.EntityQueryItemPropertiesDataTypesItem"]] = None, - input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, - required_input_fields_sets: Optional[List[List[str]]] = None, - entities_filter: Optional[JSON] = None, + etag: Optional[str] = None, display_name: Optional[str] = None, description: Optional[str] = None, - base_query: Optional[str] = None, - table_query: Optional["_models.InsightQueryItemPropertiesTableQuery"] = None, - chart_query: Optional[JSON] = None, - additional_query: Optional["_models.InsightQueryItemPropertiesAdditionalQuery"] = None, - default_time_range: Optional["_models.InsightQueryItemPropertiesDefaultTimeRange"] = None, - reference_time_range: Optional["_models.InsightQueryItemPropertiesReferenceTimeRange"] = None, - **kwargs - ): + status: Optional[Union[str, "_models.Status"]] = None, + hypothesis_status: Union[str, "_models.HypothesisStatus"] = "Unknown", + attack_tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + attack_techniques: Optional[List[str]] = None, + labels: Optional[List[str]] = None, + owner: Optional["_models.HuntOwner"] = None, + **kwargs: Any + ) -> None: """ - :keyword data_types: Data types for template. - :paramtype data_types: - list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] - :keyword input_entity_type: The type of the entity. Known values are: "Account", "Host", - "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", - "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType - :keyword required_input_fields_sets: Data types for template. - :paramtype required_input_fields_sets: list[list[str]] - :keyword entities_filter: The query applied only to entities matching to all filters. - :paramtype entities_filter: JSON - :keyword display_name: The insight display name. + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword display_name: The display name of the hunt. :paramtype display_name: str - :keyword description: The insight description. + :keyword description: The description of the hunt. :paramtype description: str - :keyword base_query: The base query of the insight. - :paramtype base_query: str - :keyword table_query: The insight table query. - :paramtype table_query: ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQuery - :keyword chart_query: The insight chart query. - :paramtype chart_query: JSON - :keyword additional_query: The activity query definitions. - :paramtype additional_query: - ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesAdditionalQuery - :keyword default_time_range: The insight chart query. - :paramtype default_time_range: - ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesDefaultTimeRange - :keyword reference_time_range: The insight chart query. - :paramtype reference_time_range: - ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesReferenceTimeRange + :keyword status: The status of the hunt. Known values are: "New", "Active", "Closed", + "Backlog", "Approved", "Succeeded", "Failed", and "InProgress". + :paramtype status: str or ~azure.mgmt.securityinsight.models.Status + :keyword hypothesis_status: The hypothesis status of the hunt. Known values are: "Unknown", + "Invalidated", and "Validated". + :paramtype hypothesis_status: str or ~azure.mgmt.securityinsight.models.HypothesisStatus + :keyword attack_tactics: A list of mitre attack tactics the hunt is associated with. + :paramtype attack_tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword attack_techniques: A list of a mitre attack techniques the hunt is associated with. + :paramtype attack_techniques: list[str] + :keyword labels: List of labels relevant to this hunt. + :paramtype labels: list[str] + :keyword owner: Describes a user that the hunt is assigned to. + :paramtype owner: ~azure.mgmt.securityinsight.models.HuntOwner """ - super().__init__( - data_types=data_types, - input_entity_type=input_entity_type, - required_input_fields_sets=required_input_fields_sets, - entities_filter=entities_filter, - **kwargs - ) + super().__init__(etag=etag, **kwargs) self.display_name = display_name self.description = description - self.base_query = base_query - self.table_query = table_query - self.chart_query = chart_query - self.additional_query = additional_query - self.default_time_range = default_time_range - self.reference_time_range = reference_time_range + self.status = status + self.hypothesis_status = hypothesis_status + self.attack_tactics = attack_tactics + self.attack_techniques = attack_techniques + self.labels = labels + self.owner = owner -class InsightQueryItemPropertiesAdditionalQuery(_serialization.Model): - """The activity query definitions. +class HuntComment(ResourceWithEtag): + """Represents a Hunt Comment in Azure Security Insights. - :ivar query: The insight query. - :vartype query: str - :ivar text: The insight text. - :vartype text: str + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar message: The message for the comment. + :vartype message: str """ - _attribute_map = { - "query": {"key": "query", "type": "str"}, - "text": {"key": "text", "type": "str"}, + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, } - def __init__(self, *, query: Optional[str] = None, text: Optional[str] = None, **kwargs): - """ - :keyword query: The insight query. - :paramtype query: str - :keyword text: The insight text. - :paramtype text: str - """ - super().__init__(**kwargs) - self.query = query - self.text = text - - -class InsightQueryItemPropertiesDefaultTimeRange(_serialization.Model): - """The insight chart query. - - :ivar before_range: The padding for the start time of the query. - :vartype before_range: str - :ivar after_range: The padding for the end time of the query. - :vartype after_range: str - """ - _attribute_map = { - "before_range": {"key": "beforeRange", "type": "str"}, - "after_range": {"key": "afterRange", "type": "str"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "message": {"key": "properties.message", "type": "str"}, } - def __init__(self, *, before_range: Optional[str] = None, after_range: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, message: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword before_range: The padding for the start time of the query. - :paramtype before_range: str - :keyword after_range: The padding for the end time of the query. - :paramtype after_range: str + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword message: The message for the comment. + :paramtype message: str """ - super().__init__(**kwargs) - self.before_range = before_range - self.after_range = after_range + super().__init__(etag=etag, **kwargs) + self.message = message -class InsightQueryItemPropertiesReferenceTimeRange(_serialization.Model): - """The insight chart query. +class HuntCommentList(_serialization.Model): + """List of all hunt comments. - :ivar before_range: Additional query time for looking back. - :vartype before_range: str + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of hunt comments. + :vartype next_link: str + :ivar value: Array of hunt comments. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.HuntComment] """ + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + _attribute_map = { - "before_range": {"key": "beforeRange", "type": "str"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[HuntComment]"}, } - def __init__(self, *, before_range: Optional[str] = None, **kwargs): + def __init__(self, *, value: List["_models.HuntComment"], **kwargs: Any) -> None: """ - :keyword before_range: Additional query time for looking back. - :paramtype before_range: str + :keyword value: Array of hunt comments. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.HuntComment] """ super().__init__(**kwargs) - self.before_range = before_range + self.next_link = None + self.value = value -class InsightQueryItemPropertiesTableQuery(_serialization.Model): - """The insight table query. +class HuntingBookmark(Entity): # pylint: disable=too-many-instance-attributes + """Represents a Hunting bookmark entity. - :ivar columns_definitions: List of insight column definitions. - :vartype columns_definitions: - list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem] - :ivar queries_definitions: List of insight queries definitions. - :vartype queries_definitions: - list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem] + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar created: The time the bookmark was created. + :vartype created: ~datetime.datetime + :ivar created_by: Describes a user that created the bookmark. + :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar display_name: The display name of the bookmark. + :vartype display_name: str + :ivar event_time: The time of the event. + :vartype event_time: ~datetime.datetime + :ivar labels: List of labels relevant to this bookmark. + :vartype labels: list[str] + :ivar notes: The notes of the bookmark. + :vartype notes: str + :ivar query: The query of the bookmark. + :vartype query: str + :ivar query_result: The query result of the bookmark. + :vartype query_result: str + :ivar updated: The last time the bookmark was updated. + :vartype updated: ~datetime.datetime + :ivar updated_by: Describes a user that updated the bookmark. + :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar incident_info: Describes an incident that relates to bookmark. + :vartype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo """ + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + } + _attribute_map = { - "columns_definitions": { - "key": "columnsDefinitions", - "type": "[InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem]", - }, - "queries_definitions": { - "key": "queriesDefinitions", - "type": "[InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem]", - }, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "created": {"key": "properties.created", "type": "iso-8601"}, + "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "event_time": {"key": "properties.eventTime", "type": "iso-8601"}, + "labels": {"key": "properties.labels", "type": "[str]"}, + "notes": {"key": "properties.notes", "type": "str"}, + "query": {"key": "properties.query", "type": "str"}, + "query_result": {"key": "properties.queryResult", "type": "str"}, + "updated": {"key": "properties.updated", "type": "iso-8601"}, + "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, + "incident_info": {"key": "properties.incidentInfo", "type": "IncidentInfo"}, } def __init__( self, *, - columns_definitions: Optional[ - List["_models.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem"] - ] = None, - queries_definitions: Optional[ - List["_models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem"] - ] = None, - **kwargs - ): + created: Optional[datetime.datetime] = None, + created_by: Optional["_models.UserInfo"] = None, + display_name: Optional[str] = None, + event_time: Optional[datetime.datetime] = None, + labels: Optional[List[str]] = None, + notes: Optional[str] = None, + query: Optional[str] = None, + query_result: Optional[str] = None, + updated: Optional[datetime.datetime] = None, + updated_by: Optional["_models.UserInfo"] = None, + incident_info: Optional["_models.IncidentInfo"] = None, + **kwargs: Any + ) -> None: """ - :keyword columns_definitions: List of insight column definitions. - :paramtype columns_definitions: - list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem] - :keyword queries_definitions: List of insight queries definitions. - :paramtype queries_definitions: - list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem] + :keyword created: The time the bookmark was created. + :paramtype created: ~datetime.datetime + :keyword created_by: Describes a user that created the bookmark. + :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword display_name: The display name of the bookmark. + :paramtype display_name: str + :keyword event_time: The time of the event. + :paramtype event_time: ~datetime.datetime + :keyword labels: List of labels relevant to this bookmark. + :paramtype labels: list[str] + :keyword notes: The notes of the bookmark. + :paramtype notes: str + :keyword query: The query of the bookmark. + :paramtype query: str + :keyword query_result: The query result of the bookmark. + :paramtype query_result: str + :keyword updated: The last time the bookmark was updated. + :paramtype updated: ~datetime.datetime + :keyword updated_by: Describes a user that updated the bookmark. + :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword incident_info: Describes an incident that relates to bookmark. + :paramtype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo """ super().__init__(**kwargs) - self.columns_definitions = columns_definitions - self.queries_definitions = queries_definitions + self.kind: str = "Bookmark" + self.additional_data = None + self.friendly_name = None + self.created = created + self.created_by = created_by + self.display_name = display_name + self.event_time = event_time + self.labels = labels + self.notes = notes + self.query = query + self.query_result = query_result + self.updated = updated + self.updated_by = updated_by + self.incident_info = incident_info -class InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem(_serialization.Model): - """InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem. +class HuntingBookmarkProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Describes bookmark properties. - :ivar header: Insight column header. - :vartype header: str - :ivar output_type: Insights Column type. Known values are: "Number", "String", "Date", and - "Entity". - :vartype output_type: str or ~azure.mgmt.securityinsight.models.OutputType - :ivar support_deep_link: Is query supports deep-link. - :vartype support_deep_link: bool - """ + Variables are only populated by the server, and will be ignored when sending a request. - _attribute_map = { - "header": {"key": "header", "type": "str"}, - "output_type": {"key": "outputType", "type": "str"}, - "support_deep_link": {"key": "supportDeepLink", "type": "bool"}, - } - - def __init__( - self, - *, - header: Optional[str] = None, - output_type: Optional[Union[str, "_models.OutputType"]] = None, - support_deep_link: Optional[bool] = None, - **kwargs - ): - """ - :keyword header: Insight column header. - :paramtype header: str - :keyword output_type: Insights Column type. Known values are: "Number", "String", "Date", and - "Entity". - :paramtype output_type: str or ~azure.mgmt.securityinsight.models.OutputType - :keyword support_deep_link: Is query supports deep-link. - :paramtype support_deep_link: bool - """ - super().__init__(**kwargs) - self.header = header - self.output_type = output_type - self.support_deep_link = support_deep_link - - -class InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem(_serialization.Model): - """InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem. + All required parameters must be populated in order to send to Azure. - :ivar filter: Insight column header. - :vartype filter: str - :ivar summarize: Insight column header. - :vartype summarize: str - :ivar project: Insight column header. - :vartype project: str - :ivar link_columns_definitions: Insight column header. - :vartype link_columns_definitions: - list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem] + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar created: The time the bookmark was created. + :vartype created: ~datetime.datetime + :ivar created_by: Describes a user that created the bookmark. + :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar display_name: The display name of the bookmark. Required. + :vartype display_name: str + :ivar event_time: The time of the event. + :vartype event_time: ~datetime.datetime + :ivar labels: List of labels relevant to this bookmark. + :vartype labels: list[str] + :ivar notes: The notes of the bookmark. + :vartype notes: str + :ivar query: The query of the bookmark. Required. + :vartype query: str + :ivar query_result: The query result of the bookmark. + :vartype query_result: str + :ivar updated: The last time the bookmark was updated. + :vartype updated: ~datetime.datetime + :ivar updated_by: Describes a user that updated the bookmark. + :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar incident_info: Describes an incident that relates to bookmark. + :vartype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo """ + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "display_name": {"required": True}, + "query": {"required": True}, + } + _attribute_map = { - "filter": {"key": "filter", "type": "str"}, - "summarize": {"key": "summarize", "type": "str"}, - "project": {"key": "project", "type": "str"}, - "link_columns_definitions": { - "key": "linkColumnsDefinitions", - "type": "[InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem]", - }, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "created": {"key": "created", "type": "iso-8601"}, + "created_by": {"key": "createdBy", "type": "UserInfo"}, + "display_name": {"key": "displayName", "type": "str"}, + "event_time": {"key": "eventTime", "type": "iso-8601"}, + "labels": {"key": "labels", "type": "[str]"}, + "notes": {"key": "notes", "type": "str"}, + "query": {"key": "query", "type": "str"}, + "query_result": {"key": "queryResult", "type": "str"}, + "updated": {"key": "updated", "type": "iso-8601"}, + "updated_by": {"key": "updatedBy", "type": "UserInfo"}, + "incident_info": {"key": "incidentInfo", "type": "IncidentInfo"}, } def __init__( self, *, - filter: Optional[str] = None, # pylint: disable=redefined-builtin - summarize: Optional[str] = None, - project: Optional[str] = None, - link_columns_definitions: Optional[ - List["_models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem"] - ] = None, - **kwargs - ): + display_name: str, + query: str, + created: Optional[datetime.datetime] = None, + created_by: Optional["_models.UserInfo"] = None, + event_time: Optional[datetime.datetime] = None, + labels: Optional[List[str]] = None, + notes: Optional[str] = None, + query_result: Optional[str] = None, + updated: Optional[datetime.datetime] = None, + updated_by: Optional["_models.UserInfo"] = None, + incident_info: Optional["_models.IncidentInfo"] = None, + **kwargs: Any + ) -> None: """ - :keyword filter: Insight column header. - :paramtype filter: str - :keyword summarize: Insight column header. - :paramtype summarize: str - :keyword project: Insight column header. - :paramtype project: str - :keyword link_columns_definitions: Insight column header. - :paramtype link_columns_definitions: - list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem] + :keyword created: The time the bookmark was created. + :paramtype created: ~datetime.datetime + :keyword created_by: Describes a user that created the bookmark. + :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword display_name: The display name of the bookmark. Required. + :paramtype display_name: str + :keyword event_time: The time of the event. + :paramtype event_time: ~datetime.datetime + :keyword labels: List of labels relevant to this bookmark. + :paramtype labels: list[str] + :keyword notes: The notes of the bookmark. + :paramtype notes: str + :keyword query: The query of the bookmark. Required. + :paramtype query: str + :keyword query_result: The query result of the bookmark. + :paramtype query_result: str + :keyword updated: The last time the bookmark was updated. + :paramtype updated: ~datetime.datetime + :keyword updated_by: Describes a user that updated the bookmark. + :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword incident_info: Describes an incident that relates to bookmark. + :paramtype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo """ super().__init__(**kwargs) - self.filter = filter - self.summarize = summarize - self.project = project - self.link_columns_definitions = link_columns_definitions + self.created = created + self.created_by = created_by + self.display_name = display_name + self.event_time = event_time + self.labels = labels + self.notes = notes + self.query = query + self.query_result = query_result + self.updated = updated + self.updated_by = updated_by + self.incident_info = incident_info -class InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem(_serialization.Model): - """InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem. +class HuntList(_serialization.Model): + """List all the hunts. - :ivar projected_name: Insight Link Definition Projected Name. - :vartype projected_name: str - :ivar query: Insight Link Definition Query. - :vartype query: str + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of hunts. + :vartype next_link: str + :ivar value: Array of hunts. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Hunt] """ + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + _attribute_map = { - "projected_name": {"key": "projectedName", "type": "str"}, - "query": {"key": "Query", "type": "str"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Hunt]"}, } - def __init__(self, *, projected_name: Optional[str] = None, query: Optional[str] = None, **kwargs): + def __init__(self, *, value: List["_models.Hunt"], **kwargs: Any) -> None: """ - :keyword projected_name: Insight Link Definition Projected Name. - :paramtype projected_name: str - :keyword query: Insight Link Definition Query. - :paramtype query: str + :keyword value: Array of hunts. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Hunt] """ super().__init__(**kwargs) - self.projected_name = projected_name - self.query = query + self.next_link = None + self.value = value -class InsightsTableResult(_serialization.Model): - """Query results for table insights query. +class HuntOwner(_serialization.Model): + """Describes a user that the hunt is assigned to. - :ivar columns: Columns Metadata of the table. - :vartype columns: list[~azure.mgmt.securityinsight.models.InsightsTableResultColumnsItem] - :ivar rows: Rows data of the table. - :vartype rows: list[list[str]] + :ivar email: The email of the user the hunt is assigned to. + :vartype email: str + :ivar assigned_to: The name of the user the hunt is assigned to. + :vartype assigned_to: str + :ivar object_id: The object id of the user the hunt is assigned to. + :vartype object_id: str + :ivar user_principal_name: The user principal name of the user the hunt is assigned to. + :vartype user_principal_name: str + :ivar owner_type: The type of the owner the hunt is assigned to. Known values are: "Unknown", + "User", and "Group". + :vartype owner_type: str or ~azure.mgmt.securityinsight.models.OwnerType """ _attribute_map = { - "columns": {"key": "columns", "type": "[InsightsTableResultColumnsItem]"}, - "rows": {"key": "rows", "type": "[[str]]"}, + "email": {"key": "email", "type": "str"}, + "assigned_to": {"key": "assignedTo", "type": "str"}, + "object_id": {"key": "objectId", "type": "str"}, + "user_principal_name": {"key": "userPrincipalName", "type": "str"}, + "owner_type": {"key": "ownerType", "type": "str"}, } def __init__( self, *, - columns: Optional[List["_models.InsightsTableResultColumnsItem"]] = None, - rows: Optional[List[List[str]]] = None, - **kwargs - ): + email: Optional[str] = None, + assigned_to: Optional[str] = None, + object_id: Optional[str] = None, + user_principal_name: Optional[str] = None, + owner_type: Optional[Union[str, "_models.OwnerType"]] = None, + **kwargs: Any + ) -> None: """ - :keyword columns: Columns Metadata of the table. - :paramtype columns: list[~azure.mgmt.securityinsight.models.InsightsTableResultColumnsItem] - :keyword rows: Rows data of the table. - :paramtype rows: list[list[str]] + :keyword email: The email of the user the hunt is assigned to. + :paramtype email: str + :keyword assigned_to: The name of the user the hunt is assigned to. + :paramtype assigned_to: str + :keyword object_id: The object id of the user the hunt is assigned to. + :paramtype object_id: str + :keyword user_principal_name: The user principal name of the user the hunt is assigned to. + :paramtype user_principal_name: str + :keyword owner_type: The type of the owner the hunt is assigned to. Known values are: + "Unknown", "User", and "Group". + :paramtype owner_type: str or ~azure.mgmt.securityinsight.models.OwnerType """ super().__init__(**kwargs) - self.columns = columns - self.rows = rows + self.email = email + self.assigned_to = assigned_to + self.object_id = object_id + self.user_principal_name = user_principal_name + self.owner_type = owner_type -class InsightsTableResultColumnsItem(_serialization.Model): - """InsightsTableResultColumnsItem. +class HuntRelation(ResourceWithEtag): + """Represents a Hunt Relation in Azure Security Insights. - :ivar type: the type of the colum. - :vartype type: str - :ivar name: the name of the colum. + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. :vartype name: str - """ - - _attribute_map = { - "type": {"key": "type", "type": "str"}, - "name": {"key": "name", "type": "str"}, - } - - def __init__(self, *, type: Optional[str] = None, name: Optional[str] = None, **kwargs): - """ - :keyword type: the type of the colum. - :paramtype type: str - :keyword name: the name of the colum. - :paramtype name: str - """ - super().__init__(**kwargs) - self.type = type - self.name = name - - -class Instructions(_serialization.Model): - """Instructions section of a recommendation. - - All required parameters must be populated in order to send to Azure. - - :ivar actions_to_be_performed: What actions should be taken to complete the recommendation. - Required. - :vartype actions_to_be_performed: str - :ivar recommendation_importance: Explains why the recommendation is important. Required. - :vartype recommendation_importance: str - :ivar how_to_perform_action_details: How should the user complete the recommendation. - :vartype how_to_perform_action_details: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar related_resource_id: The id of the related resource. + :vartype related_resource_id: str + :ivar related_resource_name: The name of the related resource. + :vartype related_resource_name: str + :ivar relation_type: The type of the hunt relation. + :vartype relation_type: str + :ivar related_resource_kind: The resource that the relation is related to. + :vartype related_resource_kind: str + :ivar labels: List of labels relevant to this hunt. + :vartype labels: list[str] """ _validation = { - "actions_to_be_performed": {"required": True}, - "recommendation_importance": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "related_resource_name": {"readonly": True}, + "relation_type": {"readonly": True}, + "related_resource_kind": {"readonly": True}, } _attribute_map = { - "actions_to_be_performed": {"key": "actionsToBePerformed", "type": "str"}, - "recommendation_importance": {"key": "recommendationImportance", "type": "str"}, - "how_to_perform_action_details": {"key": "howToPerformActionDetails", "type": "str"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "related_resource_id": {"key": "properties.relatedResourceId", "type": "str"}, + "related_resource_name": {"key": "properties.relatedResourceName", "type": "str"}, + "relation_type": {"key": "properties.relationType", "type": "str"}, + "related_resource_kind": {"key": "properties.relatedResourceKind", "type": "str"}, + "labels": {"key": "properties.labels", "type": "[str]"}, } def __init__( self, *, - actions_to_be_performed: str, - recommendation_importance: str, - how_to_perform_action_details: Optional[str] = None, - **kwargs - ): + etag: Optional[str] = None, + related_resource_id: Optional[str] = None, + labels: Optional[List[str]] = None, + **kwargs: Any + ) -> None: """ - :keyword actions_to_be_performed: What actions should be taken to complete the recommendation. - Required. - :paramtype actions_to_be_performed: str - :keyword recommendation_importance: Explains why the recommendation is important. Required. - :paramtype recommendation_importance: str - :keyword how_to_perform_action_details: How should the user complete the recommendation. - :paramtype how_to_perform_action_details: str + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword related_resource_id: The id of the related resource. + :paramtype related_resource_id: str + :keyword labels: List of labels relevant to this hunt. + :paramtype labels: list[str] """ - super().__init__(**kwargs) - self.actions_to_be_performed = actions_to_be_performed - self.recommendation_importance = recommendation_importance - self.how_to_perform_action_details = how_to_perform_action_details - - -class InstructionStepsInstructionsItem(ConnectorInstructionModelBase): - """InstructionStepsInstructionsItem. - - All required parameters must be populated in order to send to Azure. - - :ivar parameters: The parameters for the setting. - :vartype parameters: JSON - :ivar type: The kind of the setting. Required. Known values are: "CopyableLabel", - "InstructionStepsGroup", and "InfoMessage". - :vartype type: str or ~azure.mgmt.securityinsight.models.SettingType - """ - - _validation = { - "type": {"required": True}, - } - - _attribute_map = { - "parameters": {"key": "parameters", "type": "object"}, - "type": {"key": "type", "type": "str"}, - } + super().__init__(etag=etag, **kwargs) + self.related_resource_id = related_resource_id + self.related_resource_name = None + self.relation_type = None + self.related_resource_kind = None + self.labels = labels - def __init__(self, *, type: Union[str, "_models.SettingType"], parameters: Optional[JSON] = None, **kwargs): - """ - :keyword parameters: The parameters for the setting. - :paramtype parameters: JSON - :keyword type: The kind of the setting. Required. Known values are: "CopyableLabel", - "InstructionStepsGroup", and "InfoMessage". - :paramtype type: str or ~azure.mgmt.securityinsight.models.SettingType - """ - super().__init__(parameters=parameters, type=type, **kwargs) +class HuntRelationList(_serialization.Model): + """List of all the hunt relations. -class IoTCheckRequirements(DataConnectorsCheckRequirements): - """Represents IoT requirements check request. + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar subscription_id: The subscription id to connect to, and get the data from. - :vartype subscription_id: str + :ivar next_link: URL to fetch the next set of hunt relations. + :vartype next_link: str + :ivar value: Array of hunt relations. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.HuntRelation] """ _validation = { - "kind": {"required": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[HuntRelation]"}, } - def __init__(self, *, subscription_id: Optional[str] = None, **kwargs): + def __init__(self, *, value: List["_models.HuntRelation"], **kwargs: Any) -> None: """ - :keyword subscription_id: The subscription id to connect to, and get the data from. - :paramtype subscription_id: str + :keyword value: Array of hunt relations. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.HuntRelation] """ super().__init__(**kwargs) - self.kind: str = "IOT" - self.subscription_id = subscription_id + self.next_link = None + self.value = value -class IoTDataConnector(DataConnector): - """Represents IoT data connector. +class Incident(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Incident. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -11545,18 +11712,52 @@ class IoTDataConnector(DataConnector): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :ivar subscription_id: The subscription id to connect to, and get the data from. - :vartype subscription_id: str + :ivar title: The title of the incident. + :vartype title: str + :ivar description: The description of the incident. + :vartype description: str + :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :ivar status: The status of the incident. Known values are: "New", "Active", and "Closed". + :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus + :ivar classification: The reason the incident was closed. Known values are: "Undetermined", + "TruePositive", "BenignPositive", and "FalsePositive". + :vartype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification + :ivar classification_reason: The classification reason the incident was closed with. Known + values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and + "InaccurateData". + :vartype classification_reason: str or + ~azure.mgmt.securityinsight.models.IncidentClassificationReason + :ivar classification_comment: Describes the reason the incident was closed. + :vartype classification_comment: str + :ivar owner: Describes a user that the incident is assigned to. + :vartype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo + :ivar labels: List of labels relevant to this incident. + :vartype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + :ivar first_activity_time_utc: The time of the first activity in the incident. + :vartype first_activity_time_utc: ~datetime.datetime + :ivar last_activity_time_utc: The time of the last activity in the incident. + :vartype last_activity_time_utc: ~datetime.datetime + :ivar last_modified_time_utc: The last time the incident was updated. + :vartype last_modified_time_utc: ~datetime.datetime + :ivar created_time_utc: The time the incident was created. + :vartype created_time_utc: ~datetime.datetime + :ivar incident_number: A sequential number. + :vartype incident_number: int + :ivar additional_data: Additional data on the incident. + :vartype additional_data: ~azure.mgmt.securityinsight.models.IncidentAdditionalData + :ivar related_analytic_rule_ids: List of resource ids of Analytic rules related to the + incident. + :vartype related_analytic_rule_ids: list[str] + :ivar incident_url: The deep-link url to the incident in Azure portal. + :vartype incident_url: str + :ivar provider_name: The name of the source provider that generated the incident. + :vartype provider_name: str + :ivar provider_incident_id: The incident ID assigned by the incident provider. + :vartype provider_incident_id: str + :ivar team_information: Describes a team for the incident. + :vartype team_information: ~azure.mgmt.securityinsight.models.TeamInformation """ _validation = { @@ -11564,7 +11765,14 @@ class IoTDataConnector(DataConnector): "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, - "kind": {"required": True}, + "last_modified_time_utc": {"readonly": True}, + "created_time_utc": {"readonly": True}, + "incident_number": {"readonly": True}, + "additional_data": {"readonly": True}, + "related_analytic_rule_ids": {"readonly": True}, + "incident_url": {"readonly": True}, + "provider_name": {"readonly": True}, + "provider_incident_id": {"readonly": True}, } _attribute_map = { @@ -11573,71 +11781,213 @@ class IoTDataConnector(DataConnector): "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, - "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, + "title": {"key": "properties.title", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "severity": {"key": "properties.severity", "type": "str"}, + "status": {"key": "properties.status", "type": "str"}, + "classification": {"key": "properties.classification", "type": "str"}, + "classification_reason": {"key": "properties.classificationReason", "type": "str"}, + "classification_comment": {"key": "properties.classificationComment", "type": "str"}, + "owner": {"key": "properties.owner", "type": "IncidentOwnerInfo"}, + "labels": {"key": "properties.labels", "type": "[IncidentLabel]"}, + "first_activity_time_utc": {"key": "properties.firstActivityTimeUtc", "type": "iso-8601"}, + "last_activity_time_utc": {"key": "properties.lastActivityTimeUtc", "type": "iso-8601"}, + "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, + "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, + "incident_number": {"key": "properties.incidentNumber", "type": "int"}, + "additional_data": {"key": "properties.additionalData", "type": "IncidentAdditionalData"}, + "related_analytic_rule_ids": {"key": "properties.relatedAnalyticRuleIds", "type": "[str]"}, + "incident_url": {"key": "properties.incidentUrl", "type": "str"}, + "provider_name": {"key": "properties.providerName", "type": "str"}, + "provider_incident_id": {"key": "properties.providerIncidentId", "type": "str"}, + "team_information": {"key": "properties.teamInformation", "type": "TeamInformation"}, } - def __init__( + def __init__( # pylint: disable=too-many-locals self, *, etag: Optional[str] = None, - data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - subscription_id: Optional[str] = None, - **kwargs - ): + title: Optional[str] = None, + description: Optional[str] = None, + severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, + status: Optional[Union[str, "_models.IncidentStatus"]] = None, + classification: Optional[Union[str, "_models.IncidentClassification"]] = None, + classification_reason: Optional[Union[str, "_models.IncidentClassificationReason"]] = None, + classification_comment: Optional[str] = None, + owner: Optional["_models.IncidentOwnerInfo"] = None, + labels: Optional[List["_models.IncidentLabel"]] = None, + first_activity_time_utc: Optional[datetime.datetime] = None, + last_activity_time_utc: Optional[datetime.datetime] = None, + team_information: Optional["_models.TeamInformation"] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :keyword subscription_id: The subscription id to connect to, and get the data from. - :paramtype subscription_id: str - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "IOT" - self.data_types = data_types - self.subscription_id = subscription_id - - -class IoTDataConnectorProperties(DataConnectorWithAlertsProperties): - """IoT data connector properties. - - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :ivar subscription_id: The subscription id to connect to, and get the data from. - :vartype subscription_id: str - """ - - _attribute_map = { - "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, - "subscription_id": {"key": "subscriptionId", "type": "str"}, - } - - def __init__( - self, - *, - data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - subscription_id: Optional[str] = None, - **kwargs - ): - """ - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :keyword subscription_id: The subscription id to connect to, and get the data from. - :paramtype subscription_id: str + :keyword title: The title of the incident. + :paramtype title: str + :keyword description: The description of the incident. + :paramtype description: str + :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :keyword status: The status of the incident. Known values are: "New", "Active", and "Closed". + :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus + :keyword classification: The reason the incident was closed. Known values are: "Undetermined", + "TruePositive", "BenignPositive", and "FalsePositive". + :paramtype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification + :keyword classification_reason: The classification reason the incident was closed with. Known + values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and + "InaccurateData". + :paramtype classification_reason: str or + ~azure.mgmt.securityinsight.models.IncidentClassificationReason + :keyword classification_comment: Describes the reason the incident was closed. + :paramtype classification_comment: str + :keyword owner: Describes a user that the incident is assigned to. + :paramtype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo + :keyword labels: List of labels relevant to this incident. + :paramtype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + :keyword first_activity_time_utc: The time of the first activity in the incident. + :paramtype first_activity_time_utc: ~datetime.datetime + :keyword last_activity_time_utc: The time of the last activity in the incident. + :paramtype last_activity_time_utc: ~datetime.datetime + :keyword team_information: Describes a team for the incident. + :paramtype team_information: ~azure.mgmt.securityinsight.models.TeamInformation """ - super().__init__(data_types=data_types, **kwargs) - self.subscription_id = subscription_id + super().__init__(etag=etag, **kwargs) + self.title = title + self.description = description + self.severity = severity + self.status = status + self.classification = classification + self.classification_reason = classification_reason + self.classification_comment = classification_comment + self.owner = owner + self.labels = labels + self.first_activity_time_utc = first_activity_time_utc + self.last_activity_time_utc = last_activity_time_utc + self.last_modified_time_utc = None + self.created_time_utc = None + self.incident_number = None + self.additional_data = None + self.related_analytic_rule_ids = None + self.incident_url = None + self.provider_name = None + self.provider_incident_id = None + self.team_information = team_information -class IoTDeviceEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents an IoT device entity. +class IncidentAdditionalData(_serialization.Model): + """Incident additional data property bag. Variables are only populated by the server, and will be ignored when sending a request. + :ivar alerts_count: The number of alerts in the incident. + :vartype alerts_count: int + :ivar bookmarks_count: The number of bookmarks in the incident. + :vartype bookmarks_count: int + :ivar comments_count: The number of comments in the incident. + :vartype comments_count: int + :ivar alert_product_names: List of product names of alerts in the incident. + :vartype alert_product_names: list[str] + :ivar tactics: The tactics associated with incident. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques associated with incident's tactics. + :vartype techniques: list[str] + :ivar provider_incident_url: The provider incident url to the incident in Microsoft 365 + Defender portal. + :vartype provider_incident_url: str + """ + + _validation = { + "alerts_count": {"readonly": True}, + "bookmarks_count": {"readonly": True}, + "comments_count": {"readonly": True}, + "alert_product_names": {"readonly": True}, + "tactics": {"readonly": True}, + "techniques": {"readonly": True}, + "provider_incident_url": {"readonly": True}, + } + + _attribute_map = { + "alerts_count": {"key": "alertsCount", "type": "int"}, + "bookmarks_count": {"key": "bookmarksCount", "type": "int"}, + "comments_count": {"key": "commentsCount", "type": "int"}, + "alert_product_names": {"key": "alertProductNames", "type": "[str]"}, + "tactics": {"key": "tactics", "type": "[str]"}, + "techniques": {"key": "techniques", "type": "[str]"}, + "provider_incident_url": {"key": "providerIncidentUrl", "type": "str"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.alerts_count = None + self.bookmarks_count = None + self.comments_count = None + self.alert_product_names = None + self.tactics = None + self.techniques = None + self.provider_incident_url = None + + +class IncidentAlertList(_serialization.Model): + """List of incident alerts. + + All required parameters must be populated in order to send to Azure. + + :ivar value: Array of incident alerts. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.SecurityAlert] + """ + + _validation = { + "value": {"required": True}, + } + + _attribute_map = { + "value": {"key": "value", "type": "[SecurityAlert]"}, + } + + def __init__(self, *, value: List["_models.SecurityAlert"], **kwargs: Any) -> None: + """ + :keyword value: Array of incident alerts. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.SecurityAlert] + """ + super().__init__(**kwargs) + self.value = value + + +class IncidentBookmarkList(_serialization.Model): + """List of incident bookmarks. + All required parameters must be populated in order to send to Azure. + :ivar value: Array of incident bookmarks. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.HuntingBookmark] + """ + + _validation = { + "value": {"required": True}, + } + + _attribute_map = { + "value": {"key": "value", "type": "[HuntingBookmark]"}, + } + + def __init__(self, *, value: List["_models.HuntingBookmark"], **kwargs: Any) -> None: + """ + :keyword value: Array of incident bookmarks. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.HuntingBookmark] + """ + super().__init__(**kwargs) + self.value = value + + +class IncidentComment(ResourceWithEtag): + """Represents an incident comment. + + Variables are only populated by the server, and will be ignored when sending a request. + :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -11649,74 +11999,16 @@ class IoTDeviceEntity(Entity): # pylint: disable=too-many-instance-attributes :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar device_id: The ID of the IoT Device in the IoT Hub. - :vartype device_id: str - :ivar device_name: The friendly name of the device. - :vartype device_name: str - :ivar source: The source of the device. - :vartype source: str - :ivar iot_security_agent_id: The ID of the security agent running on the device. - :vartype iot_security_agent_id: str - :ivar device_type: The type of the device. - :vartype device_type: str - :ivar vendor: The vendor of the device. - :vartype vendor: str - :ivar edge_id: The ID of the edge device. - :vartype edge_id: str - :ivar mac_address: The MAC address of the device. - :vartype mac_address: str - :ivar model: The model of the device. - :vartype model: str - :ivar serial_number: The serial number of the device. - :vartype serial_number: str - :ivar firmware_version: The firmware version of the device. - :vartype firmware_version: str - :ivar operating_system: The operating system of the device. - :vartype operating_system: str - :ivar iot_hub_entity_id: The AzureResource entity id of the IoT Hub. - :vartype iot_hub_entity_id: str - :ivar host_entity_id: The Host entity id of this device. - :vartype host_entity_id: str - :ivar ip_address_entity_id: The IP entity if of this device. - :vartype ip_address_entity_id: str - :ivar threat_intelligence: A list of TI contexts attached to the IoTDevice entity. - :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] - :ivar protocols: A list of protocols of the IoTDevice entity. - :vartype protocols: list[str] - :ivar owners: A list of owners of the IoTDevice entity. - :vartype owners: list[str] - :ivar nic_entity_ids: A list of Nic entity ids of the IoTDevice entity. - :vartype nic_entity_ids: list[str] - :ivar site: The site of the device. - :vartype site: str - :ivar zone: The zone location of the device within a site. - :vartype zone: str - :ivar sensor: The sensor the device is monitored by. - :vartype sensor: str - :ivar device_sub_type: The subType of the device ('PLC', 'HMI', 'EWS', etc.). - :vartype device_sub_type: str - :ivar importance: Device importance, determines if the device classified as 'crown jewel'. - Known values are: "Unknown", "Low", "Normal", and "High". - :vartype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance - :ivar purdue_layer: The Purdue Layer of the device. - :vartype purdue_layer: str - :ivar is_authorized: Determines whether the device classified as authorized device. - :vartype is_authorized: bool - :ivar is_programming: Determines whether the device classified as programming device. - :vartype is_programming: bool - :ivar is_scanner: Is the device classified as a scanner device. - :vartype is_scanner: bool + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar message: The comment message. + :vartype message: str + :ivar created_time_utc: The time the comment was created. + :vartype created_time_utc: ~datetime.datetime + :ivar last_modified_time_utc: The time the comment was updated. + :vartype last_modified_time_utc: ~datetime.datetime + :ivar author: Describes the client that created the comment. + :vartype author: ~azure.mgmt.securityinsight.models.ClientInfo """ _validation = { @@ -11724,36 +12016,9 @@ class IoTDeviceEntity(Entity): # pylint: disable=too-many-instance-attributes "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "device_id": {"readonly": True}, - "device_name": {"readonly": True}, - "source": {"readonly": True}, - "iot_security_agent_id": {"readonly": True}, - "device_type": {"readonly": True}, - "vendor": {"readonly": True}, - "edge_id": {"readonly": True}, - "mac_address": {"readonly": True}, - "model": {"readonly": True}, - "serial_number": {"readonly": True}, - "firmware_version": {"readonly": True}, - "operating_system": {"readonly": True}, - "iot_hub_entity_id": {"readonly": True}, - "host_entity_id": {"readonly": True}, - "ip_address_entity_id": {"readonly": True}, - "threat_intelligence": {"readonly": True}, - "protocols": {"readonly": True}, - "owners": {"readonly": True}, - "nic_entity_ids": {"readonly": True}, - "site": {"readonly": True}, - "zone": {"readonly": True}, - "sensor": {"readonly": True}, - "device_sub_type": {"readonly": True}, - "purdue_layer": {"readonly": True}, - "is_authorized": {"readonly": True}, - "is_programming": {"readonly": True}, - "is_scanner": {"readonly": True}, + "created_time_utc": {"readonly": True}, + "last_modified_time_utc": {"readonly": True}, + "author": {"readonly": True}, } _attribute_map = { @@ -11761,742 +12026,424 @@ class IoTDeviceEntity(Entity): # pylint: disable=too-many-instance-attributes "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "device_id": {"key": "properties.deviceId", "type": "str"}, - "device_name": {"key": "properties.deviceName", "type": "str"}, - "source": {"key": "properties.source", "type": "str"}, - "iot_security_agent_id": {"key": "properties.iotSecurityAgentId", "type": "str"}, - "device_type": {"key": "properties.deviceType", "type": "str"}, - "vendor": {"key": "properties.vendor", "type": "str"}, - "edge_id": {"key": "properties.edgeId", "type": "str"}, - "mac_address": {"key": "properties.macAddress", "type": "str"}, - "model": {"key": "properties.model", "type": "str"}, - "serial_number": {"key": "properties.serialNumber", "type": "str"}, - "firmware_version": {"key": "properties.firmwareVersion", "type": "str"}, - "operating_system": {"key": "properties.operatingSystem", "type": "str"}, - "iot_hub_entity_id": {"key": "properties.iotHubEntityId", "type": "str"}, - "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, - "ip_address_entity_id": {"key": "properties.ipAddressEntityId", "type": "str"}, - "threat_intelligence": {"key": "properties.threatIntelligence", "type": "[ThreatIntelligence]"}, - "protocols": {"key": "properties.protocols", "type": "[str]"}, - "owners": {"key": "properties.owners", "type": "[str]"}, - "nic_entity_ids": {"key": "properties.nicEntityIds", "type": "[str]"}, - "site": {"key": "properties.site", "type": "str"}, - "zone": {"key": "properties.zone", "type": "str"}, - "sensor": {"key": "properties.sensor", "type": "str"}, - "device_sub_type": {"key": "properties.deviceSubType", "type": "str"}, - "importance": {"key": "properties.importance", "type": "str"}, - "purdue_layer": {"key": "properties.purdueLayer", "type": "str"}, - "is_authorized": {"key": "properties.isAuthorized", "type": "bool"}, - "is_programming": {"key": "properties.isProgramming", "type": "bool"}, - "is_scanner": {"key": "properties.isScanner", "type": "bool"}, + "etag": {"key": "etag", "type": "str"}, + "message": {"key": "properties.message", "type": "str"}, + "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, + "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, + "author": {"key": "properties.author", "type": "ClientInfo"}, } - def __init__( # pylint: disable=too-many-locals - self, *, importance: Optional[Union[str, "_models.DeviceImportance"]] = None, **kwargs - ): + def __init__(self, *, etag: Optional[str] = None, message: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword importance: Device importance, determines if the device classified as 'crown jewel'. - Known values are: "Unknown", "Low", "Normal", and "High". - :paramtype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword message: The comment message. + :paramtype message: str """ - super().__init__(**kwargs) - self.kind: str = "IoTDevice" - self.additional_data = None - self.friendly_name = None - self.device_id = None - self.device_name = None - self.source = None - self.iot_security_agent_id = None - self.device_type = None - self.vendor = None - self.edge_id = None - self.mac_address = None - self.model = None - self.serial_number = None - self.firmware_version = None - self.operating_system = None - self.iot_hub_entity_id = None - self.host_entity_id = None - self.ip_address_entity_id = None - self.threat_intelligence = None - self.protocols = None - self.owners = None - self.nic_entity_ids = None - self.site = None - self.zone = None - self.sensor = None - self.device_sub_type = None - self.importance = importance - self.purdue_layer = None - self.is_authorized = None - self.is_programming = None - self.is_scanner = None + super().__init__(etag=etag, **kwargs) + self.message = message + self.created_time_utc = None + self.last_modified_time_utc = None + self.author = None -class IoTDeviceEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """IoTDevice entity property bag. +class IncidentCommentList(_serialization.Model): + """IncidentCommentList. Variables are only populated by the server, and will be ignored when sending a request. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar device_id: The ID of the IoT Device in the IoT Hub. - :vartype device_id: str - :ivar device_name: The friendly name of the device. - :vartype device_name: str - :ivar source: The source of the device. - :vartype source: str - :ivar iot_security_agent_id: The ID of the security agent running on the device. - :vartype iot_security_agent_id: str - :ivar device_type: The type of the device. - :vartype device_type: str - :ivar vendor: The vendor of the device. - :vartype vendor: str - :ivar edge_id: The ID of the edge device. - :vartype edge_id: str - :ivar mac_address: The MAC address of the device. - :vartype mac_address: str - :ivar model: The model of the device. - :vartype model: str - :ivar serial_number: The serial number of the device. - :vartype serial_number: str - :ivar firmware_version: The firmware version of the device. - :vartype firmware_version: str - :ivar operating_system: The operating system of the device. - :vartype operating_system: str - :ivar iot_hub_entity_id: The AzureResource entity id of the IoT Hub. - :vartype iot_hub_entity_id: str - :ivar host_entity_id: The Host entity id of this device. - :vartype host_entity_id: str - :ivar ip_address_entity_id: The IP entity if of this device. - :vartype ip_address_entity_id: str - :ivar threat_intelligence: A list of TI contexts attached to the IoTDevice entity. - :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] - :ivar protocols: A list of protocols of the IoTDevice entity. - :vartype protocols: list[str] - :ivar owners: A list of owners of the IoTDevice entity. - :vartype owners: list[str] - :ivar nic_entity_ids: A list of Nic entity ids of the IoTDevice entity. - :vartype nic_entity_ids: list[str] - :ivar site: The site of the device. - :vartype site: str - :ivar zone: The zone location of the device within a site. - :vartype zone: str - :ivar sensor: The sensor the device is monitored by. - :vartype sensor: str - :ivar device_sub_type: The subType of the device ('PLC', 'HMI', 'EWS', etc.). - :vartype device_sub_type: str - :ivar importance: Device importance, determines if the device classified as 'crown jewel'. - Known values are: "Unknown", "Low", "Normal", and "High". - :vartype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance - :ivar purdue_layer: The Purdue Layer of the device. - :vartype purdue_layer: str - :ivar is_authorized: Determines whether the device classified as authorized device. - :vartype is_authorized: bool - :ivar is_programming: Determines whether the device classified as programming device. - :vartype is_programming: bool - :ivar is_scanner: Is the device classified as a scanner device. - :vartype is_scanner: bool + All required parameters must be populated in order to send to Azure. + + :ivar value: Required. + :vartype value: list[~azure.mgmt.securityinsight.models.IncidentComment] + :ivar next_link: + :vartype next_link: str """ _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "device_id": {"readonly": True}, - "device_name": {"readonly": True}, - "source": {"readonly": True}, - "iot_security_agent_id": {"readonly": True}, - "device_type": {"readonly": True}, - "vendor": {"readonly": True}, - "edge_id": {"readonly": True}, - "mac_address": {"readonly": True}, - "model": {"readonly": True}, - "serial_number": {"readonly": True}, - "firmware_version": {"readonly": True}, - "operating_system": {"readonly": True}, - "iot_hub_entity_id": {"readonly": True}, - "host_entity_id": {"readonly": True}, - "ip_address_entity_id": {"readonly": True}, - "threat_intelligence": {"readonly": True}, - "protocols": {"readonly": True}, - "owners": {"readonly": True}, - "nic_entity_ids": {"readonly": True}, - "site": {"readonly": True}, - "zone": {"readonly": True}, - "sensor": {"readonly": True}, - "device_sub_type": {"readonly": True}, - "purdue_layer": {"readonly": True}, - "is_authorized": {"readonly": True}, - "is_programming": {"readonly": True}, - "is_scanner": {"readonly": True}, + "value": {"required": True}, + "next_link": {"readonly": True}, } _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "device_id": {"key": "deviceId", "type": "str"}, - "device_name": {"key": "deviceName", "type": "str"}, - "source": {"key": "source", "type": "str"}, - "iot_security_agent_id": {"key": "iotSecurityAgentId", "type": "str"}, - "device_type": {"key": "deviceType", "type": "str"}, - "vendor": {"key": "vendor", "type": "str"}, - "edge_id": {"key": "edgeId", "type": "str"}, - "mac_address": {"key": "macAddress", "type": "str"}, - "model": {"key": "model", "type": "str"}, - "serial_number": {"key": "serialNumber", "type": "str"}, - "firmware_version": {"key": "firmwareVersion", "type": "str"}, - "operating_system": {"key": "operatingSystem", "type": "str"}, - "iot_hub_entity_id": {"key": "iotHubEntityId", "type": "str"}, - "host_entity_id": {"key": "hostEntityId", "type": "str"}, - "ip_address_entity_id": {"key": "ipAddressEntityId", "type": "str"}, - "threat_intelligence": {"key": "threatIntelligence", "type": "[ThreatIntelligence]"}, - "protocols": {"key": "protocols", "type": "[str]"}, - "owners": {"key": "owners", "type": "[str]"}, - "nic_entity_ids": {"key": "nicEntityIds", "type": "[str]"}, - "site": {"key": "site", "type": "str"}, - "zone": {"key": "zone", "type": "str"}, - "sensor": {"key": "sensor", "type": "str"}, - "device_sub_type": {"key": "deviceSubType", "type": "str"}, - "importance": {"key": "importance", "type": "str"}, - "purdue_layer": {"key": "purdueLayer", "type": "str"}, - "is_authorized": {"key": "isAuthorized", "type": "bool"}, - "is_programming": {"key": "isProgramming", "type": "bool"}, - "is_scanner": {"key": "isScanner", "type": "bool"}, + "value": {"key": "value", "type": "[IncidentComment]"}, + "next_link": {"key": "nextLink", "type": "str"}, } - def __init__( # pylint: disable=too-many-locals - self, *, importance: Optional[Union[str, "_models.DeviceImportance"]] = None, **kwargs - ): + def __init__(self, *, value: List["_models.IncidentComment"], **kwargs: Any) -> None: """ - :keyword importance: Device importance, determines if the device classified as 'crown jewel'. - Known values are: "Unknown", "Low", "Normal", and "High". - :paramtype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance + :keyword value: Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.IncidentComment] """ super().__init__(**kwargs) - self.device_id = None - self.device_name = None - self.source = None - self.iot_security_agent_id = None - self.device_type = None - self.vendor = None - self.edge_id = None - self.mac_address = None - self.model = None - self.serial_number = None - self.firmware_version = None - self.operating_system = None - self.iot_hub_entity_id = None - self.host_entity_id = None - self.ip_address_entity_id = None - self.threat_intelligence = None - self.protocols = None - self.owners = None - self.nic_entity_ids = None - self.site = None - self.zone = None - self.sensor = None - self.device_sub_type = None - self.importance = importance - self.purdue_layer = None - self.is_authorized = None - self.is_programming = None - self.is_scanner = None - + self.value = value + self.next_link = None -class IpEntity(Entity): - """Represents an ip entity. - Variables are only populated by the server, and will be ignored when sending a request. +class IncidentConfiguration(_serialization.Model): + """Incident Configuration property bag. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar address: The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6). - :vartype address: str - :ivar location: The geo-location context attached to the ip entity. - :vartype location: ~azure.mgmt.securityinsight.models.GeoLocation - :ivar threat_intelligence: A list of TI contexts attached to the ip entity. - :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + :ivar create_incident: Create incidents from alerts triggered by this analytics rule. Required. + :vartype create_incident: bool + :ivar grouping_configuration: Set how the alerts that are triggered by this analytics rule, are + grouped into incidents. + :vartype grouping_configuration: ~azure.mgmt.securityinsight.models.GroupingConfiguration """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "address": {"readonly": True}, - "location": {"readonly": True}, - "threat_intelligence": {"readonly": True}, + "create_incident": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "address": {"key": "properties.address", "type": "str"}, - "location": {"key": "properties.location", "type": "GeoLocation"}, - "threat_intelligence": {"key": "properties.threatIntelligence", "type": "[ThreatIntelligence]"}, + "create_incident": {"key": "createIncident", "type": "bool"}, + "grouping_configuration": {"key": "groupingConfiguration", "type": "GroupingConfiguration"}, } - def __init__(self, **kwargs): - """ """ + def __init__( + self, + *, + create_incident: bool, + grouping_configuration: Optional["_models.GroupingConfiguration"] = None, + **kwargs: Any + ) -> None: + """ + :keyword create_incident: Create incidents from alerts triggered by this analytics rule. + Required. + :paramtype create_incident: bool + :keyword grouping_configuration: Set how the alerts that are triggered by this analytics rule, + are grouped into incidents. + :paramtype grouping_configuration: ~azure.mgmt.securityinsight.models.GroupingConfiguration + """ super().__init__(**kwargs) - self.kind: str = "Ip" - self.additional_data = None - self.friendly_name = None - self.address = None - self.location = None - self.threat_intelligence = None - + self.create_incident = create_incident + self.grouping_configuration = grouping_configuration -class IpEntityProperties(EntityCommonProperties): - """Ip entity property bag. - Variables are only populated by the server, and will be ignored when sending a request. +class IncidentEntitiesResponse(_serialization.Model): + """The incident related entities response. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar address: The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6). - :vartype address: str - :ivar location: The geo-location context attached to the ip entity. - :vartype location: ~azure.mgmt.securityinsight.models.GeoLocation - :ivar threat_intelligence: A list of TI contexts attached to the ip entity. - :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + :ivar entities: Array of the incident related entities. + :vartype entities: list[~azure.mgmt.securityinsight.models.Entity] + :ivar meta_data: The metadata from the incident related entities results. + :vartype meta_data: list[~azure.mgmt.securityinsight.models.IncidentEntitiesResultsMetadata] """ - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "address": {"readonly": True}, - "location": {"readonly": True}, - "threat_intelligence": {"readonly": True}, - } - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "address": {"key": "address", "type": "str"}, - "location": {"key": "location", "type": "GeoLocation"}, - "threat_intelligence": {"key": "threatIntelligence", "type": "[ThreatIntelligence]"}, + "entities": {"key": "entities", "type": "[Entity]"}, + "meta_data": {"key": "metaData", "type": "[IncidentEntitiesResultsMetadata]"}, } - def __init__(self, **kwargs): - """ """ + def __init__( + self, + *, + entities: Optional[List["_models.Entity"]] = None, + meta_data: Optional[List["_models.IncidentEntitiesResultsMetadata"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword entities: Array of the incident related entities. + :paramtype entities: list[~azure.mgmt.securityinsight.models.Entity] + :keyword meta_data: The metadata from the incident related entities results. + :paramtype meta_data: list[~azure.mgmt.securityinsight.models.IncidentEntitiesResultsMetadata] + """ super().__init__(**kwargs) - self.address = None - self.location = None - self.threat_intelligence = None - + self.entities = entities + self.meta_data = meta_data -class MailboxEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a mailbox entity. - Variables are only populated by the server, and will be ignored when sending a request. +class IncidentEntitiesResultsMetadata(_serialization.Model): + """Information of a specific aggregation in the incident related entities result. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar mailbox_primary_address: The mailbox's primary address. - :vartype mailbox_primary_address: str - :ivar display_name: The mailbox's display name. - :vartype display_name: str - :ivar upn: The mailbox's UPN. - :vartype upn: str - :ivar external_directory_object_id: The AzureAD identifier of mailbox. Similar to AadUserId in - account entity but this property is specific to mailbox object on office side. - :vartype external_directory_object_id: str + :ivar entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", + "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", + "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and + "Nic". + :vartype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar count: Total number of aggregations of the given kind in the incident related entities + result. Required. + :vartype count: int """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "mailbox_primary_address": {"readonly": True}, - "display_name": {"readonly": True}, - "upn": {"readonly": True}, - "external_directory_object_id": {"readonly": True}, + "entity_kind": {"required": True}, + "count": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "mailbox_primary_address": {"key": "properties.mailboxPrimaryAddress", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "upn": {"key": "properties.upn", "type": "str"}, - "external_directory_object_id": {"key": "properties.externalDirectoryObjectId", "type": "str"}, + "entity_kind": {"key": "entityKind", "type": "str"}, + "count": {"key": "count", "type": "int"}, } - def __init__(self, **kwargs): - """ """ + def __init__(self, *, entity_kind: Union[str, "_models.EntityKindEnum"], count: int, **kwargs: Any) -> None: + """ + :keyword entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", + "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", + "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and + "Nic". + :paramtype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :keyword count: Total number of aggregations of the given kind in the incident related entities + result. Required. + :paramtype count: int + """ super().__init__(**kwargs) - self.kind: str = "Mailbox" - self.additional_data = None - self.friendly_name = None - self.mailbox_primary_address = None - self.display_name = None - self.upn = None - self.external_directory_object_id = None + self.entity_kind = entity_kind + self.count = count -class MailboxEntityProperties(EntityCommonProperties): - """Mailbox entity property bag. +class IncidentInfo(_serialization.Model): + """Describes related incident information for the bookmark. - Variables are only populated by the server, and will be ignored when sending a request. + :ivar incident_id: Incident Id. + :vartype incident_id: str + :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :ivar title: The title of the incident. + :vartype title: str + :ivar relation_name: Relation Name. + :vartype relation_name: str + """ - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar mailbox_primary_address: The mailbox's primary address. - :vartype mailbox_primary_address: str - :ivar display_name: The mailbox's display name. - :vartype display_name: str - :ivar upn: The mailbox's UPN. - :vartype upn: str - :ivar external_directory_object_id: The AzureAD identifier of mailbox. Similar to AadUserId in - account entity but this property is specific to mailbox object on office side. - :vartype external_directory_object_id: str + _attribute_map = { + "incident_id": {"key": "incidentId", "type": "str"}, + "severity": {"key": "severity", "type": "str"}, + "title": {"key": "title", "type": "str"}, + "relation_name": {"key": "relationName", "type": "str"}, + } + + def __init__( + self, + *, + incident_id: Optional[str] = None, + severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, + title: Optional[str] = None, + relation_name: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword incident_id: Incident Id. + :paramtype incident_id: str + :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :keyword title: The title of the incident. + :paramtype title: str + :keyword relation_name: Relation Name. + :paramtype relation_name: str + """ + super().__init__(**kwargs) + self.incident_id = incident_id + self.severity = severity + self.title = title + self.relation_name = relation_name + + +class IncidentLabel(_serialization.Model): + """Represents an incident label. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar label_name: The name of the label. Required. + :vartype label_name: str + :ivar label_type: The type of the label. Known values are: "User" and "AutoAssigned". + :vartype label_type: str or ~azure.mgmt.securityinsight.models.IncidentLabelType """ _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "mailbox_primary_address": {"readonly": True}, - "display_name": {"readonly": True}, - "upn": {"readonly": True}, - "external_directory_object_id": {"readonly": True}, + "label_name": {"required": True}, + "label_type": {"readonly": True}, } _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "mailbox_primary_address": {"key": "mailboxPrimaryAddress", "type": "str"}, - "display_name": {"key": "displayName", "type": "str"}, - "upn": {"key": "upn", "type": "str"}, - "external_directory_object_id": {"key": "externalDirectoryObjectId", "type": "str"}, + "label_name": {"key": "labelName", "type": "str"}, + "label_type": {"key": "labelType", "type": "str"}, } - def __init__(self, **kwargs): - """ """ + def __init__(self, *, label_name: str, **kwargs: Any) -> None: + """ + :keyword label_name: The name of the label. Required. + :paramtype label_name: str + """ super().__init__(**kwargs) - self.mailbox_primary_address = None - self.display_name = None - self.upn = None - self.external_directory_object_id = None + self.label_name = label_name + self.label_type = None -class MailClusterEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a mail cluster entity. +class IncidentList(_serialization.Model): + """List all the incidents. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar network_message_ids: The mail message IDs that are part of the mail cluster. - :vartype network_message_ids: list[str] - :ivar count_by_delivery_status: Count of mail messages by DeliveryStatus string representation. - :vartype count_by_delivery_status: JSON - :ivar count_by_threat_type: Count of mail messages by ThreatType string representation. - :vartype count_by_threat_type: JSON - :ivar count_by_protection_status: Count of mail messages by ProtectionStatus string - representation. - :vartype count_by_protection_status: JSON - :ivar threats: The threats of mail messages that are part of the mail cluster. - :vartype threats: list[str] - :ivar query: The query that was used to identify the messages of the mail cluster. - :vartype query: str - :ivar query_time: The query time. - :vartype query_time: ~datetime.datetime - :ivar mail_count: The number of mail messages that are part of the mail cluster. - :vartype mail_count: int - :ivar is_volume_anomaly: Is this a volume anomaly mail cluster. - :vartype is_volume_anomaly: bool - :ivar source: The source of the mail cluster (default is 'O365 ATP'). - :vartype source: str - :ivar cluster_source_identifier: The id of the cluster source. - :vartype cluster_source_identifier: str - :ivar cluster_source_type: The type of the cluster source. - :vartype cluster_source_type: str - :ivar cluster_query_start_time: The cluster query start time. - :vartype cluster_query_start_time: ~datetime.datetime - :ivar cluster_query_end_time: The cluster query end time. - :vartype cluster_query_end_time: ~datetime.datetime - :ivar cluster_group: The cluster group. - :vartype cluster_group: str + :ivar value: Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Incident] + :ivar next_link: URL to fetch the next set of incidents. + :vartype next_link: str """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "network_message_ids": {"readonly": True}, - "count_by_delivery_status": {"readonly": True}, - "count_by_threat_type": {"readonly": True}, - "count_by_protection_status": {"readonly": True}, - "threats": {"readonly": True}, - "query": {"readonly": True}, - "query_time": {"readonly": True}, - "mail_count": {"readonly": True}, - "is_volume_anomaly": {"readonly": True}, - "source": {"readonly": True}, - "cluster_source_identifier": {"readonly": True}, - "cluster_source_type": {"readonly": True}, - "cluster_query_start_time": {"readonly": True}, - "cluster_query_end_time": {"readonly": True}, - "cluster_group": {"readonly": True}, + "value": {"required": True}, + "next_link": {"readonly": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "network_message_ids": {"key": "properties.networkMessageIds", "type": "[str]"}, - "count_by_delivery_status": {"key": "properties.countByDeliveryStatus", "type": "object"}, - "count_by_threat_type": {"key": "properties.countByThreatType", "type": "object"}, - "count_by_protection_status": {"key": "properties.countByProtectionStatus", "type": "object"}, - "threats": {"key": "properties.threats", "type": "[str]"}, - "query": {"key": "properties.query", "type": "str"}, - "query_time": {"key": "properties.queryTime", "type": "iso-8601"}, - "mail_count": {"key": "properties.mailCount", "type": "int"}, - "is_volume_anomaly": {"key": "properties.isVolumeAnomaly", "type": "bool"}, - "source": {"key": "properties.source", "type": "str"}, - "cluster_source_identifier": {"key": "properties.clusterSourceIdentifier", "type": "str"}, - "cluster_source_type": {"key": "properties.clusterSourceType", "type": "str"}, - "cluster_query_start_time": {"key": "properties.clusterQueryStartTime", "type": "iso-8601"}, - "cluster_query_end_time": {"key": "properties.clusterQueryEndTime", "type": "iso-8601"}, - "cluster_group": {"key": "properties.clusterGroup", "type": "str"}, + "value": {"key": "value", "type": "[Incident]"}, + "next_link": {"key": "nextLink", "type": "str"}, } - def __init__(self, **kwargs): - """ """ + def __init__(self, *, value: List["_models.Incident"], **kwargs: Any) -> None: + """ + :keyword value: Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Incident] + """ super().__init__(**kwargs) - self.kind: str = "MailCluster" - self.additional_data = None - self.friendly_name = None - self.network_message_ids = None - self.count_by_delivery_status = None - self.count_by_threat_type = None - self.count_by_protection_status = None - self.threats = None - self.query = None - self.query_time = None - self.mail_count = None - self.is_volume_anomaly = None - self.source = None - self.cluster_source_identifier = None - self.cluster_source_type = None - self.cluster_query_start_time = None - self.cluster_query_end_time = None - self.cluster_group = None + self.value = value + self.next_link = None -class MailClusterEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """Mail cluster entity property bag. +class IncidentOwnerInfo(_serialization.Model): + """Information on the user an incident is assigned to. - Variables are only populated by the server, and will be ignored when sending a request. + :ivar email: The email of the user the incident is assigned to. + :vartype email: str + :ivar assigned_to: The name of the user the incident is assigned to. + :vartype assigned_to: str + :ivar object_id: The object id of the user the incident is assigned to. + :vartype object_id: str + :ivar user_principal_name: The user principal name of the user the incident is assigned to. + :vartype user_principal_name: str + :ivar owner_type: The type of the owner the incident is assigned to. Known values are: + "Unknown", "User", and "Group". + :vartype owner_type: str or ~azure.mgmt.securityinsight.models.OwnerType + """ - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar network_message_ids: The mail message IDs that are part of the mail cluster. - :vartype network_message_ids: list[str] - :ivar count_by_delivery_status: Count of mail messages by DeliveryStatus string representation. - :vartype count_by_delivery_status: JSON - :ivar count_by_threat_type: Count of mail messages by ThreatType string representation. - :vartype count_by_threat_type: JSON - :ivar count_by_protection_status: Count of mail messages by ProtectionStatus string - representation. - :vartype count_by_protection_status: JSON - :ivar threats: The threats of mail messages that are part of the mail cluster. - :vartype threats: list[str] - :ivar query: The query that was used to identify the messages of the mail cluster. - :vartype query: str - :ivar query_time: The query time. - :vartype query_time: ~datetime.datetime - :ivar mail_count: The number of mail messages that are part of the mail cluster. - :vartype mail_count: int - :ivar is_volume_anomaly: Is this a volume anomaly mail cluster. - :vartype is_volume_anomaly: bool - :ivar source: The source of the mail cluster (default is 'O365 ATP'). - :vartype source: str - :ivar cluster_source_identifier: The id of the cluster source. - :vartype cluster_source_identifier: str - :ivar cluster_source_type: The type of the cluster source. - :vartype cluster_source_type: str - :ivar cluster_query_start_time: The cluster query start time. - :vartype cluster_query_start_time: ~datetime.datetime - :ivar cluster_query_end_time: The cluster query end time. - :vartype cluster_query_end_time: ~datetime.datetime - :ivar cluster_group: The cluster group. - :vartype cluster_group: str - """ - - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "network_message_ids": {"readonly": True}, - "count_by_delivery_status": {"readonly": True}, - "count_by_threat_type": {"readonly": True}, - "count_by_protection_status": {"readonly": True}, - "threats": {"readonly": True}, - "query": {"readonly": True}, - "query_time": {"readonly": True}, - "mail_count": {"readonly": True}, - "is_volume_anomaly": {"readonly": True}, - "source": {"readonly": True}, - "cluster_source_identifier": {"readonly": True}, - "cluster_source_type": {"readonly": True}, - "cluster_query_start_time": {"readonly": True}, - "cluster_query_end_time": {"readonly": True}, - "cluster_group": {"readonly": True}, + _attribute_map = { + "email": {"key": "email", "type": "str"}, + "assigned_to": {"key": "assignedTo", "type": "str"}, + "object_id": {"key": "objectId", "type": "str"}, + "user_principal_name": {"key": "userPrincipalName", "type": "str"}, + "owner_type": {"key": "ownerType", "type": "str"}, } + def __init__( + self, + *, + email: Optional[str] = None, + assigned_to: Optional[str] = None, + object_id: Optional[str] = None, + user_principal_name: Optional[str] = None, + owner_type: Optional[Union[str, "_models.OwnerType"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword email: The email of the user the incident is assigned to. + :paramtype email: str + :keyword assigned_to: The name of the user the incident is assigned to. + :paramtype assigned_to: str + :keyword object_id: The object id of the user the incident is assigned to. + :paramtype object_id: str + :keyword user_principal_name: The user principal name of the user the incident is assigned to. + :paramtype user_principal_name: str + :keyword owner_type: The type of the owner the incident is assigned to. Known values are: + "Unknown", "User", and "Group". + :paramtype owner_type: str or ~azure.mgmt.securityinsight.models.OwnerType + """ + super().__init__(**kwargs) + self.email = email + self.assigned_to = assigned_to + self.object_id = object_id + self.user_principal_name = user_principal_name + self.owner_type = owner_type + + +class IncidentPropertiesAction(_serialization.Model): + """IncidentPropertiesAction. + + :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :ivar status: The status of the incident. Known values are: "New", "Active", and "Closed". + :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus + :ivar classification: The reason the incident was closed. Known values are: "Undetermined", + "TruePositive", "BenignPositive", and "FalsePositive". + :vartype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification + :ivar classification_reason: The classification reason the incident was closed with. Known + values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and + "InaccurateData". + :vartype classification_reason: str or + ~azure.mgmt.securityinsight.models.IncidentClassificationReason + :ivar classification_comment: Describes the reason the incident was closed. + :vartype classification_comment: str + :ivar owner: Information on the user an incident is assigned to. + :vartype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo + :ivar labels: List of labels to add to the incident. + :vartype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + """ + _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "network_message_ids": {"key": "networkMessageIds", "type": "[str]"}, - "count_by_delivery_status": {"key": "countByDeliveryStatus", "type": "object"}, - "count_by_threat_type": {"key": "countByThreatType", "type": "object"}, - "count_by_protection_status": {"key": "countByProtectionStatus", "type": "object"}, - "threats": {"key": "threats", "type": "[str]"}, - "query": {"key": "query", "type": "str"}, - "query_time": {"key": "queryTime", "type": "iso-8601"}, - "mail_count": {"key": "mailCount", "type": "int"}, - "is_volume_anomaly": {"key": "isVolumeAnomaly", "type": "bool"}, - "source": {"key": "source", "type": "str"}, - "cluster_source_identifier": {"key": "clusterSourceIdentifier", "type": "str"}, - "cluster_source_type": {"key": "clusterSourceType", "type": "str"}, - "cluster_query_start_time": {"key": "clusterQueryStartTime", "type": "iso-8601"}, - "cluster_query_end_time": {"key": "clusterQueryEndTime", "type": "iso-8601"}, - "cluster_group": {"key": "clusterGroup", "type": "str"}, + "severity": {"key": "severity", "type": "str"}, + "status": {"key": "status", "type": "str"}, + "classification": {"key": "classification", "type": "str"}, + "classification_reason": {"key": "classificationReason", "type": "str"}, + "classification_comment": {"key": "classificationComment", "type": "str"}, + "owner": {"key": "owner", "type": "IncidentOwnerInfo"}, + "labels": {"key": "labels", "type": "[IncidentLabel]"}, } - def __init__(self, **kwargs): - """ """ + def __init__( + self, + *, + severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, + status: Optional[Union[str, "_models.IncidentStatus"]] = None, + classification: Optional[Union[str, "_models.IncidentClassification"]] = None, + classification_reason: Optional[Union[str, "_models.IncidentClassificationReason"]] = None, + classification_comment: Optional[str] = None, + owner: Optional["_models.IncidentOwnerInfo"] = None, + labels: Optional[List["_models.IncidentLabel"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :keyword status: The status of the incident. Known values are: "New", "Active", and "Closed". + :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus + :keyword classification: The reason the incident was closed. Known values are: "Undetermined", + "TruePositive", "BenignPositive", and "FalsePositive". + :paramtype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification + :keyword classification_reason: The classification reason the incident was closed with. Known + values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and + "InaccurateData". + :paramtype classification_reason: str or + ~azure.mgmt.securityinsight.models.IncidentClassificationReason + :keyword classification_comment: Describes the reason the incident was closed. + :paramtype classification_comment: str + :keyword owner: Information on the user an incident is assigned to. + :paramtype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo + :keyword labels: List of labels to add to the incident. + :paramtype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + """ super().__init__(**kwargs) - self.network_message_ids = None - self.count_by_delivery_status = None - self.count_by_threat_type = None - self.count_by_protection_status = None - self.threats = None - self.query = None - self.query_time = None - self.mail_count = None - self.is_volume_anomaly = None - self.source = None - self.cluster_source_identifier = None - self.cluster_source_type = None - self.cluster_query_start_time = None - self.cluster_query_end_time = None - self.cluster_group = None + self.severity = severity + self.status = status + self.classification = classification + self.classification_reason = classification_reason + self.classification_comment = classification_comment + self.owner = owner + self.labels = labels -class MailMessageEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a mail message entity. +class IncidentTask(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """IncidentTask. Variables are only populated by the server, and will be ignored when sending a request. @@ -12513,100 +12460,33 @@ class MailMessageEntity(Entity): # pylint: disable=too-many-instance-attributes :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar file_entity_ids: The File entity ids of this mail message's attachments. - :vartype file_entity_ids: list[str] - :ivar recipient: The recipient of this mail message. Note that in case of multiple recipients - the mail message is forked and each copy has one recipient. - :vartype recipient: str - :ivar urls: The Urls contained in this mail message. - :vartype urls: list[str] - :ivar threats: The threats of this mail message. - :vartype threats: list[str] - :ivar p1_sender: The p1 sender's email address. - :vartype p1_sender: str - :ivar p1_sender_display_name: The p1 sender's display name. - :vartype p1_sender_display_name: str - :ivar p1_sender_domain: The p1 sender's domain. - :vartype p1_sender_domain: str - :ivar sender_ip: The sender's IP address. - :vartype sender_ip: str - :ivar p2_sender: The p2 sender's email address. - :vartype p2_sender: str - :ivar p2_sender_display_name: The p2 sender's display name. - :vartype p2_sender_display_name: str - :ivar p2_sender_domain: The p2 sender's domain. - :vartype p2_sender_domain: str - :ivar receive_date: The receive date of this message. - :vartype receive_date: ~datetime.datetime - :ivar network_message_id: The network message id of this mail message. - :vartype network_message_id: str - :ivar internet_message_id: The internet message id of this mail message. - :vartype internet_message_id: str - :ivar subject: The subject of this mail message. - :vartype subject: str - :ivar language: The language of this mail message. - :vartype language: str - :ivar threat_detection_methods: The threat detection methods. - :vartype threat_detection_methods: list[str] - :ivar body_fingerprint_bin1: The bodyFingerprintBin1. - :vartype body_fingerprint_bin1: int - :ivar body_fingerprint_bin2: The bodyFingerprintBin2. - :vartype body_fingerprint_bin2: int - :ivar body_fingerprint_bin3: The bodyFingerprintBin3. - :vartype body_fingerprint_bin3: int - :ivar body_fingerprint_bin4: The bodyFingerprintBin4. - :vartype body_fingerprint_bin4: int - :ivar body_fingerprint_bin5: The bodyFingerprintBin5. - :vartype body_fingerprint_bin5: int - :ivar antispam_direction: The directionality of this mail message. Known values are: "Unknown", - "Inbound", "Outbound", and "Intraorg". - :vartype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection - :ivar delivery_action: The delivery action of this mail message like Delivered, Blocked, - Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and - "Replaced". - :vartype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction - :ivar delivery_location: The delivery location of this mail message like Inbox, JunkFolder etc. - Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", "External", - "Failed", "Dropped", and "Forwarded". - :vartype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "file_entity_ids": {"readonly": True}, - "recipient": {"readonly": True}, - "urls": {"readonly": True}, - "threats": {"readonly": True}, - "p1_sender": {"readonly": True}, - "p1_sender_display_name": {"readonly": True}, - "p1_sender_domain": {"readonly": True}, - "sender_ip": {"readonly": True}, - "p2_sender": {"readonly": True}, - "p2_sender_display_name": {"readonly": True}, - "p2_sender_domain": {"readonly": True}, - "receive_date": {"readonly": True}, - "network_message_id": {"readonly": True}, - "internet_message_id": {"readonly": True}, - "subject": {"readonly": True}, - "language": {"readonly": True}, - "threat_detection_methods": {"readonly": True}, + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar title: The title of the task. Required. + :vartype title: str + :ivar description: The description of the task. + :vartype description: str + :ivar status: Required. Known values are: "New" and "Completed". + :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentTaskStatus + :ivar created_time_utc: The time the task was created. + :vartype created_time_utc: ~datetime.datetime + :ivar last_modified_time_utc: The last time the task was updated. + :vartype last_modified_time_utc: ~datetime.datetime + :ivar created_by: Information on the client (user or application) that made some action. + :vartype created_by: ~azure.mgmt.securityinsight.models.ClientInfo + :ivar last_modified_by: Information on the client (user or application) that made some action. + :vartype last_modified_by: ~azure.mgmt.securityinsight.models.ClientInfo + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "title": {"required": True}, + "status": {"required": True}, + "created_time_utc": {"readonly": True}, + "last_modified_time_utc": {"readonly": True}, } _attribute_map = { @@ -12614,998 +12494,757 @@ class MailMessageEntity(Entity): # pylint: disable=too-many-instance-attributes "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "file_entity_ids": {"key": "properties.fileEntityIds", "type": "[str]"}, - "recipient": {"key": "properties.recipient", "type": "str"}, - "urls": {"key": "properties.urls", "type": "[str]"}, - "threats": {"key": "properties.threats", "type": "[str]"}, - "p1_sender": {"key": "properties.p1Sender", "type": "str"}, - "p1_sender_display_name": {"key": "properties.p1SenderDisplayName", "type": "str"}, - "p1_sender_domain": {"key": "properties.p1SenderDomain", "type": "str"}, - "sender_ip": {"key": "properties.senderIP", "type": "str"}, - "p2_sender": {"key": "properties.p2Sender", "type": "str"}, - "p2_sender_display_name": {"key": "properties.p2SenderDisplayName", "type": "str"}, - "p2_sender_domain": {"key": "properties.p2SenderDomain", "type": "str"}, - "receive_date": {"key": "properties.receiveDate", "type": "iso-8601"}, - "network_message_id": {"key": "properties.networkMessageId", "type": "str"}, - "internet_message_id": {"key": "properties.internetMessageId", "type": "str"}, - "subject": {"key": "properties.subject", "type": "str"}, - "language": {"key": "properties.language", "type": "str"}, - "threat_detection_methods": {"key": "properties.threatDetectionMethods", "type": "[str]"}, - "body_fingerprint_bin1": {"key": "properties.bodyFingerprintBin1", "type": "int"}, - "body_fingerprint_bin2": {"key": "properties.bodyFingerprintBin2", "type": "int"}, - "body_fingerprint_bin3": {"key": "properties.bodyFingerprintBin3", "type": "int"}, - "body_fingerprint_bin4": {"key": "properties.bodyFingerprintBin4", "type": "int"}, - "body_fingerprint_bin5": {"key": "properties.bodyFingerprintBin5", "type": "int"}, - "antispam_direction": {"key": "properties.antispamDirection", "type": "str"}, - "delivery_action": {"key": "properties.deliveryAction", "type": "str"}, - "delivery_location": {"key": "properties.deliveryLocation", "type": "str"}, + "etag": {"key": "etag", "type": "str"}, + "title": {"key": "properties.title", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "status": {"key": "properties.status", "type": "str"}, + "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, + "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, + "created_by": {"key": "properties.createdBy", "type": "ClientInfo"}, + "last_modified_by": {"key": "properties.lastModifiedBy", "type": "ClientInfo"}, } - def __init__( # pylint: disable=too-many-locals + def __init__( self, *, - body_fingerprint_bin1: Optional[int] = None, - body_fingerprint_bin2: Optional[int] = None, - body_fingerprint_bin3: Optional[int] = None, - body_fingerprint_bin4: Optional[int] = None, - body_fingerprint_bin5: Optional[int] = None, - antispam_direction: Optional[Union[str, "_models.AntispamMailDirection"]] = None, - delivery_action: Optional[Union[str, "_models.DeliveryAction"]] = None, - delivery_location: Optional[Union[str, "_models.DeliveryLocation"]] = None, - **kwargs - ): + title: str, + status: Union[str, "_models.IncidentTaskStatus"], + etag: Optional[str] = None, + description: Optional[str] = None, + created_by: Optional["_models.ClientInfo"] = None, + last_modified_by: Optional["_models.ClientInfo"] = None, + **kwargs: Any + ) -> None: """ - :keyword body_fingerprint_bin1: The bodyFingerprintBin1. - :paramtype body_fingerprint_bin1: int - :keyword body_fingerprint_bin2: The bodyFingerprintBin2. - :paramtype body_fingerprint_bin2: int - :keyword body_fingerprint_bin3: The bodyFingerprintBin3. - :paramtype body_fingerprint_bin3: int - :keyword body_fingerprint_bin4: The bodyFingerprintBin4. - :paramtype body_fingerprint_bin4: int - :keyword body_fingerprint_bin5: The bodyFingerprintBin5. - :paramtype body_fingerprint_bin5: int - :keyword antispam_direction: The directionality of this mail message. Known values are: - "Unknown", "Inbound", "Outbound", and "Intraorg". - :paramtype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection - :keyword delivery_action: The delivery action of this mail message like Delivered, Blocked, - Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and - "Replaced". - :paramtype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction - :keyword delivery_location: The delivery location of this mail message like Inbox, JunkFolder - etc. Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", - "External", "Failed", "Dropped", and "Forwarded". - :paramtype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword title: The title of the task. Required. + :paramtype title: str + :keyword description: The description of the task. + :paramtype description: str + :keyword status: Required. Known values are: "New" and "Completed". + :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentTaskStatus + :keyword created_by: Information on the client (user or application) that made some action. + :paramtype created_by: ~azure.mgmt.securityinsight.models.ClientInfo + :keyword last_modified_by: Information on the client (user or application) that made some + action. + :paramtype last_modified_by: ~azure.mgmt.securityinsight.models.ClientInfo + """ + super().__init__(etag=etag, **kwargs) + self.title = title + self.description = description + self.status = status + self.created_time_utc = None + self.last_modified_time_utc = None + self.created_by = created_by + self.last_modified_by = last_modified_by + + +class IncidentTaskList(_serialization.Model): + """IncidentTaskList. + + :ivar value: + :vartype value: list[~azure.mgmt.securityinsight.models.IncidentTask] + :ivar next_link: + :vartype next_link: str + """ + + _attribute_map = { + "value": {"key": "value", "type": "[IncidentTask]"}, + "next_link": {"key": "nextLink", "type": "str"}, + } + + def __init__( + self, *, value: Optional[List["_models.IncidentTask"]] = None, next_link: Optional[str] = None, **kwargs: Any + ) -> None: + """ + :keyword value: + :paramtype value: list[~azure.mgmt.securityinsight.models.IncidentTask] + :keyword next_link: + :paramtype next_link: str """ super().__init__(**kwargs) - self.kind: str = "MailMessage" - self.additional_data = None - self.friendly_name = None - self.file_entity_ids = None - self.recipient = None - self.urls = None - self.threats = None - self.p1_sender = None - self.p1_sender_display_name = None - self.p1_sender_domain = None - self.sender_ip = None - self.p2_sender = None - self.p2_sender_display_name = None - self.p2_sender_domain = None - self.receive_date = None - self.network_message_id = None - self.internet_message_id = None - self.subject = None - self.language = None - self.threat_detection_methods = None - self.body_fingerprint_bin1 = body_fingerprint_bin1 - self.body_fingerprint_bin2 = body_fingerprint_bin2 - self.body_fingerprint_bin3 = body_fingerprint_bin3 - self.body_fingerprint_bin4 = body_fingerprint_bin4 - self.body_fingerprint_bin5 = body_fingerprint_bin5 - self.antispam_direction = antispam_direction - self.delivery_action = delivery_action - self.delivery_location = delivery_location + self.value = value + self.next_link = next_link -class MailMessageEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """Mail message entity property bag. +class InsightQueryItem(EntityQueryItem): + """Represents Insight Query. Variables are only populated by the server, and will be ignored when sending a request. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar file_entity_ids: The File entity ids of this mail message's attachments. - :vartype file_entity_ids: list[str] - :ivar recipient: The recipient of this mail message. Note that in case of multiple recipients - the mail message is forked and each copy has one recipient. - :vartype recipient: str - :ivar urls: The Urls contained in this mail message. - :vartype urls: list[str] - :ivar threats: The threats of this mail message. - :vartype threats: list[str] - :ivar p1_sender: The p1 sender's email address. - :vartype p1_sender: str - :ivar p1_sender_display_name: The p1 sender's display name. - :vartype p1_sender_display_name: str - :ivar p1_sender_domain: The p1 sender's domain. - :vartype p1_sender_domain: str - :ivar sender_ip: The sender's IP address. - :vartype sender_ip: str - :ivar p2_sender: The p2 sender's email address. - :vartype p2_sender: str - :ivar p2_sender_display_name: The p2 sender's display name. - :vartype p2_sender_display_name: str - :ivar p2_sender_domain: The p2 sender's domain. - :vartype p2_sender_domain: str - :ivar receive_date: The receive date of this message. - :vartype receive_date: ~datetime.datetime - :ivar network_message_id: The network message id of this mail message. - :vartype network_message_id: str - :ivar internet_message_id: The internet message id of this mail message. - :vartype internet_message_id: str - :ivar subject: The subject of this mail message. - :vartype subject: str - :ivar language: The language of this mail message. - :vartype language: str - :ivar threat_detection_methods: The threat detection methods. - :vartype threat_detection_methods: list[str] - :ivar body_fingerprint_bin1: The bodyFingerprintBin1. - :vartype body_fingerprint_bin1: int - :ivar body_fingerprint_bin2: The bodyFingerprintBin2. - :vartype body_fingerprint_bin2: int - :ivar body_fingerprint_bin3: The bodyFingerprintBin3. - :vartype body_fingerprint_bin3: int - :ivar body_fingerprint_bin4: The bodyFingerprintBin4. - :vartype body_fingerprint_bin4: int - :ivar body_fingerprint_bin5: The bodyFingerprintBin5. - :vartype body_fingerprint_bin5: int - :ivar antispam_direction: The directionality of this mail message. Known values are: "Unknown", - "Inbound", "Outbound", and "Intraorg". - :vartype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection - :ivar delivery_action: The delivery action of this mail message like Delivered, Blocked, - Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and - "Replaced". - :vartype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction - :ivar delivery_location: The delivery location of this mail message like Inbox, JunkFolder etc. - Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", "External", - "Failed", "Dropped", and "Forwarded". - :vartype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation - """ + All required parameters must be populated in order to send to Azure. - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "file_entity_ids": {"readonly": True}, - "recipient": {"readonly": True}, - "urls": {"readonly": True}, - "threats": {"readonly": True}, - "p1_sender": {"readonly": True}, - "p1_sender_display_name": {"readonly": True}, - "p1_sender_domain": {"readonly": True}, - "sender_ip": {"readonly": True}, - "p2_sender": {"readonly": True}, - "p2_sender_display_name": {"readonly": True}, - "p2_sender_domain": {"readonly": True}, - "receive_date": {"readonly": True}, - "network_message_id": {"readonly": True}, - "internet_message_id": {"readonly": True}, - "subject": {"readonly": True}, - "language": {"readonly": True}, - "threat_detection_methods": {"readonly": True}, - } - - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "file_entity_ids": {"key": "fileEntityIds", "type": "[str]"}, - "recipient": {"key": "recipient", "type": "str"}, - "urls": {"key": "urls", "type": "[str]"}, - "threats": {"key": "threats", "type": "[str]"}, - "p1_sender": {"key": "p1Sender", "type": "str"}, - "p1_sender_display_name": {"key": "p1SenderDisplayName", "type": "str"}, - "p1_sender_domain": {"key": "p1SenderDomain", "type": "str"}, - "sender_ip": {"key": "senderIP", "type": "str"}, - "p2_sender": {"key": "p2Sender", "type": "str"}, - "p2_sender_display_name": {"key": "p2SenderDisplayName", "type": "str"}, - "p2_sender_domain": {"key": "p2SenderDomain", "type": "str"}, - "receive_date": {"key": "receiveDate", "type": "iso-8601"}, - "network_message_id": {"key": "networkMessageId", "type": "str"}, - "internet_message_id": {"key": "internetMessageId", "type": "str"}, - "subject": {"key": "subject", "type": "str"}, - "language": {"key": "language", "type": "str"}, - "threat_detection_methods": {"key": "threatDetectionMethods", "type": "[str]"}, - "body_fingerprint_bin1": {"key": "bodyFingerprintBin1", "type": "int"}, - "body_fingerprint_bin2": {"key": "bodyFingerprintBin2", "type": "int"}, - "body_fingerprint_bin3": {"key": "bodyFingerprintBin3", "type": "int"}, - "body_fingerprint_bin4": {"key": "bodyFingerprintBin4", "type": "int"}, - "body_fingerprint_bin5": {"key": "bodyFingerprintBin5", "type": "int"}, - "antispam_direction": {"key": "antispamDirection", "type": "str"}, - "delivery_action": {"key": "deliveryAction", "type": "str"}, - "delivery_location": {"key": "deliveryLocation", "type": "str"}, - } - - def __init__( # pylint: disable=too-many-locals - self, - *, - body_fingerprint_bin1: Optional[int] = None, - body_fingerprint_bin2: Optional[int] = None, - body_fingerprint_bin3: Optional[int] = None, - body_fingerprint_bin4: Optional[int] = None, - body_fingerprint_bin5: Optional[int] = None, - antispam_direction: Optional[Union[str, "_models.AntispamMailDirection"]] = None, - delivery_action: Optional[Union[str, "_models.DeliveryAction"]] = None, - delivery_location: Optional[Union[str, "_models.DeliveryLocation"]] = None, - **kwargs - ): - """ - :keyword body_fingerprint_bin1: The bodyFingerprintBin1. - :paramtype body_fingerprint_bin1: int - :keyword body_fingerprint_bin2: The bodyFingerprintBin2. - :paramtype body_fingerprint_bin2: int - :keyword body_fingerprint_bin3: The bodyFingerprintBin3. - :paramtype body_fingerprint_bin3: int - :keyword body_fingerprint_bin4: The bodyFingerprintBin4. - :paramtype body_fingerprint_bin4: int - :keyword body_fingerprint_bin5: The bodyFingerprintBin5. - :paramtype body_fingerprint_bin5: int - :keyword antispam_direction: The directionality of this mail message. Known values are: - "Unknown", "Inbound", "Outbound", and "Intraorg". - :paramtype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection - :keyword delivery_action: The delivery action of this mail message like Delivered, Blocked, - Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and - "Replaced". - :paramtype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction - :keyword delivery_location: The delivery location of this mail message like Inbox, JunkFolder - etc. Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", - "External", "Failed", "Dropped", and "Forwarded". - :paramtype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation - """ - super().__init__(**kwargs) - self.file_entity_ids = None - self.recipient = None - self.urls = None - self.threats = None - self.p1_sender = None - self.p1_sender_display_name = None - self.p1_sender_domain = None - self.sender_ip = None - self.p2_sender = None - self.p2_sender_display_name = None - self.p2_sender_domain = None - self.receive_date = None - self.network_message_id = None - self.internet_message_id = None - self.subject = None - self.language = None - self.threat_detection_methods = None - self.body_fingerprint_bin1 = body_fingerprint_bin1 - self.body_fingerprint_bin2 = body_fingerprint_bin2 - self.body_fingerprint_bin3 = body_fingerprint_bin3 - self.body_fingerprint_bin4 = body_fingerprint_bin4 - self.body_fingerprint_bin5 = body_fingerprint_bin5 - self.antispam_direction = antispam_direction - self.delivery_action = delivery_action - self.delivery_location = delivery_location - - -class MalwareEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a malware entity. - - Variables are only populated by the server, and will be ignored when sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :ivar id: Query Template ARM ID. :vartype id: str - :ivar name: The name of the resource. + :ivar name: Query Template ARM Name. :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". + :ivar type: ARM Type. :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar category: The malware category by the vendor, e.g. Trojan. - :vartype category: str - :ivar file_entity_ids: List of linked file entity identifiers on which the malware was found. - :vartype file_entity_ids: list[str] - :ivar malware_name: The malware name by the vendor, e.g. Win32/Toga!rfn. - :vartype malware_name: str - :ivar process_entity_ids: List of linked process entity identifiers on which the malware was - found. - :vartype process_entity_ids: list[str] + :ivar kind: The kind of the entity query. Required. Known values are: "Expansion", "Insight", + and "Activity". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind + :ivar properties: Properties bag for InsightQueryItem. + :vartype properties: ~azure.mgmt.securityinsight.models.InsightQueryItemProperties """ _validation = { "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "category": {"readonly": True}, - "file_entity_ids": {"readonly": True}, - "malware_name": {"readonly": True}, - "process_entity_ids": {"readonly": True}, } _attribute_map = { "id": {"key": "id", "type": "str"}, "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "category": {"key": "properties.category", "type": "str"}, - "file_entity_ids": {"key": "properties.fileEntityIds", "type": "[str]"}, - "malware_name": {"key": "properties.malwareName", "type": "str"}, - "process_entity_ids": {"key": "properties.processEntityIds", "type": "[str]"}, + "properties": {"key": "properties", "type": "InsightQueryItemProperties"}, } - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: str = "Malware" - self.additional_data = None - self.friendly_name = None - self.category = None - self.file_entity_ids = None - self.malware_name = None - self.process_entity_ids = None - + def __init__( + self, + *, + name: Optional[str] = None, + type: Optional[str] = None, + properties: Optional["_models.InsightQueryItemProperties"] = None, + **kwargs: Any + ) -> None: + """ + :keyword name: Query Template ARM Name. + :paramtype name: str + :keyword type: ARM Type. + :paramtype type: str + :keyword properties: Properties bag for InsightQueryItem. + :paramtype properties: ~azure.mgmt.securityinsight.models.InsightQueryItemProperties + """ + super().__init__(name=name, type=type, **kwargs) + self.kind: str = "Insight" + self.properties = properties -class MalwareEntityProperties(EntityCommonProperties): - """Malware entity property bag. - Variables are only populated by the server, and will be ignored when sending a request. +class InsightQueryItemProperties(EntityQueryItemProperties): # pylint: disable=too-many-instance-attributes + """Represents Insight Query. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar category: The malware category by the vendor, e.g. Trojan. - :vartype category: str - :ivar file_entity_ids: List of linked file entity identifiers on which the malware was found. - :vartype file_entity_ids: list[str] - :ivar malware_name: The malware name by the vendor, e.g. Win32/Toga!rfn. - :vartype malware_name: str - :ivar process_entity_ids: List of linked process entity identifiers on which the malware was - found. - :vartype process_entity_ids: list[str] + :ivar data_types: Data types for template. + :vartype data_types: + list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] + :ivar input_entity_type: The type of the entity. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", + "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :ivar required_input_fields_sets: Data types for template. + :vartype required_input_fields_sets: list[list[str]] + :ivar entities_filter: The query applied only to entities matching to all filters. + :vartype entities_filter: JSON + :ivar display_name: The insight display name. + :vartype display_name: str + :ivar description: The insight description. + :vartype description: str + :ivar base_query: The base query of the insight. + :vartype base_query: str + :ivar table_query: The insight table query. + :vartype table_query: ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQuery + :ivar chart_query: The insight chart query. + :vartype chart_query: JSON + :ivar additional_query: The activity query definitions. + :vartype additional_query: + ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesAdditionalQuery + :ivar default_time_range: The insight chart query. + :vartype default_time_range: + ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesDefaultTimeRange + :ivar reference_time_range: The insight chart query. + :vartype reference_time_range: + ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesReferenceTimeRange """ - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "category": {"readonly": True}, - "file_entity_ids": {"readonly": True}, - "malware_name": {"readonly": True}, - "process_entity_ids": {"readonly": True}, - } - _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "category": {"key": "category", "type": "str"}, - "file_entity_ids": {"key": "fileEntityIds", "type": "[str]"}, - "malware_name": {"key": "malwareName", "type": "str"}, - "process_entity_ids": {"key": "processEntityIds", "type": "[str]"}, + "data_types": {"key": "dataTypes", "type": "[EntityQueryItemPropertiesDataTypesItem]"}, + "input_entity_type": {"key": "inputEntityType", "type": "str"}, + "required_input_fields_sets": {"key": "requiredInputFieldsSets", "type": "[[str]]"}, + "entities_filter": {"key": "entitiesFilter", "type": "object"}, + "display_name": {"key": "displayName", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "base_query": {"key": "baseQuery", "type": "str"}, + "table_query": {"key": "tableQuery", "type": "InsightQueryItemPropertiesTableQuery"}, + "chart_query": {"key": "chartQuery", "type": "object"}, + "additional_query": {"key": "additionalQuery", "type": "InsightQueryItemPropertiesAdditionalQuery"}, + "default_time_range": {"key": "defaultTimeRange", "type": "InsightQueryItemPropertiesDefaultTimeRange"}, + "reference_time_range": {"key": "referenceTimeRange", "type": "InsightQueryItemPropertiesReferenceTimeRange"}, } - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.category = None - self.file_entity_ids = None - self.malware_name = None - self.process_entity_ids = None - + def __init__( + self, + *, + data_types: Optional[List["_models.EntityQueryItemPropertiesDataTypesItem"]] = None, + input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, + required_input_fields_sets: Optional[List[List[str]]] = None, + entities_filter: Optional[JSON] = None, + display_name: Optional[str] = None, + description: Optional[str] = None, + base_query: Optional[str] = None, + table_query: Optional["_models.InsightQueryItemPropertiesTableQuery"] = None, + chart_query: Optional[JSON] = None, + additional_query: Optional["_models.InsightQueryItemPropertiesAdditionalQuery"] = None, + default_time_range: Optional["_models.InsightQueryItemPropertiesDefaultTimeRange"] = None, + reference_time_range: Optional["_models.InsightQueryItemPropertiesReferenceTimeRange"] = None, + **kwargs: Any + ) -> None: + """ + :keyword data_types: Data types for template. + :paramtype data_types: + list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] + :keyword input_entity_type: The type of the entity. Known values are: "Account", "Host", + "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", + "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :keyword required_input_fields_sets: Data types for template. + :paramtype required_input_fields_sets: list[list[str]] + :keyword entities_filter: The query applied only to entities matching to all filters. + :paramtype entities_filter: JSON + :keyword display_name: The insight display name. + :paramtype display_name: str + :keyword description: The insight description. + :paramtype description: str + :keyword base_query: The base query of the insight. + :paramtype base_query: str + :keyword table_query: The insight table query. + :paramtype table_query: ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQuery + :keyword chart_query: The insight chart query. + :paramtype chart_query: JSON + :keyword additional_query: The activity query definitions. + :paramtype additional_query: + ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesAdditionalQuery + :keyword default_time_range: The insight chart query. + :paramtype default_time_range: + ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesDefaultTimeRange + :keyword reference_time_range: The insight chart query. + :paramtype reference_time_range: + ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesReferenceTimeRange + """ + super().__init__( + data_types=data_types, + input_entity_type=input_entity_type, + required_input_fields_sets=required_input_fields_sets, + entities_filter=entities_filter, + **kwargs + ) + self.display_name = display_name + self.description = description + self.base_query = base_query + self.table_query = table_query + self.chart_query = chart_query + self.additional_query = additional_query + self.default_time_range = default_time_range + self.reference_time_range = reference_time_range -class ManualTriggerRequestBody(_serialization.Model): - """ManualTriggerRequestBody. - All required parameters must be populated in order to send to Azure. +class InsightQueryItemPropertiesAdditionalQuery(_serialization.Model): + """The activity query definitions. - :ivar tenant_id: - :vartype tenant_id: str - :ivar logic_apps_resource_id: Required. - :vartype logic_apps_resource_id: str + :ivar query: The insight query. + :vartype query: str + :ivar text: The insight text. + :vartype text: str """ - _validation = { - "logic_apps_resource_id": {"required": True}, - } - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "logic_apps_resource_id": {"key": "logicAppsResourceId", "type": "str"}, + "query": {"key": "query", "type": "str"}, + "text": {"key": "text", "type": "str"}, } - def __init__(self, *, logic_apps_resource_id: str, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, query: Optional[str] = None, text: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword tenant_id: - :paramtype tenant_id: str - :keyword logic_apps_resource_id: Required. - :paramtype logic_apps_resource_id: str + :keyword query: The insight query. + :paramtype query: str + :keyword text: The insight text. + :paramtype text: str """ super().__init__(**kwargs) - self.tenant_id = tenant_id - self.logic_apps_resource_id = logic_apps_resource_id - + self.query = query + self.text = text -class MCASCheckRequirements(DataConnectorsCheckRequirements): - """Represents MCAS (Microsoft Cloud App Security) requirements check request. - All required parameters must be populated in order to send to Azure. +class InsightQueryItemPropertiesDefaultTimeRange(_serialization.Model): + """The insight chart query. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str + :ivar before_range: The padding for the start time of the query. + :vartype before_range: str + :ivar after_range: The padding for the end time of the query. + :vartype after_range: str """ - _validation = { - "kind": {"required": True}, - } - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "before_range": {"key": "beforeRange", "type": "str"}, + "after_range": {"key": "afterRange", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, before_range: Optional[str] = None, after_range: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str + :keyword before_range: The padding for the start time of the query. + :paramtype before_range: str + :keyword after_range: The padding for the end time of the query. + :paramtype after_range: str """ super().__init__(**kwargs) - self.kind: str = "MicrosoftCloudAppSecurity" - self.tenant_id = tenant_id - + self.before_range = before_range + self.after_range = after_range -class MCASCheckRequirementsProperties(DataConnectorTenantId): - """MCAS (Microsoft Cloud App Security) requirements check properties. - All required parameters must be populated in order to send to Azure. +class InsightQueryItemPropertiesReferenceTimeRange(_serialization.Model): + """The insight chart query. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str + :ivar before_range: Additional query time for looking back. + :vartype before_range: str """ - _validation = { - "tenant_id": {"required": True}, - } - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, + "before_range": {"key": "beforeRange", "type": "str"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__(self, *, before_range: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str + :keyword before_range: Additional query time for looking back. + :paramtype before_range: str """ - super().__init__(tenant_id=tenant_id, **kwargs) - - -class MCASDataConnector(DataConnector): - """Represents MCAS (Microsoft Cloud App Security) data connector. + super().__init__(**kwargs) + self.before_range = before_range - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class InsightQueryItemPropertiesTableQuery(_serialization.Model): + """The insight table query. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes + :ivar columns_definitions: List of insight column definitions. + :vartype columns_definitions: + list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem] + :ivar queries_definitions: List of insight queries definitions. + :vartype queries_definitions: + list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem] """ - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "MCASDataConnectorDataTypes"}, + "columns_definitions": { + "key": "columnsDefinitions", + "type": "[InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem]", + }, + "queries_definitions": { + "key": "queriesDefinitions", + "type": "[InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem]", + }, } def __init__( self, *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.MCASDataConnectorDataTypes"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes + columns_definitions: Optional[ + List["_models.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem"] + ] = None, + queries_definitions: Optional[ + List["_models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem"] + ] = None, + **kwargs: Any + ) -> None: """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "MicrosoftCloudAppSecurity" - self.tenant_id = tenant_id - self.data_types = data_types - + :keyword columns_definitions: List of insight column definitions. + :paramtype columns_definitions: + list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem] + :keyword queries_definitions: List of insight queries definitions. + :paramtype queries_definitions: + list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem] + """ + super().__init__(**kwargs) + self.columns_definitions = columns_definitions + self.queries_definitions = queries_definitions -class MCASDataConnectorDataTypes(AlertsDataTypeOfDataConnector): - """The available data types for MCAS (Microsoft Cloud App Security) data connector. - All required parameters must be populated in order to send to Azure. +class InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem(_serialization.Model): + """InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem. - :ivar alerts: Alerts data type connection. Required. - :vartype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon - :ivar discovery_logs: Discovery log data type connection. - :vartype discovery_logs: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + :ivar header: Insight column header. + :vartype header: str + :ivar output_type: Insights Column type. Known values are: "Number", "String", "Date", and + "Entity". + :vartype output_type: str or ~azure.mgmt.securityinsight.models.OutputType + :ivar support_deep_link: Is query supports deep-link. + :vartype support_deep_link: bool """ - _validation = { - "alerts": {"required": True}, - } - _attribute_map = { - "alerts": {"key": "alerts", "type": "DataConnectorDataTypeCommon"}, - "discovery_logs": {"key": "discoveryLogs", "type": "DataConnectorDataTypeCommon"}, + "header": {"key": "header", "type": "str"}, + "output_type": {"key": "outputType", "type": "str"}, + "support_deep_link": {"key": "supportDeepLink", "type": "bool"}, } def __init__( self, *, - alerts: "_models.DataConnectorDataTypeCommon", - discovery_logs: Optional["_models.DataConnectorDataTypeCommon"] = None, - **kwargs - ): + header: Optional[str] = None, + output_type: Optional[Union[str, "_models.OutputType"]] = None, + support_deep_link: Optional[bool] = None, + **kwargs: Any + ) -> None: """ - :keyword alerts: Alerts data type connection. Required. - :paramtype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon - :keyword discovery_logs: Discovery log data type connection. - :paramtype discovery_logs: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + :keyword header: Insight column header. + :paramtype header: str + :keyword output_type: Insights Column type. Known values are: "Number", "String", "Date", and + "Entity". + :paramtype output_type: str or ~azure.mgmt.securityinsight.models.OutputType + :keyword support_deep_link: Is query supports deep-link. + :paramtype support_deep_link: bool """ - super().__init__(alerts=alerts, **kwargs) - self.discovery_logs = discovery_logs - + super().__init__(**kwargs) + self.header = header + self.output_type = output_type + self.support_deep_link = support_deep_link -class MCASDataConnectorProperties(DataConnectorTenantId): - """MCAS (Microsoft Cloud App Security) data connector properties. - All required parameters must be populated in order to send to Azure. +class InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem(_serialization.Model): + """InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes + :ivar filter: Insight column header. + :vartype filter: str + :ivar summarize: Insight column header. + :vartype summarize: str + :ivar project: Insight column header. + :vartype project: str + :ivar link_columns_definitions: Insight column header. + :vartype link_columns_definitions: + list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem] """ - _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, - } - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "MCASDataConnectorDataTypes"}, + "filter": {"key": "filter", "type": "str"}, + "summarize": {"key": "summarize", "type": "str"}, + "project": {"key": "project", "type": "str"}, + "link_columns_definitions": { + "key": "linkColumnsDefinitions", + "type": "[InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem]", + }, } - def __init__(self, *, tenant_id: str, data_types: "_models.MCASDataConnectorDataTypes", **kwargs): + def __init__( + self, + *, + filter: Optional[str] = None, # pylint: disable=redefined-builtin + summarize: Optional[str] = None, + project: Optional[str] = None, + link_columns_definitions: Optional[ + List["_models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem"] + ] = None, + **kwargs: Any + ) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes + :keyword filter: Insight column header. + :paramtype filter: str + :keyword summarize: Insight column header. + :paramtype summarize: str + :keyword project: Insight column header. + :paramtype project: str + :keyword link_columns_definitions: Insight column header. + :paramtype link_columns_definitions: + list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem] """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.data_types = data_types - + super().__init__(**kwargs) + self.filter = filter + self.summarize = summarize + self.project = project + self.link_columns_definitions = link_columns_definitions -class MDATPCheckRequirements(DataConnectorsCheckRequirements): - """Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request. - All required parameters must be populated in order to send to Azure. +class InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem(_serialization.Model): + """InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str + :ivar projected_name: Insight Link Definition Projected Name. + :vartype projected_name: str + :ivar query: Insight Link Definition Query. + :vartype query: str """ - _validation = { - "kind": {"required": True}, - } - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "projected_name": {"key": "projectedName", "type": "str"}, + "query": {"key": "Query", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, projected_name: Optional[str] = None, query: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str + :keyword projected_name: Insight Link Definition Projected Name. + :paramtype projected_name: str + :keyword query: Insight Link Definition Query. + :paramtype query: str """ super().__init__(**kwargs) - self.kind: str = "MicrosoftDefenderAdvancedThreatProtection" - self.tenant_id = tenant_id - + self.projected_name = projected_name + self.query = query -class MDATPCheckRequirementsProperties(DataConnectorTenantId): - """MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. - All required parameters must be populated in order to send to Azure. +class InsightsTableResult(_serialization.Model): + """Query results for table insights query. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str + :ivar columns: Columns Metadata of the table. + :vartype columns: list[~azure.mgmt.securityinsight.models.InsightsTableResultColumnsItem] + :ivar rows: Rows data of the table. + :vartype rows: list[list[str]] """ - _validation = { - "tenant_id": {"required": True}, + _attribute_map = { + "columns": {"key": "columns", "type": "[InsightsTableResultColumnsItem]"}, + "rows": {"key": "rows", "type": "[[str]]"}, } + def __init__( + self, + *, + columns: Optional[List["_models.InsightsTableResultColumnsItem"]] = None, + rows: Optional[List[List[str]]] = None, + **kwargs: Any + ) -> None: + """ + :keyword columns: Columns Metadata of the table. + :paramtype columns: list[~azure.mgmt.securityinsight.models.InsightsTableResultColumnsItem] + :keyword rows: Rows data of the table. + :paramtype rows: list[list[str]] + """ + super().__init__(**kwargs) + self.columns = columns + self.rows = rows + + +class InsightsTableResultColumnsItem(_serialization.Model): + """InsightsTableResultColumnsItem. + + :ivar type: the type of the colum. + :vartype type: str + :ivar name: the name of the colum. + :vartype name: str + """ + _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "name": {"key": "name", "type": "str"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__(self, *, type: Optional[str] = None, name: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str + :keyword type: the type of the colum. + :paramtype type: str + :keyword name: the name of the colum. + :paramtype name: str """ - super().__init__(tenant_id=tenant_id, **kwargs) - + super().__init__(**kwargs) + self.type = type + self.name = name -class MDATPDataConnector(DataConnector): - """Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. - Variables are only populated by the server, and will be ignored when sending a request. +class Instructions(_serialization.Model): + """Instructions section of a recommendation. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar actions_to_be_performed: What actions should be taken to complete the recommendation. + Required. + :vartype actions_to_be_performed: str + :ivar recommendation_importance: Explains why the recommendation is important. Required. + :vartype recommendation_importance: str + :ivar how_to_perform_action_details: How should the user complete the recommendation. + :vartype how_to_perform_action_details: str """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, + "actions_to_be_performed": {"required": True}, + "recommendation_importance": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "actions_to_be_performed": {"key": "actionsToBePerformed", "type": "str"}, + "recommendation_importance": {"key": "recommendationImportance", "type": "str"}, + "how_to_perform_action_details": {"key": "howToPerformActionDetails", "type": "str"}, } def __init__( self, *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - **kwargs - ): + actions_to_be_performed: str, + recommendation_importance: str, + how_to_perform_action_details: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword actions_to_be_performed: What actions should be taken to complete the recommendation. + Required. + :paramtype actions_to_be_performed: str + :keyword recommendation_importance: Explains why the recommendation is important. Required. + :paramtype recommendation_importance: str + :keyword how_to_perform_action_details: How should the user complete the recommendation. + :paramtype how_to_perform_action_details: str """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "MicrosoftDefenderAdvancedThreatProtection" - self.tenant_id = tenant_id - self.data_types = data_types - + super().__init__(**kwargs) + self.actions_to_be_performed = actions_to_be_performed + self.recommendation_importance = recommendation_importance + self.how_to_perform_action_details = how_to_perform_action_details -class MDATPDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): - """MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. - All required parameters must be populated in order to send to Azure. +class InstructionStep(_serialization.Model): + """Instruction steps to enable the connector. - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str + :ivar title: Gets or sets the instruction step title. + :vartype title: str + :ivar description: Gets or sets the instruction step description. + :vartype description: str + :ivar instructions: Gets or sets the instruction step details. + :vartype instructions: list[~azure.mgmt.securityinsight.models.InstructionStepDetails] + :ivar inner_steps: Gets or sets the inner instruction steps details. + Foe Example: instruction step 1 might contain inner instruction steps: [instruction step 1.1, + instruction step 1.2]. + :vartype inner_steps: list[~azure.mgmt.securityinsight.models.InstructionStep] """ - _validation = { - "tenant_id": {"required": True}, - } - _attribute_map = { - "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, - "tenant_id": {"key": "tenantId", "type": "str"}, + "title": {"key": "title", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "instructions": {"key": "instructions", "type": "[InstructionStepDetails]"}, + "inner_steps": {"key": "innerSteps", "type": "[InstructionStep]"}, } def __init__( - self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs - ): + self, + *, + title: Optional[str] = None, + description: Optional[str] = None, + instructions: Optional[List["_models.InstructionStepDetails"]] = None, + inner_steps: Optional[List["_models.InstructionStep"]] = None, + **kwargs: Any + ) -> None: """ - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str + :keyword title: Gets or sets the instruction step title. + :paramtype title: str + :keyword description: Gets or sets the instruction step description. + :paramtype description: str + :keyword instructions: Gets or sets the instruction step details. + :paramtype instructions: list[~azure.mgmt.securityinsight.models.InstructionStepDetails] + :keyword inner_steps: Gets or sets the inner instruction steps details. + Foe Example: instruction step 1 might contain inner instruction steps: [instruction step 1.1, + instruction step 1.2]. + :paramtype inner_steps: list[~azure.mgmt.securityinsight.models.InstructionStep] """ - super().__init__(tenant_id=tenant_id, data_types=data_types, **kwargs) - self.data_types = data_types - self.tenant_id = tenant_id + super().__init__(**kwargs) + self.title = title + self.description = description + self.instructions = instructions + self.inner_steps = inner_steps -class MetadataAuthor(_serialization.Model): - """Publisher or creator of the content item. +class InstructionStepDetails(_serialization.Model): + """Instruction step details, to be displayed in the Instructions steps section in the connector's + page in Sentinel Portal. - :ivar name: Name of the author. Company or person. - :vartype name: str - :ivar email: Email of author contact. - :vartype email: str - :ivar link: Link for author/vendor page. - :vartype link: str + All required parameters must be populated in order to send to Azure. + + :ivar parameters: Gets or sets the instruction type parameters settings. Required. + :vartype parameters: JSON + :ivar type: Gets or sets the instruction type name. Required. + :vartype type: str """ - _attribute_map = { - "name": {"key": "name", "type": "str"}, - "email": {"key": "email", "type": "str"}, - "link": {"key": "link", "type": "str"}, + _validation = { + "parameters": {"required": True}, + "type": {"required": True}, } - def __init__( - self, *, name: Optional[str] = None, email: Optional[str] = None, link: Optional[str] = None, **kwargs - ): - """ - :keyword name: Name of the author. Company or person. - :paramtype name: str - :keyword email: Email of author contact. - :paramtype email: str - :keyword link: Link for author/vendor page. - :paramtype link: str - """ - super().__init__(**kwargs) - self.name = name - self.email = email - self.link = link - - -class MetadataCategories(_serialization.Model): - """ies for the solution content item. - - :ivar domains: domain for the solution content item. - :vartype domains: list[str] - :ivar verticals: Industry verticals for the solution content item. - :vartype verticals: list[str] - """ - _attribute_map = { - "domains": {"key": "domains", "type": "[str]"}, - "verticals": {"key": "verticals", "type": "[str]"}, + "parameters": {"key": "parameters", "type": "object"}, + "type": {"key": "type", "type": "str"}, } - def __init__(self, *, domains: Optional[List[str]] = None, verticals: Optional[List[str]] = None, **kwargs): + def __init__(self, *, parameters: JSON, type: str, **kwargs: Any) -> None: """ - :keyword domains: domain for the solution content item. - :paramtype domains: list[str] - :keyword verticals: Industry verticals for the solution content item. - :paramtype verticals: list[str] + :keyword parameters: Gets or sets the instruction type parameters settings. Required. + :paramtype parameters: JSON + :keyword type: Gets or sets the instruction type name. Required. + :paramtype type: str """ super().__init__(**kwargs) - self.domains = domains - self.verticals = verticals + self.parameters = parameters + self.type = type -class MetadataDependencies(_serialization.Model): - """Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies. +class InstructionStepsInstructionsItem(ConnectorInstructionModelBase): + """InstructionStepsInstructionsItem. - :ivar content_id: Id of the content item we depend on. - :vartype content_id: str - :ivar kind: Type of the content item we depend on. Known values are: "DataConnector", - "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", - "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", - "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and - "AutomationRule". - :vartype kind: str or ~azure.mgmt.securityinsight.models.Kind - :ivar version: Version of the the content item we depend on. Can be blank, * or missing to - indicate any version fulfills the dependency. If version does not match our defined numeric - format then an exact match is required. - :vartype version: str - :ivar name: Name of the content item. - :vartype name: str - :ivar operator: Operator used for list of dependencies in criteria array. Known values are: - "AND" and "OR". - :vartype operator: str or ~azure.mgmt.securityinsight.models.Operator - :ivar criteria: This is the list of dependencies we must fulfill, according to the AND/OR - operator. - :vartype criteria: list[~azure.mgmt.securityinsight.models.MetadataDependencies] + All required parameters must be populated in order to send to Azure. + + :ivar parameters: The parameters for the setting. + :vartype parameters: JSON + :ivar type: The kind of the setting. Required. Known values are: "CopyableLabel", + "InstructionStepsGroup", and "InfoMessage". + :vartype type: str or ~azure.mgmt.securityinsight.models.SettingType """ + _validation = { + "type": {"required": True}, + } + _attribute_map = { - "content_id": {"key": "contentId", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "version": {"key": "version", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "operator": {"key": "operator", "type": "str"}, - "criteria": {"key": "criteria", "type": "[MetadataDependencies]"}, + "parameters": {"key": "parameters", "type": "object"}, + "type": {"key": "type", "type": "str"}, } def __init__( - self, - *, - content_id: Optional[str] = None, - kind: Optional[Union[str, "_models.Kind"]] = None, - version: Optional[str] = None, - name: Optional[str] = None, - operator: Optional[Union[str, "_models.Operator"]] = None, - criteria: Optional[List["_models.MetadataDependencies"]] = None, - **kwargs - ): + self, *, type: Union[str, "_models.SettingType"], parameters: Optional[JSON] = None, **kwargs: Any + ) -> None: """ - :keyword content_id: Id of the content item we depend on. - :paramtype content_id: str - :keyword kind: Type of the content item we depend on. Known values are: "DataConnector", - "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", - "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", - "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and - "AutomationRule". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.Kind - :keyword version: Version of the the content item we depend on. Can be blank, * or missing to - indicate any version fulfills the dependency. If version does not match our defined numeric - format then an exact match is required. - :paramtype version: str - :keyword name: Name of the content item. - :paramtype name: str - :keyword operator: Operator used for list of dependencies in criteria array. Known values are: - "AND" and "OR". - :paramtype operator: str or ~azure.mgmt.securityinsight.models.Operator - :keyword criteria: This is the list of dependencies we must fulfill, according to the AND/OR - operator. - :paramtype criteria: list[~azure.mgmt.securityinsight.models.MetadataDependencies] + :keyword parameters: The parameters for the setting. + :paramtype parameters: JSON + :keyword type: The kind of the setting. Required. Known values are: "CopyableLabel", + "InstructionStepsGroup", and "InfoMessage". + :paramtype type: str or ~azure.mgmt.securityinsight.models.SettingType """ - super().__init__(**kwargs) - self.content_id = content_id - self.kind = kind - self.version = version - self.name = name - self.operator = operator - self.criteria = criteria - + super().__init__(parameters=parameters, type=type, **kwargs) -class MetadataList(_serialization.Model): - """List of all the metadata. - Variables are only populated by the server, and will be ignored when sending a request. +class IoTCheckRequirements(DataConnectorsCheckRequirements): + """Represents IoT requirements check request. All required parameters must be populated in order to send to Azure. - :ivar value: Array of metadata. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.MetadataModel] - :ivar next_link: URL to fetch the next page of metadata. - :vartype next_link: str + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar subscription_id: The subscription id to connect to, and get the data from. + :vartype subscription_id: str """ _validation = { - "value": {"required": True}, - "next_link": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - "value": {"key": "value", "type": "[MetadataModel]"}, - "next_link": {"key": "nextLink", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, } - def __init__(self, *, value: List["_models.MetadataModel"], **kwargs): + def __init__(self, *, subscription_id: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword value: Array of metadata. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.MetadataModel] + :keyword subscription_id: The subscription id to connect to, and get the data from. + :paramtype subscription_id: str """ super().__init__(**kwargs) - self.value = value - self.next_link = None + self.kind: str = "IOT" + self.subscription_id = subscription_id -class MetadataModel(ResourceWithEtag): # pylint: disable=too-many-instance-attributes - """Metadata resource definition. +class IoTDataConnector(DataConnector): + """Represents IoT data connector. Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. + :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -13619,59 +13258,18 @@ class MetadataModel(ResourceWithEtag): # pylint: disable=too-many-instance-attr :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar content_id: Static ID for the content. Used to identify dependencies and content from - solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic - for user-created. This is the resource name. - :vartype content_id: str - :ivar parent_id: Full parent resource ID of the content item the metadata is for. This is the - full resource ID including the scope (subscription and resource group). - :vartype parent_id: str - :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, - 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we - cannot guarantee any version checks. - :vartype version: str - :ivar kind: The kind of content the metadata is for. Known values are: "DataConnector", - "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", - "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", - "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and - "AutomationRule". - :vartype kind: str or ~azure.mgmt.securityinsight.models.Kind - :ivar source: Source of the content. This is where/how it was created. - :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource - :ivar author: The creator of the content item. - :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor - :ivar support: Support information for the metadata - type, name, contact information. - :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport - :ivar dependencies: Dependencies for the content item, what other content items it requires to - work. Can describe more complex dependencies using a recursive/nested structure. For a single - dependency an id/kind/version can be supplied or operator/criteria for complex formats. - :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies - :ivar categories: Categories for the solution content item. - :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories - :ivar providers: Providers for the solution content item. - :vartype providers: list[str] - :ivar first_publish_date: first publish date solution content item. - :vartype first_publish_date: ~datetime.date - :ivar last_publish_date: last publish date for the solution content item. - :vartype last_publish_date: ~datetime.date - :ivar custom_version: The custom version of the content. A optional free text. - :vartype custom_version: str - :ivar content_schema_version: Schema version of the content. Can be used to distinguish between - different flow based on the schema version. - :vartype content_schema_version: str - :ivar icon: the icon identifier. this id can later be fetched from the solution template. - :vartype icon: str - :ivar threat_analysis_tactics: the tactics the resource covers. - :vartype threat_analysis_tactics: list[str] - :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned - with the tactics being used. - :vartype threat_analysis_techniques: list[str] - :ivar preview_images: preview image file names. These will be taken from the solution - artifacts. - :vartype preview_images: list[str] - :ivar preview_images_dark: preview image file names. These will be taken from the solution - artifacts. used for dark theme support. - :vartype preview_images_dark: list[str] + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar subscription_id: The subscription id to connect to, and get the data from. + :vartype subscription_id: str """ _validation = { @@ -13679,6 +13277,7 @@ class MetadataModel(ResourceWithEtag): # pylint: disable=too-many-instance-attr "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { @@ -13687,136 +13286,71 @@ class MetadataModel(ResourceWithEtag): # pylint: disable=too-many-instance-attr "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, - "content_id": {"key": "properties.contentId", "type": "str"}, - "parent_id": {"key": "properties.parentId", "type": "str"}, - "version": {"key": "properties.version", "type": "str"}, - "kind": {"key": "properties.kind", "type": "str"}, - "source": {"key": "properties.source", "type": "MetadataSource"}, - "author": {"key": "properties.author", "type": "MetadataAuthor"}, - "support": {"key": "properties.support", "type": "MetadataSupport"}, - "dependencies": {"key": "properties.dependencies", "type": "MetadataDependencies"}, - "categories": {"key": "properties.categories", "type": "MetadataCategories"}, - "providers": {"key": "properties.providers", "type": "[str]"}, - "first_publish_date": {"key": "properties.firstPublishDate", "type": "date"}, - "last_publish_date": {"key": "properties.lastPublishDate", "type": "date"}, - "custom_version": {"key": "properties.customVersion", "type": "str"}, - "content_schema_version": {"key": "properties.contentSchemaVersion", "type": "str"}, - "icon": {"key": "properties.icon", "type": "str"}, - "threat_analysis_tactics": {"key": "properties.threatAnalysisTactics", "type": "[str]"}, - "threat_analysis_techniques": {"key": "properties.threatAnalysisTechniques", "type": "[str]"}, - "preview_images": {"key": "properties.previewImages", "type": "[str]"}, - "preview_images_dark": {"key": "properties.previewImagesDark", "type": "[str]"}, + "kind": {"key": "kind", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, } - def __init__( # pylint: disable=too-many-locals + def __init__( self, *, etag: Optional[str] = None, - content_id: Optional[str] = None, - parent_id: Optional[str] = None, - version: Optional[str] = None, - kind: Optional[Union[str, "_models.Kind"]] = None, - source: Optional["_models.MetadataSource"] = None, - author: Optional["_models.MetadataAuthor"] = None, - support: Optional["_models.MetadataSupport"] = None, - dependencies: Optional["_models.MetadataDependencies"] = None, - categories: Optional["_models.MetadataCategories"] = None, - providers: Optional[List[str]] = None, - first_publish_date: Optional[datetime.date] = None, - last_publish_date: Optional[datetime.date] = None, - custom_version: Optional[str] = None, - content_schema_version: Optional[str] = None, - icon: Optional[str] = None, - threat_analysis_tactics: Optional[List[str]] = None, - threat_analysis_techniques: Optional[List[str]] = None, - preview_images: Optional[List[str]] = None, - preview_images_dark: Optional[List[str]] = None, - **kwargs - ): + data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, + subscription_id: Optional[str] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword content_id: Static ID for the content. Used to identify dependencies and content from - solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic - for user-created. This is the resource name. - :paramtype content_id: str - :keyword parent_id: Full parent resource ID of the content item the metadata is for. This is - the full resource ID including the scope (subscription and resource group). - :paramtype parent_id: str - :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, - 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then - we cannot guarantee any version checks. - :paramtype version: str - :keyword kind: The kind of content the metadata is for. Known values are: "DataConnector", - "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", - "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", - "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and - "AutomationRule". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.Kind - :keyword source: Source of the content. This is where/how it was created. - :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource - :keyword author: The creator of the content item. - :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor - :keyword support: Support information for the metadata - type, name, contact information. - :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport - :keyword dependencies: Dependencies for the content item, what other content items it requires - to work. Can describe more complex dependencies using a recursive/nested structure. For a - single dependency an id/kind/version can be supplied or operator/criteria for complex formats. - :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies - :keyword categories: Categories for the solution content item. - :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories - :keyword providers: Providers for the solution content item. - :paramtype providers: list[str] - :keyword first_publish_date: first publish date solution content item. - :paramtype first_publish_date: ~datetime.date - :keyword last_publish_date: last publish date for the solution content item. - :paramtype last_publish_date: ~datetime.date - :keyword custom_version: The custom version of the content. A optional free text. - :paramtype custom_version: str - :keyword content_schema_version: Schema version of the content. Can be used to distinguish - between different flow based on the schema version. - :paramtype content_schema_version: str - :keyword icon: the icon identifier. this id can later be fetched from the solution template. - :paramtype icon: str - :keyword threat_analysis_tactics: the tactics the resource covers. - :paramtype threat_analysis_tactics: list[str] - :keyword threat_analysis_techniques: the techniques the resource covers, these have to be - aligned with the tactics being used. - :paramtype threat_analysis_techniques: list[str] - :keyword preview_images: preview image file names. These will be taken from the solution - artifacts. - :paramtype preview_images: list[str] - :keyword preview_images_dark: preview image file names. These will be taken from the solution - artifacts. used for dark theme support. - :paramtype preview_images_dark: list[str] + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword subscription_id: The subscription id to connect to, and get the data from. + :paramtype subscription_id: str """ super().__init__(etag=etag, **kwargs) - self.content_id = content_id - self.parent_id = parent_id - self.version = version - self.kind = kind - self.source = source - self.author = author - self.support = support - self.dependencies = dependencies - self.categories = categories - self.providers = providers - self.first_publish_date = first_publish_date - self.last_publish_date = last_publish_date - self.custom_version = custom_version - self.content_schema_version = content_schema_version - self.icon = icon - self.threat_analysis_tactics = threat_analysis_tactics - self.threat_analysis_techniques = threat_analysis_techniques - self.preview_images = preview_images - self.preview_images_dark = preview_images_dark + self.kind: str = "IOT" + self.data_types = data_types + self.subscription_id = subscription_id -class MetadataPatch(ResourceWithEtag): # pylint: disable=too-many-instance-attributes - """Metadata patch request body. +class IoTDataConnectorProperties(DataConnectorWithAlertsProperties): + """IoT data connector properties. + + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar subscription_id: The subscription id to connect to, and get the data from. + :vartype subscription_id: str + """ + + _attribute_map = { + "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "subscription_id": {"key": "subscriptionId", "type": "str"}, + } + + def __init__( + self, + *, + data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, + subscription_id: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword subscription_id: The subscription id to connect to, and get the data from. + :paramtype subscription_id: str + """ + super().__init__(data_types=data_types, **kwargs) + self.subscription_id = subscription_id + + +class IoTDeviceEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents an IoT device entity. Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. + :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -13828,61 +13362,74 @@ class MetadataPatch(ResourceWithEtag): # pylint: disable=too-many-instance-attr :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar content_id: Static ID for the content. Used to identify dependencies and content from - solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic - for user-created. This is the resource name. - :vartype content_id: str - :ivar parent_id: Full parent resource ID of the content item the metadata is for. This is the - full resource ID including the scope (subscription and resource group). - :vartype parent_id: str - :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, - 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we - cannot guarantee any version checks. - :vartype version: str - :ivar kind: The kind of content the metadata is for. Known values are: "DataConnector", - "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", - "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", - "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and - "AutomationRule". - :vartype kind: str or ~azure.mgmt.securityinsight.models.Kind - :ivar source: Source of the content. This is where/how it was created. - :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource - :ivar author: The creator of the content item. - :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor - :ivar support: Support information for the metadata - type, name, contact information. - :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport - :ivar dependencies: Dependencies for the content item, what other content items it requires to - work. Can describe more complex dependencies using a recursive/nested structure. For a single - dependency an id/kind/version can be supplied or operator/criteria for complex formats. - :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies - :ivar categories: Categories for the solution content item. - :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories - :ivar providers: Providers for the solution content item. - :vartype providers: list[str] - :ivar first_publish_date: first publish date solution content item. - :vartype first_publish_date: ~datetime.date - :ivar last_publish_date: last publish date for the solution content item. - :vartype last_publish_date: ~datetime.date - :ivar custom_version: The custom version of the content. A optional free text. - :vartype custom_version: str - :ivar content_schema_version: Schema version of the content. Can be used to distinguish between - different flow based on the schema version. - :vartype content_schema_version: str - :ivar icon: the icon identifier. this id can later be fetched from the solution template. - :vartype icon: str - :ivar threat_analysis_tactics: the tactics the resource covers. - :vartype threat_analysis_tactics: list[str] - :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned - with the tactics being used. - :vartype threat_analysis_techniques: list[str] - :ivar preview_images: preview image file names. These will be taken from the solution - artifacts. - :vartype preview_images: list[str] - :ivar preview_images_dark: preview image file names. These will be taken from the solution - artifacts. used for dark theme support. - :vartype preview_images_dark: list[str] + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar device_id: The ID of the IoT Device in the IoT Hub. + :vartype device_id: str + :ivar device_name: The friendly name of the device. + :vartype device_name: str + :ivar source: The source of the device. + :vartype source: str + :ivar iot_security_agent_id: The ID of the security agent running on the device. + :vartype iot_security_agent_id: str + :ivar device_type: The type of the device. + :vartype device_type: str + :ivar vendor: The vendor of the device. + :vartype vendor: str + :ivar edge_id: The ID of the edge device. + :vartype edge_id: str + :ivar mac_address: The MAC address of the device. + :vartype mac_address: str + :ivar model: The model of the device. + :vartype model: str + :ivar serial_number: The serial number of the device. + :vartype serial_number: str + :ivar firmware_version: The firmware version of the device. + :vartype firmware_version: str + :ivar operating_system: The operating system of the device. + :vartype operating_system: str + :ivar iot_hub_entity_id: The AzureResource entity id of the IoT Hub. + :vartype iot_hub_entity_id: str + :ivar host_entity_id: The Host entity id of this device. + :vartype host_entity_id: str + :ivar ip_address_entity_id: The IP entity if of this device. + :vartype ip_address_entity_id: str + :ivar threat_intelligence: A list of TI contexts attached to the IoTDevice entity. + :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + :ivar protocols: A list of protocols of the IoTDevice entity. + :vartype protocols: list[str] + :ivar owners: A list of owners of the IoTDevice entity. + :vartype owners: list[str] + :ivar nic_entity_ids: A list of Nic entity ids of the IoTDevice entity. + :vartype nic_entity_ids: list[str] + :ivar site: The site of the device. + :vartype site: str + :ivar zone: The zone location of the device within a site. + :vartype zone: str + :ivar sensor: The sensor the device is monitored by. + :vartype sensor: str + :ivar device_sub_type: The subType of the device ('PLC', 'HMI', 'EWS', etc.). + :vartype device_sub_type: str + :ivar importance: Device importance, determines if the device classified as 'crown jewel'. + Known values are: "Unknown", "Low", "Normal", and "High". + :vartype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance + :ivar purdue_layer: The Purdue Layer of the device. + :vartype purdue_layer: str + :ivar is_authorized: Determines whether the device classified as authorized device. + :vartype is_authorized: bool + :ivar is_programming: Determines whether the device classified as programming device. + :vartype is_programming: bool + :ivar is_scanner: Is the device classified as a scanner device. + :vartype is_scanner: bool """ _validation = { @@ -13890,6 +13437,36 @@ class MetadataPatch(ResourceWithEtag): # pylint: disable=too-many-instance-attr "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "device_id": {"readonly": True}, + "device_name": {"readonly": True}, + "source": {"readonly": True}, + "iot_security_agent_id": {"readonly": True}, + "device_type": {"readonly": True}, + "vendor": {"readonly": True}, + "edge_id": {"readonly": True}, + "mac_address": {"readonly": True}, + "model": {"readonly": True}, + "serial_number": {"readonly": True}, + "firmware_version": {"readonly": True}, + "operating_system": {"readonly": True}, + "iot_hub_entity_id": {"readonly": True}, + "host_entity_id": {"readonly": True}, + "ip_address_entity_id": {"readonly": True}, + "threat_intelligence": {"readonly": True}, + "protocols": {"readonly": True}, + "owners": {"readonly": True}, + "nic_entity_ids": {"readonly": True}, + "site": {"readonly": True}, + "zone": {"readonly": True}, + "sensor": {"readonly": True}, + "device_sub_type": {"readonly": True}, + "purdue_layer": {"readonly": True}, + "is_authorized": {"readonly": True}, + "is_programming": {"readonly": True}, + "is_scanner": {"readonly": True}, } _attribute_map = { @@ -13897,240 +13474,376 @@ class MetadataPatch(ResourceWithEtag): # pylint: disable=too-many-instance-attr "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "content_id": {"key": "properties.contentId", "type": "str"}, - "parent_id": {"key": "properties.parentId", "type": "str"}, - "version": {"key": "properties.version", "type": "str"}, - "kind": {"key": "properties.kind", "type": "str"}, - "source": {"key": "properties.source", "type": "MetadataSource"}, - "author": {"key": "properties.author", "type": "MetadataAuthor"}, - "support": {"key": "properties.support", "type": "MetadataSupport"}, - "dependencies": {"key": "properties.dependencies", "type": "MetadataDependencies"}, - "categories": {"key": "properties.categories", "type": "MetadataCategories"}, - "providers": {"key": "properties.providers", "type": "[str]"}, - "first_publish_date": {"key": "properties.firstPublishDate", "type": "date"}, - "last_publish_date": {"key": "properties.lastPublishDate", "type": "date"}, - "custom_version": {"key": "properties.customVersion", "type": "str"}, - "content_schema_version": {"key": "properties.contentSchemaVersion", "type": "str"}, - "icon": {"key": "properties.icon", "type": "str"}, - "threat_analysis_tactics": {"key": "properties.threatAnalysisTactics", "type": "[str]"}, - "threat_analysis_techniques": {"key": "properties.threatAnalysisTechniques", "type": "[str]"}, - "preview_images": {"key": "properties.previewImages", "type": "[str]"}, - "preview_images_dark": {"key": "properties.previewImagesDark", "type": "[str]"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "device_id": {"key": "properties.deviceId", "type": "str"}, + "device_name": {"key": "properties.deviceName", "type": "str"}, + "source": {"key": "properties.source", "type": "str"}, + "iot_security_agent_id": {"key": "properties.iotSecurityAgentId", "type": "str"}, + "device_type": {"key": "properties.deviceType", "type": "str"}, + "vendor": {"key": "properties.vendor", "type": "str"}, + "edge_id": {"key": "properties.edgeId", "type": "str"}, + "mac_address": {"key": "properties.macAddress", "type": "str"}, + "model": {"key": "properties.model", "type": "str"}, + "serial_number": {"key": "properties.serialNumber", "type": "str"}, + "firmware_version": {"key": "properties.firmwareVersion", "type": "str"}, + "operating_system": {"key": "properties.operatingSystem", "type": "str"}, + "iot_hub_entity_id": {"key": "properties.iotHubEntityId", "type": "str"}, + "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, + "ip_address_entity_id": {"key": "properties.ipAddressEntityId", "type": "str"}, + "threat_intelligence": {"key": "properties.threatIntelligence", "type": "[ThreatIntelligence]"}, + "protocols": {"key": "properties.protocols", "type": "[str]"}, + "owners": {"key": "properties.owners", "type": "[str]"}, + "nic_entity_ids": {"key": "properties.nicEntityIds", "type": "[str]"}, + "site": {"key": "properties.site", "type": "str"}, + "zone": {"key": "properties.zone", "type": "str"}, + "sensor": {"key": "properties.sensor", "type": "str"}, + "device_sub_type": {"key": "properties.deviceSubType", "type": "str"}, + "importance": {"key": "properties.importance", "type": "str"}, + "purdue_layer": {"key": "properties.purdueLayer", "type": "str"}, + "is_authorized": {"key": "properties.isAuthorized", "type": "bool"}, + "is_programming": {"key": "properties.isProgramming", "type": "bool"}, + "is_scanner": {"key": "properties.isScanner", "type": "bool"}, } def __init__( # pylint: disable=too-many-locals - self, - *, - etag: Optional[str] = None, - content_id: Optional[str] = None, - parent_id: Optional[str] = None, - version: Optional[str] = None, - kind: Optional[Union[str, "_models.Kind"]] = None, - source: Optional["_models.MetadataSource"] = None, - author: Optional["_models.MetadataAuthor"] = None, - support: Optional["_models.MetadataSupport"] = None, - dependencies: Optional["_models.MetadataDependencies"] = None, - categories: Optional["_models.MetadataCategories"] = None, - providers: Optional[List[str]] = None, - first_publish_date: Optional[datetime.date] = None, - last_publish_date: Optional[datetime.date] = None, - custom_version: Optional[str] = None, - content_schema_version: Optional[str] = None, - icon: Optional[str] = None, - threat_analysis_tactics: Optional[List[str]] = None, - threat_analysis_techniques: Optional[List[str]] = None, - preview_images: Optional[List[str]] = None, - preview_images_dark: Optional[List[str]] = None, - **kwargs - ): + self, *, importance: Optional[Union[str, "_models.DeviceImportance"]] = None, **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword content_id: Static ID for the content. Used to identify dependencies and content from - solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic - for user-created. This is the resource name. - :paramtype content_id: str - :keyword parent_id: Full parent resource ID of the content item the metadata is for. This is - the full resource ID including the scope (subscription and resource group). - :paramtype parent_id: str - :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, - 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then - we cannot guarantee any version checks. - :paramtype version: str - :keyword kind: The kind of content the metadata is for. Known values are: "DataConnector", - "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", - "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", - "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and - "AutomationRule". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.Kind - :keyword source: Source of the content. This is where/how it was created. - :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource - :keyword author: The creator of the content item. - :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor - :keyword support: Support information for the metadata - type, name, contact information. - :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport - :keyword dependencies: Dependencies for the content item, what other content items it requires - to work. Can describe more complex dependencies using a recursive/nested structure. For a - single dependency an id/kind/version can be supplied or operator/criteria for complex formats. - :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies - :keyword categories: Categories for the solution content item. - :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories - :keyword providers: Providers for the solution content item. - :paramtype providers: list[str] - :keyword first_publish_date: first publish date solution content item. - :paramtype first_publish_date: ~datetime.date - :keyword last_publish_date: last publish date for the solution content item. - :paramtype last_publish_date: ~datetime.date - :keyword custom_version: The custom version of the content. A optional free text. - :paramtype custom_version: str - :keyword content_schema_version: Schema version of the content. Can be used to distinguish - between different flow based on the schema version. - :paramtype content_schema_version: str - :keyword icon: the icon identifier. this id can later be fetched from the solution template. - :paramtype icon: str - :keyword threat_analysis_tactics: the tactics the resource covers. - :paramtype threat_analysis_tactics: list[str] - :keyword threat_analysis_techniques: the techniques the resource covers, these have to be - aligned with the tactics being used. - :paramtype threat_analysis_techniques: list[str] - :keyword preview_images: preview image file names. These will be taken from the solution - artifacts. - :paramtype preview_images: list[str] - :keyword preview_images_dark: preview image file names. These will be taken from the solution - artifacts. used for dark theme support. - :paramtype preview_images_dark: list[str] + :keyword importance: Device importance, determines if the device classified as 'crown jewel'. + Known values are: "Unknown", "Low", "Normal", and "High". + :paramtype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance """ - super().__init__(etag=etag, **kwargs) - self.content_id = content_id - self.parent_id = parent_id - self.version = version - self.kind = kind - self.source = source - self.author = author - self.support = support - self.dependencies = dependencies - self.categories = categories - self.providers = providers - self.first_publish_date = first_publish_date - self.last_publish_date = last_publish_date - self.custom_version = custom_version - self.content_schema_version = content_schema_version - self.icon = icon - self.threat_analysis_tactics = threat_analysis_tactics - self.threat_analysis_techniques = threat_analysis_techniques - self.preview_images = preview_images - self.preview_images_dark = preview_images_dark - - -class MetadataSource(_serialization.Model): - """The original source of the content item, where it comes from. + super().__init__(**kwargs) + self.kind: str = "IoTDevice" + self.additional_data = None + self.friendly_name = None + self.device_id = None + self.device_name = None + self.source = None + self.iot_security_agent_id = None + self.device_type = None + self.vendor = None + self.edge_id = None + self.mac_address = None + self.model = None + self.serial_number = None + self.firmware_version = None + self.operating_system = None + self.iot_hub_entity_id = None + self.host_entity_id = None + self.ip_address_entity_id = None + self.threat_intelligence = None + self.protocols = None + self.owners = None + self.nic_entity_ids = None + self.site = None + self.zone = None + self.sensor = None + self.device_sub_type = None + self.importance = importance + self.purdue_layer = None + self.is_authorized = None + self.is_programming = None + self.is_scanner = None - All required parameters must be populated in order to send to Azure. - :ivar kind: Source type of the content. Required. Known values are: "LocalWorkspace", - "Community", "Solution", and "SourceRepository". - :vartype kind: str or ~azure.mgmt.securityinsight.models.SourceKind - :ivar name: Name of the content source. The repo name, solution name, LA workspace name etc. - :vartype name: str - :ivar source_id: ID of the content source. The solution ID, workspace ID, etc. - :vartype source_id: str +class IoTDeviceEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """IoTDevice entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar device_id: The ID of the IoT Device in the IoT Hub. + :vartype device_id: str + :ivar device_name: The friendly name of the device. + :vartype device_name: str + :ivar source: The source of the device. + :vartype source: str + :ivar iot_security_agent_id: The ID of the security agent running on the device. + :vartype iot_security_agent_id: str + :ivar device_type: The type of the device. + :vartype device_type: str + :ivar vendor: The vendor of the device. + :vartype vendor: str + :ivar edge_id: The ID of the edge device. + :vartype edge_id: str + :ivar mac_address: The MAC address of the device. + :vartype mac_address: str + :ivar model: The model of the device. + :vartype model: str + :ivar serial_number: The serial number of the device. + :vartype serial_number: str + :ivar firmware_version: The firmware version of the device. + :vartype firmware_version: str + :ivar operating_system: The operating system of the device. + :vartype operating_system: str + :ivar iot_hub_entity_id: The AzureResource entity id of the IoT Hub. + :vartype iot_hub_entity_id: str + :ivar host_entity_id: The Host entity id of this device. + :vartype host_entity_id: str + :ivar ip_address_entity_id: The IP entity if of this device. + :vartype ip_address_entity_id: str + :ivar threat_intelligence: A list of TI contexts attached to the IoTDevice entity. + :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + :ivar protocols: A list of protocols of the IoTDevice entity. + :vartype protocols: list[str] + :ivar owners: A list of owners of the IoTDevice entity. + :vartype owners: list[str] + :ivar nic_entity_ids: A list of Nic entity ids of the IoTDevice entity. + :vartype nic_entity_ids: list[str] + :ivar site: The site of the device. + :vartype site: str + :ivar zone: The zone location of the device within a site. + :vartype zone: str + :ivar sensor: The sensor the device is monitored by. + :vartype sensor: str + :ivar device_sub_type: The subType of the device ('PLC', 'HMI', 'EWS', etc.). + :vartype device_sub_type: str + :ivar importance: Device importance, determines if the device classified as 'crown jewel'. + Known values are: "Unknown", "Low", "Normal", and "High". + :vartype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance + :ivar purdue_layer: The Purdue Layer of the device. + :vartype purdue_layer: str + :ivar is_authorized: Determines whether the device classified as authorized device. + :vartype is_authorized: bool + :ivar is_programming: Determines whether the device classified as programming device. + :vartype is_programming: bool + :ivar is_scanner: Is the device classified as a scanner device. + :vartype is_scanner: bool """ _validation = { - "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "device_id": {"readonly": True}, + "device_name": {"readonly": True}, + "source": {"readonly": True}, + "iot_security_agent_id": {"readonly": True}, + "device_type": {"readonly": True}, + "vendor": {"readonly": True}, + "edge_id": {"readonly": True}, + "mac_address": {"readonly": True}, + "model": {"readonly": True}, + "serial_number": {"readonly": True}, + "firmware_version": {"readonly": True}, + "operating_system": {"readonly": True}, + "iot_hub_entity_id": {"readonly": True}, + "host_entity_id": {"readonly": True}, + "ip_address_entity_id": {"readonly": True}, + "threat_intelligence": {"readonly": True}, + "protocols": {"readonly": True}, + "owners": {"readonly": True}, + "nic_entity_ids": {"readonly": True}, + "site": {"readonly": True}, + "zone": {"readonly": True}, + "sensor": {"readonly": True}, + "device_sub_type": {"readonly": True}, + "purdue_layer": {"readonly": True}, + "is_authorized": {"readonly": True}, + "is_programming": {"readonly": True}, + "is_scanner": {"readonly": True}, } _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "source_id": {"key": "sourceId", "type": "str"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "device_id": {"key": "deviceId", "type": "str"}, + "device_name": {"key": "deviceName", "type": "str"}, + "source": {"key": "source", "type": "str"}, + "iot_security_agent_id": {"key": "iotSecurityAgentId", "type": "str"}, + "device_type": {"key": "deviceType", "type": "str"}, + "vendor": {"key": "vendor", "type": "str"}, + "edge_id": {"key": "edgeId", "type": "str"}, + "mac_address": {"key": "macAddress", "type": "str"}, + "model": {"key": "model", "type": "str"}, + "serial_number": {"key": "serialNumber", "type": "str"}, + "firmware_version": {"key": "firmwareVersion", "type": "str"}, + "operating_system": {"key": "operatingSystem", "type": "str"}, + "iot_hub_entity_id": {"key": "iotHubEntityId", "type": "str"}, + "host_entity_id": {"key": "hostEntityId", "type": "str"}, + "ip_address_entity_id": {"key": "ipAddressEntityId", "type": "str"}, + "threat_intelligence": {"key": "threatIntelligence", "type": "[ThreatIntelligence]"}, + "protocols": {"key": "protocols", "type": "[str]"}, + "owners": {"key": "owners", "type": "[str]"}, + "nic_entity_ids": {"key": "nicEntityIds", "type": "[str]"}, + "site": {"key": "site", "type": "str"}, + "zone": {"key": "zone", "type": "str"}, + "sensor": {"key": "sensor", "type": "str"}, + "device_sub_type": {"key": "deviceSubType", "type": "str"}, + "importance": {"key": "importance", "type": "str"}, + "purdue_layer": {"key": "purdueLayer", "type": "str"}, + "is_authorized": {"key": "isAuthorized", "type": "bool"}, + "is_programming": {"key": "isProgramming", "type": "bool"}, + "is_scanner": {"key": "isScanner", "type": "bool"}, } - def __init__( - self, - *, - kind: Union[str, "_models.SourceKind"], - name: Optional[str] = None, - source_id: Optional[str] = None, - **kwargs - ): + def __init__( # pylint: disable=too-many-locals + self, *, importance: Optional[Union[str, "_models.DeviceImportance"]] = None, **kwargs: Any + ) -> None: """ - :keyword kind: Source type of the content. Required. Known values are: "LocalWorkspace", - "Community", "Solution", and "SourceRepository". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.SourceKind - :keyword name: Name of the content source. The repo name, solution name, LA workspace name - etc. - :paramtype name: str - :keyword source_id: ID of the content source. The solution ID, workspace ID, etc. - :paramtype source_id: str + :keyword importance: Device importance, determines if the device classified as 'crown jewel'. + Known values are: "Unknown", "Low", "Normal", and "High". + :paramtype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance """ super().__init__(**kwargs) - self.kind = kind - self.name = name - self.source_id = source_id + self.device_id = None + self.device_name = None + self.source = None + self.iot_security_agent_id = None + self.device_type = None + self.vendor = None + self.edge_id = None + self.mac_address = None + self.model = None + self.serial_number = None + self.firmware_version = None + self.operating_system = None + self.iot_hub_entity_id = None + self.host_entity_id = None + self.ip_address_entity_id = None + self.threat_intelligence = None + self.protocols = None + self.owners = None + self.nic_entity_ids = None + self.site = None + self.zone = None + self.sensor = None + self.device_sub_type = None + self.importance = importance + self.purdue_layer = None + self.is_authorized = None + self.is_programming = None + self.is_scanner = None -class MetadataSupport(_serialization.Model): - """Support information for the content item. +class IpEntity(Entity): + """Represents an ip entity. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar tier: Type of support for content item. Required. Known values are: "Microsoft", - "Partner", and "Community". - :vartype tier: str or ~azure.mgmt.securityinsight.models.SupportTier - :ivar name: Name of the support contact. Company or person. + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. :vartype name: str - :ivar email: Email of support contact. - :vartype email: str - :ivar link: Link for support help, like to support page to open a ticket etc. - :vartype link: str - """ - - _validation = { - "tier": {"required": True}, - } - - _attribute_map = { - "tier": {"key": "tier", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "email": {"key": "email", "type": "str"}, - "link": {"key": "link", "type": "str"}, - } - - def __init__( - self, - *, - tier: Union[str, "_models.SupportTier"], - name: Optional[str] = None, - email: Optional[str] = None, - link: Optional[str] = None, - **kwargs - ): - """ - :keyword tier: Type of support for content item. Required. Known values are: "Microsoft", - "Partner", and "Community". - :paramtype tier: str or ~azure.mgmt.securityinsight.models.SupportTier - :keyword name: Name of the support contact. Company or person. - :paramtype name: str - :keyword email: Email of support contact. - :paramtype email: str - :keyword link: Link for support help, like to support page to open a ticket etc. - :paramtype link: str - """ + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar address: The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6). + :vartype address: str + :ivar location: The geo-location context attached to the ip entity. + :vartype location: ~azure.mgmt.securityinsight.models.GeoLocation + :ivar threat_intelligence: A list of TI contexts attached to the ip entity. + :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "address": {"readonly": True}, + "location": {"readonly": True}, + "threat_intelligence": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "address": {"key": "properties.address", "type": "str"}, + "location": {"key": "properties.location", "type": "GeoLocation"}, + "threat_intelligence": {"key": "properties.threatIntelligence", "type": "[ThreatIntelligence]"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.tier = tier - self.name = name - self.email = email - self.link = link + self.kind: str = "Ip" + self.additional_data = None + self.friendly_name = None + self.address = None + self.location = None + self.threat_intelligence = None -class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes - """Represents MicrosoftSecurityIncidentCreation rule. +class IpEntityProperties(EntityCommonProperties): + """Ip entity property bag. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar address: The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6). + :vartype address: str + :ivar location: The geo-location context attached to the ip entity. + :vartype location: ~azure.mgmt.securityinsight.models.GeoLocation + :ivar threat_intelligence: A list of TI contexts attached to the ip entity. + :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "address": {"readonly": True}, + "location": {"readonly": True}, + "threat_intelligence": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "address": {"key": "address", "type": "str"}, + "location": {"key": "location", "type": "GeoLocation"}, + "threat_intelligence": {"key": "threatIntelligence", "type": "[ThreatIntelligence]"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.address = None + self.location = None + self.threat_intelligence = None + + +class Job(ResourceWithEtag): + """The assignment job. + + Variables are only populated by the server, and will be ignored when sending a request. :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. @@ -14145,32 +13858,17 @@ class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): # pylint: disable= :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. - :vartype display_names_filter: list[str] - :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :vartype display_names_exclude_filter: list[str] - :ivar product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", - "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". - :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :ivar severities_filter: the alerts' severities on which the cases will be generated. - :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. - :vartype alert_rule_template_name: str - :ivar description: The description of the alert rule. - :vartype description: str - :ivar display_name: The display name for alerts created by this alert rule. - :vartype display_name: str - :ivar enabled: Determines whether this alert rule is enabled or disabled. - :vartype enabled: bool - :ivar last_modified_utc: The last time that this alert has been modified. - :vartype last_modified_utc: ~datetime.datetime + :ivar end_time: The time the job completed. + :vartype end_time: ~datetime.datetime + :ivar items: List of items published by the job. + :vartype items: list[~azure.mgmt.securityinsight.models.JobItem] + :ivar provisioning_state: State of the job. Known values are: "Accepted", "InProgress", + "Succeeded", "Failed", and "Canceled". + :vartype provisioning_state: str or ~azure.mgmt.securityinsight.models.ProvisioningState + :ivar start_time: The time the job started. + :vartype start_time: ~datetime.datetime + :ivar error_message: Message to describe error, if an error exists. + :vartype error_message: str """ _validation = { @@ -14178,8 +13876,10 @@ class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): # pylint: disable= "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, - "kind": {"required": True}, - "last_modified_utc": {"readonly": True}, + "end_time": {"readonly": True}, + "provisioning_state": {"readonly": True}, + "start_time": {"readonly": True}, + "error_message": {"readonly": True}, } _attribute_map = { @@ -14188,241 +13888,109 @@ class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): # pylint: disable= "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "display_names_filter": {"key": "properties.displayNamesFilter", "type": "[str]"}, - "display_names_exclude_filter": {"key": "properties.displayNamesExcludeFilter", "type": "[str]"}, - "product_filter": {"key": "properties.productFilter", "type": "str"}, - "severities_filter": {"key": "properties.severitiesFilter", "type": "[str]"}, - "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "enabled": {"key": "properties.enabled", "type": "bool"}, - "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, + "end_time": {"key": "properties.endTime", "type": "iso-8601"}, + "items": {"key": "properties.items", "type": "[JobItem]"}, + "provisioning_state": {"key": "properties.provisioningState", "type": "str"}, + "start_time": {"key": "properties.startTime", "type": "iso-8601"}, + "error_message": {"key": "properties.errorMessage", "type": "str"}, } def __init__( - self, - *, - etag: Optional[str] = None, - display_names_filter: Optional[List[str]] = None, - display_names_exclude_filter: Optional[List[str]] = None, - product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, - severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - alert_rule_template_name: Optional[str] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - enabled: Optional[bool] = None, - **kwargs - ): + self, *, etag: Optional[str] = None, items: Optional[List["_models.JobItem"]] = None, **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. - :paramtype display_names_filter: list[str] - :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :paramtype display_names_exclude_filter: list[str] - :keyword product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", - "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". - :paramtype product_filter: str or - ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :keyword severities_filter: the alerts' severities on which the cases will be generated. - :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - :keyword alert_rule_template_name: The Name of the alert rule template used to create this - rule. - :paramtype alert_rule_template_name: str - :keyword description: The description of the alert rule. - :paramtype description: str - :keyword display_name: The display name for alerts created by this alert rule. - :paramtype display_name: str - :keyword enabled: Determines whether this alert rule is enabled or disabled. - :paramtype enabled: bool + :keyword items: List of items published by the job. + :paramtype items: list[~azure.mgmt.securityinsight.models.JobItem] """ super().__init__(etag=etag, **kwargs) - self.kind: str = "MicrosoftSecurityIncidentCreation" - self.display_names_filter = display_names_filter - self.display_names_exclude_filter = display_names_exclude_filter - self.product_filter = product_filter - self.severities_filter = severities_filter - self.alert_rule_template_name = alert_rule_template_name - self.description = description - self.display_name = display_name - self.enabled = enabled - self.last_modified_utc = None + self.end_time = None + self.items = items + self.provisioning_state = None + self.start_time = None + self.error_message = None -class MicrosoftSecurityIncidentCreationAlertRuleCommonProperties(_serialization.Model): - """MicrosoftSecurityIncidentCreation rule common property bag. +class JobItem(_serialization.Model): + """An entity describing the publish status of a content item. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. - :vartype display_names_filter: list[str] - :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :vartype display_names_exclude_filter: list[str] - :ivar product_filter: The alerts' productName on which the cases will be generated. Required. - Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced - Threat Protection", "Azure Active Directory Identity Protection", "Azure Security Center for - IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat - Protection". - :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :ivar severities_filter: the alerts' severities on which the cases will be generated. - :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :ivar resource_id: The resource id of the content item. + :vartype resource_id: str + :ivar status: Status of the item publication. Known values are: "New", "Active", "Closed", + "Backlog", "Approved", "Succeeded", "Failed", and "InProgress". + :vartype status: str or ~azure.mgmt.securityinsight.models.Status + :ivar execution_time: The time the item publishing was completed. + :vartype execution_time: ~datetime.datetime + :ivar errors: The list of error descriptions if the item publication fails. + :vartype errors: list[~azure.mgmt.securityinsight.models.Error] """ _validation = { - "product_filter": {"required": True}, + "status": {"readonly": True}, + "execution_time": {"readonly": True}, } _attribute_map = { - "display_names_filter": {"key": "displayNamesFilter", "type": "[str]"}, - "display_names_exclude_filter": {"key": "displayNamesExcludeFilter", "type": "[str]"}, - "product_filter": {"key": "productFilter", "type": "str"}, - "severities_filter": {"key": "severitiesFilter", "type": "[str]"}, + "resource_id": {"key": "resourceId", "type": "str"}, + "status": {"key": "status", "type": "str"}, + "execution_time": {"key": "executionTime", "type": "iso-8601"}, + "errors": {"key": "errors", "type": "[Error]"}, } def __init__( - self, - *, - product_filter: Union[str, "_models.MicrosoftSecurityProductName"], - display_names_filter: Optional[List[str]] = None, - display_names_exclude_filter: Optional[List[str]] = None, - severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - **kwargs - ): + self, *, resource_id: Optional[str] = None, errors: Optional[List["_models.Error"]] = None, **kwargs: Any + ) -> None: """ - :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. - :paramtype display_names_filter: list[str] - :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :paramtype display_names_exclude_filter: list[str] - :keyword product_filter: The alerts' productName on which the cases will be generated. - Required. Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure - Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security - Center for IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced - Threat Protection". - :paramtype product_filter: str or - ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :keyword severities_filter: the alerts' severities on which the cases will be generated. - :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :keyword resource_id: The resource id of the content item. + :paramtype resource_id: str + :keyword errors: The list of error descriptions if the item publication fails. + :paramtype errors: list[~azure.mgmt.securityinsight.models.Error] """ super().__init__(**kwargs) - self.display_names_filter = display_names_filter - self.display_names_exclude_filter = display_names_exclude_filter - self.product_filter = product_filter - self.severities_filter = severities_filter - + self.resource_id = resource_id + self.status = None + self.execution_time = None + self.errors = errors -class MicrosoftSecurityIncidentCreationAlertRuleProperties(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties): - """MicrosoftSecurityIncidentCreation rule property bag. + +class JobList(_serialization.Model): + """List of all the jobs. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. - :vartype display_names_filter: list[str] - :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :vartype display_names_exclude_filter: list[str] - :ivar product_filter: The alerts' productName on which the cases will be generated. Required. - Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced - Threat Protection", "Azure Active Directory Identity Protection", "Azure Security Center for - IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat - Protection". - :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :ivar severities_filter: the alerts' severities on which the cases will be generated. - :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. - :vartype alert_rule_template_name: str - :ivar description: The description of the alert rule. - :vartype description: str - :ivar display_name: The display name for alerts created by this alert rule. Required. - :vartype display_name: str - :ivar enabled: Determines whether this alert rule is enabled or disabled. Required. - :vartype enabled: bool - :ivar last_modified_utc: The last time that this alert has been modified. - :vartype last_modified_utc: ~datetime.datetime + :ivar next_link: URL to fetch the next set of jobs. + :vartype next_link: str + :ivar value: Array of jobs. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Job] """ _validation = { - "product_filter": {"required": True}, - "display_name": {"required": True}, - "enabled": {"required": True}, - "last_modified_utc": {"readonly": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "display_names_filter": {"key": "displayNamesFilter", "type": "[str]"}, - "display_names_exclude_filter": {"key": "displayNamesExcludeFilter", "type": "[str]"}, - "product_filter": {"key": "productFilter", "type": "str"}, - "severities_filter": {"key": "severitiesFilter", "type": "[str]"}, - "alert_rule_template_name": {"key": "alertRuleTemplateName", "type": "str"}, - "description": {"key": "description", "type": "str"}, - "display_name": {"key": "displayName", "type": "str"}, - "enabled": {"key": "enabled", "type": "bool"}, - "last_modified_utc": {"key": "lastModifiedUtc", "type": "iso-8601"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Job]"}, } - def __init__( - self, - *, - product_filter: Union[str, "_models.MicrosoftSecurityProductName"], - display_name: str, - enabled: bool, - display_names_filter: Optional[List[str]] = None, - display_names_exclude_filter: Optional[List[str]] = None, - severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - alert_rule_template_name: Optional[str] = None, - description: Optional[str] = None, - **kwargs - ): + def __init__(self, *, value: List["_models.Job"], **kwargs: Any) -> None: """ - :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. - :paramtype display_names_filter: list[str] - :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :paramtype display_names_exclude_filter: list[str] - :keyword product_filter: The alerts' productName on which the cases will be generated. - Required. Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure - Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security - Center for IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced - Threat Protection". - :paramtype product_filter: str or - ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :keyword severities_filter: the alerts' severities on which the cases will be generated. - :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - :keyword alert_rule_template_name: The Name of the alert rule template used to create this - rule. - :paramtype alert_rule_template_name: str - :keyword description: The description of the alert rule. - :paramtype description: str - :keyword display_name: The display name for alerts created by this alert rule. Required. - :paramtype display_name: str - :keyword enabled: Determines whether this alert rule is enabled or disabled. Required. - :paramtype enabled: bool + :keyword value: Array of jobs. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Job] """ - super().__init__( - display_names_filter=display_names_filter, - display_names_exclude_filter=display_names_exclude_filter, - product_filter=product_filter, - severities_filter=severities_filter, - **kwargs - ) - self.alert_rule_template_name = alert_rule_template_name - self.description = description - self.display_name = display_name - self.enabled = enabled - self.last_modified_utc = None + super().__init__(**kwargs) + self.next_link = None + self.value = value -class MicrosoftSecurityIncidentCreationAlertRuleTemplate( - AlertRuleTemplate -): # pylint: disable=too-many-instance-attributes - """Represents MicrosoftSecurityIncidentCreation rule template. +class MailboxEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a mailbox entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -14439,39 +14007,26 @@ class MicrosoftSecurityIncidentCreationAlertRuleTemplate( :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar mailbox_primary_address: The mailbox's primary address. + :vartype mailbox_primary_address: str + :ivar display_name: The mailbox's display name. :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. - :vartype display_names_filter: list[str] - :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :vartype display_names_exclude_filter: list[str] - :ivar product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", - "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". - :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :ivar severities_filter: the alerts' severities on which the cases will be generated. - :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :ivar upn: The mailbox's UPN. + :vartype upn: str + :ivar external_directory_object_id: The AzureAD identifier of mailbox. Similar to AadUserId in + account entity but this property is specific to mailbox object on office side. + :vartype external_directory_object_id: str """ _validation = { @@ -14480,8 +14035,12 @@ class MicrosoftSecurityIncidentCreationAlertRuleTemplate( "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "mailbox_primary_address": {"readonly": True}, + "display_name": {"readonly": True}, + "upn": {"readonly": True}, + "external_directory_object_id": {"readonly": True}, } _attribute_map = { @@ -14490,194 +14049,77 @@ class MicrosoftSecurityIncidentCreationAlertRuleTemplate( "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "kind": {"key": "kind", "type": "str"}, - "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, - "description": {"key": "properties.description", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "mailbox_primary_address": {"key": "properties.mailboxPrimaryAddress", "type": "str"}, "display_name": {"key": "properties.displayName", "type": "str"}, - "required_data_connectors": { - "key": "properties.requiredDataConnectors", - "type": "[AlertRuleTemplateDataSource]", - }, - "status": {"key": "properties.status", "type": "str"}, - "display_names_filter": {"key": "properties.displayNamesFilter", "type": "[str]"}, - "display_names_exclude_filter": {"key": "properties.displayNamesExcludeFilter", "type": "[str]"}, - "product_filter": {"key": "properties.productFilter", "type": "str"}, - "severities_filter": {"key": "properties.severitiesFilter", "type": "[str]"}, + "upn": {"key": "properties.upn", "type": "str"}, + "external_directory_object_id": {"key": "properties.externalDirectoryObjectId", "type": "str"}, } - def __init__( - self, - *, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - display_names_filter: Optional[List[str]] = None, - display_names_exclude_filter: Optional[List[str]] = None, - product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, - severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - **kwargs - ): - """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. - :paramtype display_names_filter: list[str] - :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :paramtype display_names_exclude_filter: list[str] - :keyword product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", - "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". - :paramtype product_filter: str or - ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :keyword severities_filter: the alerts' severities on which the cases will be generated. - :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.kind: str = "MicrosoftSecurityIncidentCreation" - self.alert_rules_created_by_template_count = alert_rules_created_by_template_count - self.last_updated_date_utc = None - self.created_date_utc = None - self.description = description - self.display_name = display_name - self.required_data_connectors = required_data_connectors - self.status = status - self.display_names_filter = display_names_filter - self.display_names_exclude_filter = display_names_exclude_filter - self.product_filter = product_filter - self.severities_filter = severities_filter + self.kind: str = "Mailbox" + self.additional_data = None + self.friendly_name = None + self.mailbox_primary_address = None + self.display_name = None + self.upn = None + self.external_directory_object_id = None -class MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties( - AlertRuleTemplatePropertiesBase -): # pylint: disable=too-many-instance-attributes - """MicrosoftSecurityIncidentCreation rule template properties. +class MailboxEntityProperties(EntityCommonProperties): + """Mailbox entity property bag. Variables are only populated by the server, and will be ignored when sending a request. - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. - :vartype display_names_filter: list[str] - :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :vartype display_names_exclude_filter: list[str] - :ivar product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", - "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". - :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :ivar severities_filter: the alerts' severities on which the cases will be generated. - :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar mailbox_primary_address: The mailbox's primary address. + :vartype mailbox_primary_address: str + :ivar display_name: The mailbox's display name. + :vartype display_name: str + :ivar upn: The mailbox's UPN. + :vartype upn: str + :ivar external_directory_object_id: The AzureAD identifier of mailbox. Similar to AadUserId in + account entity but this property is specific to mailbox object on office side. + :vartype external_directory_object_id: str """ _validation = { - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "mailbox_primary_address": {"readonly": True}, + "display_name": {"readonly": True}, + "upn": {"readonly": True}, + "external_directory_object_id": {"readonly": True}, } _attribute_map = { - "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, - "description": {"key": "description", "type": "str"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "mailbox_primary_address": {"key": "mailboxPrimaryAddress", "type": "str"}, "display_name": {"key": "displayName", "type": "str"}, - "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, - "status": {"key": "status", "type": "str"}, - "display_names_filter": {"key": "displayNamesFilter", "type": "[str]"}, - "display_names_exclude_filter": {"key": "displayNamesExcludeFilter", "type": "[str]"}, - "product_filter": {"key": "productFilter", "type": "str"}, - "severities_filter": {"key": "severitiesFilter", "type": "[str]"}, + "upn": {"key": "upn", "type": "str"}, + "external_directory_object_id": {"key": "externalDirectoryObjectId", "type": "str"}, } - def __init__( - self, - *, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - display_names_filter: Optional[List[str]] = None, - display_names_exclude_filter: Optional[List[str]] = None, - product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, - severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - **kwargs - ): - """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. - :paramtype display_names_filter: list[str] - :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :paramtype display_names_exclude_filter: list[str] - :keyword product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", - "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". - :paramtype product_filter: str or - ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :keyword severities_filter: the alerts' severities on which the cases will be generated. - :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - """ - super().__init__( - alert_rules_created_by_template_count=alert_rules_created_by_template_count, - description=description, - display_name=display_name, - required_data_connectors=required_data_connectors, - status=status, - **kwargs - ) - self.display_names_filter = display_names_filter - self.display_names_exclude_filter = display_names_exclude_filter - self.product_filter = product_filter - self.severities_filter = severities_filter + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.mailbox_primary_address = None + self.display_name = None + self.upn = None + self.external_directory_object_id = None -class MLBehaviorAnalyticsAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes - """Represents MLBehaviorAnalytics alert rule. +class MailClusterEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a mail cluster entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -14694,29 +14136,48 @@ class MLBehaviorAnalyticsAlertRule(AlertRule): # pylint: disable=too-many-insta :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. - :vartype alert_rule_template_name: str - :ivar description: The description of the alert rule. - :vartype description: str - :ivar display_name: The display name for alerts created by this alert rule. - :vartype display_name: str - :ivar enabled: Determines whether this alert rule is enabled or disabled. - :vartype enabled: bool - :ivar last_modified_utc: The last time that this alert rule has been modified. - :vartype last_modified_utc: ~datetime.datetime - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar network_message_ids: The mail message IDs that are part of the mail cluster. + :vartype network_message_ids: list[str] + :ivar count_by_delivery_status: Count of mail messages by DeliveryStatus string representation. + :vartype count_by_delivery_status: JSON + :ivar count_by_threat_type: Count of mail messages by ThreatType string representation. + :vartype count_by_threat_type: JSON + :ivar count_by_protection_status: Count of mail messages by ProtectionStatus string + representation. + :vartype count_by_protection_status: JSON + :ivar threats: The threats of mail messages that are part of the mail cluster. + :vartype threats: list[str] + :ivar query: The query that was used to identify the messages of the mail cluster. + :vartype query: str + :ivar query_time: The query time. + :vartype query_time: ~datetime.datetime + :ivar mail_count: The number of mail messages that are part of the mail cluster. + :vartype mail_count: int + :ivar is_volume_anomaly: Is this a volume anomaly mail cluster. + :vartype is_volume_anomaly: bool + :ivar source: The source of the mail cluster (default is 'O365 ATP'). + :vartype source: str + :ivar cluster_source_identifier: The id of the cluster source. + :vartype cluster_source_identifier: str + :ivar cluster_source_type: The type of the cluster source. + :vartype cluster_source_type: str + :ivar cluster_query_start_time: The cluster query start time. + :vartype cluster_query_start_time: ~datetime.datetime + :ivar cluster_query_end_time: The cluster query end time. + :vartype cluster_query_end_time: ~datetime.datetime + :ivar cluster_group: The cluster group. + :vartype cluster_group: str """ _validation = { @@ -14725,12 +14186,23 @@ class MLBehaviorAnalyticsAlertRule(AlertRule): # pylint: disable=too-many-insta "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "description": {"readonly": True}, - "display_name": {"readonly": True}, - "last_modified_utc": {"readonly": True}, - "severity": {"readonly": True}, - "tactics": {"readonly": True}, - "techniques": {"readonly": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "network_message_ids": {"readonly": True}, + "count_by_delivery_status": {"readonly": True}, + "count_by_threat_type": {"readonly": True}, + "count_by_protection_status": {"readonly": True}, + "threats": {"readonly": True}, + "query": {"readonly": True}, + "query_time": {"readonly": True}, + "mail_count": {"readonly": True}, + "is_volume_anomaly": {"readonly": True}, + "source": {"readonly": True}, + "cluster_source_identifier": {"readonly": True}, + "cluster_source_type": {"readonly": True}, + "cluster_query_start_time": {"readonly": True}, + "cluster_query_end_time": {"readonly": True}, + "cluster_group": {"readonly": True}, } _attribute_map = { @@ -14738,49 +14210,155 @@ class MLBehaviorAnalyticsAlertRule(AlertRule): # pylint: disable=too-many-insta "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "enabled": {"key": "properties.enabled", "type": "bool"}, - "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, - "severity": {"key": "properties.severity", "type": "str"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "network_message_ids": {"key": "properties.networkMessageIds", "type": "[str]"}, + "count_by_delivery_status": {"key": "properties.countByDeliveryStatus", "type": "object"}, + "count_by_threat_type": {"key": "properties.countByThreatType", "type": "object"}, + "count_by_protection_status": {"key": "properties.countByProtectionStatus", "type": "object"}, + "threats": {"key": "properties.threats", "type": "[str]"}, + "query": {"key": "properties.query", "type": "str"}, + "query_time": {"key": "properties.queryTime", "type": "iso-8601"}, + "mail_count": {"key": "properties.mailCount", "type": "int"}, + "is_volume_anomaly": {"key": "properties.isVolumeAnomaly", "type": "bool"}, + "source": {"key": "properties.source", "type": "str"}, + "cluster_source_identifier": {"key": "properties.clusterSourceIdentifier", "type": "str"}, + "cluster_source_type": {"key": "properties.clusterSourceType", "type": "str"}, + "cluster_query_start_time": {"key": "properties.clusterQueryStartTime", "type": "iso-8601"}, + "cluster_query_end_time": {"key": "properties.clusterQueryEndTime", "type": "iso-8601"}, + "cluster_group": {"key": "properties.clusterGroup", "type": "str"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - alert_rule_template_name: Optional[str] = None, - enabled: Optional[bool] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword alert_rule_template_name: The Name of the alert rule template used to create this - rule. - :paramtype alert_rule_template_name: str - :keyword enabled: Determines whether this alert rule is enabled or disabled. - :paramtype enabled: bool - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "MLBehaviorAnalytics" - self.alert_rule_template_name = alert_rule_template_name - self.description = None - self.display_name = None - self.enabled = enabled - self.last_modified_utc = None - self.severity = None - self.tactics = None - self.techniques = None - - -class MLBehaviorAnalyticsAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes - """Represents MLBehaviorAnalytics alert rule template. + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.kind: str = "MailCluster" + self.additional_data = None + self.friendly_name = None + self.network_message_ids = None + self.count_by_delivery_status = None + self.count_by_threat_type = None + self.count_by_protection_status = None + self.threats = None + self.query = None + self.query_time = None + self.mail_count = None + self.is_volume_anomaly = None + self.source = None + self.cluster_source_identifier = None + self.cluster_source_type = None + self.cluster_query_start_time = None + self.cluster_query_end_time = None + self.cluster_group = None + + +class MailClusterEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Mail cluster entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar network_message_ids: The mail message IDs that are part of the mail cluster. + :vartype network_message_ids: list[str] + :ivar count_by_delivery_status: Count of mail messages by DeliveryStatus string representation. + :vartype count_by_delivery_status: JSON + :ivar count_by_threat_type: Count of mail messages by ThreatType string representation. + :vartype count_by_threat_type: JSON + :ivar count_by_protection_status: Count of mail messages by ProtectionStatus string + representation. + :vartype count_by_protection_status: JSON + :ivar threats: The threats of mail messages that are part of the mail cluster. + :vartype threats: list[str] + :ivar query: The query that was used to identify the messages of the mail cluster. + :vartype query: str + :ivar query_time: The query time. + :vartype query_time: ~datetime.datetime + :ivar mail_count: The number of mail messages that are part of the mail cluster. + :vartype mail_count: int + :ivar is_volume_anomaly: Is this a volume anomaly mail cluster. + :vartype is_volume_anomaly: bool + :ivar source: The source of the mail cluster (default is 'O365 ATP'). + :vartype source: str + :ivar cluster_source_identifier: The id of the cluster source. + :vartype cluster_source_identifier: str + :ivar cluster_source_type: The type of the cluster source. + :vartype cluster_source_type: str + :ivar cluster_query_start_time: The cluster query start time. + :vartype cluster_query_start_time: ~datetime.datetime + :ivar cluster_query_end_time: The cluster query end time. + :vartype cluster_query_end_time: ~datetime.datetime + :ivar cluster_group: The cluster group. + :vartype cluster_group: str + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "network_message_ids": {"readonly": True}, + "count_by_delivery_status": {"readonly": True}, + "count_by_threat_type": {"readonly": True}, + "count_by_protection_status": {"readonly": True}, + "threats": {"readonly": True}, + "query": {"readonly": True}, + "query_time": {"readonly": True}, + "mail_count": {"readonly": True}, + "is_volume_anomaly": {"readonly": True}, + "source": {"readonly": True}, + "cluster_source_identifier": {"readonly": True}, + "cluster_source_type": {"readonly": True}, + "cluster_query_start_time": {"readonly": True}, + "cluster_query_end_time": {"readonly": True}, + "cluster_group": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "network_message_ids": {"key": "networkMessageIds", "type": "[str]"}, + "count_by_delivery_status": {"key": "countByDeliveryStatus", "type": "object"}, + "count_by_threat_type": {"key": "countByThreatType", "type": "object"}, + "count_by_protection_status": {"key": "countByProtectionStatus", "type": "object"}, + "threats": {"key": "threats", "type": "[str]"}, + "query": {"key": "query", "type": "str"}, + "query_time": {"key": "queryTime", "type": "iso-8601"}, + "mail_count": {"key": "mailCount", "type": "int"}, + "is_volume_anomaly": {"key": "isVolumeAnomaly", "type": "bool"}, + "source": {"key": "source", "type": "str"}, + "cluster_source_identifier": {"key": "clusterSourceIdentifier", "type": "str"}, + "cluster_source_type": {"key": "clusterSourceType", "type": "str"}, + "cluster_query_start_time": {"key": "clusterQueryStartTime", "type": "iso-8601"}, + "cluster_query_end_time": {"key": "clusterQueryEndTime", "type": "iso-8601"}, + "cluster_group": {"key": "clusterGroup", "type": "str"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.network_message_ids = None + self.count_by_delivery_status = None + self.count_by_threat_type = None + self.count_by_protection_status = None + self.threats = None + self.query = None + self.query_time = None + self.mail_count = None + self.is_volume_anomaly = None + self.source = None + self.cluster_source_identifier = None + self.cluster_source_type = None + self.cluster_query_start_time = None + self.cluster_query_end_time = None + self.cluster_group = None + + +class MailMessageEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a mail message entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -14797,34 +14375,73 @@ class MLBehaviorAnalyticsAlertRuleTemplate(AlertRuleTemplate): # pylint: disabl :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar file_entity_ids: The File entity ids of this mail message's attachments. + :vartype file_entity_ids: list[str] + :ivar recipient: The recipient of this mail message. Note that in case of multiple recipients + the mail message is forked and each copy has one recipient. + :vartype recipient: str + :ivar urls: The Urls contained in this mail message. + :vartype urls: list[str] + :ivar threats: The threats of this mail message. + :vartype threats: list[str] + :ivar p1_sender: The p1 sender's email address. + :vartype p1_sender: str + :ivar p1_sender_display_name: The p1 sender's display name. + :vartype p1_sender_display_name: str + :ivar p1_sender_domain: The p1 sender's domain. + :vartype p1_sender_domain: str + :ivar sender_ip: The sender's IP address. + :vartype sender_ip: str + :ivar p2_sender: The p2 sender's email address. + :vartype p2_sender: str + :ivar p2_sender_display_name: The p2 sender's display name. + :vartype p2_sender_display_name: str + :ivar p2_sender_domain: The p2 sender's domain. + :vartype p2_sender_domain: str + :ivar receive_date: The receive date of this message. + :vartype receive_date: ~datetime.datetime + :ivar network_message_id: The network message id of this mail message. + :vartype network_message_id: str + :ivar internet_message_id: The internet message id of this mail message. + :vartype internet_message_id: str + :ivar subject: The subject of this mail message. + :vartype subject: str + :ivar language: The language of this mail message. + :vartype language: str + :ivar threat_detection_methods: The threat detection methods. + :vartype threat_detection_methods: list[str] + :ivar body_fingerprint_bin1: The bodyFingerprintBin1. + :vartype body_fingerprint_bin1: int + :ivar body_fingerprint_bin2: The bodyFingerprintBin2. + :vartype body_fingerprint_bin2: int + :ivar body_fingerprint_bin3: The bodyFingerprintBin3. + :vartype body_fingerprint_bin3: int + :ivar body_fingerprint_bin4: The bodyFingerprintBin4. + :vartype body_fingerprint_bin4: int + :ivar body_fingerprint_bin5: The bodyFingerprintBin5. + :vartype body_fingerprint_bin5: int + :ivar antispam_direction: The directionality of this mail message. Known values are: "Unknown", + "Inbound", "Outbound", and "Intraorg". + :vartype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection + :ivar delivery_action: The delivery action of this mail message like Delivered, Blocked, + Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and + "Replaced". + :vartype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction + :ivar delivery_location: The delivery location of this mail message like Inbox, JunkFolder etc. + Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", "External", + "Failed", "Dropped", and "Forwarded". + :vartype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation """ _validation = { @@ -14833,8 +14450,25 @@ class MLBehaviorAnalyticsAlertRuleTemplate(AlertRuleTemplate): # pylint: disabl "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "file_entity_ids": {"readonly": True}, + "recipient": {"readonly": True}, + "urls": {"readonly": True}, + "threats": {"readonly": True}, + "p1_sender": {"readonly": True}, + "p1_sender_display_name": {"readonly": True}, + "p1_sender_domain": {"readonly": True}, + "sender_ip": {"readonly": True}, + "p2_sender": {"readonly": True}, + "p2_sender_display_name": {"readonly": True}, + "p2_sender_domain": {"readonly": True}, + "receive_date": {"readonly": True}, + "network_message_id": {"readonly": True}, + "internet_message_id": {"readonly": True}, + "subject": {"readonly": True}, + "language": {"readonly": True}, + "threat_detection_methods": {"readonly": True}, } _attribute_map = { @@ -14843,233 +14477,289 @@ class MLBehaviorAnalyticsAlertRuleTemplate(AlertRuleTemplate): # pylint: disabl "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "kind": {"key": "kind", "type": "str"}, - "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "required_data_connectors": { - "key": "properties.requiredDataConnectors", - "type": "[AlertRuleTemplateDataSource]", - }, - "status": {"key": "properties.status", "type": "str"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, - "severity": {"key": "properties.severity", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "file_entity_ids": {"key": "properties.fileEntityIds", "type": "[str]"}, + "recipient": {"key": "properties.recipient", "type": "str"}, + "urls": {"key": "properties.urls", "type": "[str]"}, + "threats": {"key": "properties.threats", "type": "[str]"}, + "p1_sender": {"key": "properties.p1Sender", "type": "str"}, + "p1_sender_display_name": {"key": "properties.p1SenderDisplayName", "type": "str"}, + "p1_sender_domain": {"key": "properties.p1SenderDomain", "type": "str"}, + "sender_ip": {"key": "properties.senderIP", "type": "str"}, + "p2_sender": {"key": "properties.p2Sender", "type": "str"}, + "p2_sender_display_name": {"key": "properties.p2SenderDisplayName", "type": "str"}, + "p2_sender_domain": {"key": "properties.p2SenderDomain", "type": "str"}, + "receive_date": {"key": "properties.receiveDate", "type": "iso-8601"}, + "network_message_id": {"key": "properties.networkMessageId", "type": "str"}, + "internet_message_id": {"key": "properties.internetMessageId", "type": "str"}, + "subject": {"key": "properties.subject", "type": "str"}, + "language": {"key": "properties.language", "type": "str"}, + "threat_detection_methods": {"key": "properties.threatDetectionMethods", "type": "[str]"}, + "body_fingerprint_bin1": {"key": "properties.bodyFingerprintBin1", "type": "int"}, + "body_fingerprint_bin2": {"key": "properties.bodyFingerprintBin2", "type": "int"}, + "body_fingerprint_bin3": {"key": "properties.bodyFingerprintBin3", "type": "int"}, + "body_fingerprint_bin4": {"key": "properties.bodyFingerprintBin4", "type": "int"}, + "body_fingerprint_bin5": {"key": "properties.bodyFingerprintBin5", "type": "int"}, + "antispam_direction": {"key": "properties.antispamDirection", "type": "str"}, + "delivery_action": {"key": "properties.deliveryAction", "type": "str"}, + "delivery_location": {"key": "properties.deliveryLocation", "type": "str"}, } - def __init__( + def __init__( # pylint: disable=too-many-locals self, *, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - **kwargs - ): + body_fingerprint_bin1: Optional[int] = None, + body_fingerprint_bin2: Optional[int] = None, + body_fingerprint_bin3: Optional[int] = None, + body_fingerprint_bin4: Optional[int] = None, + body_fingerprint_bin5: Optional[int] = None, + antispam_direction: Optional[Union[str, "_models.AntispamMailDirection"]] = None, + delivery_action: Optional[Union[str, "_models.DeliveryAction"]] = None, + delivery_location: Optional[Union[str, "_models.DeliveryLocation"]] = None, + **kwargs: Any + ) -> None: """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword tactics: The tactics of the alert rule. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword body_fingerprint_bin1: The bodyFingerprintBin1. + :paramtype body_fingerprint_bin1: int + :keyword body_fingerprint_bin2: The bodyFingerprintBin2. + :paramtype body_fingerprint_bin2: int + :keyword body_fingerprint_bin3: The bodyFingerprintBin3. + :paramtype body_fingerprint_bin3: int + :keyword body_fingerprint_bin4: The bodyFingerprintBin4. + :paramtype body_fingerprint_bin4: int + :keyword body_fingerprint_bin5: The bodyFingerprintBin5. + :paramtype body_fingerprint_bin5: int + :keyword antispam_direction: The directionality of this mail message. Known values are: + "Unknown", "Inbound", "Outbound", and "Intraorg". + :paramtype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection + :keyword delivery_action: The delivery action of this mail message like Delivered, Blocked, + Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and + "Replaced". + :paramtype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction + :keyword delivery_location: The delivery location of this mail message like Inbox, JunkFolder + etc. Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", + "External", "Failed", "Dropped", and "Forwarded". + :paramtype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation """ super().__init__(**kwargs) - self.kind: str = "MLBehaviorAnalytics" - self.alert_rules_created_by_template_count = alert_rules_created_by_template_count - self.last_updated_date_utc = None - self.created_date_utc = None - self.description = description - self.display_name = display_name - self.required_data_connectors = required_data_connectors - self.status = status - self.tactics = tactics - self.techniques = techniques - self.severity = severity + self.kind: str = "MailMessage" + self.additional_data = None + self.friendly_name = None + self.file_entity_ids = None + self.recipient = None + self.urls = None + self.threats = None + self.p1_sender = None + self.p1_sender_display_name = None + self.p1_sender_domain = None + self.sender_ip = None + self.p2_sender = None + self.p2_sender_display_name = None + self.p2_sender_domain = None + self.receive_date = None + self.network_message_id = None + self.internet_message_id = None + self.subject = None + self.language = None + self.threat_detection_methods = None + self.body_fingerprint_bin1 = body_fingerprint_bin1 + self.body_fingerprint_bin2 = body_fingerprint_bin2 + self.body_fingerprint_bin3 = body_fingerprint_bin3 + self.body_fingerprint_bin4 = body_fingerprint_bin4 + self.body_fingerprint_bin5 = body_fingerprint_bin5 + self.antispam_direction = antispam_direction + self.delivery_action = delivery_action + self.delivery_location = delivery_location -class MLBehaviorAnalyticsAlertRuleTemplateProperties(AlertRuleTemplateWithMitreProperties): - """MLBehaviorAnalytics alert rule template properties. +class MailMessageEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Mail message entity property bag. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - :ivar severity: The severity for alerts created by this alert rule. Required. Known values are: - "High", "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar file_entity_ids: The File entity ids of this mail message's attachments. + :vartype file_entity_ids: list[str] + :ivar recipient: The recipient of this mail message. Note that in case of multiple recipients + the mail message is forked and each copy has one recipient. + :vartype recipient: str + :ivar urls: The Urls contained in this mail message. + :vartype urls: list[str] + :ivar threats: The threats of this mail message. + :vartype threats: list[str] + :ivar p1_sender: The p1 sender's email address. + :vartype p1_sender: str + :ivar p1_sender_display_name: The p1 sender's display name. + :vartype p1_sender_display_name: str + :ivar p1_sender_domain: The p1 sender's domain. + :vartype p1_sender_domain: str + :ivar sender_ip: The sender's IP address. + :vartype sender_ip: str + :ivar p2_sender: The p2 sender's email address. + :vartype p2_sender: str + :ivar p2_sender_display_name: The p2 sender's display name. + :vartype p2_sender_display_name: str + :ivar p2_sender_domain: The p2 sender's domain. + :vartype p2_sender_domain: str + :ivar receive_date: The receive date of this message. + :vartype receive_date: ~datetime.datetime + :ivar network_message_id: The network message id of this mail message. + :vartype network_message_id: str + :ivar internet_message_id: The internet message id of this mail message. + :vartype internet_message_id: str + :ivar subject: The subject of this mail message. + :vartype subject: str + :ivar language: The language of this mail message. + :vartype language: str + :ivar threat_detection_methods: The threat detection methods. + :vartype threat_detection_methods: list[str] + :ivar body_fingerprint_bin1: The bodyFingerprintBin1. + :vartype body_fingerprint_bin1: int + :ivar body_fingerprint_bin2: The bodyFingerprintBin2. + :vartype body_fingerprint_bin2: int + :ivar body_fingerprint_bin3: The bodyFingerprintBin3. + :vartype body_fingerprint_bin3: int + :ivar body_fingerprint_bin4: The bodyFingerprintBin4. + :vartype body_fingerprint_bin4: int + :ivar body_fingerprint_bin5: The bodyFingerprintBin5. + :vartype body_fingerprint_bin5: int + :ivar antispam_direction: The directionality of this mail message. Known values are: "Unknown", + "Inbound", "Outbound", and "Intraorg". + :vartype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection + :ivar delivery_action: The delivery action of this mail message like Delivered, Blocked, + Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and + "Replaced". + :vartype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction + :ivar delivery_location: The delivery location of this mail message like Inbox, JunkFolder etc. + Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", "External", + "Failed", "Dropped", and "Forwarded". + :vartype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation """ _validation = { - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, - "severity": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "file_entity_ids": {"readonly": True}, + "recipient": {"readonly": True}, + "urls": {"readonly": True}, + "threats": {"readonly": True}, + "p1_sender": {"readonly": True}, + "p1_sender_display_name": {"readonly": True}, + "p1_sender_domain": {"readonly": True}, + "sender_ip": {"readonly": True}, + "p2_sender": {"readonly": True}, + "p2_sender_display_name": {"readonly": True}, + "p2_sender_domain": {"readonly": True}, + "receive_date": {"readonly": True}, + "network_message_id": {"readonly": True}, + "internet_message_id": {"readonly": True}, + "subject": {"readonly": True}, + "language": {"readonly": True}, + "threat_detection_methods": {"readonly": True}, } _attribute_map = { - "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, - "description": {"key": "description", "type": "str"}, - "display_name": {"key": "displayName", "type": "str"}, - "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, - "status": {"key": "status", "type": "str"}, - "tactics": {"key": "tactics", "type": "[str]"}, - "techniques": {"key": "techniques", "type": "[str]"}, - "severity": {"key": "severity", "type": "str"}, - } - - def __init__( - self, - *, - severity: Union[str, "_models.AlertSeverity"], - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - **kwargs - ): - """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword tactics: The tactics of the alert rule. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] - :keyword severity: The severity for alerts created by this alert rule. Required. Known values - are: "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - """ - super().__init__( - alert_rules_created_by_template_count=alert_rules_created_by_template_count, - description=description, - display_name=display_name, - required_data_connectors=required_data_connectors, - status=status, - tactics=tactics, - techniques=techniques, - **kwargs - ) - self.severity = severity - - -class MSTICheckRequirements(DataConnectorsCheckRequirements): - """Represents Microsoft Threat Intelligence requirements check request. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - """ - - _validation = { - "kind": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "file_entity_ids": {"key": "fileEntityIds", "type": "[str]"}, + "recipient": {"key": "recipient", "type": "str"}, + "urls": {"key": "urls", "type": "[str]"}, + "threats": {"key": "threats", "type": "[str]"}, + "p1_sender": {"key": "p1Sender", "type": "str"}, + "p1_sender_display_name": {"key": "p1SenderDisplayName", "type": "str"}, + "p1_sender_domain": {"key": "p1SenderDomain", "type": "str"}, + "sender_ip": {"key": "senderIP", "type": "str"}, + "p2_sender": {"key": "p2Sender", "type": "str"}, + "p2_sender_display_name": {"key": "p2SenderDisplayName", "type": "str"}, + "p2_sender_domain": {"key": "p2SenderDomain", "type": "str"}, + "receive_date": {"key": "receiveDate", "type": "iso-8601"}, + "network_message_id": {"key": "networkMessageId", "type": "str"}, + "internet_message_id": {"key": "internetMessageId", "type": "str"}, + "subject": {"key": "subject", "type": "str"}, + "language": {"key": "language", "type": "str"}, + "threat_detection_methods": {"key": "threatDetectionMethods", "type": "[str]"}, + "body_fingerprint_bin1": {"key": "bodyFingerprintBin1", "type": "int"}, + "body_fingerprint_bin2": {"key": "bodyFingerprintBin2", "type": "int"}, + "body_fingerprint_bin3": {"key": "bodyFingerprintBin3", "type": "int"}, + "body_fingerprint_bin4": {"key": "bodyFingerprintBin4", "type": "int"}, + "body_fingerprint_bin5": {"key": "bodyFingerprintBin5", "type": "int"}, + "antispam_direction": {"key": "antispamDirection", "type": "str"}, + "delivery_action": {"key": "deliveryAction", "type": "str"}, + "delivery_location": {"key": "deliveryLocation", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__( # pylint: disable=too-many-locals + self, + *, + body_fingerprint_bin1: Optional[int] = None, + body_fingerprint_bin2: Optional[int] = None, + body_fingerprint_bin3: Optional[int] = None, + body_fingerprint_bin4: Optional[int] = None, + body_fingerprint_bin5: Optional[int] = None, + antispam_direction: Optional[Union[str, "_models.AntispamMailDirection"]] = None, + delivery_action: Optional[Union[str, "_models.DeliveryAction"]] = None, + delivery_location: Optional[Union[str, "_models.DeliveryLocation"]] = None, + **kwargs: Any + ) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str + :keyword body_fingerprint_bin1: The bodyFingerprintBin1. + :paramtype body_fingerprint_bin1: int + :keyword body_fingerprint_bin2: The bodyFingerprintBin2. + :paramtype body_fingerprint_bin2: int + :keyword body_fingerprint_bin3: The bodyFingerprintBin3. + :paramtype body_fingerprint_bin3: int + :keyword body_fingerprint_bin4: The bodyFingerprintBin4. + :paramtype body_fingerprint_bin4: int + :keyword body_fingerprint_bin5: The bodyFingerprintBin5. + :paramtype body_fingerprint_bin5: int + :keyword antispam_direction: The directionality of this mail message. Known values are: + "Unknown", "Inbound", "Outbound", and "Intraorg". + :paramtype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection + :keyword delivery_action: The delivery action of this mail message like Delivered, Blocked, + Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and + "Replaced". + :paramtype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction + :keyword delivery_location: The delivery location of this mail message like Inbox, JunkFolder + etc. Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", + "External", "Failed", "Dropped", and "Forwarded". + :paramtype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation """ super().__init__(**kwargs) - self.kind: str = "MicrosoftThreatIntelligence" - self.tenant_id = tenant_id - - -class MSTICheckRequirementsProperties(DataConnectorTenantId): - """Microsoft Threat Intelligence requirements check properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: str, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(tenant_id=tenant_id, **kwargs) + self.file_entity_ids = None + self.recipient = None + self.urls = None + self.threats = None + self.p1_sender = None + self.p1_sender_display_name = None + self.p1_sender_domain = None + self.sender_ip = None + self.p2_sender = None + self.p2_sender_display_name = None + self.p2_sender_domain = None + self.receive_date = None + self.network_message_id = None + self.internet_message_id = None + self.subject = None + self.language = None + self.threat_detection_methods = None + self.body_fingerprint_bin1 = body_fingerprint_bin1 + self.body_fingerprint_bin2 = body_fingerprint_bin2 + self.body_fingerprint_bin3 = body_fingerprint_bin3 + self.body_fingerprint_bin4 = body_fingerprint_bin4 + self.body_fingerprint_bin5 = body_fingerprint_bin5 + self.antispam_direction = antispam_direction + self.delivery_action = delivery_action + self.delivery_location = delivery_location -class MSTIDataConnector(DataConnector): - """Represents Microsoft Threat Intelligence data connector. +class MalwareEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a malware entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -15086,20 +14776,26 @@ class MSTIDataConnector(DataConnector): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar category: The malware category by the vendor, e.g. Trojan. + :vartype category: str + :ivar file_entity_ids: List of linked file entity identifiers on which the malware was found. + :vartype file_entity_ids: list[str] + :ivar malware_name: The malware name by the vendor, e.g. Win32/Toga!rfn. + :vartype malware_name: str + :ivar process_entity_ids: List of linked process entity identifiers on which the malware was + found. + :vartype process_entity_ids: list[str] """ _validation = { @@ -15108,6 +14804,12 @@ class MSTIDataConnector(DataConnector): "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "category": {"readonly": True}, + "file_entity_ids": {"readonly": True}, + "malware_name": {"readonly": True}, + "process_entity_ids": {"readonly": True}, } _attribute_map = { @@ -15115,199 +14817,120 @@ class MSTIDataConnector(DataConnector): "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "MSTIDataConnectorDataTypes"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "category": {"key": "properties.category", "type": "str"}, + "file_entity_ids": {"key": "properties.fileEntityIds", "type": "[str]"}, + "malware_name": {"key": "properties.malwareName", "type": "str"}, + "process_entity_ids": {"key": "properties.processEntityIds", "type": "[str]"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.MSTIDataConnectorDataTypes"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "MicrosoftThreatIntelligence" - self.tenant_id = tenant_id - self.data_types = data_types + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.kind: str = "Malware" + self.additional_data = None + self.friendly_name = None + self.category = None + self.file_entity_ids = None + self.malware_name = None + self.process_entity_ids = None -class MSTIDataConnectorDataTypes(_serialization.Model): - """The available data types for Microsoft Threat Intelligence Platforms data connector. +class MalwareEntityProperties(EntityCommonProperties): + """Malware entity property bag. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar bing_safety_phishing_url: Data type for Microsoft Threat Intelligence Platforms data - connector. Required. - :vartype bing_safety_phishing_url: - ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypesBingSafetyPhishingURL - :ivar microsoft_emerging_threat_feed: Data type for Microsoft Threat Intelligence Platforms - data connector. Required. - :vartype microsoft_emerging_threat_feed: - ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar category: The malware category by the vendor, e.g. Trojan. + :vartype category: str + :ivar file_entity_ids: List of linked file entity identifiers on which the malware was found. + :vartype file_entity_ids: list[str] + :ivar malware_name: The malware name by the vendor, e.g. Win32/Toga!rfn. + :vartype malware_name: str + :ivar process_entity_ids: List of linked process entity identifiers on which the malware was + found. + :vartype process_entity_ids: list[str] """ _validation = { - "bing_safety_phishing_url": {"required": True}, - "microsoft_emerging_threat_feed": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "category": {"readonly": True}, + "file_entity_ids": {"readonly": True}, + "malware_name": {"readonly": True}, + "process_entity_ids": {"readonly": True}, } _attribute_map = { - "bing_safety_phishing_url": { - "key": "bingSafetyPhishingURL", - "type": "MSTIDataConnectorDataTypesBingSafetyPhishingURL", - }, - "microsoft_emerging_threat_feed": { - "key": "microsoftEmergingThreatFeed", - "type": "MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed", - }, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "category": {"key": "category", "type": "str"}, + "file_entity_ids": {"key": "fileEntityIds", "type": "[str]"}, + "malware_name": {"key": "malwareName", "type": "str"}, + "process_entity_ids": {"key": "processEntityIds", "type": "[str]"}, } - def __init__( - self, - *, - bing_safety_phishing_url: "_models.MSTIDataConnectorDataTypesBingSafetyPhishingURL", - microsoft_emerging_threat_feed: "_models.MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed", - **kwargs - ): - """ - :keyword bing_safety_phishing_url: Data type for Microsoft Threat Intelligence Platforms data - connector. Required. - :paramtype bing_safety_phishing_url: - ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypesBingSafetyPhishingURL - :keyword microsoft_emerging_threat_feed: Data type for Microsoft Threat Intelligence Platforms - data connector. Required. - :paramtype microsoft_emerging_threat_feed: - ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed - """ + def __init__(self, **kwargs: Any) -> None: + """ """ super().__init__(**kwargs) - self.bing_safety_phishing_url = bing_safety_phishing_url - self.microsoft_emerging_threat_feed = microsoft_emerging_threat_feed - - -class MSTIDataConnectorDataTypesBingSafetyPhishingURL(DataConnectorDataTypeCommon): - """Data type for Microsoft Threat Intelligence Platforms data connector. - - All required parameters must be populated in order to send to Azure. - - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - :ivar lookback_period: lookback period. Required. - :vartype lookback_period: str - """ - - _validation = { - "state": {"required": True}, - "lookback_period": {"required": True}, - } - - _attribute_map = { - "state": {"key": "state", "type": "str"}, - "lookback_period": {"key": "lookbackPeriod", "type": "str"}, - } - - def __init__(self, *, state: Union[str, "_models.DataTypeState"], lookback_period: str, **kwargs): - """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - :keyword lookback_period: lookback period. Required. - :paramtype lookback_period: str - """ - super().__init__(state=state, **kwargs) - self.lookback_period = lookback_period - - -class MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed(DataConnectorDataTypeCommon): - """Data type for Microsoft Threat Intelligence Platforms data connector. - - All required parameters must be populated in order to send to Azure. - - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - :ivar lookback_period: lookback period. Required. - :vartype lookback_period: str - """ - - _validation = { - "state": {"required": True}, - "lookback_period": {"required": True}, - } - - _attribute_map = { - "state": {"key": "state", "type": "str"}, - "lookback_period": {"key": "lookbackPeriod", "type": "str"}, - } - - def __init__(self, *, state: Union[str, "_models.DataTypeState"], lookback_period: str, **kwargs): - """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - :keyword lookback_period: lookback period. Required. - :paramtype lookback_period: str - """ - super().__init__(state=state, **kwargs) - self.lookback_period = lookback_period + self.category = None + self.file_entity_ids = None + self.malware_name = None + self.process_entity_ids = None -class MSTIDataConnectorProperties(DataConnectorTenantId): - """Microsoft Threat Intelligence data connector properties. +class ManualTriggerRequestBody(_serialization.Model): + """ManualTriggerRequestBody. All required parameters must be populated in order to send to Azure. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :ivar tenant_id: :vartype tenant_id: str - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes + :ivar logic_apps_resource_id: Required. + :vartype logic_apps_resource_id: str """ _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, + "logic_apps_resource_id": {"required": True}, } _attribute_map = { "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "MSTIDataConnectorDataTypes"}, + "logic_apps_resource_id": {"key": "logicAppsResourceId", "type": "str"}, } - def __init__(self, *, tenant_id: str, data_types: "_models.MSTIDataConnectorDataTypes", **kwargs): + def __init__(self, *, logic_apps_resource_id: str, tenant_id: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :keyword tenant_id: :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes + :keyword logic_apps_resource_id: Required. + :paramtype logic_apps_resource_id: str """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.data_types = data_types + super().__init__(**kwargs) + self.tenant_id = tenant_id + self.logic_apps_resource_id = logic_apps_resource_id -class MtpCheckRequirements(DataConnectorsCheckRequirements): - """Represents MTP (Microsoft Threat Protection) requirements check request. +class MCASCheckRequirements(DataConnectorsCheckRequirements): + """Represents MCAS (Microsoft Cloud App Security) requirements check request. All required parameters must be populated in order to send to Azure. :ivar kind: Describes the kind of connector to be checked. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str @@ -15322,18 +14945,18 @@ class MtpCheckRequirements(DataConnectorsCheckRequirements): "tenant_id": {"key": "properties.tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str """ super().__init__(**kwargs) - self.kind: str = "MicrosoftThreatProtection" + self.kind: str = "MicrosoftCloudAppSecurity" self.tenant_id = tenant_id -class MTPCheckRequirementsProperties(DataConnectorTenantId): - """MTP (Microsoft Threat Protection) requirements check properties. +class MCASCheckRequirementsProperties(DataConnectorTenantId): + """MCAS (Microsoft Cloud App Security) requirements check properties. All required parameters must be populated in order to send to Azure. @@ -15349,7 +14972,7 @@ class MTPCheckRequirementsProperties(DataConnectorTenantId): "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. Required. :paramtype tenant_id: str @@ -15357,8 +14980,8 @@ def __init__(self, *, tenant_id: str, **kwargs): super().__init__(tenant_id=tenant_id, **kwargs) -class MTPDataConnector(DataConnector): - """Represents MTP (Microsoft Threat Protection) data connector. +class MCASDataConnector(DataConnector): + """Represents MCAS (Microsoft Cloud App Security) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -15380,15 +15003,15 @@ class MTPDataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes + :vartype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes """ _validation = { @@ -15407,7 +15030,7 @@ class MTPDataConnector(DataConnector): "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "MTPDataConnectorDataTypes"}, + "data_types": {"key": "properties.dataTypes", "type": "MCASDataConnectorDataTypes"}, } def __init__( @@ -15415,228 +15038,155 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - data_types: Optional["_models.MTPDataConnectorDataTypes"] = None, - **kwargs - ): + data_types: Optional["_models.MCASDataConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes + :paramtype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes """ super().__init__(etag=etag, **kwargs) - self.kind: str = "MicrosoftThreatProtection" + self.kind: str = "MicrosoftCloudAppSecurity" self.tenant_id = tenant_id self.data_types = data_types -class MTPDataConnectorDataTypes(_serialization.Model): - """The available data types for Microsoft Threat Protection Platforms data connector. +class MCASDataConnectorDataTypes(AlertsDataTypeOfDataConnector): + """The available data types for MCAS (Microsoft Cloud App Security) data connector. All required parameters must be populated in order to send to Azure. - :ivar incidents: Data type for Microsoft Threat Protection Platforms data connector. Required. - :vartype incidents: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypesIncidents + :ivar alerts: Alerts data type connection. Required. + :vartype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + :ivar discovery_logs: Discovery log data type connection. + :vartype discovery_logs: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon """ _validation = { - "incidents": {"required": True}, + "alerts": {"required": True}, } _attribute_map = { - "incidents": {"key": "incidents", "type": "MTPDataConnectorDataTypesIncidents"}, + "alerts": {"key": "alerts", "type": "DataConnectorDataTypeCommon"}, + "discovery_logs": {"key": "discoveryLogs", "type": "DataConnectorDataTypeCommon"}, } - def __init__(self, *, incidents: "_models.MTPDataConnectorDataTypesIncidents", **kwargs): + def __init__( + self, + *, + alerts: "_models.DataConnectorDataTypeCommon", + discovery_logs: Optional["_models.DataConnectorDataTypeCommon"] = None, + **kwargs: Any + ) -> None: """ - :keyword incidents: Data type for Microsoft Threat Protection Platforms data connector. - Required. - :paramtype incidents: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypesIncidents + :keyword alerts: Alerts data type connection. Required. + :paramtype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + :keyword discovery_logs: Discovery log data type connection. + :paramtype discovery_logs: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon """ - super().__init__(**kwargs) - self.incidents = incidents + super().__init__(alerts=alerts, **kwargs) + self.discovery_logs = discovery_logs -class MTPDataConnectorDataTypesIncidents(DataConnectorDataTypeCommon): - """Data type for Microsoft Threat Protection Platforms data connector. +class MCASDataConnectorProperties(DataConnectorTenantId): + """MCAS (Microsoft Cloud App Security) data connector properties. All required parameters must be populated in order to send to Azure. - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes """ _validation = { - "state": {"required": True}, + "tenant_id": {"required": True}, + "data_types": {"required": True}, } _attribute_map = { - "state": {"key": "state", "type": "str"}, + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "MCASDataConnectorDataTypes"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__(self, *, tenant_id: str, data_types: "_models.MCASDataConnectorDataTypes", **kwargs: Any) -> None: """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes """ - super().__init__(state=state, **kwargs) + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types -class MTPDataConnectorProperties(DataConnectorTenantId): - """MTP (Microsoft Threat Protection) data connector properties. +class MDATPCheckRequirements(DataConnectorsCheckRequirements): + """Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request. All required parameters must be populated in order to send to Azure. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes """ _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, + "kind": {"required": True}, } _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "MTPDataConnectorDataTypes"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: str, data_types: "_models.MTPDataConnectorDataTypes", **kwargs): + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.data_types = data_types - + super().__init__(**kwargs) + self.kind: str = "MicrosoftDefenderAdvancedThreatProtection" + self.tenant_id = tenant_id -class NicEntity(Entity): - """Represents an network interface entity. - Variables are only populated by the server, and will be ignored when sending a request. +class MDATPCheckRequirementsProperties(DataConnectorTenantId): + """MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar mac_address: The MAC address of this network interface. - :vartype mac_address: str - :ivar ip_address_entity_id: The IP entity id of this network interface. - :vartype ip_address_entity_id: str - :ivar vlans: A list of VLANs of the network interface entity. - :vartype vlans: list[str] - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "mac_address": {"readonly": True}, - "ip_address_entity_id": {"readonly": True}, - "vlans": {"readonly": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "mac_address": {"key": "properties.macAddress", "type": "str"}, - "ip_address_entity_id": {"key": "properties.ipAddressEntityId", "type": "str"}, - "vlans": {"key": "properties.vlans", "type": "[str]"}, - } - - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: str = "Nic" - self.additional_data = None - self.friendly_name = None - self.mac_address = None - self.ip_address_entity_id = None - self.vlans = None - - -class NicEntityProperties(EntityCommonProperties): - """Nic entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar mac_address: The MAC address of this network interface. - :vartype mac_address: str - :ivar ip_address_entity_id: The IP entity id of this network interface. - :vartype ip_address_entity_id: str - :ivar vlans: A list of VLANs of the network interface entity. - :vartype vlans: list[str] + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str """ _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "mac_address": {"readonly": True}, - "ip_address_entity_id": {"readonly": True}, - "vlans": {"readonly": True}, + "tenant_id": {"required": True}, } _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "mac_address": {"key": "macAddress", "type": "str"}, - "ip_address_entity_id": {"key": "ipAddressEntityId", "type": "str"}, - "vlans": {"key": "vlans", "type": "[str]"}, + "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.mac_address = None - self.ip_address_entity_id = None - self.vlans = None + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) -class NrtAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes - """Represents NRT alert rule. +class MDATPDataConnector(DataConnector): + """Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -15655,53 +15205,18 @@ class NrtAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. - :vartype alert_rule_template_name: str - :ivar template_version: The version of the alert rule template used to create this rule - in - format , where all are numbers, for example 0 <1.0.2>. - :vartype template_version: str - :ivar description: The description of the alert rule. - :vartype description: str - :ivar query: The query that creates alerts for this rule. - :vartype query: str - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - :ivar display_name: The display name for alerts created by this alert rule. - :vartype display_name: str - :ivar enabled: Determines whether this alert rule is enabled or disabled. - :vartype enabled: bool - :ivar last_modified_utc: The last time that this alert rule has been modified. - :vartype last_modified_utc: ~datetime.datetime - :ivar suppression_duration: The suppression (in ISO 8601 duration format) to wait since last - time this alert rule been triggered. - :vartype suppression_duration: ~datetime.timedelta - :ivar suppression_enabled: Determines whether the suppression for this alert rule is enabled or - disabled. - :vartype suppression_enabled: bool - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar incident_configuration: The settings of the incidents that created from alerts triggered - by this analytics rule. - :vartype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration - :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :vartype custom_details: dict[str, str] - :ivar entity_mappings: Array of the entity mappings of the alert rule. - :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :ivar alert_details_override: The alert details override settings. - :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :ivar event_grouping_settings: The event grouping settings. - :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :vartype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector """ _validation = { @@ -15710,7 +15225,6 @@ class NrtAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "last_modified_utc": {"readonly": True}, } _attribute_map = { @@ -15720,674 +15234,244 @@ class NrtAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, - "template_version": {"key": "properties.templateVersion", "type": "str"}, - "description": {"key": "properties.description", "type": "str"}, - "query": {"key": "properties.query", "type": "str"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "enabled": {"key": "properties.enabled", "type": "bool"}, - "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, - "suppression_duration": {"key": "properties.suppressionDuration", "type": "duration"}, - "suppression_enabled": {"key": "properties.suppressionEnabled", "type": "bool"}, - "severity": {"key": "properties.severity", "type": "str"}, - "incident_configuration": {"key": "properties.incidentConfiguration", "type": "IncidentConfiguration"}, - "custom_details": {"key": "properties.customDetails", "type": "{str}"}, - "entity_mappings": {"key": "properties.entityMappings", "type": "[EntityMapping]"}, - "alert_details_override": {"key": "properties.alertDetailsOverride", "type": "AlertDetailsOverride"}, - "event_grouping_settings": {"key": "properties.eventGroupingSettings", "type": "EventGroupingSettings"}, - "sentinel_entities_mappings": {"key": "properties.sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, } - def __init__( # pylint: disable=too-many-locals + def __init__( self, *, etag: Optional[str] = None, - alert_rule_template_name: Optional[str] = None, - template_version: Optional[str] = None, - description: Optional[str] = None, - query: Optional[str] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - display_name: Optional[str] = None, - enabled: Optional[bool] = None, - suppression_duration: Optional[datetime.timedelta] = None, - suppression_enabled: Optional[bool] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - incident_configuration: Optional["_models.IncidentConfiguration"] = None, - custom_details: Optional[Dict[str, str]] = None, - entity_mappings: Optional[List["_models.EntityMapping"]] = None, - alert_details_override: Optional["_models.AlertDetailsOverride"] = None, - event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, - sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, - **kwargs - ): + tenant_id: Optional[str] = None, + data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword alert_rule_template_name: The Name of the alert rule template used to create this - rule. - :paramtype alert_rule_template_name: str - :keyword template_version: The version of the alert rule template used to create this rule - in - format , where all are numbers, for example 0 <1.0.2>. - :paramtype template_version: str - :keyword description: The description of the alert rule. - :paramtype description: str - :keyword query: The query that creates alerts for this rule. - :paramtype query: str - :keyword tactics: The tactics of the alert rule. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] - :keyword display_name: The display name for alerts created by this alert rule. - :paramtype display_name: str - :keyword enabled: Determines whether this alert rule is enabled or disabled. - :paramtype enabled: bool - :keyword suppression_duration: The suppression (in ISO 8601 duration format) to wait since last - time this alert rule been triggered. - :paramtype suppression_duration: ~datetime.timedelta - :keyword suppression_enabled: Determines whether the suppression for this alert rule is enabled - or disabled. - :paramtype suppression_enabled: bool - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword incident_configuration: The settings of the incidents that created from alerts - triggered by this analytics rule. - :paramtype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration - :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :paramtype custom_details: dict[str, str] - :keyword entity_mappings: Array of the entity mappings of the alert rule. - :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :keyword alert_details_override: The alert details override settings. - :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :keyword event_grouping_settings: The event grouping settings. - :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :paramtype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector """ super().__init__(etag=etag, **kwargs) - self.kind: str = "NRT" - self.alert_rule_template_name = alert_rule_template_name - self.template_version = template_version - self.description = description - self.query = query - self.tactics = tactics - self.techniques = techniques - self.display_name = display_name - self.enabled = enabled - self.last_modified_utc = None - self.suppression_duration = suppression_duration - self.suppression_enabled = suppression_enabled - self.severity = severity - self.incident_configuration = incident_configuration - self.custom_details = custom_details - self.entity_mappings = entity_mappings - self.alert_details_override = alert_details_override - self.event_grouping_settings = event_grouping_settings - self.sentinel_entities_mappings = sentinel_entities_mappings - + self.kind: str = "MicrosoftDefenderAdvancedThreatProtection" + self.tenant_id = tenant_id + self.data_types = data_types -class NrtAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes - """Represents NRT alert rule template. - Variables are only populated by the server, and will be ignored when sending a request. +class MDATPDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): + """MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", - "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and - "NRT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] - :ivar query: The query that creates alerts for this rule. - :vartype query: str - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar version: The version of this template - in format , where all are numbers. For - example <1.0.2>. - :vartype version: str - :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :vartype custom_details: dict[str, str] - :ivar entity_mappings: Array of the entity mappings of the alert rule. - :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :ivar alert_details_override: The alert details override settings. - :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :ivar event_grouping_settings: The event grouping settings. - :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :vartype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, + "tenant_id": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, - "description": {"key": "properties.description", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "required_data_connectors": { - "key": "properties.requiredDataConnectors", - "type": "[AlertRuleTemplateDataSource]", - }, - "status": {"key": "properties.status", "type": "str"}, - "tactics": {"key": "properties.tactics", "type": "[str]"}, - "techniques": {"key": "properties.techniques", "type": "[str]"}, - "query": {"key": "properties.query", "type": "str"}, - "severity": {"key": "properties.severity", "type": "str"}, - "version": {"key": "properties.version", "type": "str"}, - "custom_details": {"key": "properties.customDetails", "type": "{str}"}, - "entity_mappings": {"key": "properties.entityMappings", "type": "[EntityMapping]"}, - "alert_details_override": {"key": "properties.alertDetailsOverride", "type": "AlertDetailsOverride"}, - "event_grouping_settings": {"key": "properties.eventGroupingSettings", "type": "EventGroupingSettings"}, - "sentinel_entities_mappings": {"key": "properties.sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, + "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "tenant_id": {"key": "tenantId", "type": "str"}, } def __init__( - self, - *, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - query: Optional[str] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - version: Optional[str] = None, - custom_details: Optional[Dict[str, str]] = None, - entity_mappings: Optional[List["_models.EntityMapping"]] = None, - alert_details_override: Optional["_models.AlertDetailsOverride"] = None, - event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, - sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, - **kwargs - ): + self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs: Any + ) -> None: """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword tactics: The tactics of the alert rule. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] - :keyword query: The query that creates alerts for this rule. - :paramtype query: str - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword version: The version of this template - in format , where all are numbers. For - example <1.0.2>. - :paramtype version: str - :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :paramtype custom_details: dict[str, str] - :keyword entity_mappings: Array of the entity mappings of the alert rule. - :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :keyword alert_details_override: The alert details override settings. - :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :keyword event_grouping_settings: The event grouping settings. - :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :paramtype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str """ - super().__init__(**kwargs) - self.kind: str = "NRT" - self.alert_rules_created_by_template_count = alert_rules_created_by_template_count - self.last_updated_date_utc = None - self.created_date_utc = None - self.description = description - self.display_name = display_name - self.required_data_connectors = required_data_connectors - self.status = status - self.tactics = tactics - self.techniques = techniques - self.query = query - self.severity = severity - self.version = version - self.custom_details = custom_details - self.entity_mappings = entity_mappings - self.alert_details_override = alert_details_override - self.event_grouping_settings = event_grouping_settings - self.sentinel_entities_mappings = sentinel_entities_mappings + super().__init__(tenant_id=tenant_id, data_types=data_types, **kwargs) + self.data_types = data_types + self.tenant_id = tenant_id -class QueryBasedAlertRuleTemplateProperties(_serialization.Model): - """Query based alert rule template base property bag. +class MetadataAuthor(_serialization.Model): + """Publisher or creator of the content item. - :ivar query: The query that creates alerts for this rule. - :vartype query: str - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar version: The version of this template - in format , where all are numbers. For - example <1.0.2>. - :vartype version: str - :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :vartype custom_details: dict[str, str] - :ivar entity_mappings: Array of the entity mappings of the alert rule. - :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :ivar alert_details_override: The alert details override settings. - :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :ivar event_grouping_settings: The event grouping settings. - :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :vartype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + :ivar name: Name of the author. Company or person. + :vartype name: str + :ivar email: Email of author contact. + :vartype email: str + :ivar link: Link for author/vendor page. + :vartype link: str """ _attribute_map = { - "query": {"key": "query", "type": "str"}, - "severity": {"key": "severity", "type": "str"}, - "version": {"key": "version", "type": "str"}, - "custom_details": {"key": "customDetails", "type": "{str}"}, - "entity_mappings": {"key": "entityMappings", "type": "[EntityMapping]"}, - "alert_details_override": {"key": "alertDetailsOverride", "type": "AlertDetailsOverride"}, - "event_grouping_settings": {"key": "eventGroupingSettings", "type": "EventGroupingSettings"}, - "sentinel_entities_mappings": {"key": "sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, + "name": {"key": "name", "type": "str"}, + "email": {"key": "email", "type": "str"}, + "link": {"key": "link", "type": "str"}, } def __init__( - self, - *, - query: Optional[str] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - version: Optional[str] = None, - custom_details: Optional[Dict[str, str]] = None, - entity_mappings: Optional[List["_models.EntityMapping"]] = None, - alert_details_override: Optional["_models.AlertDetailsOverride"] = None, - event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, - sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, - **kwargs - ): + self, *, name: Optional[str] = None, email: Optional[str] = None, link: Optional[str] = None, **kwargs: Any + ) -> None: """ - :keyword query: The query that creates alerts for this rule. - :paramtype query: str - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword version: The version of this template - in format , where all are numbers. For - example <1.0.2>. - :paramtype version: str - :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :paramtype custom_details: dict[str, str] - :keyword entity_mappings: Array of the entity mappings of the alert rule. - :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :keyword alert_details_override: The alert details override settings. - :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :keyword event_grouping_settings: The event grouping settings. - :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :paramtype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + :keyword name: Name of the author. Company or person. + :paramtype name: str + :keyword email: Email of author contact. + :paramtype email: str + :keyword link: Link for author/vendor page. + :paramtype link: str """ super().__init__(**kwargs) - self.query = query - self.severity = severity - self.version = version - self.custom_details = custom_details - self.entity_mappings = entity_mappings - self.alert_details_override = alert_details_override - self.event_grouping_settings = event_grouping_settings - self.sentinel_entities_mappings = sentinel_entities_mappings - + self.name = name + self.email = email + self.link = link -class NrtAlertRuleTemplateProperties( - AlertRuleTemplateWithMitreProperties, QueryBasedAlertRuleTemplateProperties -): # pylint: disable=too-many-instance-attributes - """NRT alert rule template properties. - Variables are only populated by the server, and will be ignored when sending a request. +class MetadataCategories(_serialization.Model): + """ies for the solution content item. - :ivar query: The query that creates alerts for this rule. - :vartype query: str - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", and "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar version: The version of this template - in format , where all are numbers. For - example <1.0.2>. - :vartype version: str - :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :vartype custom_details: dict[str, str] - :ivar entity_mappings: Array of the entity mappings of the alert rule. - :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :ivar alert_details_override: The alert details override settings. - :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :ivar event_grouping_settings: The event grouping settings. - :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :vartype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar last_updated_date_utc: The last time that this alert rule template has been updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data sources for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", and - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :ivar techniques: The techniques of the alert rule. - :vartype techniques: list[str] + :ivar domains: domain for the solution content item. + :vartype domains: list[str] + :ivar verticals: Industry verticals for the solution content item. + :vartype verticals: list[str] """ - _validation = { - "last_updated_date_utc": {"readonly": True}, - "created_date_utc": {"readonly": True}, - } - _attribute_map = { - "query": {"key": "query", "type": "str"}, - "severity": {"key": "severity", "type": "str"}, - "version": {"key": "version", "type": "str"}, - "custom_details": {"key": "customDetails", "type": "{str}"}, - "entity_mappings": {"key": "entityMappings", "type": "[EntityMapping]"}, - "alert_details_override": {"key": "alertDetailsOverride", "type": "AlertDetailsOverride"}, - "event_grouping_settings": {"key": "eventGroupingSettings", "type": "EventGroupingSettings"}, - "sentinel_entities_mappings": {"key": "sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, - "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, - "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, - "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, - "description": {"key": "description", "type": "str"}, - "display_name": {"key": "displayName", "type": "str"}, - "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, - "status": {"key": "status", "type": "str"}, - "tactics": {"key": "tactics", "type": "[str]"}, - "techniques": {"key": "techniques", "type": "[str]"}, + "domains": {"key": "domains", "type": "[str]"}, + "verticals": {"key": "verticals", "type": "[str]"}, } def __init__( - self, - *, - query: Optional[str] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - version: Optional[str] = None, - custom_details: Optional[Dict[str, str]] = None, - entity_mappings: Optional[List["_models.EntityMapping"]] = None, - alert_details_override: Optional["_models.AlertDetailsOverride"] = None, - event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, - sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, - techniques: Optional[List[str]] = None, - **kwargs - ): + self, *, domains: Optional[List[str]] = None, verticals: Optional[List[str]] = None, **kwargs: Any + ) -> None: """ - :keyword query: The query that creates alerts for this rule. - :paramtype query: str - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", and "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword version: The version of this template - in format , where all are numbers. For - example <1.0.2>. - :paramtype version: str - :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the - alert. - :paramtype custom_details: dict[str, str] - :keyword entity_mappings: Array of the entity mappings of the alert rule. - :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] - :keyword alert_details_override: The alert details override settings. - :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride - :keyword event_grouping_settings: The event grouping settings. - :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings - :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. - :paramtype sentinel_entities_mappings: - list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data sources for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - and "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword tactics: The tactics of the alert rule. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] - :keyword techniques: The techniques of the alert rule. - :paramtype techniques: list[str] + :keyword domains: domain for the solution content item. + :paramtype domains: list[str] + :keyword verticals: Industry verticals for the solution content item. + :paramtype verticals: list[str] """ - super().__init__( - alert_rules_created_by_template_count=alert_rules_created_by_template_count, - description=description, - display_name=display_name, - required_data_connectors=required_data_connectors, - status=status, - tactics=tactics, - techniques=techniques, - query=query, - severity=severity, - version=version, - custom_details=custom_details, - entity_mappings=entity_mappings, - alert_details_override=alert_details_override, - event_grouping_settings=event_grouping_settings, - sentinel_entities_mappings=sentinel_entities_mappings, - **kwargs - ) - self.query = query - self.severity = severity - self.version = version - self.custom_details = custom_details - self.entity_mappings = entity_mappings - self.alert_details_override = alert_details_override - self.event_grouping_settings = event_grouping_settings - self.sentinel_entities_mappings = sentinel_entities_mappings - self.alert_rules_created_by_template_count = alert_rules_created_by_template_count - self.last_updated_date_utc = None - self.created_date_utc = None - self.description = description - self.display_name = display_name - self.required_data_connectors = required_data_connectors - self.status = status - self.tactics = tactics - self.techniques = techniques - + super().__init__(**kwargs) + self.domains = domains + self.verticals = verticals -class Office365ProjectCheckRequirements(DataConnectorsCheckRequirements): - """Represents Office365 Project requirements check request. - All required parameters must be populated in order to send to Azure. +class MetadataDependencies(_serialization.Model): + """Dependencies for the content item, what other content items it requires to work. Can describe + more complex dependencies using a recursive/nested structure. For a single dependency an + id/kind/version can be supplied or operator/criteria for complex dependencies. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str + :ivar content_id: Id of the content item we depend on. + :vartype content_id: str + :ivar kind: Type of the content item we depend on. Known values are: "DataConnector", + "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :vartype kind: str or ~azure.mgmt.securityinsight.models.Kind + :ivar version: Version of the the content item we depend on. Can be blank, * or missing to + indicate any version fulfills the dependency. If version does not match our defined numeric + format then an exact match is required. + :vartype version: str + :ivar name: Name of the content item. + :vartype name: str + :ivar operator: Operator used for list of dependencies in criteria array. Known values are: + "AND", "OR", "AND", and "OR". + :vartype operator: str or ~azure.mgmt.securityinsight.models.Operator + :ivar criteria: This is the list of dependencies we must fulfill, according to the AND/OR + operator. + :vartype criteria: list[~azure.mgmt.securityinsight.models.MetadataDependencies] """ - _validation = { - "kind": {"required": True}, - } - _attribute_map = { + "content_id": {"key": "contentId", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "operator": {"key": "operator", "type": "str"}, + "criteria": {"key": "criteria", "type": "[MetadataDependencies]"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str + def __init__( + self, + *, + content_id: Optional[str] = None, + kind: Optional[Union[str, "_models.Kind"]] = None, + version: Optional[str] = None, + name: Optional[str] = None, + operator: Optional[Union[str, "_models.Operator"]] = None, + criteria: Optional[List["_models.MetadataDependencies"]] = None, + **kwargs: Any + ) -> None: """ - super().__init__(**kwargs) - self.kind: str = "Office365Project" - self.tenant_id = tenant_id - - -class Office365ProjectCheckRequirementsProperties(DataConnectorTenantId): - """Office365 Project requirements check properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: str, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(tenant_id=tenant_id, **kwargs) - - -class Office365ProjectConnectorDataTypes(_serialization.Model): - """The available data types for Office Microsoft Project data connector. - - All required parameters must be populated in order to send to Azure. - - :ivar logs: Logs data type. Required. - :vartype logs: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypesLogs - """ - - _validation = { - "logs": {"required": True}, - } - - _attribute_map = { - "logs": {"key": "logs", "type": "Office365ProjectConnectorDataTypesLogs"}, - } - - def __init__(self, *, logs: "_models.Office365ProjectConnectorDataTypesLogs", **kwargs): - """ - :keyword logs: Logs data type. Required. - :paramtype logs: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypesLogs + :keyword content_id: Id of the content item we depend on. + :paramtype content_id: str + :keyword kind: Type of the content item we depend on. Known values are: "DataConnector", + "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :paramtype kind: str or ~azure.mgmt.securityinsight.models.Kind + :keyword version: Version of the the content item we depend on. Can be blank, * or missing to + indicate any version fulfills the dependency. If version does not match our defined numeric + format then an exact match is required. + :paramtype version: str + :keyword name: Name of the content item. + :paramtype name: str + :keyword operator: Operator used for list of dependencies in criteria array. Known values are: + "AND", "OR", "AND", and "OR". + :paramtype operator: str or ~azure.mgmt.securityinsight.models.Operator + :keyword criteria: This is the list of dependencies we must fulfill, according to the AND/OR + operator. + :paramtype criteria: list[~azure.mgmt.securityinsight.models.MetadataDependencies] """ super().__init__(**kwargs) - self.logs = logs + self.content_id = content_id + self.kind = kind + self.version = version + self.name = name + self.operator = operator + self.criteria = criteria -class Office365ProjectConnectorDataTypesLogs(DataConnectorDataTypeCommon): - """Logs data type. +class MetadataList(_serialization.Model): + """List of all the metadata. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :ivar value: Array of metadata. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.MetadataModel] + :ivar next_link: URL to fetch the next page of metadata. + :vartype next_link: str """ _validation = { - "state": {"required": True}, + "value": {"required": True}, + "next_link": {"readonly": True}, } _attribute_map = { - "state": {"key": "state", "type": "str"}, + "value": {"key": "value", "type": "[MetadataModel]"}, + "next_link": {"key": "nextLink", "type": "str"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__(self, *, value: List["_models.MetadataModel"], **kwargs: Any) -> None: """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword value: Array of metadata. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.MetadataModel] """ - super().__init__(state=state, **kwargs) + super().__init__(**kwargs) + self.value = value + self.next_link = None -class Office365ProjectDataConnector(DataConnector): - """Represents Office Microsoft Project data connector. +class MetadataModel(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Metadata resource definition. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -16401,18 +15485,55 @@ class Office365ProjectDataConnector(DataConnector): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes + :ivar content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :vartype content_id: str + :ivar parent_id: Full parent resource ID of the content item the metadata is for. This is the + full resource ID including the scope (subscription and resource group). + :vartype parent_id: str + :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, + 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we + cannot guarantee any version checks. + :vartype version: str + :ivar kind: The kind of content the metadata is for. + :vartype kind: str + :ivar source: Source of the content. This is where/how it was created. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The creator of the content item. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: Support information for the metadata - type, name, contact information. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: Dependencies for the content item, what other content items it requires to + work. Can describe more complex dependencies using a recursive/nested structure. For a single + dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar categories: Categories for the solution content item. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar providers: Providers for the solution content item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date solution content item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the solution content item. + :vartype last_publish_date: ~datetime.date + :ivar custom_version: The custom version of the content. A optional free text. + :vartype custom_version: str + :ivar content_schema_version: Schema version of the content. Can be used to distinguish between + different flow based on the schema version. + :vartype content_schema_version: str + :ivar icon: the icon identifier. this id can later be fetched from the solution template. + :vartype icon: str + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar preview_images: preview image file names. These will be taken from the solution + artifacts. + :vartype preview_images: list[str] + :ivar preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :vartype preview_images_dark: list[str] """ _validation = { @@ -16420,7 +15541,6 @@ class Office365ProjectDataConnector(DataConnector): "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, - "kind": {"required": True}, } _attribute_map = { @@ -16429,133 +15549,132 @@ class Office365ProjectDataConnector(DataConnector): "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "Office365ProjectConnectorDataTypes"}, + "content_id": {"key": "properties.contentId", "type": "str"}, + "parent_id": {"key": "properties.parentId", "type": "str"}, + "version": {"key": "properties.version", "type": "str"}, + "kind": {"key": "properties.kind", "type": "str"}, + "source": {"key": "properties.source", "type": "MetadataSource"}, + "author": {"key": "properties.author", "type": "MetadataAuthor"}, + "support": {"key": "properties.support", "type": "MetadataSupport"}, + "dependencies": {"key": "properties.dependencies", "type": "MetadataDependencies"}, + "categories": {"key": "properties.categories", "type": "MetadataCategories"}, + "providers": {"key": "properties.providers", "type": "[str]"}, + "first_publish_date": {"key": "properties.firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "properties.lastPublishDate", "type": "date"}, + "custom_version": {"key": "properties.customVersion", "type": "str"}, + "content_schema_version": {"key": "properties.contentSchemaVersion", "type": "str"}, + "icon": {"key": "properties.icon", "type": "str"}, + "threat_analysis_tactics": {"key": "properties.threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "properties.threatAnalysisTechniques", "type": "[str]"}, + "preview_images": {"key": "properties.previewImages", "type": "[str]"}, + "preview_images_dark": {"key": "properties.previewImagesDark", "type": "[str]"}, } - def __init__( + def __init__( # pylint: disable=too-many-locals self, *, etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.Office365ProjectConnectorDataTypes"] = None, - **kwargs - ): + content_id: Optional[str] = None, + parent_id: Optional[str] = None, + version: Optional[str] = None, + kind: Optional[str] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + categories: Optional["_models.MetadataCategories"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + custom_version: Optional[str] = None, + content_schema_version: Optional[str] = None, + icon: Optional[str] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + preview_images: Optional[List[str]] = None, + preview_images_dark: Optional[List[str]] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "Office365Project" - self.tenant_id = tenant_id - self.data_types = data_types - - -class Office365ProjectDataConnectorProperties(DataConnectorTenantId): - """Office Microsoft Project data connector properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes - """ - - _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "Office365ProjectConnectorDataTypes"}, - } - - def __init__(self, *, tenant_id: str, data_types: "_models.Office365ProjectConnectorDataTypes", **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes - """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.data_types = data_types - - -class OfficeATPCheckRequirements(DataConnectorsCheckRequirements): - """Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - """ - - _validation = { - "kind": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - """ - super().__init__(**kwargs) - self.kind: str = "OfficeATP" - self.tenant_id = tenant_id - - -class OfficeATPCheckRequirementsProperties(DataConnectorTenantId): - """OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: str, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str + :keyword content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :paramtype content_id: str + :keyword parent_id: Full parent resource ID of the content item the metadata is for. This is + the full resource ID including the scope (subscription and resource group). + :paramtype parent_id: str + :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, + 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then + we cannot guarantee any version checks. + :paramtype version: str + :keyword kind: The kind of content the metadata is for. + :paramtype kind: str + :keyword source: Source of the content. This is where/how it was created. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The creator of the content item. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: Support information for the metadata - type, name, contact information. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: Dependencies for the content item, what other content items it requires + to work. Can describe more complex dependencies using a recursive/nested structure. For a + single dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword categories: Categories for the solution content item. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword providers: Providers for the solution content item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date solution content item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the solution content item. + :paramtype last_publish_date: ~datetime.date + :keyword custom_version: The custom version of the content. A optional free text. + :paramtype custom_version: str + :keyword content_schema_version: Schema version of the content. Can be used to distinguish + between different flow based on the schema version. + :paramtype content_schema_version: str + :keyword icon: the icon identifier. this id can later be fetched from the solution template. + :paramtype icon: str + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword preview_images: preview image file names. These will be taken from the solution + artifacts. + :paramtype preview_images: list[str] + :keyword preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :paramtype preview_images_dark: list[str] """ - super().__init__(tenant_id=tenant_id, **kwargs) + super().__init__(etag=etag, **kwargs) + self.content_id = content_id + self.parent_id = parent_id + self.version = version + self.kind = kind + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.categories = categories + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.custom_version = custom_version + self.content_schema_version = content_schema_version + self.icon = icon + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.preview_images = preview_images + self.preview_images_dark = preview_images_dark -class OfficeATPDataConnector(DataConnector): - """Represents OfficeATP (Office 365 Advanced Threat Protection) data connector. +class MetadataPatch(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Metadata patch request body. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -16569,18 +15688,55 @@ class OfficeATPDataConnector(DataConnector): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :vartype content_id: str + :ivar parent_id: Full parent resource ID of the content item the metadata is for. This is the + full resource ID including the scope (subscription and resource group). + :vartype parent_id: str + :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, + 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we + cannot guarantee any version checks. + :vartype version: str + :ivar kind: The kind of content the metadata is for. + :vartype kind: str + :ivar source: Source of the content. This is where/how it was created. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The creator of the content item. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: Support information for the metadata - type, name, contact information. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: Dependencies for the content item, what other content items it requires to + work. Can describe more complex dependencies using a recursive/nested structure. For a single + dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar categories: Categories for the solution content item. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar providers: Providers for the solution content item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date solution content item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the solution content item. + :vartype last_publish_date: ~datetime.date + :ivar custom_version: The custom version of the content. A optional free text. + :vartype custom_version: str + :ivar content_schema_version: Schema version of the content. Can be used to distinguish between + different flow based on the schema version. + :vartype content_schema_version: str + :ivar icon: the icon identifier. this id can later be fetched from the solution template. + :vartype icon: str + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar preview_images: preview image file names. These will be taken from the solution + artifacts. + :vartype preview_images: list[str] + :ivar preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :vartype preview_images_dark: list[str] """ _validation = { @@ -16588,7 +15744,6 @@ class OfficeATPDataConnector(DataConnector): "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, - "kind": {"required": True}, } _attribute_map = { @@ -16597,329 +15752,322 @@ class OfficeATPDataConnector(DataConnector): "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "content_id": {"key": "properties.contentId", "type": "str"}, + "parent_id": {"key": "properties.parentId", "type": "str"}, + "version": {"key": "properties.version", "type": "str"}, + "kind": {"key": "properties.kind", "type": "str"}, + "source": {"key": "properties.source", "type": "MetadataSource"}, + "author": {"key": "properties.author", "type": "MetadataAuthor"}, + "support": {"key": "properties.support", "type": "MetadataSupport"}, + "dependencies": {"key": "properties.dependencies", "type": "MetadataDependencies"}, + "categories": {"key": "properties.categories", "type": "MetadataCategories"}, + "providers": {"key": "properties.providers", "type": "[str]"}, + "first_publish_date": {"key": "properties.firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "properties.lastPublishDate", "type": "date"}, + "custom_version": {"key": "properties.customVersion", "type": "str"}, + "content_schema_version": {"key": "properties.contentSchemaVersion", "type": "str"}, + "icon": {"key": "properties.icon", "type": "str"}, + "threat_analysis_tactics": {"key": "properties.threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "properties.threatAnalysisTechniques", "type": "[str]"}, + "preview_images": {"key": "properties.previewImages", "type": "[str]"}, + "preview_images_dark": {"key": "properties.previewImagesDark", "type": "[str]"}, } - def __init__( + def __init__( # pylint: disable=too-many-locals self, *, etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - **kwargs - ): + content_id: Optional[str] = None, + parent_id: Optional[str] = None, + version: Optional[str] = None, + kind: Optional[str] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + categories: Optional["_models.MetadataCategories"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + custom_version: Optional[str] = None, + content_schema_version: Optional[str] = None, + icon: Optional[str] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + preview_images: Optional[List[str]] = None, + preview_images_dark: Optional[List[str]] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "OfficeATP" - self.tenant_id = tenant_id - self.data_types = data_types - - -class OfficeATPDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): - """OfficeATP (Office 365 Advanced Threat Protection) data connector properties. - - All required parameters must be populated in order to send to Azure. - - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__( - self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs - ): - """ - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(tenant_id=tenant_id, data_types=data_types, **kwargs) - self.data_types = data_types - self.tenant_id = tenant_id + :keyword content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :paramtype content_id: str + :keyword parent_id: Full parent resource ID of the content item the metadata is for. This is + the full resource ID including the scope (subscription and resource group). + :paramtype parent_id: str + :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, + 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then + we cannot guarantee any version checks. + :paramtype version: str + :keyword kind: The kind of content the metadata is for. + :paramtype kind: str + :keyword source: Source of the content. This is where/how it was created. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The creator of the content item. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: Support information for the metadata - type, name, contact information. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: Dependencies for the content item, what other content items it requires + to work. Can describe more complex dependencies using a recursive/nested structure. For a + single dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword categories: Categories for the solution content item. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword providers: Providers for the solution content item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date solution content item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the solution content item. + :paramtype last_publish_date: ~datetime.date + :keyword custom_version: The custom version of the content. A optional free text. + :paramtype custom_version: str + :keyword content_schema_version: Schema version of the content. Can be used to distinguish + between different flow based on the schema version. + :paramtype content_schema_version: str + :keyword icon: the icon identifier. this id can later be fetched from the solution template. + :paramtype icon: str + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword preview_images: preview image file names. These will be taken from the solution + artifacts. + :paramtype preview_images: list[str] + :keyword preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :paramtype preview_images_dark: list[str] + """ + super().__init__(etag=etag, **kwargs) + self.content_id = content_id + self.parent_id = parent_id + self.version = version + self.kind = kind + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.categories = categories + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.custom_version = custom_version + self.content_schema_version = content_schema_version + self.icon = icon + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.preview_images = preview_images + self.preview_images_dark = preview_images_dark -class OfficeConsent(Resource): - """Consent for Office365 tenant that already made. +class MetadataSource(_serialization.Model): + """The original source of the content item, where it comes from. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. + :ivar kind: Source type of the content. Required. Known values are: "LocalWorkspace", + "Community", "Solution", and "SourceRepository". + :vartype kind: str or ~azure.mgmt.securityinsight.models.SourceKind + :ivar name: Name of the content source. The repo name, solution name, LA workspace name etc. :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar tenant_id: The tenantId of the Office365 with the consent. - :vartype tenant_id: str - :ivar consent_id: Help to easily cascade among the data layers. - :vartype consent_id: str + :ivar source_id: ID of the content source. The solution ID, workspace ID, etc. + :vartype source_id: str """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "consent_id": {"key": "properties.consentId", "type": "str"}, + "source_id": {"key": "sourceId", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, consent_id: Optional[str] = None, **kwargs): + def __init__( + self, + *, + kind: Union[str, "_models.SourceKind"], + name: Optional[str] = None, + source_id: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword tenant_id: The tenantId of the Office365 with the consent. - :paramtype tenant_id: str - :keyword consent_id: Help to easily cascade among the data layers. - :paramtype consent_id: str + :keyword kind: Source type of the content. Required. Known values are: "LocalWorkspace", + "Community", "Solution", and "SourceRepository". + :paramtype kind: str or ~azure.mgmt.securityinsight.models.SourceKind + :keyword name: Name of the content source. The repo name, solution name, LA workspace name + etc. + :paramtype name: str + :keyword source_id: ID of the content source. The solution ID, workspace ID, etc. + :paramtype source_id: str """ super().__init__(**kwargs) - self.tenant_id = tenant_id - self.consent_id = consent_id - + self.kind = kind + self.name = name + self.source_id = source_id -class OfficeConsentList(_serialization.Model): - """List of all the office365 consents. - Variables are only populated by the server, and will be ignored when sending a request. +class MetadataSupport(_serialization.Model): + """Support information for the content item. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of office consents. - :vartype next_link: str - :ivar value: Array of the consents. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.OfficeConsent] + :ivar tier: Type of support for content item. Required. Known values are: "Microsoft", + "Partner", and "Community". + :vartype tier: str or ~azure.mgmt.securityinsight.models.SupportTier + :ivar name: Name of the support contact. Company or person. + :vartype name: str + :ivar email: Email of support contact. + :vartype email: str + :ivar link: Link for support help, like to support page to open a ticket etc. + :vartype link: str """ _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, + "tier": {"required": True}, } _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[OfficeConsent]"}, + "tier": {"key": "tier", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "email": {"key": "email", "type": "str"}, + "link": {"key": "link", "type": "str"}, } - def __init__(self, *, value: List["_models.OfficeConsent"], **kwargs): + def __init__( + self, + *, + tier: Union[str, "_models.SupportTier"], + name: Optional[str] = None, + email: Optional[str] = None, + link: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword value: Array of the consents. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.OfficeConsent] + :keyword tier: Type of support for content item. Required. Known values are: "Microsoft", + "Partner", and "Community". + :paramtype tier: str or ~azure.mgmt.securityinsight.models.SupportTier + :keyword name: Name of the support contact. Company or person. + :paramtype name: str + :keyword email: Email of support contact. + :paramtype email: str + :keyword link: Link for support help, like to support page to open a ticket etc. + :paramtype link: str """ super().__init__(**kwargs) - self.next_link = None - self.value = value - + self.tier = tier + self.name = name + self.email = email + self.link = link -class OfficeDataConnector(DataConnector): - """Represents office data connector. - Variables are only populated by the server, and will be ignored when sending a request. +class MicrosoftPurviewInformationProtectionCheckRequirements(DataConnectorsCheckRequirements): + """Represents MicrosoftPurviewInformationProtection requirements check request. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes """ _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, "kind": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "OfficeDataConnectorDataTypes"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.OfficeDataConnectorDataTypes"] = None, - **kwargs - ): + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "Office365" + super().__init__(**kwargs) + self.kind: str = "MicrosoftPurviewInformationProtection" self.tenant_id = tenant_id - self.data_types = data_types -class OfficeDataConnectorDataTypes(_serialization.Model): - """The available data types for office data connector. +class MicrosoftPurviewInformationProtectionCheckRequirementsProperties(DataConnectorTenantId): + """MicrosoftPurviewInformationProtection requirements check properties. All required parameters must be populated in order to send to Azure. - :ivar exchange: Exchange data type connection. Required. - :vartype exchange: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesExchange - :ivar share_point: SharePoint data type connection. Required. - :vartype share_point: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesSharePoint - :ivar teams: Teams data type connection. Required. - :vartype teams: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesTeams + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str """ _validation = { - "exchange": {"required": True}, - "share_point": {"required": True}, - "teams": {"required": True}, + "tenant_id": {"required": True}, } _attribute_map = { - "exchange": {"key": "exchange", "type": "OfficeDataConnectorDataTypesExchange"}, - "share_point": {"key": "sharePoint", "type": "OfficeDataConnectorDataTypesSharePoint"}, - "teams": {"key": "teams", "type": "OfficeDataConnectorDataTypesTeams"}, + "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__( - self, - *, - exchange: "_models.OfficeDataConnectorDataTypesExchange", - share_point: "_models.OfficeDataConnectorDataTypesSharePoint", - teams: "_models.OfficeDataConnectorDataTypesTeams", - **kwargs - ): - """ - :keyword exchange: Exchange data type connection. Required. - :paramtype exchange: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesExchange - :keyword share_point: SharePoint data type connection. Required. - :paramtype share_point: - ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesSharePoint - :keyword teams: Teams data type connection. Required. - :paramtype teams: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesTeams - """ - super().__init__(**kwargs) - self.exchange = exchange - self.share_point = share_point - self.teams = teams - - -class OfficeDataConnectorDataTypesExchange(DataConnectorDataTypeCommon): - """Exchange data type connection. - - All required parameters must be populated in order to send to Azure. - - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - - _validation = { - "state": {"required": True}, - } - - _attribute_map = { - "state": {"key": "state", "type": "str"}, - } - - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str """ - super().__init__(state=state, **kwargs) + super().__init__(tenant_id=tenant_id, **kwargs) -class OfficeDataConnectorDataTypesSharePoint(DataConnectorDataTypeCommon): - """SharePoint data type connection. +class MicrosoftPurviewInformationProtectionConnectorDataTypes(_serialization.Model): + """The available data types for Microsoft Purview Information Protection data connector. All required parameters must be populated in order to send to Azure. - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :ivar logs: Logs data type. Required. + :vartype logs: + ~azure.mgmt.securityinsight.models.MicrosoftPurviewInformationProtectionConnectorDataTypesLogs """ _validation = { - "state": {"required": True}, + "logs": {"required": True}, } _attribute_map = { - "state": {"key": "state", "type": "str"}, + "logs": {"key": "logs", "type": "MicrosoftPurviewInformationProtectionConnectorDataTypesLogs"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__( + self, *, logs: "_models.MicrosoftPurviewInformationProtectionConnectorDataTypesLogs", **kwargs: Any + ) -> None: """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword logs: Logs data type. Required. + :paramtype logs: + ~azure.mgmt.securityinsight.models.MicrosoftPurviewInformationProtectionConnectorDataTypesLogs """ - super().__init__(state=state, **kwargs) + super().__init__(**kwargs) + self.logs = logs -class OfficeDataConnectorDataTypesTeams(DataConnectorDataTypeCommon): - """Teams data type connection. +class MicrosoftPurviewInformationProtectionConnectorDataTypesLogs(DataConnectorDataTypeCommon): + """Logs data type. All required parameters must be populated in order to send to Azure. @@ -16936,7 +16084,7 @@ class OfficeDataConnectorDataTypesTeams(DataConnectorDataTypeCommon): "state": {"key": "state", "type": "str"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: """ :keyword state: Describe whether this data type connection is enabled or not. Required. Known values are: "Enabled" and "Disabled". @@ -16945,101 +16093,8 @@ def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): super().__init__(state=state, **kwargs) -class OfficeDataConnectorProperties(DataConnectorTenantId): - """Office data connector properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes - """ - - _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "OfficeDataConnectorDataTypes"}, - } - - def __init__(self, *, tenant_id: str, data_types: "_models.OfficeDataConnectorDataTypes", **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes - """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.data_types = data_types - - -class OfficeIRMCheckRequirements(DataConnectorsCheckRequirements): - """Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - """ - - _validation = { - "kind": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - """ - super().__init__(**kwargs) - self.kind: str = "OfficeIRM" - self.tenant_id = tenant_id - - -class OfficeIRMCheckRequirementsProperties(DataConnectorTenantId): - """OfficeIRM (Microsoft Insider Risk Management) requirements check properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: str, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - """ - super().__init__(tenant_id=tenant_id, **kwargs) - - -class OfficeIRMDataConnector(DataConnector): - """Represents OfficeIRM (Microsoft Insider Risk Management) data connector. +class MicrosoftPurviewInformationProtectionDataConnector(DataConnector): + """Represents Microsoft Purview Information Protection data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -17061,15 +16116,16 @@ class OfficeIRMDataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :vartype data_types: + ~azure.mgmt.securityinsight.models.MicrosoftPurviewInformationProtectionConnectorDataTypes """ _validation = { @@ -17088,7 +16144,10 @@ class OfficeIRMDataConnector(DataConnector): "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "data_types": { + "key": "properties.dataTypes", + "type": "MicrosoftPurviewInformationProtectionConnectorDataTypes", + }, } def __init__( @@ -17096,173 +16155,362 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - **kwargs - ): + data_types: Optional["_models.MicrosoftPurviewInformationProtectionConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :paramtype data_types: + ~azure.mgmt.securityinsight.models.MicrosoftPurviewInformationProtectionConnectorDataTypes """ super().__init__(etag=etag, **kwargs) - self.kind: str = "OfficeIRM" + self.kind: str = "MicrosoftPurviewInformationProtection" self.tenant_id = tenant_id self.data_types = data_types -class OfficeIRMDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): - """OfficeIRM (Microsoft Insider Risk Management) data connector properties. +class MicrosoftPurviewInformationProtectionDataConnectorProperties(DataConnectorTenantId): + """Microsoft Purview Information Protection data connector properties. All required parameters must be populated in order to send to Azure. - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector :ivar tenant_id: The tenant id to connect to, and get the data from. Required. :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: + ~azure.mgmt.securityinsight.models.MicrosoftPurviewInformationProtectionConnectorDataTypes """ _validation = { "tenant_id": {"required": True}, + "data_types": {"required": True}, } _attribute_map = { - "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "MicrosoftPurviewInformationProtectionConnectorDataTypes"}, } def __init__( - self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs - ): + self, + *, + tenant_id: str, + data_types: "_models.MicrosoftPurviewInformationProtectionConnectorDataTypes", + **kwargs: Any + ) -> None: """ - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector :keyword tenant_id: The tenant id to connect to, and get the data from. Required. :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: + ~azure.mgmt.securityinsight.models.MicrosoftPurviewInformationProtectionConnectorDataTypes """ - super().__init__(tenant_id=tenant_id, data_types=data_types, **kwargs) + super().__init__(tenant_id=tenant_id, **kwargs) self.data_types = data_types - self.tenant_id = tenant_id -class OfficePowerBICheckRequirements(DataConnectorsCheckRequirements): - """Represents Office PowerBI requirements check request. +class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes + """Represents MicrosoftSecurityIncidentCreation rule. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. + :vartype display_names_filter: list[str] + :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :vartype display_names_exclude_filter: list[str] + :ivar product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". + :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :ivar severities_filter: the alerts' severities on which the cases will be generated. + :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. + :vartype alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. + :vartype display_name: str + :ivar enabled: Determines whether this alert rule is enabled or disabled. + :vartype enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime """ _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, "kind": {"required": True}, + "last_modified_utc": {"readonly": True}, } _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "display_names_filter": {"key": "properties.displayNamesFilter", "type": "[str]"}, + "display_names_exclude_filter": {"key": "properties.displayNamesExcludeFilter", "type": "[str]"}, + "product_filter": {"key": "properties.productFilter", "type": "str"}, + "severities_filter": {"key": "properties.severitiesFilter", "type": "[str]"}, + "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "enabled": {"key": "properties.enabled", "type": "bool"}, + "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - """ - super().__init__(**kwargs) - self.kind: str = "OfficePowerBI" - self.tenant_id = tenant_id - - -class OfficePowerBICheckRequirementsProperties(DataConnectorTenantId): - """Office PowerBI requirements check properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - """ - - _validation = { - "tenant_id": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - } - - def __init__(self, *, tenant_id: str, **kwargs): + def __init__( + self, + *, + etag: Optional[str] = None, + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, + severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + alert_rule_template_name: Optional[str] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + enabled: Optional[bool] = None, + **kwargs: Any + ) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. + :paramtype display_names_filter: list[str] + :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :paramtype display_names_exclude_filter: list[str] + :keyword product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". + :paramtype product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :keyword severities_filter: the alerts' severities on which the cases will be generated. + :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :keyword alert_rule_template_name: The Name of the alert rule template used to create this + rule. + :paramtype alert_rule_template_name: str + :keyword description: The description of the alert rule. + :paramtype description: str + :keyword display_name: The display name for alerts created by this alert rule. + :paramtype display_name: str + :keyword enabled: Determines whether this alert rule is enabled or disabled. + :paramtype enabled: bool """ - super().__init__(tenant_id=tenant_id, **kwargs) + super().__init__(etag=etag, **kwargs) + self.kind: str = "MicrosoftSecurityIncidentCreation" + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter + self.alert_rule_template_name = alert_rule_template_name + self.description = description + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None -class OfficePowerBIConnectorDataTypes(_serialization.Model): - """The available data types for Office Microsoft PowerBI data connector. +class MicrosoftSecurityIncidentCreationAlertRuleCommonProperties(_serialization.Model): + """MicrosoftSecurityIncidentCreation rule common property bag. All required parameters must be populated in order to send to Azure. - :ivar logs: Logs data type. Required. - :vartype logs: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypesLogs + :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. + :vartype display_names_filter: list[str] + :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :vartype display_names_exclude_filter: list[str] + :ivar product_filter: The alerts' productName on which the cases will be generated. Required. + Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced + Threat Protection", "Azure Active Directory Identity Protection", "Azure Security Center for + IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat + Protection". + :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :ivar severities_filter: the alerts' severities on which the cases will be generated. + :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] """ _validation = { - "logs": {"required": True}, + "product_filter": {"required": True}, } _attribute_map = { - "logs": {"key": "logs", "type": "OfficePowerBIConnectorDataTypesLogs"}, + "display_names_filter": {"key": "displayNamesFilter", "type": "[str]"}, + "display_names_exclude_filter": {"key": "displayNamesExcludeFilter", "type": "[str]"}, + "product_filter": {"key": "productFilter", "type": "str"}, + "severities_filter": {"key": "severitiesFilter", "type": "[str]"}, } - def __init__(self, *, logs: "_models.OfficePowerBIConnectorDataTypesLogs", **kwargs): + def __init__( + self, + *, + product_filter: Union[str, "_models.MicrosoftSecurityProductName"], + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + **kwargs: Any + ) -> None: """ - :keyword logs: Logs data type. Required. - :paramtype logs: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypesLogs + :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. + :paramtype display_names_filter: list[str] + :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :paramtype display_names_exclude_filter: list[str] + :keyword product_filter: The alerts' productName on which the cases will be generated. + Required. Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure + Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security + Center for IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced + Threat Protection". + :paramtype product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :keyword severities_filter: the alerts' severities on which the cases will be generated. + :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] """ super().__init__(**kwargs) - self.logs = logs + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter -class OfficePowerBIConnectorDataTypesLogs(DataConnectorDataTypeCommon): - """Logs data type. +class MicrosoftSecurityIncidentCreationAlertRuleProperties(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties): + """MicrosoftSecurityIncidentCreation rule property bag. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. + :vartype display_names_filter: list[str] + :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :vartype display_names_exclude_filter: list[str] + :ivar product_filter: The alerts' productName on which the cases will be generated. Required. + Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced + Threat Protection", "Azure Active Directory Identity Protection", "Azure Security Center for + IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat + Protection". + :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :ivar severities_filter: the alerts' severities on which the cases will be generated. + :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. + :vartype alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. Required. + :vartype display_name: str + :ivar enabled: Determines whether this alert rule is enabled or disabled. Required. + :vartype enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime """ _validation = { - "state": {"required": True}, + "product_filter": {"required": True}, + "display_name": {"required": True}, + "enabled": {"required": True}, + "last_modified_utc": {"readonly": True}, } _attribute_map = { - "state": {"key": "state", "type": "str"}, + "display_names_filter": {"key": "displayNamesFilter", "type": "[str]"}, + "display_names_exclude_filter": {"key": "displayNamesExcludeFilter", "type": "[str]"}, + "product_filter": {"key": "productFilter", "type": "str"}, + "severities_filter": {"key": "severitiesFilter", "type": "[str]"}, + "alert_rule_template_name": {"key": "alertRuleTemplateName", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "enabled": {"key": "enabled", "type": "bool"}, + "last_modified_utc": {"key": "lastModifiedUtc", "type": "iso-8601"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__( + self, + *, + product_filter: Union[str, "_models.MicrosoftSecurityProductName"], + display_name: str, + enabled: bool, + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + alert_rule_template_name: Optional[str] = None, + description: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. + :paramtype display_names_filter: list[str] + :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :paramtype display_names_exclude_filter: list[str] + :keyword product_filter: The alerts' productName on which the cases will be generated. + Required. Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure + Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security + Center for IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced + Threat Protection". + :paramtype product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :keyword severities_filter: the alerts' severities on which the cases will be generated. + :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :keyword alert_rule_template_name: The Name of the alert rule template used to create this + rule. + :paramtype alert_rule_template_name: str + :keyword description: The description of the alert rule. + :paramtype description: str + :keyword display_name: The display name for alerts created by this alert rule. Required. + :paramtype display_name: str + :keyword enabled: Determines whether this alert rule is enabled or disabled. Required. + :paramtype enabled: bool """ - super().__init__(state=state, **kwargs) + super().__init__( + display_names_filter=display_names_filter, + display_names_exclude_filter=display_names_exclude_filter, + product_filter=product_filter, + severities_filter=severities_filter, + **kwargs + ) + self.alert_rule_template_name = alert_rule_template_name + self.description = description + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None -class OfficePowerBIDataConnector(DataConnector): - """Represents Office Microsoft PowerBI data connector. +class MicrosoftSecurityIncidentCreationAlertRuleTemplate( + AlertRuleTemplate +): # pylint: disable=too-many-instance-attributes + """Represents MicrosoftSecurityIncidentCreation rule template. Variables are only populated by the server, and will be ignored when sending a request. @@ -17279,441 +16527,644 @@ class OfficePowerBIDataConnector(DataConnector): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes - """ - - _validation = { - "id": {"readonly": True}, - "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, - } - - _attribute_map = { - "id": {"key": "id", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "OfficePowerBIConnectorDataTypes"}, - } - - def __init__( - self, - *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.OfficePowerBIConnectorDataTypes"] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes - """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "OfficePowerBI" - self.tenant_id = tenant_id - self.data_types = data_types - - -class OfficePowerBIDataConnectorProperties(DataConnectorTenantId): - """Office Microsoft PowerBI data connector properties. - - All required parameters must be populated in order to send to Azure. - - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. + :vartype display_names_filter: list[str] + :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :vartype display_names_exclude_filter: list[str] + :ivar product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". + :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :ivar severities_filter: the alerts' severities on which the cases will be generated. + :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] """ _validation = { - "tenant_id": {"required": True}, - "data_types": {"required": True}, - } - - _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "OfficePowerBIConnectorDataTypes"}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, } - def __init__(self, *, tenant_id: str, data_types: "_models.OfficePowerBIConnectorDataTypes", **kwargs): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes - """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.data_types = data_types - - -class Operation(_serialization.Model): - """Operation provided by provider. - - :ivar display: Properties of the operation. - :vartype display: ~azure.mgmt.securityinsight.models.OperationDisplay - :ivar name: Name of the operation. - :vartype name: str - :ivar origin: The origin of the operation. - :vartype origin: str - :ivar is_data_action: Indicates whether the operation is a data action. - :vartype is_data_action: bool - """ - _attribute_map = { - "display": {"key": "display", "type": "OperationDisplay"}, + "id": {"key": "id", "type": "str"}, "name": {"key": "name", "type": "str"}, - "origin": {"key": "origin", "type": "str"}, - "is_data_action": {"key": "isDataAction", "type": "bool"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "required_data_connectors": { + "key": "properties.requiredDataConnectors", + "type": "[AlertRuleTemplateDataSource]", + }, + "status": {"key": "properties.status", "type": "str"}, + "display_names_filter": {"key": "properties.displayNamesFilter", "type": "[str]"}, + "display_names_exclude_filter": {"key": "properties.displayNamesExcludeFilter", "type": "[str]"}, + "product_filter": {"key": "properties.productFilter", "type": "str"}, + "severities_filter": {"key": "properties.severitiesFilter", "type": "[str]"}, } def __init__( self, *, - display: Optional["_models.OperationDisplay"] = None, - name: Optional[str] = None, - origin: Optional[str] = None, - is_data_action: Optional[bool] = None, - **kwargs - ): + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, + severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + **kwargs: Any + ) -> None: """ - :keyword display: Properties of the operation. - :paramtype display: ~azure.mgmt.securityinsight.models.OperationDisplay - :keyword name: Name of the operation. - :paramtype name: str - :keyword origin: The origin of the operation. - :paramtype origin: str - :keyword is_data_action: Indicates whether the operation is a data action. - :paramtype is_data_action: bool + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. + :paramtype display_names_filter: list[str] + :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :paramtype display_names_exclude_filter: list[str] + :keyword product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". + :paramtype product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :keyword severities_filter: the alerts' severities on which the cases will be generated. + :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] """ super().__init__(**kwargs) - self.display = display - self.name = name - self.origin = origin - self.is_data_action = is_data_action + self.kind: str = "MicrosoftSecurityIncidentCreation" + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.last_updated_date_utc = None + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter -class OperationDisplay(_serialization.Model): - """Properties of the operation. +class MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties( + AlertRuleTemplatePropertiesBase +): # pylint: disable=too-many-instance-attributes + """MicrosoftSecurityIncidentCreation rule template properties. - :ivar description: Description of the operation. + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. :vartype description: str - :ivar operation: Operation name. - :vartype operation: str - :ivar provider: Provider name. - :vartype provider: str - :ivar resource: Resource name. - :vartype resource: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. + :vartype display_names_filter: list[str] + :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :vartype display_names_exclude_filter: list[str] + :ivar product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". + :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :ivar severities_filter: the alerts' severities on which the cases will be generated. + :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] """ + _validation = { + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, + } + _attribute_map = { + "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, "description": {"key": "description", "type": "str"}, - "operation": {"key": "operation", "type": "str"}, - "provider": {"key": "provider", "type": "str"}, - "resource": {"key": "resource", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, + "status": {"key": "status", "type": "str"}, + "display_names_filter": {"key": "displayNamesFilter", "type": "[str]"}, + "display_names_exclude_filter": {"key": "displayNamesExcludeFilter", "type": "[str]"}, + "product_filter": {"key": "productFilter", "type": "str"}, + "severities_filter": {"key": "severitiesFilter", "type": "[str]"}, } def __init__( self, *, + alert_rules_created_by_template_count: Optional[int] = None, description: Optional[str] = None, - operation: Optional[str] = None, - provider: Optional[str] = None, - resource: Optional[str] = None, - **kwargs - ): + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, + severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + **kwargs: Any + ) -> None: """ - :keyword description: Description of the operation. - :paramtype description: str - :keyword operation: Operation name. - :paramtype operation: str - :keyword provider: Provider name. - :paramtype provider: str - :keyword resource: Resource name. - :paramtype resource: str + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. + :paramtype display_names_filter: list[str] + :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :paramtype display_names_exclude_filter: list[str] + :keyword product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". + :paramtype product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :keyword severities_filter: the alerts' severities on which the cases will be generated. + :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] """ - super().__init__(**kwargs) - self.description = description - self.operation = operation - self.provider = provider - self.resource = resource + super().__init__( + alert_rules_created_by_template_count=alert_rules_created_by_template_count, + description=description, + display_name=display_name, + required_data_connectors=required_data_connectors, + status=status, + **kwargs + ) + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter -class OperationsList(_serialization.Model): - """Lists the operations available in the SecurityInsights RP. +class MLBehaviorAnalyticsAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes + """Represents MLBehaviorAnalytics alert rule. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of operations. - :vartype next_link: str - :ivar value: Array of operations. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.Operation] + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. + :vartype alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. + :vartype display_name: str + :ivar enabled: Determines whether this alert rule is enabled or disabled. + :vartype enabled: bool + :ivar last_modified_utc: The last time that this alert rule has been modified. + :vartype last_modified_utc: ~datetime.datetime + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] """ _validation = { - "next_link": {"readonly": True}, - "value": {"required": True}, - } - - _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[Operation]"}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "description": {"readonly": True}, + "display_name": {"readonly": True}, + "last_modified_utc": {"readonly": True}, + "severity": {"readonly": True}, + "tactics": {"readonly": True}, + "techniques": {"readonly": True}, } - def __init__(self, *, value: List["_models.Operation"], **kwargs): - """ - :keyword value: Array of operations. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.Operation] - """ - super().__init__(**kwargs) - self.next_link = None - self.value = value - - -class Permissions(_serialization.Model): - """Permissions required for the connector. - - :ivar resource_provider: Resource provider permissions required for the connector. - :vartype resource_provider: - list[~azure.mgmt.securityinsight.models.PermissionsResourceProviderItem] - :ivar customs: Customs permissions required for the connector. - :vartype customs: list[~azure.mgmt.securityinsight.models.PermissionsCustomsItem] - """ - _attribute_map = { - "resource_provider": {"key": "resourceProvider", "type": "[PermissionsResourceProviderItem]"}, - "customs": {"key": "customs", "type": "[PermissionsCustomsItem]"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "enabled": {"key": "properties.enabled", "type": "bool"}, + "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, + "severity": {"key": "properties.severity", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, } def __init__( self, *, - resource_provider: Optional[List["_models.PermissionsResourceProviderItem"]] = None, - customs: Optional[List["_models.PermissionsCustomsItem"]] = None, - **kwargs - ): + etag: Optional[str] = None, + alert_rule_template_name: Optional[str] = None, + enabled: Optional[bool] = None, + **kwargs: Any + ) -> None: """ - :keyword resource_provider: Resource provider permissions required for the connector. - :paramtype resource_provider: - list[~azure.mgmt.securityinsight.models.PermissionsResourceProviderItem] - :keyword customs: Customs permissions required for the connector. - :paramtype customs: list[~azure.mgmt.securityinsight.models.PermissionsCustomsItem] + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword alert_rule_template_name: The Name of the alert rule template used to create this + rule. + :paramtype alert_rule_template_name: str + :keyword enabled: Determines whether this alert rule is enabled or disabled. + :paramtype enabled: bool """ - super().__init__(**kwargs) - self.resource_provider = resource_provider - self.customs = customs + super().__init__(etag=etag, **kwargs) + self.kind: str = "MLBehaviorAnalytics" + self.alert_rule_template_name = alert_rule_template_name + self.description = None + self.display_name = None + self.enabled = enabled + self.last_modified_utc = None + self.severity = None + self.tactics = None + self.techniques = None -class PermissionsCustomsItem(Customs): - """PermissionsCustomsItem. +class MLBehaviorAnalyticsAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes + """Represents MLBehaviorAnalytics alert rule template. - :ivar name: Customs permissions name. + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. :vartype name: str - :ivar description: Customs permissions description. + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity """ + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, + } + _attribute_map = { + "id": {"key": "id", "type": "str"}, "name": {"key": "name", "type": "str"}, - "description": {"key": "description", "type": "str"}, - } - - def __init__(self, *, name: Optional[str] = None, description: Optional[str] = None, **kwargs): - """ - :keyword name: Customs permissions name. - :paramtype name: str - :keyword description: Customs permissions description. - :paramtype description: str - """ - super().__init__(name=name, description=description, **kwargs) - - -class ResourceProvider(_serialization.Model): - """Resource provider permissions required for the connector. - - :ivar provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", - "Microsoft.OperationalInsights/workspaces", - "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", - "Microsoft.OperationalInsights/workspaces/sharedKeys", and - "Microsoft.Authorization/policyAssignments". - :vartype provider: str or ~azure.mgmt.securityinsight.models.ProviderName - :ivar permissions_display_text: Permission description text. - :vartype permissions_display_text: str - :ivar provider_display_name: Permission provider display name. - :vartype provider_display_name: str - :ivar scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", and - "Workspace". - :vartype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope - :ivar required_permissions: Required permissions for the connector. - :vartype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions - """ - - _attribute_map = { - "provider": {"key": "provider", "type": "str"}, - "permissions_display_text": {"key": "permissionsDisplayText", "type": "str"}, - "provider_display_name": {"key": "providerDisplayName", "type": "str"}, - "scope": {"key": "scope", "type": "str"}, - "required_permissions": {"key": "requiredPermissions", "type": "RequiredPermissions"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "required_data_connectors": { + "key": "properties.requiredDataConnectors", + "type": "[AlertRuleTemplateDataSource]", + }, + "status": {"key": "properties.status", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + "severity": {"key": "properties.severity", "type": "str"}, } def __init__( self, *, - provider: Optional[Union[str, "_models.ProviderName"]] = None, - permissions_display_text: Optional[str] = None, - provider_display_name: Optional[str] = None, - scope: Optional[Union[str, "_models.PermissionProviderScope"]] = None, - required_permissions: Optional["_models.RequiredPermissions"] = None, - **kwargs - ): + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + **kwargs: Any + ) -> None: """ - :keyword provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", - "Microsoft.OperationalInsights/workspaces", - "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", - "Microsoft.OperationalInsights/workspaces/sharedKeys", and - "Microsoft.Authorization/policyAssignments". - :paramtype provider: str or ~azure.mgmt.securityinsight.models.ProviderName - :keyword permissions_display_text: Permission description text. - :paramtype permissions_display_text: str - :keyword provider_display_name: Permission provider display name. - :paramtype provider_display_name: str - :keyword scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", - and "Workspace". - :paramtype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope - :keyword required_permissions: Required permissions for the connector. - :paramtype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword tactics: The tactics of the alert rule. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity """ super().__init__(**kwargs) - self.provider = provider - self.permissions_display_text = permissions_display_text - self.provider_display_name = provider_display_name - self.scope = scope - self.required_permissions = required_permissions + self.kind: str = "MLBehaviorAnalytics" + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.last_updated_date_utc = None + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.tactics = tactics + self.techniques = techniques + self.severity = severity -class PermissionsResourceProviderItem(ResourceProvider): - """PermissionsResourceProviderItem. +class MLBehaviorAnalyticsAlertRuleTemplateProperties(AlertRuleTemplateWithMitreProperties): + """MLBehaviorAnalytics alert rule template properties. - :ivar provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", - "Microsoft.OperationalInsights/workspaces", - "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", - "Microsoft.OperationalInsights/workspaces/sharedKeys", and - "Microsoft.Authorization/policyAssignments". - :vartype provider: str or ~azure.mgmt.securityinsight.models.ProviderName - :ivar permissions_display_text: Permission description text. - :vartype permissions_display_text: str - :ivar provider_display_name: Permission provider display name. - :vartype provider_display_name: str - :ivar scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", and - "Workspace". - :vartype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope - :ivar required_permissions: Required permissions for the connector. - :vartype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + :ivar severity: The severity for alerts created by this alert rule. Required. Known values are: + "High", "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity """ + _validation = { + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, + "severity": {"required": True}, + } + _attribute_map = { - "provider": {"key": "provider", "type": "str"}, - "permissions_display_text": {"key": "permissionsDisplayText", "type": "str"}, - "provider_display_name": {"key": "providerDisplayName", "type": "str"}, - "scope": {"key": "scope", "type": "str"}, - "required_permissions": {"key": "requiredPermissions", "type": "RequiredPermissions"}, + "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, + "description": {"key": "description", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, + "status": {"key": "status", "type": "str"}, + "tactics": {"key": "tactics", "type": "[str]"}, + "techniques": {"key": "techniques", "type": "[str]"}, + "severity": {"key": "severity", "type": "str"}, } def __init__( self, *, - provider: Optional[Union[str, "_models.ProviderName"]] = None, - permissions_display_text: Optional[str] = None, - provider_display_name: Optional[str] = None, - scope: Optional[Union[str, "_models.PermissionProviderScope"]] = None, - required_permissions: Optional["_models.RequiredPermissions"] = None, - **kwargs - ): + severity: Union[str, "_models.AlertSeverity"], + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + **kwargs: Any + ) -> None: """ - :keyword provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", - "Microsoft.OperationalInsights/workspaces", - "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", - "Microsoft.OperationalInsights/workspaces/sharedKeys", and - "Microsoft.Authorization/policyAssignments". - :paramtype provider: str or ~azure.mgmt.securityinsight.models.ProviderName - :keyword permissions_display_text: Permission description text. - :paramtype permissions_display_text: str - :keyword provider_display_name: Permission provider display name. - :paramtype provider_display_name: str - :keyword scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", - and "Workspace". - :paramtype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope - :keyword required_permissions: Required permissions for the connector. - :paramtype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword tactics: The tactics of the alert rule. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + :keyword severity: The severity for alerts created by this alert rule. Required. Known values + are: "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity """ super().__init__( - provider=provider, - permissions_display_text=permissions_display_text, - provider_display_name=provider_display_name, - scope=scope, - required_permissions=required_permissions, + alert_rules_created_by_template_count=alert_rules_created_by_template_count, + description=description, + display_name=display_name, + required_data_connectors=required_data_connectors, + status=status, + tactics=tactics, + techniques=techniques, **kwargs ) + self.severity = severity -class PlaybookActionProperties(_serialization.Model): - """PlaybookActionProperties. +class MSTICheckRequirements(DataConnectorsCheckRequirements): + """Represents Microsoft Threat Intelligence requirements check request. - :ivar logic_app_resource_id: The resource id of the playbook resource. - :vartype logic_app_resource_id: str - :ivar tenant_id: The tenant id of the playbook resource. + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str """ + _validation = { + "kind": {"required": True}, + } + _attribute_map = { - "logic_app_resource_id": {"key": "logicAppResourceId", "type": "str"}, - "tenant_id": {"key": "tenantId", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, } - def __init__(self, *, logic_app_resource_id: Optional[str] = None, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword logic_app_resource_id: The resource id of the playbook resource. - :paramtype logic_app_resource_id: str - :keyword tenant_id: The tenant id of the playbook resource. + :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str """ super().__init__(**kwargs) - self.logic_app_resource_id = logic_app_resource_id + self.kind: str = "MicrosoftThreatIntelligence" self.tenant_id = tenant_id -class ProcessEntity(Entity): # pylint: disable=too-many-instance-attributes - """Represents a process entity. - - Variables are only populated by the server, and will be ignored when sending a request. +class MSTICheckRequirementsProperties(DataConnectorTenantId): + """Microsoft Threat Intelligence requirements check properties. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class MSTIDataConnector(DataConnector): + """Represents Microsoft Threat Intelligence data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str :ivar name: The name of the resource. :vartype name: str @@ -17723,36 +17174,20 @@ class ProcessEntity(Entity): # pylint: disable=too-many-instance-attributes :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar account_entity_id: The account entity id running the processes. - :vartype account_entity_id: str - :ivar command_line: The command line used to create the process. - :vartype command_line: str - :ivar creation_time_utc: The time when the process started to run. - :vartype creation_time_utc: ~datetime.datetime - :ivar elevation_token: The elevation token associated with the process. Known values are: - "Default", "Full", and "Limited". - :vartype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken - :ivar host_entity_id: The host entity id on which the process was running. - :vartype host_entity_id: str - :ivar host_logon_session_entity_id: The session entity id in which the process was running. - :vartype host_logon_session_entity_id: str - :ivar image_file_entity_id: Image file entity id. - :vartype image_file_entity_id: str - :ivar parent_process_entity_id: The parent process entity id. - :vartype parent_process_entity_id: str - :ivar process_id: The process ID. - :vartype process_id: str + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes """ _validation = { @@ -17761,16 +17196,6 @@ class ProcessEntity(Entity): # pylint: disable=too-many-instance-attributes "type": {"readonly": True}, "system_data": {"readonly": True}, "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "account_entity_id": {"readonly": True}, - "command_line": {"readonly": True}, - "creation_time_utc": {"readonly": True}, - "host_entity_id": {"readonly": True}, - "host_logon_session_entity_id": {"readonly": True}, - "image_file_entity_id": {"readonly": True}, - "parent_process_entity_id": {"readonly": True}, - "process_id": {"readonly": True}, } _attribute_map = { @@ -17778,116 +17203,4812 @@ class ProcessEntity(Entity): # pylint: disable=too-many-instance-attributes "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "account_entity_id": {"key": "properties.accountEntityId", "type": "str"}, - "command_line": {"key": "properties.commandLine", "type": "str"}, - "creation_time_utc": {"key": "properties.creationTimeUtc", "type": "iso-8601"}, - "elevation_token": {"key": "properties.elevationToken", "type": "str"}, - "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, - "host_logon_session_entity_id": {"key": "properties.hostLogonSessionEntityId", "type": "str"}, - "image_file_entity_id": {"key": "properties.imageFileEntityId", "type": "str"}, - "parent_process_entity_id": {"key": "properties.parentProcessEntityId", "type": "str"}, - "process_id": {"key": "properties.processId", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "MSTIDataConnectorDataTypes"}, } - def __init__(self, *, elevation_token: Optional[Union[str, "_models.ElevationToken"]] = None, **kwargs): + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.MSTIDataConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: """ - :keyword elevation_token: The elevation token associated with the process. Known values are: - "Default", "Full", and "Limited". - :paramtype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes + """ + super().__init__(etag=etag, **kwargs) + self.kind: str = "MicrosoftThreatIntelligence" + self.tenant_id = tenant_id + self.data_types = data_types + + +class MSTIDataConnectorDataTypes(_serialization.Model): + """The available data types for Microsoft Threat Intelligence Platforms data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar microsoft_emerging_threat_feed: Data type for Microsoft Threat Intelligence Platforms + data connector. Required. + :vartype microsoft_emerging_threat_feed: + ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed + """ + + _validation = { + "microsoft_emerging_threat_feed": {"required": True}, + } + + _attribute_map = { + "microsoft_emerging_threat_feed": { + "key": "microsoftEmergingThreatFeed", + "type": "MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed", + }, + } + + def __init__( + self, + *, + microsoft_emerging_threat_feed: "_models.MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed", + **kwargs: Any + ) -> None: + """ + :keyword microsoft_emerging_threat_feed: Data type for Microsoft Threat Intelligence Platforms + data connector. Required. + :paramtype microsoft_emerging_threat_feed: + ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed """ super().__init__(**kwargs) - self.kind: str = "Process" - self.additional_data = None - self.friendly_name = None - self.account_entity_id = None - self.command_line = None - self.creation_time_utc = None - self.elevation_token = elevation_token - self.host_entity_id = None - self.host_logon_session_entity_id = None - self.image_file_entity_id = None - self.parent_process_entity_id = None - self.process_id = None + self.microsoft_emerging_threat_feed = microsoft_emerging_threat_feed -class ProcessEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes - """Process entity property bag. +class MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed(DataConnectorDataTypeCommon): + """Data type for Microsoft Threat Intelligence Platforms data connector. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar account_entity_id: The account entity id running the processes. - :vartype account_entity_id: str - :ivar command_line: The command line used to create the process. - :vartype command_line: str - :ivar creation_time_utc: The time when the process started to run. - :vartype creation_time_utc: ~datetime.datetime - :ivar elevation_token: The elevation token associated with the process. Known values are: - "Default", "Full", and "Limited". - :vartype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken - :ivar host_entity_id: The host entity id on which the process was running. - :vartype host_entity_id: str - :ivar host_logon_session_entity_id: The session entity id in which the process was running. - :vartype host_logon_session_entity_id: str - :ivar image_file_entity_id: Image file entity id. - :vartype image_file_entity_id: str - :ivar parent_process_entity_id: The parent process entity id. - :vartype parent_process_entity_id: str - :ivar process_id: The process ID. - :vartype process_id: str + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :ivar lookback_period: The lookback period for the feed to be imported. Required. + :vartype lookback_period: str + """ + + _validation = { + "state": {"required": True}, + "lookback_period": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + "lookback_period": {"key": "lookbackPeriod", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], lookback_period: str, **kwargs: Any) -> None: + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword lookback_period: The lookback period for the feed to be imported. Required. + :paramtype lookback_period: str + """ + super().__init__(state=state, **kwargs) + self.lookback_period = lookback_period + + +class MSTIDataConnectorProperties(DataConnectorTenantId): + """Microsoft Threat Intelligence data connector properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes + """ + + _validation = { + "tenant_id": {"required": True}, + "data_types": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "MSTIDataConnectorDataTypes"}, + } + + def __init__(self, *, tenant_id: str, data_types: "_models.MSTIDataConnectorDataTypes", **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes + """ + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types + + +class MtpCheckRequirements(DataConnectorsCheckRequirements): + """Represents MTP (Microsoft Threat Protection) requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str """ - _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "account_entity_id": {"readonly": True}, - "command_line": {"readonly": True}, - "creation_time_utc": {"readonly": True}, - "host_entity_id": {"readonly": True}, - "host_logon_session_entity_id": {"readonly": True}, - "image_file_entity_id": {"readonly": True}, - "parent_process_entity_id": {"readonly": True}, - "process_id": {"readonly": True}, - } + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind: str = "MicrosoftThreatProtection" + self.tenant_id = tenant_id + + +class MTPCheckRequirementsProperties(DataConnectorTenantId): + """MTP (Microsoft Threat Protection) requirements check properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class MTPDataConnector(DataConnector): + """Represents MTP (Microsoft Threat Protection) data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes + :ivar filtered_providers: The available filtered providers for the connector. + :vartype filtered_providers: ~azure.mgmt.securityinsight.models.MtpFilteredProviders + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "MTPDataConnectorDataTypes"}, + "filtered_providers": {"key": "properties.filteredProviders", "type": "MtpFilteredProviders"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.MTPDataConnectorDataTypes"] = None, + filtered_providers: Optional["_models.MtpFilteredProviders"] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes + :keyword filtered_providers: The available filtered providers for the connector. + :paramtype filtered_providers: ~azure.mgmt.securityinsight.models.MtpFilteredProviders + """ + super().__init__(etag=etag, **kwargs) + self.kind: str = "MicrosoftThreatProtection" + self.tenant_id = tenant_id + self.data_types = data_types + self.filtered_providers = filtered_providers + + +class MTPDataConnectorDataTypes(_serialization.Model): + """The available data types for Microsoft Threat Protection Platforms data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar incidents: Incidents data type for Microsoft Threat Protection Platforms data connector. + Required. + :vartype incidents: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypesIncidents + :ivar alerts: Alerts data type for Microsoft Threat Protection Platforms data connector. + :vartype alerts: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypesAlerts + """ + + _validation = { + "incidents": {"required": True}, + } + + _attribute_map = { + "incidents": {"key": "incidents", "type": "MTPDataConnectorDataTypesIncidents"}, + "alerts": {"key": "alerts", "type": "MTPDataConnectorDataTypesAlerts"}, + } + + def __init__( + self, + *, + incidents: "_models.MTPDataConnectorDataTypesIncidents", + alerts: Optional["_models.MTPDataConnectorDataTypesAlerts"] = None, + **kwargs: Any + ) -> None: + """ + :keyword incidents: Incidents data type for Microsoft Threat Protection Platforms data + connector. Required. + :paramtype incidents: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypesIncidents + :keyword alerts: Alerts data type for Microsoft Threat Protection Platforms data connector. + :paramtype alerts: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypesAlerts + """ + super().__init__(**kwargs) + self.incidents = incidents + self.alerts = alerts + + +class MTPDataConnectorDataTypesAlerts(DataConnectorDataTypeCommon): + """Alerts data type for Microsoft Threat Protection Platforms data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class MTPDataConnectorDataTypesIncidents(DataConnectorDataTypeCommon): + """Incidents data type for Microsoft Threat Protection Platforms data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class MTPDataConnectorProperties(DataConnectorTenantId): + """MTP (Microsoft Threat Protection) data connector properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes + :ivar filtered_providers: The available filtered providers for the connector. + :vartype filtered_providers: ~azure.mgmt.securityinsight.models.MtpFilteredProviders + """ + + _validation = { + "tenant_id": {"required": True}, + "data_types": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "MTPDataConnectorDataTypes"}, + "filtered_providers": {"key": "filteredProviders", "type": "MtpFilteredProviders"}, + } + + def __init__( + self, + *, + tenant_id: str, + data_types: "_models.MTPDataConnectorDataTypes", + filtered_providers: Optional["_models.MtpFilteredProviders"] = None, + **kwargs: Any + ) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes + :keyword filtered_providers: The available filtered providers for the connector. + :paramtype filtered_providers: ~azure.mgmt.securityinsight.models.MtpFilteredProviders + """ + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types + self.filtered_providers = filtered_providers + + +class MtpFilteredProviders(_serialization.Model): + """Represents the connector's Filtered providers. + + All required parameters must be populated in order to send to Azure. + + :ivar alerts: Alerts filtered providers. When filters are not applied, all alerts will stream + through the MTP pipeline, still in private preview for all products EXCEPT MDA and MDI, which + are in GA state. Required. + :vartype alerts: list[str or ~azure.mgmt.securityinsight.models.MtpProvider] + """ + + _validation = { + "alerts": {"required": True}, + } + + _attribute_map = { + "alerts": {"key": "alerts", "type": "[str]"}, + } + + def __init__(self, *, alerts: List[Union[str, "_models.MtpProvider"]], **kwargs: Any) -> None: + """ + :keyword alerts: Alerts filtered providers. When filters are not applied, all alerts will + stream through the MTP pipeline, still in private preview for all products EXCEPT MDA and MDI, + which are in GA state. Required. + :paramtype alerts: list[str or ~azure.mgmt.securityinsight.models.MtpProvider] + """ + super().__init__(**kwargs) + self.alerts = alerts + + +class NicEntity(Entity): + """Represents an network interface entity. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar mac_address: The MAC address of this network interface. + :vartype mac_address: str + :ivar ip_address_entity_id: The IP entity id of this network interface. + :vartype ip_address_entity_id: str + :ivar vlans: A list of VLANs of the network interface entity. + :vartype vlans: list[str] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "mac_address": {"readonly": True}, + "ip_address_entity_id": {"readonly": True}, + "vlans": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "mac_address": {"key": "properties.macAddress", "type": "str"}, + "ip_address_entity_id": {"key": "properties.ipAddressEntityId", "type": "str"}, + "vlans": {"key": "properties.vlans", "type": "[str]"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.kind: str = "Nic" + self.additional_data = None + self.friendly_name = None + self.mac_address = None + self.ip_address_entity_id = None + self.vlans = None + + +class NicEntityProperties(EntityCommonProperties): + """Nic entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar mac_address: The MAC address of this network interface. + :vartype mac_address: str + :ivar ip_address_entity_id: The IP entity id of this network interface. + :vartype ip_address_entity_id: str + :ivar vlans: A list of VLANs of the network interface entity. + :vartype vlans: list[str] + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "mac_address": {"readonly": True}, + "ip_address_entity_id": {"readonly": True}, + "vlans": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "mac_address": {"key": "macAddress", "type": "str"}, + "ip_address_entity_id": {"key": "ipAddressEntityId", "type": "str"}, + "vlans": {"key": "vlans", "type": "[str]"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.mac_address = None + self.ip_address_entity_id = None + self.vlans = None + + +class NrtAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes + """Represents NRT alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. + :vartype alert_rule_template_name: str + :ivar template_version: The version of the alert rule template used to create this rule - in + format , where all are numbers, for example 0 <1.0.2>. + :vartype template_version: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar query: The query that creates alerts for this rule. + :vartype query: str + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + :ivar display_name: The display name for alerts created by this alert rule. + :vartype display_name: str + :ivar enabled: Determines whether this alert rule is enabled or disabled. + :vartype enabled: bool + :ivar last_modified_utc: The last time that this alert rule has been modified. + :vartype last_modified_utc: ~datetime.datetime + :ivar suppression_duration: The suppression (in ISO 8601 duration format) to wait since last + time this alert rule been triggered. + :vartype suppression_duration: ~datetime.timedelta + :ivar suppression_enabled: Determines whether the suppression for this alert rule is enabled or + disabled. + :vartype suppression_enabled: bool + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar incident_configuration: The settings of the incidents that created from alerts triggered + by this analytics rule. + :vartype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration + :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :vartype custom_details: dict[str, str] + :ivar entity_mappings: Array of the entity mappings of the alert rule. + :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :ivar alert_details_override: The alert details override settings. + :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :ivar event_grouping_settings: The event grouping settings. + :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. + :vartype sentinel_entities_mappings: + list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "last_modified_utc": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, + "template_version": {"key": "properties.templateVersion", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "query": {"key": "properties.query", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "enabled": {"key": "properties.enabled", "type": "bool"}, + "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, + "suppression_duration": {"key": "properties.suppressionDuration", "type": "duration"}, + "suppression_enabled": {"key": "properties.suppressionEnabled", "type": "bool"}, + "severity": {"key": "properties.severity", "type": "str"}, + "incident_configuration": {"key": "properties.incidentConfiguration", "type": "IncidentConfiguration"}, + "custom_details": {"key": "properties.customDetails", "type": "{str}"}, + "entity_mappings": {"key": "properties.entityMappings", "type": "[EntityMapping]"}, + "alert_details_override": {"key": "properties.alertDetailsOverride", "type": "AlertDetailsOverride"}, + "event_grouping_settings": {"key": "properties.eventGroupingSettings", "type": "EventGroupingSettings"}, + "sentinel_entities_mappings": {"key": "properties.sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, + } + + def __init__( # pylint: disable=too-many-locals + self, + *, + etag: Optional[str] = None, + alert_rule_template_name: Optional[str] = None, + template_version: Optional[str] = None, + description: Optional[str] = None, + query: Optional[str] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + display_name: Optional[str] = None, + enabled: Optional[bool] = None, + suppression_duration: Optional[datetime.timedelta] = None, + suppression_enabled: Optional[bool] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + incident_configuration: Optional["_models.IncidentConfiguration"] = None, + custom_details: Optional[Dict[str, str]] = None, + entity_mappings: Optional[List["_models.EntityMapping"]] = None, + alert_details_override: Optional["_models.AlertDetailsOverride"] = None, + event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, + sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword alert_rule_template_name: The Name of the alert rule template used to create this + rule. + :paramtype alert_rule_template_name: str + :keyword template_version: The version of the alert rule template used to create this rule - in + format , where all are numbers, for example 0 <1.0.2>. + :paramtype template_version: str + :keyword description: The description of the alert rule. + :paramtype description: str + :keyword query: The query that creates alerts for this rule. + :paramtype query: str + :keyword tactics: The tactics of the alert rule. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + :keyword display_name: The display name for alerts created by this alert rule. + :paramtype display_name: str + :keyword enabled: Determines whether this alert rule is enabled or disabled. + :paramtype enabled: bool + :keyword suppression_duration: The suppression (in ISO 8601 duration format) to wait since last + time this alert rule been triggered. + :paramtype suppression_duration: ~datetime.timedelta + :keyword suppression_enabled: Determines whether the suppression for this alert rule is enabled + or disabled. + :paramtype suppression_enabled: bool + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword incident_configuration: The settings of the incidents that created from alerts + triggered by this analytics rule. + :paramtype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration + :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :paramtype custom_details: dict[str, str] + :keyword entity_mappings: Array of the entity mappings of the alert rule. + :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :keyword alert_details_override: The alert details override settings. + :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :keyword event_grouping_settings: The event grouping settings. + :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. + :paramtype sentinel_entities_mappings: + list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + """ + super().__init__(etag=etag, **kwargs) + self.kind: str = "NRT" + self.alert_rule_template_name = alert_rule_template_name + self.template_version = template_version + self.description = description + self.query = query + self.tactics = tactics + self.techniques = techniques + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None + self.suppression_duration = suppression_duration + self.suppression_enabled = suppression_enabled + self.severity = severity + self.incident_configuration = incident_configuration + self.custom_details = custom_details + self.entity_mappings = entity_mappings + self.alert_details_override = alert_details_override + self.event_grouping_settings = event_grouping_settings + self.sentinel_entities_mappings = sentinel_entities_mappings + + +class NrtAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes + """Represents NRT alert rule template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + :ivar query: The query that creates alerts for this rule. + :vartype query: str + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar version: The version of this template - in format , where all are numbers. For + example <1.0.2>. + :vartype version: str + :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :vartype custom_details: dict[str, str] + :ivar entity_mappings: Array of the entity mappings of the alert rule. + :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :ivar alert_details_override: The alert details override settings. + :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :ivar event_grouping_settings: The event grouping settings. + :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. + :vartype sentinel_entities_mappings: + list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "required_data_connectors": { + "key": "properties.requiredDataConnectors", + "type": "[AlertRuleTemplateDataSource]", + }, + "status": {"key": "properties.status", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + "query": {"key": "properties.query", "type": "str"}, + "severity": {"key": "properties.severity", "type": "str"}, + "version": {"key": "properties.version", "type": "str"}, + "custom_details": {"key": "properties.customDetails", "type": "{str}"}, + "entity_mappings": {"key": "properties.entityMappings", "type": "[EntityMapping]"}, + "alert_details_override": {"key": "properties.alertDetailsOverride", "type": "AlertDetailsOverride"}, + "event_grouping_settings": {"key": "properties.eventGroupingSettings", "type": "EventGroupingSettings"}, + "sentinel_entities_mappings": {"key": "properties.sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, + } + + def __init__( + self, + *, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + query: Optional[str] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + version: Optional[str] = None, + custom_details: Optional[Dict[str, str]] = None, + entity_mappings: Optional[List["_models.EntityMapping"]] = None, + alert_details_override: Optional["_models.AlertDetailsOverride"] = None, + event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, + sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword tactics: The tactics of the alert rule. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + :keyword query: The query that creates alerts for this rule. + :paramtype query: str + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword version: The version of this template - in format , where all are numbers. For + example <1.0.2>. + :paramtype version: str + :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :paramtype custom_details: dict[str, str] + :keyword entity_mappings: Array of the entity mappings of the alert rule. + :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :keyword alert_details_override: The alert details override settings. + :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :keyword event_grouping_settings: The event grouping settings. + :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. + :paramtype sentinel_entities_mappings: + list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + """ + super().__init__(**kwargs) + self.kind: str = "NRT" + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.last_updated_date_utc = None + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.tactics = tactics + self.techniques = techniques + self.query = query + self.severity = severity + self.version = version + self.custom_details = custom_details + self.entity_mappings = entity_mappings + self.alert_details_override = alert_details_override + self.event_grouping_settings = event_grouping_settings + self.sentinel_entities_mappings = sentinel_entities_mappings + + +class QueryBasedAlertRuleTemplateProperties(_serialization.Model): + """Query based alert rule template base property bag. + + :ivar query: The query that creates alerts for this rule. + :vartype query: str + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar version: The version of this template - in format , where all are numbers. For + example <1.0.2>. + :vartype version: str + :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :vartype custom_details: dict[str, str] + :ivar entity_mappings: Array of the entity mappings of the alert rule. + :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :ivar alert_details_override: The alert details override settings. + :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :ivar event_grouping_settings: The event grouping settings. + :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. + :vartype sentinel_entities_mappings: + list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + """ + + _attribute_map = { + "query": {"key": "query", "type": "str"}, + "severity": {"key": "severity", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "custom_details": {"key": "customDetails", "type": "{str}"}, + "entity_mappings": {"key": "entityMappings", "type": "[EntityMapping]"}, + "alert_details_override": {"key": "alertDetailsOverride", "type": "AlertDetailsOverride"}, + "event_grouping_settings": {"key": "eventGroupingSettings", "type": "EventGroupingSettings"}, + "sentinel_entities_mappings": {"key": "sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, + } + + def __init__( + self, + *, + query: Optional[str] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + version: Optional[str] = None, + custom_details: Optional[Dict[str, str]] = None, + entity_mappings: Optional[List["_models.EntityMapping"]] = None, + alert_details_override: Optional["_models.AlertDetailsOverride"] = None, + event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, + sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword query: The query that creates alerts for this rule. + :paramtype query: str + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword version: The version of this template - in format , where all are numbers. For + example <1.0.2>. + :paramtype version: str + :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :paramtype custom_details: dict[str, str] + :keyword entity_mappings: Array of the entity mappings of the alert rule. + :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :keyword alert_details_override: The alert details override settings. + :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :keyword event_grouping_settings: The event grouping settings. + :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. + :paramtype sentinel_entities_mappings: + list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + """ + super().__init__(**kwargs) + self.query = query + self.severity = severity + self.version = version + self.custom_details = custom_details + self.entity_mappings = entity_mappings + self.alert_details_override = alert_details_override + self.event_grouping_settings = event_grouping_settings + self.sentinel_entities_mappings = sentinel_entities_mappings + + +class NrtAlertRuleTemplateProperties( + AlertRuleTemplateWithMitreProperties, QueryBasedAlertRuleTemplateProperties +): # pylint: disable=too-many-instance-attributes + """NRT alert rule template properties. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar query: The query that creates alerts for this rule. + :vartype query: str + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar version: The version of this template - in format , where all are numbers. For + example <1.0.2>. + :vartype version: str + :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :vartype custom_details: dict[str, str] + :ivar entity_mappings: Array of the entity mappings of the alert rule. + :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :ivar alert_details_override: The alert details override settings. + :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :ivar event_grouping_settings: The event grouping settings. + :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :ivar sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. + :vartype sentinel_entities_mappings: + list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + """ + + _validation = { + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, + } + + _attribute_map = { + "query": {"key": "query", "type": "str"}, + "severity": {"key": "severity", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "custom_details": {"key": "customDetails", "type": "{str}"}, + "entity_mappings": {"key": "entityMappings", "type": "[EntityMapping]"}, + "alert_details_override": {"key": "alertDetailsOverride", "type": "AlertDetailsOverride"}, + "event_grouping_settings": {"key": "eventGroupingSettings", "type": "EventGroupingSettings"}, + "sentinel_entities_mappings": {"key": "sentinelEntitiesMappings", "type": "[SentinelEntityMapping]"}, + "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, + "description": {"key": "description", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, + "status": {"key": "status", "type": "str"}, + "tactics": {"key": "tactics", "type": "[str]"}, + "techniques": {"key": "techniques", "type": "[str]"}, + } + + def __init__( + self, + *, + query: Optional[str] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + version: Optional[str] = None, + custom_details: Optional[Dict[str, str]] = None, + entity_mappings: Optional[List["_models.EntityMapping"]] = None, + alert_details_override: Optional["_models.AlertDetailsOverride"] = None, + event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, + sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + **kwargs: Any + ) -> None: + """ + :keyword query: The query that creates alerts for this rule. + :paramtype query: str + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword version: The version of this template - in format , where all are numbers. For + example <1.0.2>. + :paramtype version: str + :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :paramtype custom_details: dict[str, str] + :keyword entity_mappings: Array of the entity mappings of the alert rule. + :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :keyword alert_details_override: The alert details override settings. + :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :keyword event_grouping_settings: The event grouping settings. + :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :keyword sentinel_entities_mappings: Array of the sentinel entity mappings of the alert rule. + :paramtype sentinel_entities_mappings: + list[~azure.mgmt.securityinsight.models.SentinelEntityMapping] + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword tactics: The tactics of the alert rule. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + """ + super().__init__( + alert_rules_created_by_template_count=alert_rules_created_by_template_count, + description=description, + display_name=display_name, + required_data_connectors=required_data_connectors, + status=status, + tactics=tactics, + techniques=techniques, + query=query, + severity=severity, + version=version, + custom_details=custom_details, + entity_mappings=entity_mappings, + alert_details_override=alert_details_override, + event_grouping_settings=event_grouping_settings, + sentinel_entities_mappings=sentinel_entities_mappings, + **kwargs + ) + self.query = query + self.severity = severity + self.version = version + self.custom_details = custom_details + self.entity_mappings = entity_mappings + self.alert_details_override = alert_details_override + self.event_grouping_settings = event_grouping_settings + self.sentinel_entities_mappings = sentinel_entities_mappings + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.last_updated_date_utc = None + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.tactics = tactics + self.techniques = techniques + + +class Office365ProjectCheckRequirements(DataConnectorsCheckRequirements): + """Represents Office365 Project requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind: str = "Office365Project" + self.tenant_id = tenant_id + + +class Office365ProjectCheckRequirementsProperties(DataConnectorTenantId): + """Office365 Project requirements check properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class Office365ProjectConnectorDataTypes(_serialization.Model): + """The available data types for Office Microsoft Project data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar logs: Logs data type. Required. + :vartype logs: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypesLogs + """ + + _validation = { + "logs": {"required": True}, + } + + _attribute_map = { + "logs": {"key": "logs", "type": "Office365ProjectConnectorDataTypesLogs"}, + } + + def __init__(self, *, logs: "_models.Office365ProjectConnectorDataTypesLogs", **kwargs: Any) -> None: + """ + :keyword logs: Logs data type. Required. + :paramtype logs: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypesLogs + """ + super().__init__(**kwargs) + self.logs = logs + + +class Office365ProjectConnectorDataTypesLogs(DataConnectorDataTypeCommon): + """Logs data type. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class Office365ProjectDataConnector(DataConnector): + """Represents Office Microsoft Project data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "Office365ProjectConnectorDataTypes"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.Office365ProjectConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes + """ + super().__init__(etag=etag, **kwargs) + self.kind: str = "Office365Project" + self.tenant_id = tenant_id + self.data_types = data_types + + +class Office365ProjectDataConnectorProperties(DataConnectorTenantId): + """Office Microsoft Project data connector properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes + """ + + _validation = { + "tenant_id": {"required": True}, + "data_types": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "Office365ProjectConnectorDataTypes"}, + } + + def __init__( + self, *, tenant_id: str, data_types: "_models.Office365ProjectConnectorDataTypes", **kwargs: Any + ) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes + """ + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types + + +class OfficeATPCheckRequirements(DataConnectorsCheckRequirements): + """Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind: str = "OfficeATP" + self.tenant_id = tenant_id + + +class OfficeATPCheckRequirementsProperties(DataConnectorTenantId): + """OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class OfficeATPDataConnector(DataConnector): + """Represents OfficeATP (Office 365 Advanced Threat Protection) data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + super().__init__(etag=etag, **kwargs) + self.kind: str = "OfficeATP" + self.tenant_id = tenant_id + self.data_types = data_types + + +class OfficeATPDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): + """OfficeATP (Office 365 Advanced Threat Protection) data connector properties. + + All required parameters must be populated in order to send to Azure. + + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__( + self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs: Any + ) -> None: + """ + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, data_types=data_types, **kwargs) + self.data_types = data_types + self.tenant_id = tenant_id + + +class OfficeConsent(Resource): + """Consent for Office365 tenant that already made. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar tenant_id: The tenantId of the Office365 with the consent. + :vartype tenant_id: str + :ivar consent_id: Help to easily cascade among the data layers. + :vartype consent_id: str + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "consent_id": {"key": "properties.consentId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, consent_id: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenantId of the Office365 with the consent. + :paramtype tenant_id: str + :keyword consent_id: Help to easily cascade among the data layers. + :paramtype consent_id: str + """ + super().__init__(**kwargs) + self.tenant_id = tenant_id + self.consent_id = consent_id + + +class OfficeConsentList(_serialization.Model): + """List of all the office365 consents. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of office consents. + :vartype next_link: str + :ivar value: Array of the consents. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.OfficeConsent] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[OfficeConsent]"}, + } + + def __init__(self, *, value: List["_models.OfficeConsent"], **kwargs: Any) -> None: + """ + :keyword value: Array of the consents. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.OfficeConsent] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class OfficeDataConnector(DataConnector): + """Represents office data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "OfficeDataConnectorDataTypes"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.OfficeDataConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes + """ + super().__init__(etag=etag, **kwargs) + self.kind: str = "Office365" + self.tenant_id = tenant_id + self.data_types = data_types + + +class OfficeDataConnectorDataTypes(_serialization.Model): + """The available data types for office data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar exchange: Exchange data type connection. Required. + :vartype exchange: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesExchange + :ivar share_point: SharePoint data type connection. Required. + :vartype share_point: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesSharePoint + :ivar teams: Teams data type connection. Required. + :vartype teams: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesTeams + """ + + _validation = { + "exchange": {"required": True}, + "share_point": {"required": True}, + "teams": {"required": True}, + } + + _attribute_map = { + "exchange": {"key": "exchange", "type": "OfficeDataConnectorDataTypesExchange"}, + "share_point": {"key": "sharePoint", "type": "OfficeDataConnectorDataTypesSharePoint"}, + "teams": {"key": "teams", "type": "OfficeDataConnectorDataTypesTeams"}, + } + + def __init__( + self, + *, + exchange: "_models.OfficeDataConnectorDataTypesExchange", + share_point: "_models.OfficeDataConnectorDataTypesSharePoint", + teams: "_models.OfficeDataConnectorDataTypesTeams", + **kwargs: Any + ) -> None: + """ + :keyword exchange: Exchange data type connection. Required. + :paramtype exchange: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesExchange + :keyword share_point: SharePoint data type connection. Required. + :paramtype share_point: + ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesSharePoint + :keyword teams: Teams data type connection. Required. + :paramtype teams: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesTeams + """ + super().__init__(**kwargs) + self.exchange = exchange + self.share_point = share_point + self.teams = teams + + +class OfficeDataConnectorDataTypesExchange(DataConnectorDataTypeCommon): + """Exchange data type connection. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class OfficeDataConnectorDataTypesSharePoint(DataConnectorDataTypeCommon): + """SharePoint data type connection. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class OfficeDataConnectorDataTypesTeams(DataConnectorDataTypeCommon): + """Teams data type connection. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class OfficeDataConnectorProperties(DataConnectorTenantId): + """Office data connector properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes + """ + + _validation = { + "tenant_id": {"required": True}, + "data_types": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "OfficeDataConnectorDataTypes"}, + } + + def __init__(self, *, tenant_id: str, data_types: "_models.OfficeDataConnectorDataTypes", **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes + """ + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types + + +class OfficeIRMCheckRequirements(DataConnectorsCheckRequirements): + """Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind: str = "OfficeIRM" + self.tenant_id = tenant_id + + +class OfficeIRMCheckRequirementsProperties(DataConnectorTenantId): + """OfficeIRM (Microsoft Insider Risk Management) requirements check properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class OfficeIRMDataConnector(DataConnector): + """Represents OfficeIRM (Microsoft Insider Risk Management) data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + super().__init__(etag=etag, **kwargs) + self.kind: str = "OfficeIRM" + self.tenant_id = tenant_id + self.data_types = data_types + + +class OfficeIRMDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): + """OfficeIRM (Microsoft Insider Risk Management) data connector properties. + + All required parameters must be populated in order to send to Azure. + + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__( + self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs: Any + ) -> None: + """ + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, data_types=data_types, **kwargs) + self.data_types = data_types + self.tenant_id = tenant_id + + +class OfficePowerBICheckRequirements(DataConnectorsCheckRequirements): + """Represents Office PowerBI requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind: str = "OfficePowerBI" + self.tenant_id = tenant_id + + +class OfficePowerBICheckRequirementsProperties(DataConnectorTenantId): + """Office PowerBI requirements check properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class OfficePowerBIConnectorDataTypes(_serialization.Model): + """The available data types for Office Microsoft PowerBI data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar logs: Logs data type. Required. + :vartype logs: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypesLogs + """ + + _validation = { + "logs": {"required": True}, + } + + _attribute_map = { + "logs": {"key": "logs", "type": "OfficePowerBIConnectorDataTypesLogs"}, + } + + def __init__(self, *, logs: "_models.OfficePowerBIConnectorDataTypesLogs", **kwargs: Any) -> None: + """ + :keyword logs: Logs data type. Required. + :paramtype logs: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypesLogs + """ + super().__init__(**kwargs) + self.logs = logs + + +class OfficePowerBIConnectorDataTypesLogs(DataConnectorDataTypeCommon): + """Logs data type. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class OfficePowerBIDataConnector(DataConnector): + """Represents Office Microsoft PowerBI data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "OfficePowerBIConnectorDataTypes"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.OfficePowerBIConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes + """ + super().__init__(etag=etag, **kwargs) + self.kind: str = "OfficePowerBI" + self.tenant_id = tenant_id + self.data_types = data_types + + +class OfficePowerBIDataConnectorProperties(DataConnectorTenantId): + """Office Microsoft PowerBI data connector properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes + """ + + _validation = { + "tenant_id": {"required": True}, + "data_types": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "OfficePowerBIConnectorDataTypes"}, + } + + def __init__(self, *, tenant_id: str, data_types: "_models.OfficePowerBIConnectorDataTypes", **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes + """ + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types + + +class Operation(_serialization.Model): + """Operation provided by provider. + + :ivar display: Properties of the operation. + :vartype display: ~azure.mgmt.securityinsight.models.OperationDisplay + :ivar name: Name of the operation. + :vartype name: str + :ivar origin: The origin of the operation. + :vartype origin: str + :ivar is_data_action: Indicates whether the operation is a data action. + :vartype is_data_action: bool + """ + + _attribute_map = { + "display": {"key": "display", "type": "OperationDisplay"}, + "name": {"key": "name", "type": "str"}, + "origin": {"key": "origin", "type": "str"}, + "is_data_action": {"key": "isDataAction", "type": "bool"}, + } + + def __init__( + self, + *, + display: Optional["_models.OperationDisplay"] = None, + name: Optional[str] = None, + origin: Optional[str] = None, + is_data_action: Optional[bool] = None, + **kwargs: Any + ) -> None: + """ + :keyword display: Properties of the operation. + :paramtype display: ~azure.mgmt.securityinsight.models.OperationDisplay + :keyword name: Name of the operation. + :paramtype name: str + :keyword origin: The origin of the operation. + :paramtype origin: str + :keyword is_data_action: Indicates whether the operation is a data action. + :paramtype is_data_action: bool + """ + super().__init__(**kwargs) + self.display = display + self.name = name + self.origin = origin + self.is_data_action = is_data_action + + +class OperationDisplay(_serialization.Model): + """Properties of the operation. + + :ivar description: Description of the operation. + :vartype description: str + :ivar operation: Operation name. + :vartype operation: str + :ivar provider: Provider name. + :vartype provider: str + :ivar resource: Resource name. + :vartype resource: str + """ + + _attribute_map = { + "description": {"key": "description", "type": "str"}, + "operation": {"key": "operation", "type": "str"}, + "provider": {"key": "provider", "type": "str"}, + "resource": {"key": "resource", "type": "str"}, + } + + def __init__( + self, + *, + description: Optional[str] = None, + operation: Optional[str] = None, + provider: Optional[str] = None, + resource: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword description: Description of the operation. + :paramtype description: str + :keyword operation: Operation name. + :paramtype operation: str + :keyword provider: Provider name. + :paramtype provider: str + :keyword resource: Resource name. + :paramtype resource: str + """ + super().__init__(**kwargs) + self.description = description + self.operation = operation + self.provider = provider + self.resource = resource + + +class OperationsList(_serialization.Model): + """Lists the operations available in the SecurityInsights RP. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of operations. + :vartype next_link: str + :ivar value: Array of operations. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Operation] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Operation]"}, + } + + def __init__(self, *, value: List["_models.Operation"], **kwargs: Any) -> None: + """ + :keyword value: Array of operations. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Operation] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class PackageBaseProperties(_serialization.Model): # pylint: disable=too-many-instance-attributes + """Describes package properties. + + :ivar content_id: The content id of the package. + :vartype content_id: str + :ivar content_product_id: Unique ID for the content. It should be generated based on the + contentId, contentKind and the contentVersion of the package. + :vartype content_product_id: str + :ivar content_kind: The package kind. Known values are: "Solution" and "Standalone". + :vartype content_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :ivar content_schema_version: The version of the content schema. + :vartype content_schema_version: str + :ivar is_new: Flag indicates if this is a newly published package. Known values are: "true" and + "false". + :vartype is_new: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_preview: Flag indicates if this package is in preview. Known values are: "true" and + "false". + :vartype is_preview: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_featured: Flag indicates if this package is among the featured list. Known values are: + "true" and "false". + :vartype is_featured: str or ~azure.mgmt.securityinsight.models.Flag + :ivar version: the latest version number of the package. + :vartype version: str + :ivar display_name: The display name of the package. + :vartype display_name: str + :ivar description: The description of the package. + :vartype description: str + :ivar publisher_display_name: The publisher display name of the package. + :vartype publisher_display_name: str + :ivar source: The source of the package. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The author of the package. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: The support tier of the package. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: The support tier of the package. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar providers: Providers for the package item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date package item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the package item. + :vartype last_publish_date: ~datetime.date + :ivar categories: The categories of the package. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar icon: the icon identifier. this id can later be fetched from the content metadata. + :vartype icon: str + """ + + _attribute_map = { + "content_id": {"key": "contentId", "type": "str"}, + "content_product_id": {"key": "contentProductId", "type": "str"}, + "content_kind": {"key": "contentKind", "type": "str"}, + "content_schema_version": {"key": "contentSchemaVersion", "type": "str"}, + "is_new": {"key": "isNew", "type": "str"}, + "is_preview": {"key": "isPreview", "type": "str"}, + "is_featured": {"key": "isFeatured", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "publisher_display_name": {"key": "publisherDisplayName", "type": "str"}, + "source": {"key": "source", "type": "MetadataSource"}, + "author": {"key": "author", "type": "MetadataAuthor"}, + "support": {"key": "support", "type": "MetadataSupport"}, + "dependencies": {"key": "dependencies", "type": "MetadataDependencies"}, + "providers": {"key": "providers", "type": "[str]"}, + "first_publish_date": {"key": "firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "lastPublishDate", "type": "date"}, + "categories": {"key": "categories", "type": "MetadataCategories"}, + "threat_analysis_tactics": {"key": "threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "threatAnalysisTechniques", "type": "[str]"}, + "icon": {"key": "icon", "type": "str"}, + } + + def __init__( + self, + *, + content_id: Optional[str] = None, + content_product_id: Optional[str] = None, + content_kind: Optional[Union[str, "_models.PackageKind"]] = None, + content_schema_version: Optional[str] = None, + is_new: Optional[Union[str, "_models.Flag"]] = None, + is_preview: Optional[Union[str, "_models.Flag"]] = None, + is_featured: Optional[Union[str, "_models.Flag"]] = None, + version: Optional[str] = None, + display_name: Optional[str] = None, + description: Optional[str] = None, + publisher_display_name: Optional[str] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + categories: Optional["_models.MetadataCategories"] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + icon: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword content_id: The content id of the package. + :paramtype content_id: str + :keyword content_product_id: Unique ID for the content. It should be generated based on the + contentId, contentKind and the contentVersion of the package. + :paramtype content_product_id: str + :keyword content_kind: The package kind. Known values are: "Solution" and "Standalone". + :paramtype content_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :keyword content_schema_version: The version of the content schema. + :paramtype content_schema_version: str + :keyword is_new: Flag indicates if this is a newly published package. Known values are: "true" + and "false". + :paramtype is_new: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_preview: Flag indicates if this package is in preview. Known values are: "true" and + "false". + :paramtype is_preview: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_featured: Flag indicates if this package is among the featured list. Known values + are: "true" and "false". + :paramtype is_featured: str or ~azure.mgmt.securityinsight.models.Flag + :keyword version: the latest version number of the package. + :paramtype version: str + :keyword display_name: The display name of the package. + :paramtype display_name: str + :keyword description: The description of the package. + :paramtype description: str + :keyword publisher_display_name: The publisher display name of the package. + :paramtype publisher_display_name: str + :keyword source: The source of the package. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The author of the package. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: The support tier of the package. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: The support tier of the package. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword providers: Providers for the package item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date package item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the package item. + :paramtype last_publish_date: ~datetime.date + :keyword categories: The categories of the package. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword icon: the icon identifier. this id can later be fetched from the content metadata. + :paramtype icon: str + """ + super().__init__(**kwargs) + self.content_id = content_id + self.content_product_id = content_product_id + self.content_kind = content_kind + self.content_schema_version = content_schema_version + self.is_new = is_new + self.is_preview = is_preview + self.is_featured = is_featured + self.version = version + self.display_name = display_name + self.description = description + self.publisher_display_name = publisher_display_name + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.categories = categories + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.icon = icon + + +class PackageList(_serialization.Model): + """List available packages. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of packages. + :vartype next_link: str + :ivar value: Array of packages. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.PackageModel] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[PackageModel]"}, + } + + def __init__(self, *, value: List["_models.PackageModel"], **kwargs: Any) -> None: + """ + :keyword value: Array of packages. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.PackageModel] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class PackageModel(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Represents a Package in Azure Security Insights. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar content_id: The content id of the package. + :vartype content_id: str + :ivar content_product_id: Unique ID for the content. It should be generated based on the + contentId, contentKind and the contentVersion of the package. + :vartype content_product_id: str + :ivar content_kind: The package kind. Known values are: "Solution" and "Standalone". + :vartype content_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :ivar content_schema_version: The version of the content schema. + :vartype content_schema_version: str + :ivar is_new: Flag indicates if this is a newly published package. Known values are: "true" and + "false". + :vartype is_new: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_preview: Flag indicates if this package is in preview. Known values are: "true" and + "false". + :vartype is_preview: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_featured: Flag indicates if this package is among the featured list. Known values are: + "true" and "false". + :vartype is_featured: str or ~azure.mgmt.securityinsight.models.Flag + :ivar version: the latest version number of the package. + :vartype version: str + :ivar display_name: The display name of the package. + :vartype display_name: str + :ivar description: The description of the package. + :vartype description: str + :ivar publisher_display_name: The publisher display name of the package. + :vartype publisher_display_name: str + :ivar source: The source of the package. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The author of the package. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: The support tier of the package. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: The support tier of the package. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar providers: Providers for the package item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date package item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the package item. + :vartype last_publish_date: ~datetime.date + :ivar categories: The categories of the package. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar icon: the icon identifier. this id can later be fetched from the content metadata. + :vartype icon: str + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "content_id": {"key": "properties.contentId", "type": "str"}, + "content_product_id": {"key": "properties.contentProductId", "type": "str"}, + "content_kind": {"key": "properties.contentKind", "type": "str"}, + "content_schema_version": {"key": "properties.contentSchemaVersion", "type": "str"}, + "is_new": {"key": "properties.isNew", "type": "str"}, + "is_preview": {"key": "properties.isPreview", "type": "str"}, + "is_featured": {"key": "properties.isFeatured", "type": "str"}, + "version": {"key": "properties.version", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "publisher_display_name": {"key": "properties.publisherDisplayName", "type": "str"}, + "source": {"key": "properties.source", "type": "MetadataSource"}, + "author": {"key": "properties.author", "type": "MetadataAuthor"}, + "support": {"key": "properties.support", "type": "MetadataSupport"}, + "dependencies": {"key": "properties.dependencies", "type": "MetadataDependencies"}, + "providers": {"key": "properties.providers", "type": "[str]"}, + "first_publish_date": {"key": "properties.firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "properties.lastPublishDate", "type": "date"}, + "categories": {"key": "properties.categories", "type": "MetadataCategories"}, + "threat_analysis_tactics": {"key": "properties.threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "properties.threatAnalysisTechniques", "type": "[str]"}, + "icon": {"key": "properties.icon", "type": "str"}, + } + + def __init__( # pylint: disable=too-many-locals + self, + *, + etag: Optional[str] = None, + content_id: Optional[str] = None, + content_product_id: Optional[str] = None, + content_kind: Optional[Union[str, "_models.PackageKind"]] = None, + content_schema_version: Optional[str] = None, + is_new: Optional[Union[str, "_models.Flag"]] = None, + is_preview: Optional[Union[str, "_models.Flag"]] = None, + is_featured: Optional[Union[str, "_models.Flag"]] = None, + version: Optional[str] = None, + display_name: Optional[str] = None, + description: Optional[str] = None, + publisher_display_name: Optional[str] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + categories: Optional["_models.MetadataCategories"] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + icon: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword content_id: The content id of the package. + :paramtype content_id: str + :keyword content_product_id: Unique ID for the content. It should be generated based on the + contentId, contentKind and the contentVersion of the package. + :paramtype content_product_id: str + :keyword content_kind: The package kind. Known values are: "Solution" and "Standalone". + :paramtype content_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :keyword content_schema_version: The version of the content schema. + :paramtype content_schema_version: str + :keyword is_new: Flag indicates if this is a newly published package. Known values are: "true" + and "false". + :paramtype is_new: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_preview: Flag indicates if this package is in preview. Known values are: "true" and + "false". + :paramtype is_preview: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_featured: Flag indicates if this package is among the featured list. Known values + are: "true" and "false". + :paramtype is_featured: str or ~azure.mgmt.securityinsight.models.Flag + :keyword version: the latest version number of the package. + :paramtype version: str + :keyword display_name: The display name of the package. + :paramtype display_name: str + :keyword description: The description of the package. + :paramtype description: str + :keyword publisher_display_name: The publisher display name of the package. + :paramtype publisher_display_name: str + :keyword source: The source of the package. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The author of the package. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: The support tier of the package. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: The support tier of the package. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword providers: Providers for the package item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date package item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the package item. + :paramtype last_publish_date: ~datetime.date + :keyword categories: The categories of the package. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword icon: the icon identifier. this id can later be fetched from the content metadata. + :paramtype icon: str + """ + super().__init__(etag=etag, **kwargs) + self.content_id = content_id + self.content_product_id = content_product_id + self.content_kind = content_kind + self.content_schema_version = content_schema_version + self.is_new = is_new + self.is_preview = is_preview + self.is_featured = is_featured + self.version = version + self.display_name = display_name + self.description = description + self.publisher_display_name = publisher_display_name + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.categories = categories + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.icon = icon + + +class PackageProperties(PackageBaseProperties): # pylint: disable=too-many-instance-attributes + """Describes package properties. + + :ivar content_id: The content id of the package. + :vartype content_id: str + :ivar content_product_id: Unique ID for the content. It should be generated based on the + contentId, contentKind and the contentVersion of the package. + :vartype content_product_id: str + :ivar content_kind: The package kind. Known values are: "Solution" and "Standalone". + :vartype content_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :ivar content_schema_version: The version of the content schema. + :vartype content_schema_version: str + :ivar is_new: Flag indicates if this is a newly published package. Known values are: "true" and + "false". + :vartype is_new: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_preview: Flag indicates if this package is in preview. Known values are: "true" and + "false". + :vartype is_preview: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_featured: Flag indicates if this package is among the featured list. Known values are: + "true" and "false". + :vartype is_featured: str or ~azure.mgmt.securityinsight.models.Flag + :ivar version: the latest version number of the package. + :vartype version: str + :ivar display_name: The display name of the package. + :vartype display_name: str + :ivar description: The description of the package. + :vartype description: str + :ivar publisher_display_name: The publisher display name of the package. + :vartype publisher_display_name: str + :ivar source: The source of the package. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The author of the package. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: The support tier of the package. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: The support tier of the package. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar providers: Providers for the package item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date package item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the package item. + :vartype last_publish_date: ~datetime.date + :ivar categories: The categories of the package. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar icon: the icon identifier. this id can later be fetched from the content metadata. + :vartype icon: str + """ + + _attribute_map = { + "content_id": {"key": "contentId", "type": "str"}, + "content_product_id": {"key": "contentProductId", "type": "str"}, + "content_kind": {"key": "contentKind", "type": "str"}, + "content_schema_version": {"key": "contentSchemaVersion", "type": "str"}, + "is_new": {"key": "isNew", "type": "str"}, + "is_preview": {"key": "isPreview", "type": "str"}, + "is_featured": {"key": "isFeatured", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "publisher_display_name": {"key": "publisherDisplayName", "type": "str"}, + "source": {"key": "source", "type": "MetadataSource"}, + "author": {"key": "author", "type": "MetadataAuthor"}, + "support": {"key": "support", "type": "MetadataSupport"}, + "dependencies": {"key": "dependencies", "type": "MetadataDependencies"}, + "providers": {"key": "providers", "type": "[str]"}, + "first_publish_date": {"key": "firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "lastPublishDate", "type": "date"}, + "categories": {"key": "categories", "type": "MetadataCategories"}, + "threat_analysis_tactics": {"key": "threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "threatAnalysisTechniques", "type": "[str]"}, + "icon": {"key": "icon", "type": "str"}, + } + + def __init__( + self, + *, + content_id: Optional[str] = None, + content_product_id: Optional[str] = None, + content_kind: Optional[Union[str, "_models.PackageKind"]] = None, + content_schema_version: Optional[str] = None, + is_new: Optional[Union[str, "_models.Flag"]] = None, + is_preview: Optional[Union[str, "_models.Flag"]] = None, + is_featured: Optional[Union[str, "_models.Flag"]] = None, + version: Optional[str] = None, + display_name: Optional[str] = None, + description: Optional[str] = None, + publisher_display_name: Optional[str] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + categories: Optional["_models.MetadataCategories"] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + icon: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword content_id: The content id of the package. + :paramtype content_id: str + :keyword content_product_id: Unique ID for the content. It should be generated based on the + contentId, contentKind and the contentVersion of the package. + :paramtype content_product_id: str + :keyword content_kind: The package kind. Known values are: "Solution" and "Standalone". + :paramtype content_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :keyword content_schema_version: The version of the content schema. + :paramtype content_schema_version: str + :keyword is_new: Flag indicates if this is a newly published package. Known values are: "true" + and "false". + :paramtype is_new: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_preview: Flag indicates if this package is in preview. Known values are: "true" and + "false". + :paramtype is_preview: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_featured: Flag indicates if this package is among the featured list. Known values + are: "true" and "false". + :paramtype is_featured: str or ~azure.mgmt.securityinsight.models.Flag + :keyword version: the latest version number of the package. + :paramtype version: str + :keyword display_name: The display name of the package. + :paramtype display_name: str + :keyword description: The description of the package. + :paramtype description: str + :keyword publisher_display_name: The publisher display name of the package. + :paramtype publisher_display_name: str + :keyword source: The source of the package. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The author of the package. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: The support tier of the package. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: The support tier of the package. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword providers: Providers for the package item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date package item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the package item. + :paramtype last_publish_date: ~datetime.date + :keyword categories: The categories of the package. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword icon: the icon identifier. this id can later be fetched from the content metadata. + :paramtype icon: str + """ + super().__init__( + content_id=content_id, + content_product_id=content_product_id, + content_kind=content_kind, + content_schema_version=content_schema_version, + is_new=is_new, + is_preview=is_preview, + is_featured=is_featured, + version=version, + display_name=display_name, + description=description, + publisher_display_name=publisher_display_name, + source=source, + author=author, + support=support, + dependencies=dependencies, + providers=providers, + first_publish_date=first_publish_date, + last_publish_date=last_publish_date, + categories=categories, + threat_analysis_tactics=threat_analysis_tactics, + threat_analysis_techniques=threat_analysis_techniques, + icon=icon, + **kwargs + ) + + +class Paths1J3Lu7WSubscriptionsSubscriptionidResourcegroupsResourcegroupnameProvidersMicrosoftOperationalinsightsWorkspacesWorkspacenameProvidersMicrosoftSecurityinsightsSourcecontrolsSourcecontrolidDeletePostRequestbodyContentApplicationJsonSchema( + _serialization.Model +): + """Paths1J3Lu7WSubscriptionsSubscriptionidResourcegroupsResourcegroupnameProvidersMicrosoftOperationalinsightsWorkspacesWorkspacenameProvidersMicrosoftSecurityinsightsSourcecontrolsSourcecontrolidDeletePostRequestbodyContentApplicationJsonSchema. + + All required parameters must be populated in order to send to Azure. + + :ivar repository_access: Credentials to access repository. Required. + :vartype repository_access: ~azure.mgmt.securityinsight.models.RepositoryAccess + """ + + _validation = { + "repository_access": {"required": True}, + } + + _attribute_map = { + "repository_access": {"key": "repositoryAccess", "type": "RepositoryAccess"}, + } + + def __init__(self, *, repository_access: "_models.RepositoryAccess", **kwargs: Any) -> None: + """ + :keyword repository_access: Credentials to access repository. Required. + :paramtype repository_access: ~azure.mgmt.securityinsight.models.RepositoryAccess + """ + super().__init__(**kwargs) + self.repository_access = repository_access + + +class Permissions(_serialization.Model): + """Permissions required for the connector. + + :ivar resource_provider: Resource provider permissions required for the connector. + :vartype resource_provider: + list[~azure.mgmt.securityinsight.models.PermissionsResourceProviderItem] + :ivar customs: Customs permissions required for the connector. + :vartype customs: list[~azure.mgmt.securityinsight.models.PermissionsCustomsItem] + """ + + _attribute_map = { + "resource_provider": {"key": "resourceProvider", "type": "[PermissionsResourceProviderItem]"}, + "customs": {"key": "customs", "type": "[PermissionsCustomsItem]"}, + } + + def __init__( + self, + *, + resource_provider: Optional[List["_models.PermissionsResourceProviderItem"]] = None, + customs: Optional[List["_models.PermissionsCustomsItem"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword resource_provider: Resource provider permissions required for the connector. + :paramtype resource_provider: + list[~azure.mgmt.securityinsight.models.PermissionsResourceProviderItem] + :keyword customs: Customs permissions required for the connector. + :paramtype customs: list[~azure.mgmt.securityinsight.models.PermissionsCustomsItem] + """ + super().__init__(**kwargs) + self.resource_provider = resource_provider + self.customs = customs + + +class PermissionsCustomsItem(Customs): + """PermissionsCustomsItem. + + :ivar name: Customs permissions name. + :vartype name: str + :ivar description: Customs permissions description. + :vartype description: str + """ + + _attribute_map = { + "name": {"key": "name", "type": "str"}, + "description": {"key": "description", "type": "str"}, + } + + def __init__(self, *, name: Optional[str] = None, description: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword name: Customs permissions name. + :paramtype name: str + :keyword description: Customs permissions description. + :paramtype description: str + """ + super().__init__(name=name, description=description, **kwargs) + + +class ResourceProvider(_serialization.Model): + """Resource provider permissions required for the connector. + + :ivar provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", + "Microsoft.OperationalInsights/workspaces", + "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", + "Microsoft.OperationalInsights/workspaces/sharedKeys", and + "Microsoft.Authorization/policyAssignments". + :vartype provider: str or ~azure.mgmt.securityinsight.models.ProviderName + :ivar permissions_display_text: Permission description text. + :vartype permissions_display_text: str + :ivar provider_display_name: Permission provider display name. + :vartype provider_display_name: str + :ivar scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", and + "Workspace". + :vartype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope + :ivar required_permissions: Required permissions for the connector. + :vartype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions + """ + + _attribute_map = { + "provider": {"key": "provider", "type": "str"}, + "permissions_display_text": {"key": "permissionsDisplayText", "type": "str"}, + "provider_display_name": {"key": "providerDisplayName", "type": "str"}, + "scope": {"key": "scope", "type": "str"}, + "required_permissions": {"key": "requiredPermissions", "type": "RequiredPermissions"}, + } + + def __init__( + self, + *, + provider: Optional[Union[str, "_models.ProviderName"]] = None, + permissions_display_text: Optional[str] = None, + provider_display_name: Optional[str] = None, + scope: Optional[Union[str, "_models.PermissionProviderScope"]] = None, + required_permissions: Optional["_models.RequiredPermissions"] = None, + **kwargs: Any + ) -> None: + """ + :keyword provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", + "Microsoft.OperationalInsights/workspaces", + "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", + "Microsoft.OperationalInsights/workspaces/sharedKeys", and + "Microsoft.Authorization/policyAssignments". + :paramtype provider: str or ~azure.mgmt.securityinsight.models.ProviderName + :keyword permissions_display_text: Permission description text. + :paramtype permissions_display_text: str + :keyword provider_display_name: Permission provider display name. + :paramtype provider_display_name: str + :keyword scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", + and "Workspace". + :paramtype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope + :keyword required_permissions: Required permissions for the connector. + :paramtype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions + """ + super().__init__(**kwargs) + self.provider = provider + self.permissions_display_text = permissions_display_text + self.provider_display_name = provider_display_name + self.scope = scope + self.required_permissions = required_permissions + + +class PermissionsResourceProviderItem(ResourceProvider): + """PermissionsResourceProviderItem. + + :ivar provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", + "Microsoft.OperationalInsights/workspaces", + "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", + "Microsoft.OperationalInsights/workspaces/sharedKeys", and + "Microsoft.Authorization/policyAssignments". + :vartype provider: str or ~azure.mgmt.securityinsight.models.ProviderName + :ivar permissions_display_text: Permission description text. + :vartype permissions_display_text: str + :ivar provider_display_name: Permission provider display name. + :vartype provider_display_name: str + :ivar scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", and + "Workspace". + :vartype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope + :ivar required_permissions: Required permissions for the connector. + :vartype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions + """ + + _attribute_map = { + "provider": {"key": "provider", "type": "str"}, + "permissions_display_text": {"key": "permissionsDisplayText", "type": "str"}, + "provider_display_name": {"key": "providerDisplayName", "type": "str"}, + "scope": {"key": "scope", "type": "str"}, + "required_permissions": {"key": "requiredPermissions", "type": "RequiredPermissions"}, + } + + def __init__( + self, + *, + provider: Optional[Union[str, "_models.ProviderName"]] = None, + permissions_display_text: Optional[str] = None, + provider_display_name: Optional[str] = None, + scope: Optional[Union[str, "_models.PermissionProviderScope"]] = None, + required_permissions: Optional["_models.RequiredPermissions"] = None, + **kwargs: Any + ) -> None: + """ + :keyword provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", + "Microsoft.OperationalInsights/workspaces", + "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", + "Microsoft.OperationalInsights/workspaces/sharedKeys", and + "Microsoft.Authorization/policyAssignments". + :paramtype provider: str or ~azure.mgmt.securityinsight.models.ProviderName + :keyword permissions_display_text: Permission description text. + :paramtype permissions_display_text: str + :keyword provider_display_name: Permission provider display name. + :paramtype provider_display_name: str + :keyword scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", + and "Workspace". + :paramtype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope + :keyword required_permissions: Required permissions for the connector. + :paramtype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions + """ + super().__init__( + provider=provider, + permissions_display_text=permissions_display_text, + provider_display_name=provider_display_name, + scope=scope, + required_permissions=required_permissions, + **kwargs + ) + + +class PlaybookActionProperties(_serialization.Model): + """PlaybookActionProperties. + + All required parameters must be populated in order to send to Azure. + + :ivar logic_app_resource_id: The resource id of the playbook resource. Required. + :vartype logic_app_resource_id: str + :ivar tenant_id: The tenant id of the playbook resource. + :vartype tenant_id: str + """ + + _validation = { + "logic_app_resource_id": {"required": True}, + } + + _attribute_map = { + "logic_app_resource_id": {"key": "logicAppResourceId", "type": "str"}, + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, logic_app_resource_id: str, tenant_id: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword logic_app_resource_id: The resource id of the playbook resource. Required. + :paramtype logic_app_resource_id: str + :keyword tenant_id: The tenant id of the playbook resource. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.logic_app_resource_id = logic_app_resource_id + self.tenant_id = tenant_id + + +class ProcessEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a process entity. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar account_entity_id: The account entity id running the processes. + :vartype account_entity_id: str + :ivar command_line: The command line used to create the process. + :vartype command_line: str + :ivar creation_time_utc: The time when the process started to run. + :vartype creation_time_utc: ~datetime.datetime + :ivar elevation_token: The elevation token associated with the process. Known values are: + "Default", "Full", and "Limited". + :vartype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken + :ivar host_entity_id: The host entity id on which the process was running. + :vartype host_entity_id: str + :ivar host_logon_session_entity_id: The session entity id in which the process was running. + :vartype host_logon_session_entity_id: str + :ivar image_file_entity_id: Image file entity id. + :vartype image_file_entity_id: str + :ivar parent_process_entity_id: The parent process entity id. + :vartype parent_process_entity_id: str + :ivar process_id: The process ID. + :vartype process_id: str + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "account_entity_id": {"readonly": True}, + "command_line": {"readonly": True}, + "creation_time_utc": {"readonly": True}, + "host_entity_id": {"readonly": True}, + "host_logon_session_entity_id": {"readonly": True}, + "image_file_entity_id": {"readonly": True}, + "parent_process_entity_id": {"readonly": True}, + "process_id": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "account_entity_id": {"key": "properties.accountEntityId", "type": "str"}, + "command_line": {"key": "properties.commandLine", "type": "str"}, + "creation_time_utc": {"key": "properties.creationTimeUtc", "type": "iso-8601"}, + "elevation_token": {"key": "properties.elevationToken", "type": "str"}, + "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, + "host_logon_session_entity_id": {"key": "properties.hostLogonSessionEntityId", "type": "str"}, + "image_file_entity_id": {"key": "properties.imageFileEntityId", "type": "str"}, + "parent_process_entity_id": {"key": "properties.parentProcessEntityId", "type": "str"}, + "process_id": {"key": "properties.processId", "type": "str"}, + } + + def __init__( + self, *, elevation_token: Optional[Union[str, "_models.ElevationToken"]] = None, **kwargs: Any + ) -> None: + """ + :keyword elevation_token: The elevation token associated with the process. Known values are: + "Default", "Full", and "Limited". + :paramtype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken + """ + super().__init__(**kwargs) + self.kind: str = "Process" + self.additional_data = None + self.friendly_name = None + self.account_entity_id = None + self.command_line = None + self.creation_time_utc = None + self.elevation_token = elevation_token + self.host_entity_id = None + self.host_logon_session_entity_id = None + self.image_file_entity_id = None + self.parent_process_entity_id = None + self.process_id = None + + +class ProcessEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Process entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar account_entity_id: The account entity id running the processes. + :vartype account_entity_id: str + :ivar command_line: The command line used to create the process. + :vartype command_line: str + :ivar creation_time_utc: The time when the process started to run. + :vartype creation_time_utc: ~datetime.datetime + :ivar elevation_token: The elevation token associated with the process. Known values are: + "Default", "Full", and "Limited". + :vartype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken + :ivar host_entity_id: The host entity id on which the process was running. + :vartype host_entity_id: str + :ivar host_logon_session_entity_id: The session entity id in which the process was running. + :vartype host_logon_session_entity_id: str + :ivar image_file_entity_id: Image file entity id. + :vartype image_file_entity_id: str + :ivar parent_process_entity_id: The parent process entity id. + :vartype parent_process_entity_id: str + :ivar process_id: The process ID. + :vartype process_id: str + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "account_entity_id": {"readonly": True}, + "command_line": {"readonly": True}, + "creation_time_utc": {"readonly": True}, + "host_entity_id": {"readonly": True}, + "host_logon_session_entity_id": {"readonly": True}, + "image_file_entity_id": {"readonly": True}, + "parent_process_entity_id": {"readonly": True}, + "process_id": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "account_entity_id": {"key": "accountEntityId", "type": "str"}, + "command_line": {"key": "commandLine", "type": "str"}, + "creation_time_utc": {"key": "creationTimeUtc", "type": "iso-8601"}, + "elevation_token": {"key": "elevationToken", "type": "str"}, + "host_entity_id": {"key": "hostEntityId", "type": "str"}, + "host_logon_session_entity_id": {"key": "hostLogonSessionEntityId", "type": "str"}, + "image_file_entity_id": {"key": "imageFileEntityId", "type": "str"}, + "parent_process_entity_id": {"key": "parentProcessEntityId", "type": "str"}, + "process_id": {"key": "processId", "type": "str"}, + } + + def __init__( + self, *, elevation_token: Optional[Union[str, "_models.ElevationToken"]] = None, **kwargs: Any + ) -> None: + """ + :keyword elevation_token: The elevation token associated with the process. Known values are: + "Default", "Full", and "Limited". + :paramtype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken + """ + super().__init__(**kwargs) + self.account_entity_id = None + self.command_line = None + self.creation_time_utc = None + self.elevation_token = elevation_token + self.host_entity_id = None + self.host_logon_session_entity_id = None + self.image_file_entity_id = None + self.parent_process_entity_id = None + self.process_id = None + + +class ProductPackageAdditionalProperties(_serialization.Model): + """product package additional properties. + + :ivar installed_version: The version of the installed package, null or absent means not + installed. + :vartype installed_version: str + :ivar resource_id: The metadata resource id. + :vartype resource_id: str + :ivar packaged_content: the json to deploy. + :vartype packaged_content: JSON + """ + + _attribute_map = { + "installed_version": {"key": "installedVersion", "type": "str"}, + "resource_id": {"key": "resourceId", "type": "str"}, + "packaged_content": {"key": "packagedContent", "type": "object"}, + } + + def __init__( + self, + *, + installed_version: Optional[str] = None, + resource_id: Optional[str] = None, + packaged_content: Optional[JSON] = None, + **kwargs: Any + ) -> None: + """ + :keyword installed_version: The version of the installed package, null or absent means not + installed. + :paramtype installed_version: str + :keyword resource_id: The metadata resource id. + :paramtype resource_id: str + :keyword packaged_content: the json to deploy. + :paramtype packaged_content: JSON + """ + super().__init__(**kwargs) + self.installed_version = installed_version + self.resource_id = resource_id + self.packaged_content = packaged_content + + +class ProductPackageList(_serialization.Model): + """List available packages. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of packages. + :vartype next_link: str + :ivar value: Array of packages. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.ProductPackageModel] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[ProductPackageModel]"}, + } + + def __init__(self, *, value: List["_models.ProductPackageModel"], **kwargs: Any) -> None: + """ + :keyword value: Array of packages. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.ProductPackageModel] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class ProductPackageModel(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Represents a Package in Azure Security Insights. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar content_id: The content id of the package. + :vartype content_id: str + :ivar content_product_id: Unique ID for the content. It should be generated based on the + contentId, contentKind and the contentVersion of the package. + :vartype content_product_id: str + :ivar content_kind: The package kind. Known values are: "Solution" and "Standalone". + :vartype content_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :ivar content_schema_version: The version of the content schema. + :vartype content_schema_version: str + :ivar is_new: Flag indicates if this is a newly published package. Known values are: "true" and + "false". + :vartype is_new: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_preview: Flag indicates if this package is in preview. Known values are: "true" and + "false". + :vartype is_preview: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_featured: Flag indicates if this package is among the featured list. Known values are: + "true" and "false". + :vartype is_featured: str or ~azure.mgmt.securityinsight.models.Flag + :ivar version: the latest version number of the package. + :vartype version: str + :ivar display_name: The display name of the package. + :vartype display_name: str + :ivar description: The description of the package. + :vartype description: str + :ivar publisher_display_name: The publisher display name of the package. + :vartype publisher_display_name: str + :ivar source: The source of the package. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The author of the package. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: The support tier of the package. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: The support tier of the package. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar providers: Providers for the package item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date package item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the package item. + :vartype last_publish_date: ~datetime.date + :ivar categories: The categories of the package. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar icon: the icon identifier. this id can later be fetched from the content metadata. + :vartype icon: str + :ivar installed_version: The version of the installed package, null or absent means not + installed. + :vartype installed_version: str + :ivar resource_id: The metadata resource id. + :vartype resource_id: str + :ivar packaged_content: the json to deploy. + :vartype packaged_content: JSON + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "content_id": {"key": "properties.contentId", "type": "str"}, + "content_product_id": {"key": "properties.contentProductId", "type": "str"}, + "content_kind": {"key": "properties.contentKind", "type": "str"}, + "content_schema_version": {"key": "properties.contentSchemaVersion", "type": "str"}, + "is_new": {"key": "properties.isNew", "type": "str"}, + "is_preview": {"key": "properties.isPreview", "type": "str"}, + "is_featured": {"key": "properties.isFeatured", "type": "str"}, + "version": {"key": "properties.version", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "publisher_display_name": {"key": "properties.publisherDisplayName", "type": "str"}, + "source": {"key": "properties.source", "type": "MetadataSource"}, + "author": {"key": "properties.author", "type": "MetadataAuthor"}, + "support": {"key": "properties.support", "type": "MetadataSupport"}, + "dependencies": {"key": "properties.dependencies", "type": "MetadataDependencies"}, + "providers": {"key": "properties.providers", "type": "[str]"}, + "first_publish_date": {"key": "properties.firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "properties.lastPublishDate", "type": "date"}, + "categories": {"key": "properties.categories", "type": "MetadataCategories"}, + "threat_analysis_tactics": {"key": "properties.threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "properties.threatAnalysisTechniques", "type": "[str]"}, + "icon": {"key": "properties.icon", "type": "str"}, + "installed_version": {"key": "properties.installedVersion", "type": "str"}, + "resource_id": {"key": "properties.resourceId", "type": "str"}, + "packaged_content": {"key": "properties.packagedContent", "type": "object"}, + } + + def __init__( # pylint: disable=too-many-locals + self, + *, + etag: Optional[str] = None, + content_id: Optional[str] = None, + content_product_id: Optional[str] = None, + content_kind: Optional[Union[str, "_models.PackageKind"]] = None, + content_schema_version: Optional[str] = None, + is_new: Optional[Union[str, "_models.Flag"]] = None, + is_preview: Optional[Union[str, "_models.Flag"]] = None, + is_featured: Optional[Union[str, "_models.Flag"]] = None, + version: Optional[str] = None, + display_name: Optional[str] = None, + description: Optional[str] = None, + publisher_display_name: Optional[str] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + categories: Optional["_models.MetadataCategories"] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + icon: Optional[str] = None, + installed_version: Optional[str] = None, + resource_id: Optional[str] = None, + packaged_content: Optional[JSON] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword content_id: The content id of the package. + :paramtype content_id: str + :keyword content_product_id: Unique ID for the content. It should be generated based on the + contentId, contentKind and the contentVersion of the package. + :paramtype content_product_id: str + :keyword content_kind: The package kind. Known values are: "Solution" and "Standalone". + :paramtype content_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :keyword content_schema_version: The version of the content schema. + :paramtype content_schema_version: str + :keyword is_new: Flag indicates if this is a newly published package. Known values are: "true" + and "false". + :paramtype is_new: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_preview: Flag indicates if this package is in preview. Known values are: "true" and + "false". + :paramtype is_preview: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_featured: Flag indicates if this package is among the featured list. Known values + are: "true" and "false". + :paramtype is_featured: str or ~azure.mgmt.securityinsight.models.Flag + :keyword version: the latest version number of the package. + :paramtype version: str + :keyword display_name: The display name of the package. + :paramtype display_name: str + :keyword description: The description of the package. + :paramtype description: str + :keyword publisher_display_name: The publisher display name of the package. + :paramtype publisher_display_name: str + :keyword source: The source of the package. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The author of the package. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: The support tier of the package. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: The support tier of the package. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword providers: Providers for the package item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date package item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the package item. + :paramtype last_publish_date: ~datetime.date + :keyword categories: The categories of the package. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword icon: the icon identifier. this id can later be fetched from the content metadata. + :paramtype icon: str + :keyword installed_version: The version of the installed package, null or absent means not + installed. + :paramtype installed_version: str + :keyword resource_id: The metadata resource id. + :paramtype resource_id: str + :keyword packaged_content: the json to deploy. + :paramtype packaged_content: JSON + """ + super().__init__(etag=etag, **kwargs) + self.content_id = content_id + self.content_product_id = content_product_id + self.content_kind = content_kind + self.content_schema_version = content_schema_version + self.is_new = is_new + self.is_preview = is_preview + self.is_featured = is_featured + self.version = version + self.display_name = display_name + self.description = description + self.publisher_display_name = publisher_display_name + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.categories = categories + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.icon = icon + self.installed_version = installed_version + self.resource_id = resource_id + self.packaged_content = packaged_content + + +class ProductPackageProperties( + PackageBaseProperties, ProductPackageAdditionalProperties +): # pylint: disable=too-many-instance-attributes + """Describes package properties. + + :ivar installed_version: The version of the installed package, null or absent means not + installed. + :vartype installed_version: str + :ivar resource_id: The metadata resource id. + :vartype resource_id: str + :ivar packaged_content: the json to deploy. + :vartype packaged_content: JSON + :ivar content_id: The content id of the package. + :vartype content_id: str + :ivar content_product_id: Unique ID for the content. It should be generated based on the + contentId, contentKind and the contentVersion of the package. + :vartype content_product_id: str + :ivar content_kind: The package kind. Known values are: "Solution" and "Standalone". + :vartype content_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :ivar content_schema_version: The version of the content schema. + :vartype content_schema_version: str + :ivar is_new: Flag indicates if this is a newly published package. Known values are: "true" and + "false". + :vartype is_new: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_preview: Flag indicates if this package is in preview. Known values are: "true" and + "false". + :vartype is_preview: str or ~azure.mgmt.securityinsight.models.Flag + :ivar is_featured: Flag indicates if this package is among the featured list. Known values are: + "true" and "false". + :vartype is_featured: str or ~azure.mgmt.securityinsight.models.Flag + :ivar version: the latest version number of the package. + :vartype version: str + :ivar display_name: The display name of the package. + :vartype display_name: str + :ivar description: The description of the package. + :vartype description: str + :ivar publisher_display_name: The publisher display name of the package. + :vartype publisher_display_name: str + :ivar source: The source of the package. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The author of the package. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: The support tier of the package. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: The support tier of the package. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar providers: Providers for the package item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date package item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the package item. + :vartype last_publish_date: ~datetime.date + :ivar categories: The categories of the package. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar icon: the icon identifier. this id can later be fetched from the content metadata. + :vartype icon: str + """ + + _attribute_map = { + "installed_version": {"key": "installedVersion", "type": "str"}, + "resource_id": {"key": "resourceId", "type": "str"}, + "packaged_content": {"key": "packagedContent", "type": "object"}, + "content_id": {"key": "contentId", "type": "str"}, + "content_product_id": {"key": "contentProductId", "type": "str"}, + "content_kind": {"key": "contentKind", "type": "str"}, + "content_schema_version": {"key": "contentSchemaVersion", "type": "str"}, + "is_new": {"key": "isNew", "type": "str"}, + "is_preview": {"key": "isPreview", "type": "str"}, + "is_featured": {"key": "isFeatured", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "publisher_display_name": {"key": "publisherDisplayName", "type": "str"}, + "source": {"key": "source", "type": "MetadataSource"}, + "author": {"key": "author", "type": "MetadataAuthor"}, + "support": {"key": "support", "type": "MetadataSupport"}, + "dependencies": {"key": "dependencies", "type": "MetadataDependencies"}, + "providers": {"key": "providers", "type": "[str]"}, + "first_publish_date": {"key": "firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "lastPublishDate", "type": "date"}, + "categories": {"key": "categories", "type": "MetadataCategories"}, + "threat_analysis_tactics": {"key": "threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "threatAnalysisTechniques", "type": "[str]"}, + "icon": {"key": "icon", "type": "str"}, + } + + def __init__( # pylint: disable=too-many-locals + self, + *, + installed_version: Optional[str] = None, + resource_id: Optional[str] = None, + packaged_content: Optional[JSON] = None, + content_id: Optional[str] = None, + content_product_id: Optional[str] = None, + content_kind: Optional[Union[str, "_models.PackageKind"]] = None, + content_schema_version: Optional[str] = None, + is_new: Optional[Union[str, "_models.Flag"]] = None, + is_preview: Optional[Union[str, "_models.Flag"]] = None, + is_featured: Optional[Union[str, "_models.Flag"]] = None, + version: Optional[str] = None, + display_name: Optional[str] = None, + description: Optional[str] = None, + publisher_display_name: Optional[str] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + categories: Optional["_models.MetadataCategories"] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + icon: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword installed_version: The version of the installed package, null or absent means not + installed. + :paramtype installed_version: str + :keyword resource_id: The metadata resource id. + :paramtype resource_id: str + :keyword packaged_content: the json to deploy. + :paramtype packaged_content: JSON + :keyword content_id: The content id of the package. + :paramtype content_id: str + :keyword content_product_id: Unique ID for the content. It should be generated based on the + contentId, contentKind and the contentVersion of the package. + :paramtype content_product_id: str + :keyword content_kind: The package kind. Known values are: "Solution" and "Standalone". + :paramtype content_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :keyword content_schema_version: The version of the content schema. + :paramtype content_schema_version: str + :keyword is_new: Flag indicates if this is a newly published package. Known values are: "true" + and "false". + :paramtype is_new: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_preview: Flag indicates if this package is in preview. Known values are: "true" and + "false". + :paramtype is_preview: str or ~azure.mgmt.securityinsight.models.Flag + :keyword is_featured: Flag indicates if this package is among the featured list. Known values + are: "true" and "false". + :paramtype is_featured: str or ~azure.mgmt.securityinsight.models.Flag + :keyword version: the latest version number of the package. + :paramtype version: str + :keyword display_name: The display name of the package. + :paramtype display_name: str + :keyword description: The description of the package. + :paramtype description: str + :keyword publisher_display_name: The publisher display name of the package. + :paramtype publisher_display_name: str + :keyword source: The source of the package. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The author of the package. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: The support tier of the package. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: The support tier of the package. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword providers: Providers for the package item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date package item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the package item. + :paramtype last_publish_date: ~datetime.date + :keyword categories: The categories of the package. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword icon: the icon identifier. this id can later be fetched from the content metadata. + :paramtype icon: str + """ + super().__init__( + content_id=content_id, + content_product_id=content_product_id, + content_kind=content_kind, + content_schema_version=content_schema_version, + is_new=is_new, + is_preview=is_preview, + is_featured=is_featured, + version=version, + display_name=display_name, + description=description, + publisher_display_name=publisher_display_name, + source=source, + author=author, + support=support, + dependencies=dependencies, + providers=providers, + first_publish_date=first_publish_date, + last_publish_date=last_publish_date, + categories=categories, + threat_analysis_tactics=threat_analysis_tactics, + threat_analysis_techniques=threat_analysis_techniques, + icon=icon, + installed_version=installed_version, + resource_id=resource_id, + packaged_content=packaged_content, + **kwargs + ) + self.installed_version = installed_version + self.resource_id = resource_id + self.packaged_content = packaged_content + self.content_id = content_id + self.content_product_id = content_product_id + self.content_kind = content_kind + self.content_schema_version = content_schema_version + self.is_new = is_new + self.is_preview = is_preview + self.is_featured = is_featured + self.version = version + self.display_name = display_name + self.description = description + self.publisher_display_name = publisher_display_name + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.categories = categories + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.icon = icon + + +class ProductTemplateAdditionalProperties(_serialization.Model): + """additional properties of product template. + + :ivar packaged_content: the json to deploy. + :vartype packaged_content: JSON + """ + + _attribute_map = { + "packaged_content": {"key": "packagedContent", "type": "object"}, + } + + def __init__(self, *, packaged_content: Optional[JSON] = None, **kwargs: Any) -> None: + """ + :keyword packaged_content: the json to deploy. + :paramtype packaged_content: JSON + """ + super().__init__(**kwargs) + self.packaged_content = packaged_content + + +class ProductTemplateList(_serialization.Model): + """List of all the template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar value: Array of templates. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.ProductTemplateModel] + :ivar next_link: URL to fetch the next page of template. + :vartype next_link: str + """ + + _validation = { + "value": {"required": True}, + "next_link": {"readonly": True}, + } + + _attribute_map = { + "value": {"key": "value", "type": "[ProductTemplateModel]"}, + "next_link": {"key": "nextLink", "type": "str"}, + } + + def __init__(self, *, value: List["_models.ProductTemplateModel"], **kwargs: Any) -> None: + """ + :keyword value: Array of templates. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.ProductTemplateModel] + """ + super().__init__(**kwargs) + self.value = value + self.next_link = None + + +class ProductTemplateModel(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Template resource definition. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :vartype content_id: str + :ivar content_product_id: Unique ID for the content. It should be generated based on the + contentId of the package, contentId of the template, contentKind of the template and the + contentVersion of the template. + :vartype content_product_id: str + :ivar package_version: Version of the package. Default and recommended format is numeric (e.g. + 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but + then we cannot guarantee any version checks. + :vartype package_version: str + :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, + 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we + cannot guarantee any version checks. + :vartype version: str + :ivar display_name: The display name of the template. + :vartype display_name: str + :ivar content_kind: The kind of content the template is for. Known values are: "DataConnector", + "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :vartype content_kind: str or ~azure.mgmt.securityinsight.models.Kind + :ivar source: Source of the content. This is where/how it was created. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The creator of the content item. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: Support information for the template - type, name, contact information. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: Dependencies for the content item, what other content items it requires to + work. Can describe more complex dependencies using a recursive/nested structure. For a single + dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar categories: Categories for the item. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar providers: Providers for the content item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date content item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the content item. + :vartype last_publish_date: ~datetime.date + :ivar custom_version: The custom version of the content. A optional free text. + :vartype custom_version: str + :ivar content_schema_version: Schema version of the content. Can be used to distinguish between + different flow based on the schema version. + :vartype content_schema_version: str + :ivar icon: the icon identifier. this id can later be fetched from the content metadata. + :vartype icon: str + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar preview_images: preview image file names. These will be taken from the solution + artifacts. + :vartype preview_images: list[str] + :ivar preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :vartype preview_images_dark: list[str] + :ivar package_id: the package Id contains this template. + :vartype package_id: str + :ivar package_kind: the packageKind of the package contains this template. Known values are: + "Solution" and "Standalone". + :vartype package_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :ivar package_name: the name of the package contains this template. + :vartype package_name: str + :ivar packaged_content: the json to deploy. + :vartype packaged_content: JSON + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "content_id": {"key": "properties.contentId", "type": "str"}, + "content_product_id": {"key": "properties.contentProductId", "type": "str"}, + "package_version": {"key": "properties.packageVersion", "type": "str"}, + "version": {"key": "properties.version", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "content_kind": {"key": "properties.contentKind", "type": "str"}, + "source": {"key": "properties.source", "type": "MetadataSource"}, + "author": {"key": "properties.author", "type": "MetadataAuthor"}, + "support": {"key": "properties.support", "type": "MetadataSupport"}, + "dependencies": {"key": "properties.dependencies", "type": "MetadataDependencies"}, + "categories": {"key": "properties.categories", "type": "MetadataCategories"}, + "providers": {"key": "properties.providers", "type": "[str]"}, + "first_publish_date": {"key": "properties.firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "properties.lastPublishDate", "type": "date"}, + "custom_version": {"key": "properties.customVersion", "type": "str"}, + "content_schema_version": {"key": "properties.contentSchemaVersion", "type": "str"}, + "icon": {"key": "properties.icon", "type": "str"}, + "threat_analysis_tactics": {"key": "properties.threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "properties.threatAnalysisTechniques", "type": "[str]"}, + "preview_images": {"key": "properties.previewImages", "type": "[str]"}, + "preview_images_dark": {"key": "properties.previewImagesDark", "type": "[str]"}, + "package_id": {"key": "properties.packageId", "type": "str"}, + "package_kind": {"key": "properties.packageKind", "type": "str"}, + "package_name": {"key": "properties.packageName", "type": "str"}, + "packaged_content": {"key": "properties.packagedContent", "type": "object"}, + } + + def __init__( # pylint: disable=too-many-locals + self, + *, + etag: Optional[str] = None, + content_id: Optional[str] = None, + content_product_id: Optional[str] = None, + package_version: Optional[str] = None, + version: Optional[str] = None, + display_name: Optional[str] = None, + content_kind: Optional[Union[str, "_models.Kind"]] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + categories: Optional["_models.MetadataCategories"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + custom_version: Optional[str] = None, + content_schema_version: Optional[str] = None, + icon: Optional[str] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + preview_images: Optional[List[str]] = None, + preview_images_dark: Optional[List[str]] = None, + package_id: Optional[str] = None, + package_kind: Optional[Union[str, "_models.PackageKind"]] = None, + package_name: Optional[str] = None, + packaged_content: Optional[JSON] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :paramtype content_id: str + :keyword content_product_id: Unique ID for the content. It should be generated based on the + contentId of the package, contentId of the template, contentKind of the template and the + contentVersion of the template. + :paramtype content_product_id: str + :keyword package_version: Version of the package. Default and recommended format is numeric + (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, + but then we cannot guarantee any version checks. + :paramtype package_version: str + :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, + 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then + we cannot guarantee any version checks. + :paramtype version: str + :keyword display_name: The display name of the template. + :paramtype display_name: str + :keyword content_kind: The kind of content the template is for. Known values are: + "DataConnector", "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :paramtype content_kind: str or ~azure.mgmt.securityinsight.models.Kind + :keyword source: Source of the content. This is where/how it was created. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The creator of the content item. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: Support information for the template - type, name, contact information. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: Dependencies for the content item, what other content items it requires + to work. Can describe more complex dependencies using a recursive/nested structure. For a + single dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword categories: Categories for the item. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword providers: Providers for the content item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date content item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the content item. + :paramtype last_publish_date: ~datetime.date + :keyword custom_version: The custom version of the content. A optional free text. + :paramtype custom_version: str + :keyword content_schema_version: Schema version of the content. Can be used to distinguish + between different flow based on the schema version. + :paramtype content_schema_version: str + :keyword icon: the icon identifier. this id can later be fetched from the content metadata. + :paramtype icon: str + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword preview_images: preview image file names. These will be taken from the solution + artifacts. + :paramtype preview_images: list[str] + :keyword preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :paramtype preview_images_dark: list[str] + :keyword package_id: the package Id contains this template. + :paramtype package_id: str + :keyword package_kind: the packageKind of the package contains this template. Known values are: + "Solution" and "Standalone". + :paramtype package_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :keyword package_name: the name of the package contains this template. + :paramtype package_name: str + :keyword packaged_content: the json to deploy. + :paramtype packaged_content: JSON + """ + super().__init__(etag=etag, **kwargs) + self.content_id = content_id + self.content_product_id = content_product_id + self.package_version = package_version + self.version = version + self.display_name = display_name + self.content_kind = content_kind + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.categories = categories + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.custom_version = custom_version + self.content_schema_version = content_schema_version + self.icon = icon + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.preview_images = preview_images + self.preview_images_dark = preview_images_dark + self.package_id = package_id + self.package_kind = package_kind + self.package_name = package_name + self.packaged_content = packaged_content + + +class TemplateBaseProperties(_serialization.Model): # pylint: disable=too-many-instance-attributes + """Template property bag. + + :ivar content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :vartype content_id: str + :ivar content_product_id: Unique ID for the content. It should be generated based on the + contentId of the package, contentId of the template, contentKind of the template and the + contentVersion of the template. + :vartype content_product_id: str + :ivar package_version: Version of the package. Default and recommended format is numeric (e.g. + 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but + then we cannot guarantee any version checks. + :vartype package_version: str + :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, + 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we + cannot guarantee any version checks. + :vartype version: str + :ivar display_name: The display name of the template. + :vartype display_name: str + :ivar content_kind: The kind of content the template is for. Known values are: "DataConnector", + "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :vartype content_kind: str or ~azure.mgmt.securityinsight.models.Kind + :ivar source: Source of the content. This is where/how it was created. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The creator of the content item. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: Support information for the template - type, name, contact information. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: Dependencies for the content item, what other content items it requires to + work. Can describe more complex dependencies using a recursive/nested structure. For a single + dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar categories: Categories for the item. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar providers: Providers for the content item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date content item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the content item. + :vartype last_publish_date: ~datetime.date + :ivar custom_version: The custom version of the content. A optional free text. + :vartype custom_version: str + :ivar content_schema_version: Schema version of the content. Can be used to distinguish between + different flow based on the schema version. + :vartype content_schema_version: str + :ivar icon: the icon identifier. this id can later be fetched from the content metadata. + :vartype icon: str + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar preview_images: preview image file names. These will be taken from the solution + artifacts. + :vartype preview_images: list[str] + :ivar preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :vartype preview_images_dark: list[str] + :ivar package_id: the package Id contains this template. + :vartype package_id: str + :ivar package_kind: the packageKind of the package contains this template. Known values are: + "Solution" and "Standalone". + :vartype package_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :ivar package_name: the name of the package contains this template. + :vartype package_name: str + """ + + _attribute_map = { + "content_id": {"key": "contentId", "type": "str"}, + "content_product_id": {"key": "contentProductId", "type": "str"}, + "package_version": {"key": "packageVersion", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "content_kind": {"key": "contentKind", "type": "str"}, + "source": {"key": "source", "type": "MetadataSource"}, + "author": {"key": "author", "type": "MetadataAuthor"}, + "support": {"key": "support", "type": "MetadataSupport"}, + "dependencies": {"key": "dependencies", "type": "MetadataDependencies"}, + "categories": {"key": "categories", "type": "MetadataCategories"}, + "providers": {"key": "providers", "type": "[str]"}, + "first_publish_date": {"key": "firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "lastPublishDate", "type": "date"}, + "custom_version": {"key": "customVersion", "type": "str"}, + "content_schema_version": {"key": "contentSchemaVersion", "type": "str"}, + "icon": {"key": "icon", "type": "str"}, + "threat_analysis_tactics": {"key": "threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "threatAnalysisTechniques", "type": "[str]"}, + "preview_images": {"key": "previewImages", "type": "[str]"}, + "preview_images_dark": {"key": "previewImagesDark", "type": "[str]"}, + "package_id": {"key": "packageId", "type": "str"}, + "package_kind": {"key": "packageKind", "type": "str"}, + "package_name": {"key": "packageName", "type": "str"}, + } + + def __init__( # pylint: disable=too-many-locals + self, + *, + content_id: Optional[str] = None, + content_product_id: Optional[str] = None, + package_version: Optional[str] = None, + version: Optional[str] = None, + display_name: Optional[str] = None, + content_kind: Optional[Union[str, "_models.Kind"]] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + categories: Optional["_models.MetadataCategories"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + custom_version: Optional[str] = None, + content_schema_version: Optional[str] = None, + icon: Optional[str] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + preview_images: Optional[List[str]] = None, + preview_images_dark: Optional[List[str]] = None, + package_id: Optional[str] = None, + package_kind: Optional[Union[str, "_models.PackageKind"]] = None, + package_name: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :paramtype content_id: str + :keyword content_product_id: Unique ID for the content. It should be generated based on the + contentId of the package, contentId of the template, contentKind of the template and the + contentVersion of the template. + :paramtype content_product_id: str + :keyword package_version: Version of the package. Default and recommended format is numeric + (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, + but then we cannot guarantee any version checks. + :paramtype package_version: str + :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, + 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then + we cannot guarantee any version checks. + :paramtype version: str + :keyword display_name: The display name of the template. + :paramtype display_name: str + :keyword content_kind: The kind of content the template is for. Known values are: + "DataConnector", "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :paramtype content_kind: str or ~azure.mgmt.securityinsight.models.Kind + :keyword source: Source of the content. This is where/how it was created. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The creator of the content item. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: Support information for the template - type, name, contact information. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: Dependencies for the content item, what other content items it requires + to work. Can describe more complex dependencies using a recursive/nested structure. For a + single dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword categories: Categories for the item. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword providers: Providers for the content item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date content item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the content item. + :paramtype last_publish_date: ~datetime.date + :keyword custom_version: The custom version of the content. A optional free text. + :paramtype custom_version: str + :keyword content_schema_version: Schema version of the content. Can be used to distinguish + between different flow based on the schema version. + :paramtype content_schema_version: str + :keyword icon: the icon identifier. this id can later be fetched from the content metadata. + :paramtype icon: str + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword preview_images: preview image file names. These will be taken from the solution + artifacts. + :paramtype preview_images: list[str] + :keyword preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :paramtype preview_images_dark: list[str] + :keyword package_id: the package Id contains this template. + :paramtype package_id: str + :keyword package_kind: the packageKind of the package contains this template. Known values are: + "Solution" and "Standalone". + :paramtype package_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :keyword package_name: the name of the package contains this template. + :paramtype package_name: str + """ + super().__init__(**kwargs) + self.content_id = content_id + self.content_product_id = content_product_id + self.package_version = package_version + self.version = version + self.display_name = display_name + self.content_kind = content_kind + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.categories = categories + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.custom_version = custom_version + self.content_schema_version = content_schema_version + self.icon = icon + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.preview_images = preview_images + self.preview_images_dark = preview_images_dark + self.package_id = package_id + self.package_kind = package_kind + self.package_name = package_name + + +class ProductTemplateProperties( + TemplateBaseProperties, ProductTemplateAdditionalProperties +): # pylint: disable=too-many-instance-attributes + """Template property bag. + + :ivar packaged_content: the json to deploy. + :vartype packaged_content: JSON + :ivar content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :vartype content_id: str + :ivar content_product_id: Unique ID for the content. It should be generated based on the + contentId of the package, contentId of the template, contentKind of the template and the + contentVersion of the template. + :vartype content_product_id: str + :ivar package_version: Version of the package. Default and recommended format is numeric (e.g. + 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but + then we cannot guarantee any version checks. + :vartype package_version: str + :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, + 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we + cannot guarantee any version checks. + :vartype version: str + :ivar display_name: The display name of the template. + :vartype display_name: str + :ivar content_kind: The kind of content the template is for. Known values are: "DataConnector", + "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :vartype content_kind: str or ~azure.mgmt.securityinsight.models.Kind + :ivar source: Source of the content. This is where/how it was created. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The creator of the content item. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: Support information for the template - type, name, contact information. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: Dependencies for the content item, what other content items it requires to + work. Can describe more complex dependencies using a recursive/nested structure. For a single + dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar categories: Categories for the item. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar providers: Providers for the content item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date content item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the content item. + :vartype last_publish_date: ~datetime.date + :ivar custom_version: The custom version of the content. A optional free text. + :vartype custom_version: str + :ivar content_schema_version: Schema version of the content. Can be used to distinguish between + different flow based on the schema version. + :vartype content_schema_version: str + :ivar icon: the icon identifier. this id can later be fetched from the content metadata. + :vartype icon: str + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar preview_images: preview image file names. These will be taken from the solution + artifacts. + :vartype preview_images: list[str] + :ivar preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :vartype preview_images_dark: list[str] + :ivar package_id: the package Id contains this template. + :vartype package_id: str + :ivar package_kind: the packageKind of the package contains this template. Known values are: + "Solution" and "Standalone". + :vartype package_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :ivar package_name: the name of the package contains this template. + :vartype package_name: str + """ _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "account_entity_id": {"key": "accountEntityId", "type": "str"}, - "command_line": {"key": "commandLine", "type": "str"}, - "creation_time_utc": {"key": "creationTimeUtc", "type": "iso-8601"}, - "elevation_token": {"key": "elevationToken", "type": "str"}, - "host_entity_id": {"key": "hostEntityId", "type": "str"}, - "host_logon_session_entity_id": {"key": "hostLogonSessionEntityId", "type": "str"}, - "image_file_entity_id": {"key": "imageFileEntityId", "type": "str"}, - "parent_process_entity_id": {"key": "parentProcessEntityId", "type": "str"}, - "process_id": {"key": "processId", "type": "str"}, + "packaged_content": {"key": "packagedContent", "type": "object"}, + "content_id": {"key": "contentId", "type": "str"}, + "content_product_id": {"key": "contentProductId", "type": "str"}, + "package_version": {"key": "packageVersion", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "content_kind": {"key": "contentKind", "type": "str"}, + "source": {"key": "source", "type": "MetadataSource"}, + "author": {"key": "author", "type": "MetadataAuthor"}, + "support": {"key": "support", "type": "MetadataSupport"}, + "dependencies": {"key": "dependencies", "type": "MetadataDependencies"}, + "categories": {"key": "categories", "type": "MetadataCategories"}, + "providers": {"key": "providers", "type": "[str]"}, + "first_publish_date": {"key": "firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "lastPublishDate", "type": "date"}, + "custom_version": {"key": "customVersion", "type": "str"}, + "content_schema_version": {"key": "contentSchemaVersion", "type": "str"}, + "icon": {"key": "icon", "type": "str"}, + "threat_analysis_tactics": {"key": "threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "threatAnalysisTechniques", "type": "[str]"}, + "preview_images": {"key": "previewImages", "type": "[str]"}, + "preview_images_dark": {"key": "previewImagesDark", "type": "[str]"}, + "package_id": {"key": "packageId", "type": "str"}, + "package_kind": {"key": "packageKind", "type": "str"}, + "package_name": {"key": "packageName", "type": "str"}, } - def __init__(self, *, elevation_token: Optional[Union[str, "_models.ElevationToken"]] = None, **kwargs): - """ - :keyword elevation_token: The elevation token associated with the process. Known values are: - "Default", "Full", and "Limited". - :paramtype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken + def __init__( # pylint: disable=too-many-locals + self, + *, + packaged_content: Optional[JSON] = None, + content_id: Optional[str] = None, + content_product_id: Optional[str] = None, + package_version: Optional[str] = None, + version: Optional[str] = None, + display_name: Optional[str] = None, + content_kind: Optional[Union[str, "_models.Kind"]] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + categories: Optional["_models.MetadataCategories"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + custom_version: Optional[str] = None, + content_schema_version: Optional[str] = None, + icon: Optional[str] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + preview_images: Optional[List[str]] = None, + preview_images_dark: Optional[List[str]] = None, + package_id: Optional[str] = None, + package_kind: Optional[Union[str, "_models.PackageKind"]] = None, + package_name: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword packaged_content: the json to deploy. + :paramtype packaged_content: JSON + :keyword content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :paramtype content_id: str + :keyword content_product_id: Unique ID for the content. It should be generated based on the + contentId of the package, contentId of the template, contentKind of the template and the + contentVersion of the template. + :paramtype content_product_id: str + :keyword package_version: Version of the package. Default and recommended format is numeric + (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, + but then we cannot guarantee any version checks. + :paramtype package_version: str + :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, + 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then + we cannot guarantee any version checks. + :paramtype version: str + :keyword display_name: The display name of the template. + :paramtype display_name: str + :keyword content_kind: The kind of content the template is for. Known values are: + "DataConnector", "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :paramtype content_kind: str or ~azure.mgmt.securityinsight.models.Kind + :keyword source: Source of the content. This is where/how it was created. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The creator of the content item. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: Support information for the template - type, name, contact information. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: Dependencies for the content item, what other content items it requires + to work. Can describe more complex dependencies using a recursive/nested structure. For a + single dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword categories: Categories for the item. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword providers: Providers for the content item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date content item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the content item. + :paramtype last_publish_date: ~datetime.date + :keyword custom_version: The custom version of the content. A optional free text. + :paramtype custom_version: str + :keyword content_schema_version: Schema version of the content. Can be used to distinguish + between different flow based on the schema version. + :paramtype content_schema_version: str + :keyword icon: the icon identifier. this id can later be fetched from the content metadata. + :paramtype icon: str + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword preview_images: preview image file names. These will be taken from the solution + artifacts. + :paramtype preview_images: list[str] + :keyword preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :paramtype preview_images_dark: list[str] + :keyword package_id: the package Id contains this template. + :paramtype package_id: str + :keyword package_kind: the packageKind of the package contains this template. Known values are: + "Solution" and "Standalone". + :paramtype package_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :keyword package_name: the name of the package contains this template. + :paramtype package_name: str """ - super().__init__(**kwargs) - self.account_entity_id = None - self.command_line = None - self.creation_time_utc = None - self.elevation_token = elevation_token - self.host_entity_id = None - self.host_logon_session_entity_id = None - self.image_file_entity_id = None - self.parent_process_entity_id = None - self.process_id = None + super().__init__( + content_id=content_id, + content_product_id=content_product_id, + package_version=package_version, + version=version, + display_name=display_name, + content_kind=content_kind, + source=source, + author=author, + support=support, + dependencies=dependencies, + categories=categories, + providers=providers, + first_publish_date=first_publish_date, + last_publish_date=last_publish_date, + custom_version=custom_version, + content_schema_version=content_schema_version, + icon=icon, + threat_analysis_tactics=threat_analysis_tactics, + threat_analysis_techniques=threat_analysis_techniques, + preview_images=preview_images, + preview_images_dark=preview_images_dark, + package_id=package_id, + package_kind=package_kind, + package_name=package_name, + packaged_content=packaged_content, + **kwargs + ) + self.packaged_content = packaged_content + self.content_id = content_id + self.content_product_id = content_product_id + self.package_version = package_version + self.version = version + self.display_name = display_name + self.content_kind = content_kind + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.categories = categories + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.custom_version = custom_version + self.content_schema_version = content_schema_version + self.icon = icon + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.preview_images = preview_images + self.preview_images_dark = preview_images_dark + self.package_id = package_id + self.package_kind = package_kind + self.package_name = package_name class PropertyArrayChangedConditionProperties(AutomationRuleCondition): @@ -17919,8 +22040,8 @@ def __init__( self, *, condition_properties: Optional["_models.AutomationRulePropertyArrayChangedValuesCondition"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword condition_properties: :paramtype condition_properties: @@ -17954,8 +22075,11 @@ class PropertyArrayConditionProperties(AutomationRuleCondition): } def __init__( - self, *, condition_properties: Optional["_models.AutomationRulePropertyArrayValuesCondition"] = None, **kwargs - ): + self, + *, + condition_properties: Optional["_models.AutomationRulePropertyArrayValuesCondition"] = None, + **kwargs: Any + ) -> None: """ :keyword condition_properties: :paramtype condition_properties: @@ -17989,8 +22113,11 @@ class PropertyChangedConditionProperties(AutomationRuleCondition): } def __init__( - self, *, condition_properties: Optional["_models.AutomationRulePropertyValuesChangedCondition"] = None, **kwargs - ): + self, + *, + condition_properties: Optional["_models.AutomationRulePropertyValuesChangedCondition"] = None, + **kwargs: Any + ) -> None: """ :keyword condition_properties: :paramtype condition_properties: @@ -18024,8 +22151,8 @@ class PropertyConditionProperties(AutomationRuleCondition): } def __init__( - self, *, condition_properties: Optional["_models.AutomationRulePropertyValuesCondition"] = None, **kwargs - ): + self, *, condition_properties: Optional["_models.AutomationRulePropertyValuesCondition"] = None, **kwargs: Any + ) -> None: """ :keyword condition_properties: :paramtype condition_properties: @@ -18036,6 +22163,35 @@ def __init__( self.condition_properties = condition_properties +class PullRequest(_serialization.Model): + """Information regarding pull request for protected branches. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar url: URL of pull request. + :vartype url: str + :ivar state: State of the pull request. Known values are: "Active", "Disabled", + "CompletedByUser", "CompletedByAction", and "Hidden". + :vartype state: str or ~azure.mgmt.securityinsight.models.State + """ + + _validation = { + "url": {"readonly": True}, + "state": {"readonly": True}, + } + + _attribute_map = { + "url": {"key": "url", "type": "str"}, + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.url = None + self.state = None + + class Recommendation(_serialization.Model): # pylint: disable=too-many-instance-attributes """Recommendation object. @@ -18148,8 +22304,8 @@ def __init__( hide_until_time_utc: Optional[datetime.datetime] = None, display_until_time_utc: Optional[datetime.datetime] = None, visible: Optional[bool] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword id: id of recommendation. Required. :paramtype id: str @@ -18230,7 +22386,7 @@ class RecommendationList(_serialization.Model): "value": {"key": "value", "type": "[Recommendation]"}, } - def __init__(self, *, value: Optional[List["_models.Recommendation"]] = None, **kwargs): + def __init__(self, *, value: Optional[List["_models.Recommendation"]] = None, **kwargs: Any) -> None: """ :keyword value: An list of recommendations. :paramtype value: list[~azure.mgmt.securityinsight.models.Recommendation] @@ -18260,8 +22416,8 @@ def __init__( *, state: Optional[Union[str, "_models.State"]] = None, hide_until_time_utc: Optional[datetime.datetime] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword state: State of the recommendation. Known values are: "Active", "Disabled", "CompletedByUser", "CompletedByAction", and "Hidden". @@ -18300,8 +22456,8 @@ class RecommendedAction(_serialization.Model): } def __init__( - self, *, link_text: str, link_url: str, state: Optional[Union[str, "_models.Priority"]] = None, **kwargs - ): + self, *, link_text: str, link_url: str, state: Optional[Union[str, "_models.Priority"]] = None, **kwargs: Any + ) -> None: """ :keyword link_text: Text of the link to complete the action. Required. :paramtype link_text: str @@ -18338,7 +22494,7 @@ class RegistryKeyEntity(Entity): "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. :vartype additional_data: dict[str, any] @@ -18378,7 +22534,7 @@ class RegistryKeyEntity(Entity): "key": {"key": "properties.key", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: str = "RegistryKey" @@ -18422,7 +22578,7 @@ class RegistryKeyEntityProperties(EntityCommonProperties): "key": {"key": "key", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.hive = None @@ -18451,7 +22607,7 @@ class RegistryValueEntity(Entity): # pylint: disable=too-many-instance-attribut "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. :vartype additional_data: dict[str, any] @@ -18498,7 +22654,7 @@ class RegistryValueEntity(Entity): # pylint: disable=too-many-instance-attribut "value_type": {"key": "properties.valueType", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: str = "RegistryValue" @@ -18551,7 +22707,7 @@ class RegistryValueEntityProperties(EntityCommonProperties): "value_type": {"key": "valueType", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.key_entity_id = None @@ -18610,7 +22766,7 @@ class Relation(ResourceWithEtag): "related_resource_kind": {"key": "properties.relatedResourceKind", "type": "str"}, } - def __init__(self, *, etag: Optional[str] = None, related_resource_id: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, related_resource_id: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -18647,7 +22803,7 @@ class RelationList(_serialization.Model): "value": {"key": "value", "type": "[Relation]"}, } - def __init__(self, *, value: List["_models.Relation"], **kwargs): + def __init__(self, *, value: List["_models.Relation"], **kwargs: Any) -> None: """ :keyword value: Array of relations. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.Relation] @@ -18680,8 +22836,8 @@ def __init__( url: Optional[str] = None, full_name: Optional[str] = None, branches: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword url: The url to access the repository. :paramtype url: str @@ -18719,7 +22875,7 @@ class RepoList(_serialization.Model): "value": {"key": "value", "type": "[Repo]"}, } - def __init__(self, *, value: List["_models.Repo"], **kwargs): + def __init__(self, *, value: List["_models.Repo"], **kwargs: Any) -> None: """ :keyword value: Array of repositories. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.Repo] @@ -18732,59 +22888,124 @@ def __init__(self, *, value: List["_models.Repo"], **kwargs): class Repository(_serialization.Model): """metadata of a repository. - :ivar url: Url of repository. + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar url: Url of repository. Required. :vartype url: str - :ivar branch: Branch name of repository. + :ivar branch: Branch name of repository. Required. :vartype branch: str :ivar display_url: Display url of repository. :vartype display_url: str :ivar deployment_logs_url: Url to access repository action logs. :vartype deployment_logs_url: str - :ivar path_mapping: Dictionary of source control content type and path mapping. - :vartype path_mapping: list[~azure.mgmt.securityinsight.models.ContentPathMap] """ + _validation = { + "url": {"required": True}, + "branch": {"required": True}, + "deployment_logs_url": {"readonly": True}, + } + _attribute_map = { "url": {"key": "url", "type": "str"}, "branch": {"key": "branch", "type": "str"}, "display_url": {"key": "displayUrl", "type": "str"}, "deployment_logs_url": {"key": "deploymentLogsUrl", "type": "str"}, - "path_mapping": {"key": "pathMapping", "type": "[ContentPathMap]"}, } - def __init__( - self, - *, - url: Optional[str] = None, - branch: Optional[str] = None, - display_url: Optional[str] = None, - deployment_logs_url: Optional[str] = None, - path_mapping: Optional[List["_models.ContentPathMap"]] = None, - **kwargs - ): + def __init__(self, *, url: str, branch: str, display_url: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword url: Url of repository. + :keyword url: Url of repository. Required. :paramtype url: str - :keyword branch: Branch name of repository. + :keyword branch: Branch name of repository. Required. :paramtype branch: str :keyword display_url: Display url of repository. :paramtype display_url: str - :keyword deployment_logs_url: Url to access repository action logs. - :paramtype deployment_logs_url: str - :keyword path_mapping: Dictionary of source control content type and path mapping. - :paramtype path_mapping: list[~azure.mgmt.securityinsight.models.ContentPathMap] """ super().__init__(**kwargs) self.url = url self.branch = branch self.display_url = display_url - self.deployment_logs_url = deployment_logs_url - self.path_mapping = path_mapping + self.deployment_logs_url = None + + +class RepositoryAccess(_serialization.Model): + """Credentials to access repository. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: The kind of repository access credentials. Required. Known values are: "OAuth", + "PAT", and "App". + :vartype kind: str or ~azure.mgmt.securityinsight.models.RepositoryAccessKind + :ivar code: OAuth Code. Required when ``kind`` is ``OAuth``. + :vartype code: str + :ivar state: OAuth State. Required when ``kind`` is ``OAuth``. + :vartype state: str + :ivar client_id: OAuth ClientId. Required when ``kind`` is ``OAuth``. + :vartype client_id: str + :ivar token: Personal Access Token. Required when ``kind`` is ``PAT``. + :vartype token: str + :ivar installation_id: Application installation ID. Required when ``kind`` is ``App``. + Supported by ``GitHub`` only. + :vartype installation_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "code": {"key": "code", "type": "str"}, + "state": {"key": "state", "type": "str"}, + "client_id": {"key": "clientId", "type": "str"}, + "token": {"key": "token", "type": "str"}, + "installation_id": {"key": "installationId", "type": "str"}, + } + + def __init__( + self, + *, + kind: Union[str, "_models.RepositoryAccessKind"], + code: Optional[str] = None, + state: Optional[str] = None, + client_id: Optional[str] = None, + token: Optional[str] = None, + installation_id: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword kind: The kind of repository access credentials. Required. Known values are: "OAuth", + "PAT", and "App". + :paramtype kind: str or ~azure.mgmt.securityinsight.models.RepositoryAccessKind + :keyword code: OAuth Code. Required when ``kind`` is ``OAuth``. + :paramtype code: str + :keyword state: OAuth State. Required when ``kind`` is ``OAuth``. + :paramtype state: str + :keyword client_id: OAuth ClientId. Required when ``kind`` is ``OAuth``. + :paramtype client_id: str + :keyword token: Personal Access Token. Required when ``kind`` is ``PAT``. + :paramtype token: str + :keyword installation_id: Application installation ID. Required when ``kind`` is ``App``. + Supported by ``GitHub`` only. + :paramtype installation_id: str + """ + super().__init__(**kwargs) + self.kind = kind + self.code = code + self.state = state + self.client_id = client_id + self.token = token + self.installation_id = installation_id class RepositoryResourceInfo(_serialization.Model): """Resources created in user's repository for the source-control. + Variables are only populated by the server, and will be ignored when sending a request. + :ivar webhook: The webhook object created for the source-control. :vartype webhook: ~azure.mgmt.securityinsight.models.Webhook :ivar git_hub_resource_info: Resources created in GitHub for this source-control. @@ -18794,34 +23015,26 @@ class RepositoryResourceInfo(_serialization.Model): ~azure.mgmt.securityinsight.models.AzureDevOpsResourceInfo """ + _validation = { + "git_hub_resource_info": {"readonly": True}, + "azure_dev_ops_resource_info": {"readonly": True}, + } + _attribute_map = { "webhook": {"key": "webhook", "type": "Webhook"}, "git_hub_resource_info": {"key": "gitHubResourceInfo", "type": "GitHubResourceInfo"}, "azure_dev_ops_resource_info": {"key": "azureDevOpsResourceInfo", "type": "AzureDevOpsResourceInfo"}, } - def __init__( - self, - *, - webhook: Optional["_models.Webhook"] = None, - git_hub_resource_info: Optional["_models.GitHubResourceInfo"] = None, - azure_dev_ops_resource_info: Optional["_models.AzureDevOpsResourceInfo"] = None, - **kwargs - ): + def __init__(self, *, webhook: Optional["_models.Webhook"] = None, **kwargs: Any) -> None: """ :keyword webhook: The webhook object created for the source-control. :paramtype webhook: ~azure.mgmt.securityinsight.models.Webhook - :keyword git_hub_resource_info: Resources created in GitHub for this source-control. - :paramtype git_hub_resource_info: ~azure.mgmt.securityinsight.models.GitHubResourceInfo - :keyword azure_dev_ops_resource_info: Resources created in Azure DevOps for this - source-control. - :paramtype azure_dev_ops_resource_info: - ~azure.mgmt.securityinsight.models.AzureDevOpsResourceInfo """ super().__init__(**kwargs) self.webhook = webhook - self.git_hub_resource_info = git_hub_resource_info - self.azure_dev_ops_resource_info = azure_dev_ops_resource_info + self.git_hub_resource_info = None + self.azure_dev_ops_resource_info = None class RequiredPermissions(_serialization.Model): @@ -18851,8 +23064,8 @@ def __init__( write: Optional[bool] = None, read: Optional[bool] = None, delete: Optional[bool] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword action: action permission. :paramtype action: bool @@ -18870,6 +23083,145 @@ def __init__( self.delete = delete +class ResourceProviderRequiredPermissions(_serialization.Model): + """Required permissions for the connector resource provider that define in ResourceProviders. + For more information about the permissions see :code:`here`. + + :ivar read: Gets or sets a value indicating whether the permission is read action (GET). + :vartype read: bool + :ivar write: Gets or sets a value indicating whether the permission is write action (PUT or + PATCH). + :vartype write: bool + :ivar delete: Gets or sets a value indicating whether the permission is delete action (DELETE). + :vartype delete: bool + :ivar action: Gets or sets a value indicating whether the permission is custom actions (POST). + :vartype action: bool + """ + + _attribute_map = { + "read": {"key": "read", "type": "bool"}, + "write": {"key": "write", "type": "bool"}, + "delete": {"key": "delete", "type": "bool"}, + "action": {"key": "action", "type": "bool"}, + } + + def __init__( + self, + *, + read: Optional[bool] = None, + write: Optional[bool] = None, + delete: Optional[bool] = None, + action: Optional[bool] = None, + **kwargs: Any + ) -> None: + """ + :keyword read: Gets or sets a value indicating whether the permission is read action (GET). + :paramtype read: bool + :keyword write: Gets or sets a value indicating whether the permission is write action (PUT or + PATCH). + :paramtype write: bool + :keyword delete: Gets or sets a value indicating whether the permission is delete action + (DELETE). + :paramtype delete: bool + :keyword action: Gets or sets a value indicating whether the permission is custom actions + (POST). + :paramtype action: bool + """ + super().__init__(**kwargs) + self.read = read + self.write = write + self.delete = delete + self.action = action + + +class SampleQuery(_serialization.Model): + """The sample queries for the connector. + + All required parameters must be populated in order to send to Azure. + + :ivar description: Gets or sets the sample query description. Required. + :vartype description: str + :ivar query: Gets or sets the KQL sample query. Required. + :vartype query: str + """ + + _validation = { + "description": {"required": True}, + "query": {"required": True}, + } + + _attribute_map = { + "description": {"key": "description", "type": "str"}, + "query": {"key": "query", "type": "str"}, + } + + def __init__(self, *, description: str, query: str, **kwargs: Any) -> None: + """ + :keyword description: Gets or sets the sample query description. Required. + :paramtype description: str + :keyword query: Gets or sets the KQL sample query. Required. + :paramtype query: str + """ + super().__init__(**kwargs) + self.description = description + self.query = query + + +class SapSolutionUsageStatistic(BillingStatistic): + """Billing statistic about the Microsoft Sentinel solution for SAP Usage. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Resource Etag. + :vartype etag: str + :ivar kind: The kind of the billing statistic. Required. "SapSolutionUsage" + :vartype kind: str or ~azure.mgmt.securityinsight.models.BillingStatisticKind + :ivar active_system_id_count: The latest count of active SAP system IDs under the Microsoft + Sentinel solution for SAP Usage. + :vartype active_system_id_count: int + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "etag": {"readonly": True}, + "kind": {"required": True}, + "active_system_id_count": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "active_system_id_count": {"key": "properties.activeSystemIdCount", "type": "int"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.kind: str = "SapSolutionUsage" + self.active_system_id_count = None + + class ScheduledAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes """Represents scheduled alert rule. @@ -19013,8 +23365,8 @@ def __init__( # pylint: disable=too-many-locals tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, techniques: Optional[List[str]] = None, incident_configuration: Optional["_models.IncidentConfiguration"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -19156,8 +23508,8 @@ def __init__( entity_mappings: Optional[List["_models.EntityMapping"]] = None, alert_details_override: Optional["_models.AlertDetailsOverride"] = None, sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword query: The query that creates alerts for this rule. :paramtype query: str @@ -19319,8 +23671,8 @@ def __init__( tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, techniques: Optional[List[str]] = None, incident_configuration: Optional["_models.IncidentConfiguration"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword query: The query that creates alerts for this rule. :paramtype query: str @@ -19540,8 +23892,8 @@ def __init__( # pylint: disable=too-many-locals entity_mappings: Optional[List["_models.EntityMapping"]] = None, alert_details_override: Optional["_models.AlertDetailsOverride"] = None, sentinel_entities_mappings: Optional[List["_models.SentinelEntityMapping"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword alert_rules_created_by_template_count: the number of alert rules that were created by this template. @@ -19638,7 +23990,7 @@ class SecurityAlert(Entity): # pylint: disable=too-many-instance-attributes "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. :vartype additional_data: dict[str, any] @@ -19784,8 +24136,8 @@ class SecurityAlert(Entity): # pylint: disable=too-many-instance-attributes } def __init__( # pylint: disable=too-many-locals - self, *, severity: Optional[Union[str, "_models.AlertSeverity"]] = None, **kwargs - ): + self, *, severity: Optional[Union[str, "_models.AlertSeverity"]] = None, **kwargs: Any + ) -> None: """ :keyword severity: The severity of the alert. Known values are: "High", "Medium", "Low", and "Informational". @@ -19959,8 +24311,8 @@ class SecurityAlertProperties(EntityCommonProperties): # pylint: disable=too-ma } def __init__( # pylint: disable=too-many-locals - self, *, severity: Optional[Union[str, "_models.AlertSeverity"]] = None, **kwargs - ): + self, *, severity: Optional[Union[str, "_models.AlertSeverity"]] = None, **kwargs: Any + ) -> None: """ :keyword severity: The severity of the alert. Known values are: "High", "Medium", "Low", and "Informational". @@ -20015,7 +24367,7 @@ class SecurityAlertPropertiesConfidenceReasonsItem(_serialization.Model): "reason_type": {"key": "reasonType", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.reason = None @@ -20100,8 +24452,8 @@ def __init__( product_name: Optional[str] = None, description: Optional[str] = None, techniques: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword azure_resource_id: The alert azure resource id. Required. :paramtype azure_resource_id: str @@ -20162,7 +24514,7 @@ class SecurityGroupEntity(Entity): "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. :vartype additional_data: dict[str, any] @@ -20205,7 +24557,7 @@ class SecurityGroupEntity(Entity): "sid": {"key": "properties.sid", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: str = "SecurityGroup" @@ -20253,7 +24605,7 @@ class SecurityGroupEntityProperties(EntityCommonProperties): "sid": {"key": "sid", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.distinguished_name = None @@ -20275,7 +24627,9 @@ class SecurityMLAnalyticsSettingsDataSource(_serialization.Model): "data_types": {"key": "dataTypes", "type": "[str]"}, } - def __init__(self, *, connector_id: Optional[str] = None, data_types: Optional[List[str]] = None, **kwargs): + def __init__( + self, *, connector_id: Optional[str] = None, data_types: Optional[List[str]] = None, **kwargs: Any + ) -> None: """ :keyword connector_id: The connector id that provides the following data types. :paramtype connector_id: str @@ -20310,7 +24664,7 @@ class SecurityMLAnalyticsSettingsList(_serialization.Model): "value": {"key": "value", "type": "[SecurityMLAnalyticsSetting]"}, } - def __init__(self, *, value: List["_models.SecurityMLAnalyticsSetting"], **kwargs): + def __init__(self, *, value: List["_models.SecurityMLAnalyticsSetting"], **kwargs: Any) -> None: """ :keyword value: Array of SecurityMLAnalyticsSettings. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting] @@ -20331,7 +24685,7 @@ class SentinelEntityMapping(_serialization.Model): "column_name": {"key": "columnName", "type": "str"}, } - def __init__(self, *, column_name: Optional[str] = None, **kwargs): + def __init__(self, *, column_name: Optional[str] = None, **kwargs: Any) -> None: """ :keyword column_name: the column name to be mapped to the SentinelEntities. :paramtype column_name: str @@ -20378,7 +24732,9 @@ class SentinelOnboardingState(ResourceWithEtag): "customer_managed_key": {"key": "properties.customerManagedKey", "type": "bool"}, } - def __init__(self, *, etag: Optional[str] = None, customer_managed_key: Optional[bool] = None, **kwargs): + def __init__( + self, *, etag: Optional[str] = None, customer_managed_key: Optional[bool] = None, **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -20406,7 +24762,7 @@ class SentinelOnboardingStatesList(_serialization.Model): "value": {"key": "value", "type": "[SentinelOnboardingState]"}, } - def __init__(self, *, value: List["_models.SentinelOnboardingState"], **kwargs): + def __init__(self, *, value: List["_models.SentinelOnboardingState"], **kwargs: Any) -> None: """ :keyword value: Array of Sentinel onboarding states. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.SentinelOnboardingState] @@ -20415,6 +24771,39 @@ def __init__(self, *, value: List["_models.SentinelOnboardingState"], **kwargs): self.value = value +class ServicePrincipal(_serialization.Model): + """Service principal metadata. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Id of service principal. + :vartype id: str + :ivar tenant_id: Tenant id of service principal. + :vartype tenant_id: str + :ivar app_id: App id of service principal. + :vartype app_id: str + """ + + _validation = { + "id": {"readonly": True}, + "tenant_id": {"readonly": True}, + "app_id": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "tenant_id": {"key": "tenantId", "type": "str"}, + "app_id": {"key": "appId", "type": "str"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.id = None + self.tenant_id = None + self.app_id = None + + class SettingList(_serialization.Model): """List of all the settings. @@ -20432,7 +24821,7 @@ class SettingList(_serialization.Model): "value": {"key": "value", "type": "[Settings]"}, } - def __init__(self, *, value: List["_models.Settings"], **kwargs): + def __init__(self, *, value: List["_models.Settings"], **kwargs: Any) -> None: """ :keyword value: Array of settings. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.Settings] @@ -20469,17 +24858,24 @@ class SourceControl(ResourceWithEtag): # pylint: disable=too-many-instance-attr :ivar description: A description of the source control. :vartype description: str :ivar repo_type: The repository type of the source control. Known values are: "Github" and - "DevOps". + "AzureDevOps". :vartype repo_type: str or ~azure.mgmt.securityinsight.models.RepoType :ivar content_types: Array of source control content types. :vartype content_types: list[str or ~azure.mgmt.securityinsight.models.ContentType] :ivar repository: Repository metadata. :vartype repository: ~azure.mgmt.securityinsight.models.Repository + :ivar service_principal: Service principal metadata. + :vartype service_principal: ~azure.mgmt.securityinsight.models.ServicePrincipal + :ivar repository_access: Repository access credentials. This is write-only object and it never + returns back to a user. + :vartype repository_access: ~azure.mgmt.securityinsight.models.RepositoryAccess :ivar repository_resource_info: Information regarding the resources created in user's repository. :vartype repository_resource_info: ~azure.mgmt.securityinsight.models.RepositoryResourceInfo :ivar last_deployment_info: Information regarding the latest deployment for the source control. :vartype last_deployment_info: ~azure.mgmt.securityinsight.models.DeploymentInfo + :ivar pull_request: Information regarding the pull request of the source control. + :vartype pull_request: ~azure.mgmt.securityinsight.models.PullRequest """ _validation = { @@ -20487,6 +24883,11 @@ class SourceControl(ResourceWithEtag): # pylint: disable=too-many-instance-attr "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, + "id_properties_id": {"readonly": True}, + "version": {"readonly": True}, + "service_principal": {"readonly": True}, + "last_deployment_info": {"readonly": True}, + "pull_request": {"readonly": True}, } _attribute_map = { @@ -20502,61 +24903,60 @@ class SourceControl(ResourceWithEtag): # pylint: disable=too-many-instance-attr "repo_type": {"key": "properties.repoType", "type": "str"}, "content_types": {"key": "properties.contentTypes", "type": "[str]"}, "repository": {"key": "properties.repository", "type": "Repository"}, + "service_principal": {"key": "properties.servicePrincipal", "type": "ServicePrincipal"}, + "repository_access": {"key": "properties.repositoryAccess", "type": "RepositoryAccess"}, "repository_resource_info": {"key": "properties.repositoryResourceInfo", "type": "RepositoryResourceInfo"}, "last_deployment_info": {"key": "properties.lastDeploymentInfo", "type": "DeploymentInfo"}, + "pull_request": {"key": "properties.pullRequest", "type": "PullRequest"}, } def __init__( self, *, etag: Optional[str] = None, - id_properties_id: Optional[str] = None, - version: Optional[Union[str, "_models.Version"]] = None, display_name: Optional[str] = None, description: Optional[str] = None, repo_type: Optional[Union[str, "_models.RepoType"]] = None, content_types: Optional[List[Union[str, "_models.ContentType"]]] = None, repository: Optional["_models.Repository"] = None, + repository_access: Optional["_models.RepositoryAccess"] = None, repository_resource_info: Optional["_models.RepositoryResourceInfo"] = None, - last_deployment_info: Optional["_models.DeploymentInfo"] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword id_properties_id: The id (a Guid) of the source control. - :paramtype id_properties_id: str - :keyword version: The version number associated with the source control. Known values are: "V1" - and "V2". - :paramtype version: str or ~azure.mgmt.securityinsight.models.Version :keyword display_name: The display name of the source control. :paramtype display_name: str :keyword description: A description of the source control. :paramtype description: str :keyword repo_type: The repository type of the source control. Known values are: "Github" and - "DevOps". + "AzureDevOps". :paramtype repo_type: str or ~azure.mgmt.securityinsight.models.RepoType :keyword content_types: Array of source control content types. :paramtype content_types: list[str or ~azure.mgmt.securityinsight.models.ContentType] :keyword repository: Repository metadata. :paramtype repository: ~azure.mgmt.securityinsight.models.Repository + :keyword repository_access: Repository access credentials. This is write-only object and it + never returns back to a user. + :paramtype repository_access: ~azure.mgmt.securityinsight.models.RepositoryAccess :keyword repository_resource_info: Information regarding the resources created in user's repository. :paramtype repository_resource_info: ~azure.mgmt.securityinsight.models.RepositoryResourceInfo - :keyword last_deployment_info: Information regarding the latest deployment for the source - control. - :paramtype last_deployment_info: ~azure.mgmt.securityinsight.models.DeploymentInfo """ super().__init__(etag=etag, **kwargs) - self.id_properties_id = id_properties_id - self.version = version + self.id_properties_id = None + self.version = None self.display_name = display_name self.description = description self.repo_type = repo_type self.content_types = content_types self.repository = repository + self.service_principal = None + self.repository_access = repository_access self.repository_resource_info = repository_resource_info - self.last_deployment_info = last_deployment_info + self.last_deployment_info = None + self.pull_request = None class SourceControlList(_serialization.Model): @@ -20582,7 +24982,7 @@ class SourceControlList(_serialization.Model): "value": {"key": "value", "type": "[SourceControl]"}, } - def __init__(self, *, value: List["_models.SourceControl"], **kwargs): + def __init__(self, *, value: List["_models.SourceControl"], **kwargs: Any) -> None: """ :keyword value: Array of source controls. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.SourceControl] @@ -20614,7 +25014,7 @@ class SubmissionMailEntity(Entity): # pylint: disable=too-many-instance-attribu "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. :vartype additional_data: dict[str, any] @@ -20684,7 +25084,7 @@ class SubmissionMailEntity(Entity): # pylint: disable=too-many-instance-attribu "report_type": {"key": "properties.reportType", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.kind: str = "SubmissionMail" @@ -20766,7 +25166,7 @@ class SubmissionMailEntityProperties(EntityCommonProperties): # pylint: disable "report_type": {"key": "reportType", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.network_message_id = None @@ -20818,8 +25218,8 @@ def __init__( last_modified_by: Optional[str] = None, last_modified_by_type: Optional[Union[str, "_models.CreatedByType"]] = None, last_modified_at: Optional[datetime.datetime] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword created_by: The identity that created the resource. :paramtype created_by: str @@ -20845,99 +25245,673 @@ def __init__( self.last_modified_at = last_modified_at -class TeamInformation(_serialization.Model): - """Describes team information. +class TeamInformation(_serialization.Model): + """Describes team information. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar team_id: Team ID. + :vartype team_id: str + :ivar primary_channel_url: The primary channel URL of the team. + :vartype primary_channel_url: str + :ivar team_creation_time_utc: The time the team was created. + :vartype team_creation_time_utc: ~datetime.datetime + :ivar name: The name of the team. + :vartype name: str + :ivar description: The description of the team. + :vartype description: str + """ + + _validation = { + "team_id": {"readonly": True}, + "primary_channel_url": {"readonly": True}, + "team_creation_time_utc": {"readonly": True}, + "name": {"readonly": True}, + "description": {"readonly": True}, + } + + _attribute_map = { + "team_id": {"key": "teamId", "type": "str"}, + "primary_channel_url": {"key": "primaryChannelUrl", "type": "str"}, + "team_creation_time_utc": {"key": "teamCreationTimeUtc", "type": "iso-8601"}, + "name": {"key": "name", "type": "str"}, + "description": {"key": "description", "type": "str"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.team_id = None + self.primary_channel_url = None + self.team_creation_time_utc = None + self.name = None + self.description = None + + +class TeamProperties(_serialization.Model): + """Describes team properties. + + All required parameters must be populated in order to send to Azure. + + :ivar team_name: The name of the team. Required. + :vartype team_name: str + :ivar team_description: The description of the team. + :vartype team_description: str + :ivar group_ids: List of group IDs to add their members to the team. + :vartype group_ids: list[str] + :ivar member_ids: List of member IDs to add to the team. + :vartype member_ids: list[str] + """ + + _validation = { + "team_name": {"required": True}, + } + + _attribute_map = { + "team_name": {"key": "teamName", "type": "str"}, + "team_description": {"key": "teamDescription", "type": "str"}, + "group_ids": {"key": "groupIds", "type": "[str]"}, + "member_ids": {"key": "memberIds", "type": "[str]"}, + } + + def __init__( + self, + *, + team_name: str, + team_description: Optional[str] = None, + group_ids: Optional[List[str]] = None, + member_ids: Optional[List[str]] = None, + **kwargs: Any + ) -> None: + """ + :keyword team_name: The name of the team. Required. + :paramtype team_name: str + :keyword team_description: The description of the team. + :paramtype team_description: str + :keyword group_ids: List of group IDs to add their members to the team. + :paramtype group_ids: list[str] + :keyword member_ids: List of member IDs to add to the team. + :paramtype member_ids: list[str] + """ + super().__init__(**kwargs) + self.team_name = team_name + self.team_description = team_description + self.group_ids = group_ids + self.member_ids = member_ids + + +class TemplateAdditionalProperties(_serialization.Model): + """additional properties of product template. + + :ivar main_template: The JSON of the ARM template to deploy active content. + :vartype main_template: JSON + """ + + _attribute_map = { + "main_template": {"key": "mainTemplate", "type": "object"}, + } + + def __init__(self, *, main_template: Optional[JSON] = None, **kwargs: Any) -> None: + """ + :keyword main_template: The JSON of the ARM template to deploy active content. + :paramtype main_template: JSON + """ + super().__init__(**kwargs) + self.main_template = main_template + + +class TemplateList(_serialization.Model): + """List of all the template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar value: Array of templates. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.TemplateModel] + :ivar next_link: URL to fetch the next page of template. + :vartype next_link: str + """ + + _validation = { + "value": {"required": True}, + "next_link": {"readonly": True}, + } + + _attribute_map = { + "value": {"key": "value", "type": "[TemplateModel]"}, + "next_link": {"key": "nextLink", "type": "str"}, + } + + def __init__(self, *, value: List["_models.TemplateModel"], **kwargs: Any) -> None: + """ + :keyword value: Array of templates. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.TemplateModel] + """ + super().__init__(**kwargs) + self.value = value + self.next_link = None + + +class TemplateModel(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Template resource definition. Variables are only populated by the server, and will be ignored when sending a request. - :ivar team_id: Team ID. - :vartype team_id: str - :ivar primary_channel_url: The primary channel URL of the team. - :vartype primary_channel_url: str - :ivar team_creation_time_utc: The time the team was created. - :vartype team_creation_time_utc: ~datetime.datetime - :ivar name: The name of the team. + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. :vartype name: str - :ivar description: The description of the team. - :vartype description: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :vartype content_id: str + :ivar content_product_id: Unique ID for the content. It should be generated based on the + contentId of the package, contentId of the template, contentKind of the template and the + contentVersion of the template. + :vartype content_product_id: str + :ivar package_version: Version of the package. Default and recommended format is numeric (e.g. + 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but + then we cannot guarantee any version checks. + :vartype package_version: str + :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, + 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we + cannot guarantee any version checks. + :vartype version: str + :ivar display_name: The display name of the template. + :vartype display_name: str + :ivar content_kind: The kind of content the template is for. Known values are: "DataConnector", + "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :vartype content_kind: str or ~azure.mgmt.securityinsight.models.Kind + :ivar source: Source of the content. This is where/how it was created. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The creator of the content item. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: Support information for the template - type, name, contact information. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: Dependencies for the content item, what other content items it requires to + work. Can describe more complex dependencies using a recursive/nested structure. For a single + dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar categories: Categories for the item. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar providers: Providers for the content item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date content item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the content item. + :vartype last_publish_date: ~datetime.date + :ivar custom_version: The custom version of the content. A optional free text. + :vartype custom_version: str + :ivar content_schema_version: Schema version of the content. Can be used to distinguish between + different flow based on the schema version. + :vartype content_schema_version: str + :ivar icon: the icon identifier. this id can later be fetched from the content metadata. + :vartype icon: str + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar preview_images: preview image file names. These will be taken from the solution + artifacts. + :vartype preview_images: list[str] + :ivar preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :vartype preview_images_dark: list[str] + :ivar package_id: the package Id contains this template. + :vartype package_id: str + :ivar package_kind: the packageKind of the package contains this template. Known values are: + "Solution" and "Standalone". + :vartype package_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :ivar package_name: the name of the package contains this template. + :vartype package_name: str + :ivar main_template: The JSON of the ARM template to deploy active content. + :vartype main_template: JSON """ _validation = { - "team_id": {"readonly": True}, - "primary_channel_url": {"readonly": True}, - "team_creation_time_utc": {"readonly": True}, + "id": {"readonly": True}, "name": {"readonly": True}, - "description": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, } _attribute_map = { - "team_id": {"key": "teamId", "type": "str"}, - "primary_channel_url": {"key": "primaryChannelUrl", "type": "str"}, - "team_creation_time_utc": {"key": "teamCreationTimeUtc", "type": "iso-8601"}, + "id": {"key": "id", "type": "str"}, "name": {"key": "name", "type": "str"}, - "description": {"key": "description", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "content_id": {"key": "properties.contentId", "type": "str"}, + "content_product_id": {"key": "properties.contentProductId", "type": "str"}, + "package_version": {"key": "properties.packageVersion", "type": "str"}, + "version": {"key": "properties.version", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "content_kind": {"key": "properties.contentKind", "type": "str"}, + "source": {"key": "properties.source", "type": "MetadataSource"}, + "author": {"key": "properties.author", "type": "MetadataAuthor"}, + "support": {"key": "properties.support", "type": "MetadataSupport"}, + "dependencies": {"key": "properties.dependencies", "type": "MetadataDependencies"}, + "categories": {"key": "properties.categories", "type": "MetadataCategories"}, + "providers": {"key": "properties.providers", "type": "[str]"}, + "first_publish_date": {"key": "properties.firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "properties.lastPublishDate", "type": "date"}, + "custom_version": {"key": "properties.customVersion", "type": "str"}, + "content_schema_version": {"key": "properties.contentSchemaVersion", "type": "str"}, + "icon": {"key": "properties.icon", "type": "str"}, + "threat_analysis_tactics": {"key": "properties.threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "properties.threatAnalysisTechniques", "type": "[str]"}, + "preview_images": {"key": "properties.previewImages", "type": "[str]"}, + "preview_images_dark": {"key": "properties.previewImagesDark", "type": "[str]"}, + "package_id": {"key": "properties.packageId", "type": "str"}, + "package_kind": {"key": "properties.packageKind", "type": "str"}, + "package_name": {"key": "properties.packageName", "type": "str"}, + "main_template": {"key": "properties.mainTemplate", "type": "object"}, } - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.team_id = None - self.primary_channel_url = None - self.team_creation_time_utc = None - self.name = None - self.description = None - - -class TeamProperties(_serialization.Model): - """Describes team properties. + def __init__( # pylint: disable=too-many-locals + self, + *, + etag: Optional[str] = None, + content_id: Optional[str] = None, + content_product_id: Optional[str] = None, + package_version: Optional[str] = None, + version: Optional[str] = None, + display_name: Optional[str] = None, + content_kind: Optional[Union[str, "_models.Kind"]] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + categories: Optional["_models.MetadataCategories"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + custom_version: Optional[str] = None, + content_schema_version: Optional[str] = None, + icon: Optional[str] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + preview_images: Optional[List[str]] = None, + preview_images_dark: Optional[List[str]] = None, + package_id: Optional[str] = None, + package_kind: Optional[Union[str, "_models.PackageKind"]] = None, + package_name: Optional[str] = None, + main_template: Optional[JSON] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :paramtype content_id: str + :keyword content_product_id: Unique ID for the content. It should be generated based on the + contentId of the package, contentId of the template, contentKind of the template and the + contentVersion of the template. + :paramtype content_product_id: str + :keyword package_version: Version of the package. Default and recommended format is numeric + (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, + but then we cannot guarantee any version checks. + :paramtype package_version: str + :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, + 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then + we cannot guarantee any version checks. + :paramtype version: str + :keyword display_name: The display name of the template. + :paramtype display_name: str + :keyword content_kind: The kind of content the template is for. Known values are: + "DataConnector", "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :paramtype content_kind: str or ~azure.mgmt.securityinsight.models.Kind + :keyword source: Source of the content. This is where/how it was created. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The creator of the content item. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: Support information for the template - type, name, contact information. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: Dependencies for the content item, what other content items it requires + to work. Can describe more complex dependencies using a recursive/nested structure. For a + single dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword categories: Categories for the item. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword providers: Providers for the content item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date content item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the content item. + :paramtype last_publish_date: ~datetime.date + :keyword custom_version: The custom version of the content. A optional free text. + :paramtype custom_version: str + :keyword content_schema_version: Schema version of the content. Can be used to distinguish + between different flow based on the schema version. + :paramtype content_schema_version: str + :keyword icon: the icon identifier. this id can later be fetched from the content metadata. + :paramtype icon: str + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword preview_images: preview image file names. These will be taken from the solution + artifacts. + :paramtype preview_images: list[str] + :keyword preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :paramtype preview_images_dark: list[str] + :keyword package_id: the package Id contains this template. + :paramtype package_id: str + :keyword package_kind: the packageKind of the package contains this template. Known values are: + "Solution" and "Standalone". + :paramtype package_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :keyword package_name: the name of the package contains this template. + :paramtype package_name: str + :keyword main_template: The JSON of the ARM template to deploy active content. + :paramtype main_template: JSON + """ + super().__init__(etag=etag, **kwargs) + self.content_id = content_id + self.content_product_id = content_product_id + self.package_version = package_version + self.version = version + self.display_name = display_name + self.content_kind = content_kind + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.categories = categories + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.custom_version = custom_version + self.content_schema_version = content_schema_version + self.icon = icon + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.preview_images = preview_images + self.preview_images_dark = preview_images_dark + self.package_id = package_id + self.package_kind = package_kind + self.package_name = package_name + self.main_template = main_template - All required parameters must be populated in order to send to Azure. - :ivar team_name: The name of the team. Required. - :vartype team_name: str - :ivar team_description: The description of the team. - :vartype team_description: str - :ivar group_ids: List of group IDs to add their members to the team. - :vartype group_ids: list[str] - :ivar member_ids: List of member IDs to add to the team. - :vartype member_ids: list[str] - """ +class TemplateProperties( + TemplateBaseProperties, TemplateAdditionalProperties +): # pylint: disable=too-many-instance-attributes + """Template property bag. - _validation = { - "team_name": {"required": True}, - } + :ivar main_template: The JSON of the ARM template to deploy active content. + :vartype main_template: JSON + :ivar content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :vartype content_id: str + :ivar content_product_id: Unique ID for the content. It should be generated based on the + contentId of the package, contentId of the template, contentKind of the template and the + contentVersion of the template. + :vartype content_product_id: str + :ivar package_version: Version of the package. Default and recommended format is numeric (e.g. + 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but + then we cannot guarantee any version checks. + :vartype package_version: str + :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, + 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we + cannot guarantee any version checks. + :vartype version: str + :ivar display_name: The display name of the template. + :vartype display_name: str + :ivar content_kind: The kind of content the template is for. Known values are: "DataConnector", + "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :vartype content_kind: str or ~azure.mgmt.securityinsight.models.Kind + :ivar source: Source of the content. This is where/how it was created. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The creator of the content item. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: Support information for the template - type, name, contact information. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: Dependencies for the content item, what other content items it requires to + work. Can describe more complex dependencies using a recursive/nested structure. For a single + dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar categories: Categories for the item. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar providers: Providers for the content item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date content item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the content item. + :vartype last_publish_date: ~datetime.date + :ivar custom_version: The custom version of the content. A optional free text. + :vartype custom_version: str + :ivar content_schema_version: Schema version of the content. Can be used to distinguish between + different flow based on the schema version. + :vartype content_schema_version: str + :ivar icon: the icon identifier. this id can later be fetched from the content metadata. + :vartype icon: str + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar preview_images: preview image file names. These will be taken from the solution + artifacts. + :vartype preview_images: list[str] + :ivar preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :vartype preview_images_dark: list[str] + :ivar package_id: the package Id contains this template. + :vartype package_id: str + :ivar package_kind: the packageKind of the package contains this template. Known values are: + "Solution" and "Standalone". + :vartype package_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :ivar package_name: the name of the package contains this template. + :vartype package_name: str + """ _attribute_map = { - "team_name": {"key": "teamName", "type": "str"}, - "team_description": {"key": "teamDescription", "type": "str"}, - "group_ids": {"key": "groupIds", "type": "[str]"}, - "member_ids": {"key": "memberIds", "type": "[str]"}, + "main_template": {"key": "mainTemplate", "type": "object"}, + "content_id": {"key": "contentId", "type": "str"}, + "content_product_id": {"key": "contentProductId", "type": "str"}, + "package_version": {"key": "packageVersion", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "content_kind": {"key": "contentKind", "type": "str"}, + "source": {"key": "source", "type": "MetadataSource"}, + "author": {"key": "author", "type": "MetadataAuthor"}, + "support": {"key": "support", "type": "MetadataSupport"}, + "dependencies": {"key": "dependencies", "type": "MetadataDependencies"}, + "categories": {"key": "categories", "type": "MetadataCategories"}, + "providers": {"key": "providers", "type": "[str]"}, + "first_publish_date": {"key": "firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "lastPublishDate", "type": "date"}, + "custom_version": {"key": "customVersion", "type": "str"}, + "content_schema_version": {"key": "contentSchemaVersion", "type": "str"}, + "icon": {"key": "icon", "type": "str"}, + "threat_analysis_tactics": {"key": "threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "threatAnalysisTechniques", "type": "[str]"}, + "preview_images": {"key": "previewImages", "type": "[str]"}, + "preview_images_dark": {"key": "previewImagesDark", "type": "[str]"}, + "package_id": {"key": "packageId", "type": "str"}, + "package_kind": {"key": "packageKind", "type": "str"}, + "package_name": {"key": "packageName", "type": "str"}, } - def __init__( + def __init__( # pylint: disable=too-many-locals self, *, - team_name: str, - team_description: Optional[str] = None, - group_ids: Optional[List[str]] = None, - member_ids: Optional[List[str]] = None, - **kwargs - ): - """ - :keyword team_name: The name of the team. Required. - :paramtype team_name: str - :keyword team_description: The description of the team. - :paramtype team_description: str - :keyword group_ids: List of group IDs to add their members to the team. - :paramtype group_ids: list[str] - :keyword member_ids: List of member IDs to add to the team. - :paramtype member_ids: list[str] + main_template: Optional[JSON] = None, + content_id: Optional[str] = None, + content_product_id: Optional[str] = None, + package_version: Optional[str] = None, + version: Optional[str] = None, + display_name: Optional[str] = None, + content_kind: Optional[Union[str, "_models.Kind"]] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + categories: Optional["_models.MetadataCategories"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + custom_version: Optional[str] = None, + content_schema_version: Optional[str] = None, + icon: Optional[str] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + preview_images: Optional[List[str]] = None, + preview_images_dark: Optional[List[str]] = None, + package_id: Optional[str] = None, + package_kind: Optional[Union[str, "_models.PackageKind"]] = None, + package_name: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword main_template: The JSON of the ARM template to deploy active content. + :paramtype main_template: JSON + :keyword content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :paramtype content_id: str + :keyword content_product_id: Unique ID for the content. It should be generated based on the + contentId of the package, contentId of the template, contentKind of the template and the + contentVersion of the template. + :paramtype content_product_id: str + :keyword package_version: Version of the package. Default and recommended format is numeric + (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, + but then we cannot guarantee any version checks. + :paramtype package_version: str + :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, + 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then + we cannot guarantee any version checks. + :paramtype version: str + :keyword display_name: The display name of the template. + :paramtype display_name: str + :keyword content_kind: The kind of content the template is for. Known values are: + "DataConnector", "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :paramtype content_kind: str or ~azure.mgmt.securityinsight.models.Kind + :keyword source: Source of the content. This is where/how it was created. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The creator of the content item. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: Support information for the template - type, name, contact information. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: Dependencies for the content item, what other content items it requires + to work. Can describe more complex dependencies using a recursive/nested structure. For a + single dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword categories: Categories for the item. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword providers: Providers for the content item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date content item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the content item. + :paramtype last_publish_date: ~datetime.date + :keyword custom_version: The custom version of the content. A optional free text. + :paramtype custom_version: str + :keyword content_schema_version: Schema version of the content. Can be used to distinguish + between different flow based on the schema version. + :paramtype content_schema_version: str + :keyword icon: the icon identifier. this id can later be fetched from the content metadata. + :paramtype icon: str + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword preview_images: preview image file names. These will be taken from the solution + artifacts. + :paramtype preview_images: list[str] + :keyword preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :paramtype preview_images_dark: list[str] + :keyword package_id: the package Id contains this template. + :paramtype package_id: str + :keyword package_kind: the packageKind of the package contains this template. Known values are: + "Solution" and "Standalone". + :paramtype package_kind: str or ~azure.mgmt.securityinsight.models.PackageKind + :keyword package_name: the name of the package contains this template. + :paramtype package_name: str """ - super().__init__(**kwargs) - self.team_name = team_name - self.team_description = team_description - self.group_ids = group_ids - self.member_ids = member_ids + super().__init__( + content_id=content_id, + content_product_id=content_product_id, + package_version=package_version, + version=version, + display_name=display_name, + content_kind=content_kind, + source=source, + author=author, + support=support, + dependencies=dependencies, + categories=categories, + providers=providers, + first_publish_date=first_publish_date, + last_publish_date=last_publish_date, + custom_version=custom_version, + content_schema_version=content_schema_version, + icon=icon, + threat_analysis_tactics=threat_analysis_tactics, + threat_analysis_techniques=threat_analysis_techniques, + preview_images=preview_images, + preview_images_dark=preview_images_dark, + package_id=package_id, + package_kind=package_kind, + package_name=package_name, + main_template=main_template, + **kwargs + ) + self.main_template = main_template + self.content_id = content_id + self.content_product_id = content_product_id + self.package_version = package_version + self.version = version + self.display_name = display_name + self.content_kind = content_kind + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.categories = categories + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.custom_version = custom_version + self.content_schema_version = content_schema_version + self.icon = icon + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.preview_images = preview_images + self.preview_images_dark = preview_images_dark + self.package_id = package_id + self.package_kind = package_kind + self.package_name = package_name class ThreatIntelligence(_serialization.Model): @@ -20978,7 +25952,7 @@ class ThreatIntelligence(_serialization.Model): "threat_type": {"key": "threatType", "type": "str"}, } - def __init__(self, **kwargs): + def __init__(self, **kwargs: Any) -> None: """ """ super().__init__(**kwargs) self.confidence = None @@ -21069,8 +26043,8 @@ def __init__( etag: Optional[str] = None, alert_rule_template_name: Optional[str] = None, enabled: Optional[bool] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -21182,8 +26156,8 @@ def __init__( tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, techniques: Optional[List[str]] = None, severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword alert_rules_created_by_template_count: the number of alert rules that were created by this template. @@ -21283,8 +26257,8 @@ def __init__( status: Optional[Union[str, "_models.TemplateStatus"]] = None, tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, techniques: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword alert_rules_created_by_template_count: the number of alert rules that were created by this template. @@ -21331,7 +26305,7 @@ class ThreatIntelligenceAppendTags(_serialization.Model): "threat_intelligence_tags": {"key": "threatIntelligenceTags", "type": "[str]"}, } - def __init__(self, *, threat_intelligence_tags: Optional[List[str]] = None, **kwargs): + def __init__(self, *, threat_intelligence_tags: Optional[List[str]] = None, **kwargs: Any) -> None: """ :keyword threat_intelligence_tags: List of tags to be appended. :paramtype threat_intelligence_tags: list[str] @@ -21371,8 +26345,8 @@ def __init__( source_name: Optional[str] = None, url: Optional[str] = None, hashes: Optional[Dict[str, str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword description: External reference description. :paramtype description: str @@ -21456,8 +26430,8 @@ def __init__( ids: Optional[List[str]] = None, keywords: Optional[List[str]] = None, skip_token: Optional[str] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword page_size: Page size. :paramtype page_size: int @@ -21525,8 +26499,8 @@ def __init__( language: Optional[str] = None, marking_ref: Optional[int] = None, selectors: Optional[List[str]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword language: Language granular marking model. :paramtype language: str @@ -21565,7 +26539,7 @@ class ThreatIntelligenceInformation(ResourceWithEtag): :ivar etag: Etag of the azure resource. :vartype etag: str :ivar kind: The kind of the entity. Required. "indicator" - :vartype kind: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceResourceKindEnum + :vartype kind: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceResourceInnerKind """ _validation = { @@ -21587,7 +26561,7 @@ class ThreatIntelligenceInformation(ResourceWithEtag): _subtype_map = {"kind": {"indicator": "ThreatIntelligenceIndicatorModel"}} - def __init__(self, *, etag: Optional[str] = None, **kwargs): + def __init__(self, *, etag: Optional[str] = None, **kwargs: Any) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -21617,7 +26591,7 @@ class ThreatIntelligenceIndicatorModel(ThreatIntelligenceInformation): # pylint :ivar etag: Etag of the azure resource. :vartype etag: str :ivar kind: The kind of the entity. Required. "indicator" - :vartype kind: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceResourceKindEnum + :vartype kind: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceResourceInnerKind :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. :vartype additional_data: dict[str, any] @@ -21770,8 +26744,8 @@ def __init__( # pylint: disable=too-many-locals created: Optional[str] = None, modified: Optional[str] = None, extensions: Optional[Dict[str, Any]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str @@ -22012,8 +26986,8 @@ def __init__( # pylint: disable=too-many-locals created: Optional[str] = None, modified: Optional[str] = None, extensions: Optional[Dict[str, Any]] = None, - **kwargs - ): + **kwargs: Any + ) -> None: """ :keyword threat_intelligence_tags: List of tags. :paramtype threat_intelligence_tags: list[str] @@ -22107,297 +27081,667 @@ def __init__( # pylint: disable=too-many-locals self.extensions = extensions -class ThreatIntelligenceInformationList(_serialization.Model): - """List of all the threat intelligence information objects. +class ThreatIntelligenceInformationList(_serialization.Model): + """List of all the threat intelligence information objects. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of information objects. + :vartype next_link: str + :ivar value: Array of threat intelligence information objects. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[ThreatIntelligenceInformation]"}, + } + + def __init__(self, *, value: List["_models.ThreatIntelligenceInformation"], **kwargs: Any) -> None: + """ + :keyword value: Array of threat intelligence information objects. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class ThreatIntelligenceKillChainPhase(_serialization.Model): + """Describes threat kill chain phase entity. + + :ivar kill_chain_name: Kill chainName name. + :vartype kill_chain_name: str + :ivar phase_name: Phase name. + :vartype phase_name: str + """ + + _attribute_map = { + "kill_chain_name": {"key": "killChainName", "type": "str"}, + "phase_name": {"key": "phaseName", "type": "str"}, + } + + def __init__( + self, *, kill_chain_name: Optional[str] = None, phase_name: Optional[str] = None, **kwargs: Any + ) -> None: + """ + :keyword kill_chain_name: Kill chainName name. + :paramtype kill_chain_name: str + :keyword phase_name: Phase name. + :paramtype phase_name: str + """ + super().__init__(**kwargs) + self.kill_chain_name = kill_chain_name + self.phase_name = phase_name + + +class ThreatIntelligenceMetric(_serialization.Model): + """Describes threat intelligence metric. + + :ivar last_updated_time_utc: Last updated indicator metric. + :vartype last_updated_time_utc: str + :ivar threat_type_metrics: Threat type metrics. + :vartype threat_type_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :ivar pattern_type_metrics: Pattern type metrics. + :vartype pattern_type_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :ivar source_metrics: Source metrics. + :vartype source_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + """ + + _attribute_map = { + "last_updated_time_utc": {"key": "lastUpdatedTimeUtc", "type": "str"}, + "threat_type_metrics": {"key": "threatTypeMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, + "pattern_type_metrics": {"key": "patternTypeMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, + "source_metrics": {"key": "sourceMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, + } + + def __init__( + self, + *, + last_updated_time_utc: Optional[str] = None, + threat_type_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, + pattern_type_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, + source_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword last_updated_time_utc: Last updated indicator metric. + :paramtype last_updated_time_utc: str + :keyword threat_type_metrics: Threat type metrics. + :paramtype threat_type_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :keyword pattern_type_metrics: Pattern type metrics. + :paramtype pattern_type_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :keyword source_metrics: Source metrics. + :paramtype source_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + """ + super().__init__(**kwargs) + self.last_updated_time_utc = last_updated_time_utc + self.threat_type_metrics = threat_type_metrics + self.pattern_type_metrics = pattern_type_metrics + self.source_metrics = source_metrics + + +class ThreatIntelligenceMetricEntity(_serialization.Model): + """Describes threat intelligence metric entity. + + :ivar metric_name: Metric name. + :vartype metric_name: str + :ivar metric_value: Metric value. + :vartype metric_value: int + """ + + _attribute_map = { + "metric_name": {"key": "metricName", "type": "str"}, + "metric_value": {"key": "metricValue", "type": "int"}, + } + + def __init__(self, *, metric_name: Optional[str] = None, metric_value: Optional[int] = None, **kwargs: Any) -> None: + """ + :keyword metric_name: Metric name. + :paramtype metric_name: str + :keyword metric_value: Metric value. + :paramtype metric_value: int + """ + super().__init__(**kwargs) + self.metric_name = metric_name + self.metric_value = metric_value + + +class ThreatIntelligenceMetrics(_serialization.Model): + """Threat intelligence metrics. + + :ivar properties: Threat intelligence metrics. + :vartype properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceMetric + """ + + _attribute_map = { + "properties": {"key": "properties", "type": "ThreatIntelligenceMetric"}, + } + + def __init__(self, *, properties: Optional["_models.ThreatIntelligenceMetric"] = None, **kwargs: Any) -> None: + """ + :keyword properties: Threat intelligence metrics. + :paramtype properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceMetric + """ + super().__init__(**kwargs) + self.properties = properties + - Variables are only populated by the server, and will be ignored when sending a request. +class ThreatIntelligenceMetricsList(_serialization.Model): + """List of all the threat intelligence metric fields (type/threat type/source). All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of information objects. - :vartype next_link: str - :ivar value: Array of threat intelligence information objects. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] + :ivar value: Array of threat intelligence metric fields (type/threat type/source). Required. + :vartype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetrics] """ _validation = { - "next_link": {"readonly": True}, "value": {"required": True}, } _attribute_map = { - "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[ThreatIntelligenceInformation]"}, + "value": {"key": "value", "type": "[ThreatIntelligenceMetrics]"}, } - def __init__(self, *, value: List["_models.ThreatIntelligenceInformation"], **kwargs): + def __init__(self, *, value: List["_models.ThreatIntelligenceMetrics"], **kwargs: Any) -> None: """ - :keyword value: Array of threat intelligence information objects. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] + :keyword value: Array of threat intelligence metric fields (type/threat type/source). Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetrics] """ super().__init__(**kwargs) - self.next_link = None self.value = value -class ThreatIntelligenceKillChainPhase(_serialization.Model): +class ThreatIntelligenceParsedPattern(_serialization.Model): + """Describes parsed pattern entity. + + :ivar pattern_type_key: Pattern type key. + :vartype pattern_type_key: str + :ivar pattern_type_values: Pattern type keys. + :vartype pattern_type_values: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPatternTypeValue] + """ + + _attribute_map = { + "pattern_type_key": {"key": "patternTypeKey", "type": "str"}, + "pattern_type_values": {"key": "patternTypeValues", "type": "[ThreatIntelligenceParsedPatternTypeValue]"}, + } + + def __init__( + self, + *, + pattern_type_key: Optional[str] = None, + pattern_type_values: Optional[List["_models.ThreatIntelligenceParsedPatternTypeValue"]] = None, + **kwargs: Any + ) -> None: + """ + :keyword pattern_type_key: Pattern type key. + :paramtype pattern_type_key: str + :keyword pattern_type_values: Pattern type keys. + :paramtype pattern_type_values: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPatternTypeValue] + """ + super().__init__(**kwargs) + self.pattern_type_key = pattern_type_key + self.pattern_type_values = pattern_type_values + + +class ThreatIntelligenceParsedPatternTypeValue(_serialization.Model): """Describes threat kill chain phase entity. - :ivar kill_chain_name: Kill chainName name. - :vartype kill_chain_name: str - :ivar phase_name: Phase name. - :vartype phase_name: str + :ivar value_type: Type of the value. + :vartype value_type: str + :ivar value: Value of parsed pattern. + :vartype value: str """ _attribute_map = { - "kill_chain_name": {"key": "killChainName", "type": "str"}, - "phase_name": {"key": "phaseName", "type": "str"}, + "value_type": {"key": "valueType", "type": "str"}, + "value": {"key": "value", "type": "str"}, } - def __init__(self, *, kill_chain_name: Optional[str] = None, phase_name: Optional[str] = None, **kwargs): + def __init__(self, *, value_type: Optional[str] = None, value: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword kill_chain_name: Kill chainName name. - :paramtype kill_chain_name: str - :keyword phase_name: Phase name. - :paramtype phase_name: str + :keyword value_type: Type of the value. + :paramtype value_type: str + :keyword value: Value of parsed pattern. + :paramtype value: str """ super().__init__(**kwargs) - self.kill_chain_name = kill_chain_name - self.phase_name = phase_name + self.value_type = value_type + self.value = value -class ThreatIntelligenceMetric(_serialization.Model): - """Describes threat intelligence metric. +class ThreatIntelligenceSortingCriteria(_serialization.Model): + """List of available columns for sorting. - :ivar last_updated_time_utc: Last updated indicator metric. - :vartype last_updated_time_utc: str - :ivar threat_type_metrics: Threat type metrics. - :vartype threat_type_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] - :ivar pattern_type_metrics: Pattern type metrics. - :vartype pattern_type_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] - :ivar source_metrics: Source metrics. - :vartype source_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :ivar item_key: Column name. + :vartype item_key: str + :ivar sort_order: Sorting order (ascending/descending/unsorted). Known values are: "unsorted", + "ascending", and "descending". + :vartype sort_order: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceSortingOrder """ _attribute_map = { - "last_updated_time_utc": {"key": "lastUpdatedTimeUtc", "type": "str"}, - "threat_type_metrics": {"key": "threatTypeMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, - "pattern_type_metrics": {"key": "patternTypeMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, - "source_metrics": {"key": "sourceMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, + "item_key": {"key": "itemKey", "type": "str"}, + "sort_order": {"key": "sortOrder", "type": "str"}, } def __init__( self, *, - last_updated_time_utc: Optional[str] = None, - threat_type_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, - pattern_type_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, - source_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, - **kwargs - ): + item_key: Optional[str] = None, + sort_order: Optional[Union[str, "_models.ThreatIntelligenceSortingOrder"]] = None, + **kwargs: Any + ) -> None: """ - :keyword last_updated_time_utc: Last updated indicator metric. - :paramtype last_updated_time_utc: str - :keyword threat_type_metrics: Threat type metrics. - :paramtype threat_type_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] - :keyword pattern_type_metrics: Pattern type metrics. - :paramtype pattern_type_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] - :keyword source_metrics: Source metrics. - :paramtype source_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :keyword item_key: Column name. + :paramtype item_key: str + :keyword sort_order: Sorting order (ascending/descending/unsorted). Known values are: + "unsorted", "ascending", and "descending". + :paramtype sort_order: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceSortingOrder """ super().__init__(**kwargs) - self.last_updated_time_utc = last_updated_time_utc - self.threat_type_metrics = threat_type_metrics - self.pattern_type_metrics = pattern_type_metrics - self.source_metrics = source_metrics + self.item_key = item_key + self.sort_order = sort_order + + +class TICheckRequirements(DataConnectorsCheckRequirements): + """Threat Intelligence Platforms data connector check requirements. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind: str = "ThreatIntelligence" + self.tenant_id = tenant_id + + +class TICheckRequirementsProperties(DataConnectorTenantId): + """Threat Intelligence Platforms data connector required properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class TIDataConnector(DataConnector): + """Represents threat intelligence data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar tip_lookback_period: The lookback period for the feed to be imported. + :vartype tip_lookback_period: ~datetime.datetime + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "tip_lookback_period": {"key": "properties.tipLookbackPeriod", "type": "iso-8601"}, + "data_types": {"key": "properties.dataTypes", "type": "TIDataConnectorDataTypes"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + tip_lookback_period: Optional[datetime.datetime] = None, + data_types: Optional["_models.TIDataConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword tip_lookback_period: The lookback period for the feed to be imported. + :paramtype tip_lookback_period: ~datetime.datetime + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes + """ + super().__init__(etag=etag, **kwargs) + self.kind: str = "ThreatIntelligence" + self.tenant_id = tenant_id + self.tip_lookback_period = tip_lookback_period + self.data_types = data_types -class ThreatIntelligenceMetricEntity(_serialization.Model): - """Describes threat intelligence metric entity. +class TIDataConnectorDataTypes(_serialization.Model): + """The available data types for TI (Threat Intelligence) data connector. - :ivar metric_name: Metric name. - :vartype metric_name: str - :ivar metric_value: Metric value. - :vartype metric_value: int + All required parameters must be populated in order to send to Azure. + + :ivar indicators: Data type for indicators connection. Required. + :vartype indicators: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypesIndicators """ + _validation = { + "indicators": {"required": True}, + } + _attribute_map = { - "metric_name": {"key": "metricName", "type": "str"}, - "metric_value": {"key": "metricValue", "type": "int"}, + "indicators": {"key": "indicators", "type": "TIDataConnectorDataTypesIndicators"}, } - def __init__(self, *, metric_name: Optional[str] = None, metric_value: Optional[int] = None, **kwargs): + def __init__(self, *, indicators: "_models.TIDataConnectorDataTypesIndicators", **kwargs: Any) -> None: """ - :keyword metric_name: Metric name. - :paramtype metric_name: str - :keyword metric_value: Metric value. - :paramtype metric_value: int + :keyword indicators: Data type for indicators connection. Required. + :paramtype indicators: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypesIndicators """ super().__init__(**kwargs) - self.metric_name = metric_name - self.metric_value = metric_value + self.indicators = indicators -class ThreatIntelligenceMetrics(_serialization.Model): - """Threat intelligence metrics. +class TIDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): + """Data type for indicators connection. - :ivar properties: Threat intelligence metrics. - :vartype properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceMetric + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ + _validation = { + "state": {"required": True}, + } + _attribute_map = { - "properties": {"key": "properties", "type": "ThreatIntelligenceMetric"}, + "state": {"key": "state", "type": "str"}, } - def __init__(self, *, properties: Optional["_models.ThreatIntelligenceMetric"] = None, **kwargs): + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: """ - :keyword properties: Threat intelligence metrics. - :paramtype properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceMetric + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ - super().__init__(**kwargs) - self.properties = properties + super().__init__(state=state, **kwargs) -class ThreatIntelligenceMetricsList(_serialization.Model): - """List of all the threat intelligence metric fields (type/threat type/source). +class TIDataConnectorProperties(DataConnectorTenantId): + """TI (Threat Intelligence) data connector properties. All required parameters must be populated in order to send to Azure. - :ivar value: Array of threat intelligence metric fields (type/threat type/source). Required. - :vartype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetrics] + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar tip_lookback_period: The lookback period for the feed to be imported. + :vartype tip_lookback_period: ~datetime.datetime + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes """ _validation = { - "value": {"required": True}, + "tenant_id": {"required": True}, + "data_types": {"required": True}, } _attribute_map = { - "value": {"key": "value", "type": "[ThreatIntelligenceMetrics]"}, + "tenant_id": {"key": "tenantId", "type": "str"}, + "tip_lookback_period": {"key": "tipLookbackPeriod", "type": "iso-8601"}, + "data_types": {"key": "dataTypes", "type": "TIDataConnectorDataTypes"}, } - def __init__(self, *, value: List["_models.ThreatIntelligenceMetrics"], **kwargs): + def __init__( + self, + *, + tenant_id: str, + data_types: "_models.TIDataConnectorDataTypes", + tip_lookback_period: Optional[datetime.datetime] = None, + **kwargs: Any + ) -> None: """ - :keyword value: Array of threat intelligence metric fields (type/threat type/source). Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetrics] + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword tip_lookback_period: The lookback period for the feed to be imported. + :paramtype tip_lookback_period: ~datetime.datetime + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes """ - super().__init__(**kwargs) - self.value = value + super().__init__(tenant_id=tenant_id, **kwargs) + self.tip_lookback_period = tip_lookback_period + self.data_types = data_types -class ThreatIntelligenceParsedPattern(_serialization.Model): - """Describes parsed pattern entity. +class TimelineAggregation(_serialization.Model): + """timeline aggregation information per kind. - :ivar pattern_type_key: Pattern type key. - :vartype pattern_type_key: str - :ivar pattern_type_values: Pattern type keys. - :vartype pattern_type_values: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPatternTypeValue] + All required parameters must be populated in order to send to Azure. + + :ivar count: the total items found for a kind. Required. + :vartype count: int + :ivar kind: the query kind. Required. Known values are: "Activity", "Bookmark", + "SecurityAlert", and "Anomaly". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind """ + _validation = { + "count": {"required": True}, + "kind": {"required": True}, + } + _attribute_map = { - "pattern_type_key": {"key": "patternTypeKey", "type": "str"}, - "pattern_type_values": {"key": "patternTypeValues", "type": "[ThreatIntelligenceParsedPatternTypeValue]"}, + "count": {"key": "count", "type": "int"}, + "kind": {"key": "kind", "type": "str"}, } - def __init__( - self, - *, - pattern_type_key: Optional[str] = None, - pattern_type_values: Optional[List["_models.ThreatIntelligenceParsedPatternTypeValue"]] = None, - **kwargs - ): + def __init__(self, *, count: int, kind: Union[str, "_models.EntityTimelineKind"], **kwargs: Any) -> None: """ - :keyword pattern_type_key: Pattern type key. - :paramtype pattern_type_key: str - :keyword pattern_type_values: Pattern type keys. - :paramtype pattern_type_values: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPatternTypeValue] + :keyword count: the total items found for a kind. Required. + :paramtype count: int + :keyword kind: the query kind. Required. Known values are: "Activity", "Bookmark", + "SecurityAlert", and "Anomaly". + :paramtype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind """ super().__init__(**kwargs) - self.pattern_type_key = pattern_type_key - self.pattern_type_values = pattern_type_values + self.count = count + self.kind = kind -class ThreatIntelligenceParsedPatternTypeValue(_serialization.Model): - """Describes threat kill chain phase entity. +class TimelineError(_serialization.Model): + """Timeline Query Errors. - :ivar value_type: Type of the value. - :vartype value_type: str - :ivar value: Value of parsed pattern. - :vartype value: str + All required parameters must be populated in order to send to Azure. + + :ivar kind: the query kind. Required. Known values are: "Activity", "Bookmark", + "SecurityAlert", and "Anomaly". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind + :ivar query_id: the query id. + :vartype query_id: str + :ivar error_message: the error message. Required. + :vartype error_message: str """ + _validation = { + "kind": {"required": True}, + "error_message": {"required": True}, + } + _attribute_map = { - "value_type": {"key": "valueType", "type": "str"}, - "value": {"key": "value", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "query_id": {"key": "queryId", "type": "str"}, + "error_message": {"key": "errorMessage", "type": "str"}, } - def __init__(self, *, value_type: Optional[str] = None, value: Optional[str] = None, **kwargs): + def __init__( + self, + *, + kind: Union[str, "_models.EntityTimelineKind"], + error_message: str, + query_id: Optional[str] = None, + **kwargs: Any + ) -> None: """ - :keyword value_type: Type of the value. - :paramtype value_type: str - :keyword value: Value of parsed pattern. - :paramtype value: str + :keyword kind: the query kind. Required. Known values are: "Activity", "Bookmark", + "SecurityAlert", and "Anomaly". + :paramtype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind + :keyword query_id: the query id. + :paramtype query_id: str + :keyword error_message: the error message. Required. + :paramtype error_message: str """ super().__init__(**kwargs) - self.value_type = value_type - self.value = value + self.kind = kind + self.query_id = query_id + self.error_message = error_message -class ThreatIntelligenceSortingCriteria(_serialization.Model): - """List of available columns for sorting. +class TimelineResultsMetadata(_serialization.Model): + """Expansion result metadata. - :ivar item_key: Column name. - :vartype item_key: str - :ivar sort_order: Sorting order (ascending/descending/unsorted). Known values are: "unsorted", - "ascending", and "descending". - :vartype sort_order: str or - ~azure.mgmt.securityinsight.models.ThreatIntelligenceSortingCriteriaEnum + All required parameters must be populated in order to send to Azure. + + :ivar total_count: the total items found for the timeline request. Required. + :vartype total_count: int + :ivar aggregations: timeline aggregation per kind. Required. + :vartype aggregations: list[~azure.mgmt.securityinsight.models.TimelineAggregation] + :ivar errors: information about the failure queries. + :vartype errors: list[~azure.mgmt.securityinsight.models.TimelineError] """ + _validation = { + "total_count": {"required": True}, + "aggregations": {"required": True}, + } + _attribute_map = { - "item_key": {"key": "itemKey", "type": "str"}, - "sort_order": {"key": "sortOrder", "type": "str"}, + "total_count": {"key": "totalCount", "type": "int"}, + "aggregations": {"key": "aggregations", "type": "[TimelineAggregation]"}, + "errors": {"key": "errors", "type": "[TimelineError]"}, } def __init__( self, *, - item_key: Optional[str] = None, - sort_order: Optional[Union[str, "_models.ThreatIntelligenceSortingCriteriaEnum"]] = None, - **kwargs - ): + total_count: int, + aggregations: List["_models.TimelineAggregation"], + errors: Optional[List["_models.TimelineError"]] = None, + **kwargs: Any + ) -> None: """ - :keyword item_key: Column name. - :paramtype item_key: str - :keyword sort_order: Sorting order (ascending/descending/unsorted). Known values are: - "unsorted", "ascending", and "descending". - :paramtype sort_order: str or - ~azure.mgmt.securityinsight.models.ThreatIntelligenceSortingCriteriaEnum + :keyword total_count: the total items found for the timeline request. Required. + :paramtype total_count: int + :keyword aggregations: timeline aggregation per kind. Required. + :paramtype aggregations: list[~azure.mgmt.securityinsight.models.TimelineAggregation] + :keyword errors: information about the failure queries. + :paramtype errors: list[~azure.mgmt.securityinsight.models.TimelineError] """ super().__init__(**kwargs) - self.item_key = item_key - self.sort_order = sort_order + self.total_count = total_count + self.aggregations = aggregations + self.errors = errors -class TICheckRequirements(DataConnectorsCheckRequirements): - """Threat Intelligence Platforms data connector check requirements. +class TiTaxiiCheckRequirements(DataConnectorsCheckRequirements): + """Threat Intelligence TAXII data connector check requirements. All required parameters must be populated in order to send to Azure. :ivar kind: Describes the kind of connector to be checked. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "Office365Project", "MicrosoftPurviewInformationProtection", "OfficePowerBI", + "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str @@ -22412,18 +27756,18 @@ class TICheckRequirements(DataConnectorsCheckRequirements): "tenant_id": {"key": "properties.tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str """ super().__init__(**kwargs) - self.kind: str = "ThreatIntelligence" + self.kind: str = "ThreatIntelligenceTaxii" self.tenant_id = tenant_id -class TICheckRequirementsProperties(DataConnectorTenantId): - """Threat Intelligence Platforms data connector required properties. +class TiTaxiiCheckRequirementsProperties(DataConnectorTenantId): + """Threat Intelligence TAXII data connector required properties. All required parameters must be populated in order to send to Azure. @@ -22439,7 +27783,7 @@ class TICheckRequirementsProperties(DataConnectorTenantId): "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__(self, *, tenant_id: str, **kwargs: Any) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. Required. :paramtype tenant_id: str @@ -22447,8 +27791,8 @@ def __init__(self, *, tenant_id: str, **kwargs): super().__init__(tenant_id=tenant_id, **kwargs) -class TIDataConnector(DataConnector): - """Represents threat intelligence data connector. +class TiTaxiiDataConnector(DataConnector): # pylint: disable=too-many-instance-attributes + """Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server. Variables are only populated by the server, and will be ignored when sending a request. @@ -22470,17 +27814,32 @@ class TIDataConnector(DataConnector): :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". + "MicrosoftPurviewInformationProtection", "OfficePowerBI", "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", "IOT", and "GCP". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str - :ivar tip_lookback_period: The lookback period for the feed to be imported. - :vartype tip_lookback_period: ~datetime.datetime - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes + :ivar workspace_id: The workspace id. + :vartype workspace_id: str + :ivar friendly_name: The friendly name for the TAXII server. + :vartype friendly_name: str + :ivar taxii_server: The API root for the TAXII server. + :vartype taxii_server: str + :ivar collection_id: The collection id of the TAXII server. + :vartype collection_id: str + :ivar user_name: The userName for the TAXII server. + :vartype user_name: str + :ivar password: The password for the TAXII server. + :vartype password: str + :ivar taxii_lookback_period: The lookback period for the TAXII server. + :vartype taxii_lookback_period: ~datetime.datetime + :ivar polling_frequency: The polling frequency for the TAXII server. Known values are: + "OnceAMinute", "OnceAnHour", and "OnceADay". + :vartype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency + :ivar data_types: The available data types for Threat Intelligence TAXII data connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes """ _validation = { @@ -22499,8 +27858,15 @@ class TIDataConnector(DataConnector): "etag": {"key": "etag", "type": "str"}, "kind": {"key": "kind", "type": "str"}, "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "tip_lookback_period": {"key": "properties.tipLookbackPeriod", "type": "iso-8601"}, - "data_types": {"key": "properties.dataTypes", "type": "TIDataConnectorDataTypes"}, + "workspace_id": {"key": "properties.workspaceId", "type": "str"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "taxii_server": {"key": "properties.taxiiServer", "type": "str"}, + "collection_id": {"key": "properties.collectionId", "type": "str"}, + "user_name": {"key": "properties.userName", "type": "str"}, + "password": {"key": "properties.password", "type": "str"}, + "taxii_lookback_period": {"key": "properties.taxiiLookbackPeriod", "type": "iso-8601"}, + "polling_frequency": {"key": "properties.pollingFrequency", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "TiTaxiiDataConnectorDataTypes"}, } def __init__( @@ -22508,55 +27874,86 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - tip_lookback_period: Optional[datetime.datetime] = None, - data_types: Optional["_models.TIDataConnectorDataTypes"] = None, - **kwargs - ): + workspace_id: Optional[str] = None, + friendly_name: Optional[str] = None, + taxii_server: Optional[str] = None, + collection_id: Optional[str] = None, + user_name: Optional[str] = None, + password: Optional[str] = None, + taxii_lookback_period: Optional[datetime.datetime] = None, + polling_frequency: Optional[Union[str, "_models.PollingFrequency"]] = None, + data_types: Optional["_models.TiTaxiiDataConnectorDataTypes"] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str - :keyword tip_lookback_period: The lookback period for the feed to be imported. - :paramtype tip_lookback_period: ~datetime.datetime - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes + :keyword workspace_id: The workspace id. + :paramtype workspace_id: str + :keyword friendly_name: The friendly name for the TAXII server. + :paramtype friendly_name: str + :keyword taxii_server: The API root for the TAXII server. + :paramtype taxii_server: str + :keyword collection_id: The collection id of the TAXII server. + :paramtype collection_id: str + :keyword user_name: The userName for the TAXII server. + :paramtype user_name: str + :keyword password: The password for the TAXII server. + :paramtype password: str + :keyword taxii_lookback_period: The lookback period for the TAXII server. + :paramtype taxii_lookback_period: ~datetime.datetime + :keyword polling_frequency: The polling frequency for the TAXII server. Known values are: + "OnceAMinute", "OnceAnHour", and "OnceADay". + :paramtype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency + :keyword data_types: The available data types for Threat Intelligence TAXII data connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes """ super().__init__(etag=etag, **kwargs) - self.kind: str = "ThreatIntelligence" + self.kind: str = "ThreatIntelligenceTaxii" self.tenant_id = tenant_id - self.tip_lookback_period = tip_lookback_period + self.workspace_id = workspace_id + self.friendly_name = friendly_name + self.taxii_server = taxii_server + self.collection_id = collection_id + self.user_name = user_name + self.password = password + self.taxii_lookback_period = taxii_lookback_period + self.polling_frequency = polling_frequency self.data_types = data_types -class TIDataConnectorDataTypes(_serialization.Model): - """The available data types for TI (Threat Intelligence) data connector. +class TiTaxiiDataConnectorDataTypes(_serialization.Model): + """The available data types for Threat Intelligence TAXII data connector. All required parameters must be populated in order to send to Azure. - :ivar indicators: Data type for indicators connection. Required. - :vartype indicators: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypesIndicators + :ivar taxii_client: Data type for TAXII connector. Required. + :vartype taxii_client: + ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypesTaxiiClient """ _validation = { - "indicators": {"required": True}, + "taxii_client": {"required": True}, } _attribute_map = { - "indicators": {"key": "indicators", "type": "TIDataConnectorDataTypesIndicators"}, + "taxii_client": {"key": "taxiiClient", "type": "TiTaxiiDataConnectorDataTypesTaxiiClient"}, } - def __init__(self, *, indicators: "_models.TIDataConnectorDataTypesIndicators", **kwargs): + def __init__(self, *, taxii_client: "_models.TiTaxiiDataConnectorDataTypesTaxiiClient", **kwargs: Any) -> None: """ - :keyword indicators: Data type for indicators connection. Required. - :paramtype indicators: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypesIndicators + :keyword taxii_client: Data type for TAXII connector. Required. + :paramtype taxii_client: + ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypesTaxiiClient """ super().__init__(**kwargs) - self.indicators = indicators + self.taxii_client = taxii_client -class TIDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): - """Data type for indicators connection. +class TiTaxiiDataConnectorDataTypesTaxiiClient(DataConnectorDataTypeCommon): + """Data type for TAXII connector. All required parameters must be populated in order to send to Azure. @@ -22573,7 +27970,7 @@ class TIDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): "state": {"key": "state", "type": "str"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs: Any) -> None: """ :keyword state: Describe whether this data type connection is enabled or not. Required. Known values are: "Enabled" and "Disabled". @@ -22582,243 +27979,294 @@ def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): super().__init__(state=state, **kwargs) -class TIDataConnectorProperties(DataConnectorTenantId): - """TI (Threat Intelligence) data connector properties. +class TiTaxiiDataConnectorProperties(DataConnectorTenantId): + """Threat Intelligence TAXII data connector properties. All required parameters must be populated in order to send to Azure. :ivar tenant_id: The tenant id to connect to, and get the data from. Required. :vartype tenant_id: str - :ivar tip_lookback_period: The lookback period for the feed to be imported. - :vartype tip_lookback_period: ~datetime.datetime - :ivar data_types: The available data types for the connector. Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes + :ivar workspace_id: The workspace id. + :vartype workspace_id: str + :ivar friendly_name: The friendly name for the TAXII server. + :vartype friendly_name: str + :ivar taxii_server: The API root for the TAXII server. + :vartype taxii_server: str + :ivar collection_id: The collection id of the TAXII server. + :vartype collection_id: str + :ivar user_name: The userName for the TAXII server. + :vartype user_name: str + :ivar password: The password for the TAXII server. + :vartype password: str + :ivar taxii_lookback_period: The lookback period for the TAXII server. + :vartype taxii_lookback_period: ~datetime.datetime + :ivar polling_frequency: The polling frequency for the TAXII server. Required. Known values + are: "OnceAMinute", "OnceAnHour", and "OnceADay". + :vartype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency + :ivar data_types: The available data types for Threat Intelligence TAXII data connector. + Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes """ _validation = { "tenant_id": {"required": True}, + "polling_frequency": {"required": True}, "data_types": {"required": True}, } _attribute_map = { "tenant_id": {"key": "tenantId", "type": "str"}, - "tip_lookback_period": {"key": "tipLookbackPeriod", "type": "iso-8601"}, - "data_types": {"key": "dataTypes", "type": "TIDataConnectorDataTypes"}, + "workspace_id": {"key": "workspaceId", "type": "str"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "taxii_server": {"key": "taxiiServer", "type": "str"}, + "collection_id": {"key": "collectionId", "type": "str"}, + "user_name": {"key": "userName", "type": "str"}, + "password": {"key": "password", "type": "str"}, + "taxii_lookback_period": {"key": "taxiiLookbackPeriod", "type": "iso-8601"}, + "polling_frequency": {"key": "pollingFrequency", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "TiTaxiiDataConnectorDataTypes"}, } def __init__( self, *, tenant_id: str, - data_types: "_models.TIDataConnectorDataTypes", - tip_lookback_period: Optional[datetime.datetime] = None, - **kwargs - ): + polling_frequency: Union[str, "_models.PollingFrequency"], + data_types: "_models.TiTaxiiDataConnectorDataTypes", + workspace_id: Optional[str] = None, + friendly_name: Optional[str] = None, + taxii_server: Optional[str] = None, + collection_id: Optional[str] = None, + user_name: Optional[str] = None, + password: Optional[str] = None, + taxii_lookback_period: Optional[datetime.datetime] = None, + **kwargs: Any + ) -> None: """ :keyword tenant_id: The tenant id to connect to, and get the data from. Required. :paramtype tenant_id: str - :keyword tip_lookback_period: The lookback period for the feed to be imported. - :paramtype tip_lookback_period: ~datetime.datetime - :keyword data_types: The available data types for the connector. Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes + :keyword workspace_id: The workspace id. + :paramtype workspace_id: str + :keyword friendly_name: The friendly name for the TAXII server. + :paramtype friendly_name: str + :keyword taxii_server: The API root for the TAXII server. + :paramtype taxii_server: str + :keyword collection_id: The collection id of the TAXII server. + :paramtype collection_id: str + :keyword user_name: The userName for the TAXII server. + :paramtype user_name: str + :keyword password: The password for the TAXII server. + :paramtype password: str + :keyword taxii_lookback_period: The lookback period for the TAXII server. + :paramtype taxii_lookback_period: ~datetime.datetime + :keyword polling_frequency: The polling frequency for the TAXII server. Required. Known values + are: "OnceAMinute", "OnceAnHour", and "OnceADay". + :paramtype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency + :keyword data_types: The available data types for Threat Intelligence TAXII data connector. + Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes """ super().__init__(tenant_id=tenant_id, **kwargs) - self.tip_lookback_period = tip_lookback_period - self.data_types = data_types - - -class TimelineAggregation(_serialization.Model): - """timeline aggregation information per kind. - - All required parameters must be populated in order to send to Azure. - - :ivar count: the total items found for a kind. Required. - :vartype count: int - :ivar kind: the query kind. Required. Known values are: "Activity", "Bookmark", - "SecurityAlert", and "Anomaly". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind - """ - - _validation = { - "count": {"required": True}, - "kind": {"required": True}, - } - - _attribute_map = { - "count": {"key": "count", "type": "int"}, - "kind": {"key": "kind", "type": "str"}, - } - - def __init__(self, *, count: int, kind: Union[str, "_models.EntityTimelineKind"], **kwargs): - """ - :keyword count: the total items found for a kind. Required. - :paramtype count: int - :keyword kind: the query kind. Required. Known values are: "Activity", "Bookmark", - "SecurityAlert", and "Anomaly". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind - """ - super().__init__(**kwargs) - self.count = count - self.kind = kind - - -class TimelineError(_serialization.Model): - """Timeline Query Errors. - - All required parameters must be populated in order to send to Azure. - - :ivar kind: the query kind. Required. Known values are: "Activity", "Bookmark", - "SecurityAlert", and "Anomaly". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind - :ivar query_id: the query id. - :vartype query_id: str - :ivar error_message: the error message. Required. - :vartype error_message: str - """ - - _validation = { - "kind": {"required": True}, - "error_message": {"required": True}, - } - - _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "query_id": {"key": "queryId", "type": "str"}, - "error_message": {"key": "errorMessage", "type": "str"}, - } - - def __init__( - self, - *, - kind: Union[str, "_models.EntityTimelineKind"], - error_message: str, - query_id: Optional[str] = None, - **kwargs - ): - """ - :keyword kind: the query kind. Required. Known values are: "Activity", "Bookmark", - "SecurityAlert", and "Anomaly". - :paramtype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind - :keyword query_id: the query id. - :paramtype query_id: str - :keyword error_message: the error message. Required. - :paramtype error_message: str - """ - super().__init__(**kwargs) - self.kind = kind - self.query_id = query_id - self.error_message = error_message + self.workspace_id = workspace_id + self.friendly_name = friendly_name + self.taxii_server = taxii_server + self.collection_id = collection_id + self.user_name = user_name + self.password = password + self.taxii_lookback_period = taxii_lookback_period + self.polling_frequency = polling_frequency + self.data_types = data_types -class TimelineResultsMetadata(_serialization.Model): - """Expansion result metadata. +class TriggeredAnalyticsRuleRun(ResourceWithEtag): + """The triggered analytics rule run. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar total_count: the total items found for the timeline request. Required. - :vartype total_count: int - :ivar aggregations: timeline aggregation per kind. Required. - :vartype aggregations: list[~azure.mgmt.securityinsight.models.TimelineAggregation] - :ivar errors: information about the failure queries. - :vartype errors: list[~azure.mgmt.securityinsight.models.TimelineError] + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar execution_time_utc: Required. + :vartype execution_time_utc: ~datetime.datetime + :ivar rule_id: Required. + :vartype rule_id: str + :ivar triggered_analytics_rule_run_id: Required. + :vartype triggered_analytics_rule_run_id: str + :ivar provisioning_state: The triggered analytics rule run provisioning state. Required. Known + values are: "Accepted", "InProgress", "Succeeded", "Failed", and "Canceled". + :vartype provisioning_state: str or ~azure.mgmt.securityinsight.models.ProvisioningState + :ivar rule_run_additional_data: Dictionary of :code:``. + :vartype rule_run_additional_data: dict[str, any] """ _validation = { - "total_count": {"required": True}, - "aggregations": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "execution_time_utc": {"required": True}, + "rule_id": {"required": True}, + "triggered_analytics_rule_run_id": {"required": True}, + "provisioning_state": {"required": True}, } _attribute_map = { - "total_count": {"key": "totalCount", "type": "int"}, - "aggregations": {"key": "aggregations", "type": "[TimelineAggregation]"}, - "errors": {"key": "errors", "type": "[TimelineError]"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "execution_time_utc": {"key": "properties.executionTimeUtc", "type": "iso-8601"}, + "rule_id": {"key": "properties.ruleId", "type": "str"}, + "triggered_analytics_rule_run_id": {"key": "properties.triggeredAnalyticsRuleRunId", "type": "str"}, + "provisioning_state": {"key": "properties.provisioningState", "type": "str"}, + "rule_run_additional_data": {"key": "properties.ruleRunAdditionalData", "type": "{object}"}, } def __init__( self, *, - total_count: int, - aggregations: List["_models.TimelineAggregation"], - errors: Optional[List["_models.TimelineError"]] = None, - **kwargs - ): + execution_time_utc: datetime.datetime, + rule_id: str, + triggered_analytics_rule_run_id: str, + provisioning_state: Union[str, "_models.ProvisioningState"], + etag: Optional[str] = None, + rule_run_additional_data: Optional[Dict[str, Any]] = None, + **kwargs: Any + ) -> None: """ - :keyword total_count: the total items found for the timeline request. Required. - :paramtype total_count: int - :keyword aggregations: timeline aggregation per kind. Required. - :paramtype aggregations: list[~azure.mgmt.securityinsight.models.TimelineAggregation] - :keyword errors: information about the failure queries. - :paramtype errors: list[~azure.mgmt.securityinsight.models.TimelineError] + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword execution_time_utc: Required. + :paramtype execution_time_utc: ~datetime.datetime + :keyword rule_id: Required. + :paramtype rule_id: str + :keyword triggered_analytics_rule_run_id: Required. + :paramtype triggered_analytics_rule_run_id: str + :keyword provisioning_state: The triggered analytics rule run provisioning state. Required. + Known values are: "Accepted", "InProgress", "Succeeded", "Failed", and "Canceled". + :paramtype provisioning_state: str or ~azure.mgmt.securityinsight.models.ProvisioningState + :keyword rule_run_additional_data: Dictionary of :code:``. + :paramtype rule_run_additional_data: dict[str, any] """ - super().__init__(**kwargs) - self.total_count = total_count - self.aggregations = aggregations - self.errors = errors + super().__init__(etag=etag, **kwargs) + self.execution_time_utc = execution_time_utc + self.rule_id = rule_id + self.triggered_analytics_rule_run_id = triggered_analytics_rule_run_id + self.provisioning_state = provisioning_state + self.rule_run_additional_data = rule_run_additional_data -class TiTaxiiCheckRequirements(DataConnectorsCheckRequirements): - """Threat Intelligence TAXII data connector check requirements. +class TriggeredAnalyticsRuleRuns(_serialization.Model): + """The triggered analytics rule run array. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar kind: Describes the kind of connector to be checked. Required. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", - "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str + :ivar value: Required. + :vartype value: list[~azure.mgmt.securityinsight.models.TriggeredAnalyticsRuleRun] + :ivar next_link: + :vartype next_link: str """ _validation = { - "kind": {"required": True}, + "value": {"required": True}, + "next_link": {"readonly": True}, } _attribute_map = { - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "value": {"key": "value", "type": "[TriggeredAnalyticsRuleRun]"}, + "next_link": {"key": "nextLink", "type": "str"}, } - def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + def __init__(self, *, value: List["_models.TriggeredAnalyticsRuleRun"], **kwargs: Any) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str + :keyword value: Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.TriggeredAnalyticsRuleRun] """ super().__init__(**kwargs) - self.kind: str = "ThreatIntelligenceTaxii" - self.tenant_id = tenant_id + self.value = value + self.next_link = None -class TiTaxiiCheckRequirementsProperties(DataConnectorTenantId): - """Threat Intelligence TAXII data connector required properties. +class Ueba(Settings): + """Settings with single toggle. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", + "EntityAnalytics", and "Ueba". + :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind + :ivar data_sources: The relevant data sources that enriched by ueba. + :vartype data_sources: list[str or ~azure.mgmt.securityinsight.models.UebaDataSources] """ _validation = { - "tenant_id": {"required": True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "data_sources": {"key": "properties.dataSources", "type": "[str]"}, } - def __init__(self, *, tenant_id: str, **kwargs): + def __init__( + self, + *, + etag: Optional[str] = None, + data_sources: Optional[List[Union[str, "_models.UebaDataSources"]]] = None, + **kwargs: Any + ) -> None: """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword data_sources: The relevant data sources that enriched by ueba. + :paramtype data_sources: list[str or ~azure.mgmt.securityinsight.models.UebaDataSources] """ - super().__init__(tenant_id=tenant_id, **kwargs) + super().__init__(etag=etag, **kwargs) + self.kind: str = "Ueba" + self.data_sources = data_sources -class TiTaxiiDataConnector(DataConnector): # pylint: disable=too-many-instance-attributes - """Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server. +class UrlEntity(Entity): + """Represents a url entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -22835,282 +28283,216 @@ class TiTaxiiDataConnector(DataConnector): # pylint: disable=too-many-instance- :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", - "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", - "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", - "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and - "IOT". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str - :ivar workspace_id: The workspace id. - :vartype workspace_id: str - :ivar friendly_name: The friendly name for the TAXII server. + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str - :ivar taxii_server: The API root for the TAXII server. - :vartype taxii_server: str - :ivar collection_id: The collection id of the TAXII server. - :vartype collection_id: str - :ivar user_name: The userName for the TAXII server. - :vartype user_name: str - :ivar password: The password for the TAXII server. - :vartype password: str - :ivar taxii_lookback_period: The lookback period for the TAXII server. - :vartype taxii_lookback_period: ~datetime.datetime - :ivar polling_frequency: The polling frequency for the TAXII server. Known values are: - "OnceAMinute", "OnceAnHour", and "OnceADay". - :vartype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency - :ivar data_types: The available data types for Threat Intelligence TAXII data connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes + :ivar url: A full URL the entity points to. + :vartype url: str + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "url": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "url": {"key": "properties.url", "type": "str"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.kind: str = "Url" + self.additional_data = None + self.friendly_name = None + self.url = None + + +class UrlEntityProperties(EntityCommonProperties): + """Url entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, any] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar url: A full URL the entity points to. + :vartype url: str + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "url": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "url": {"key": "url", "type": "str"}, + } + + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.url = None + + +class UserInfo(_serialization.Model): + """User information that made some action. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar email: The email of the user. + :vartype email: str + :ivar name: The name of the user. + :vartype name: str + :ivar object_id: The object id of the user. + :vartype object_id: str """ _validation = { - "id": {"readonly": True}, + "email": {"readonly": True}, "name": {"readonly": True}, - "type": {"readonly": True}, - "system_data": {"readonly": True}, - "kind": {"required": True}, } _attribute_map = { - "id": {"key": "id", "type": "str"}, + "email": {"key": "email", "type": "str"}, "name": {"key": "name", "type": "str"}, - "type": {"key": "type", "type": "str"}, - "system_data": {"key": "systemData", "type": "SystemData"}, - "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "workspace_id": {"key": "properties.workspaceId", "type": "str"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "taxii_server": {"key": "properties.taxiiServer", "type": "str"}, - "collection_id": {"key": "properties.collectionId", "type": "str"}, - "user_name": {"key": "properties.userName", "type": "str"}, - "password": {"key": "properties.password", "type": "str"}, - "taxii_lookback_period": {"key": "properties.taxiiLookbackPeriod", "type": "iso-8601"}, - "polling_frequency": {"key": "properties.pollingFrequency", "type": "str"}, - "data_types": {"key": "properties.dataTypes", "type": "TiTaxiiDataConnectorDataTypes"}, + "object_id": {"key": "objectId", "type": "str"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - workspace_id: Optional[str] = None, - friendly_name: Optional[str] = None, - taxii_server: Optional[str] = None, - collection_id: Optional[str] = None, - user_name: Optional[str] = None, - password: Optional[str] = None, - taxii_lookback_period: Optional[datetime.datetime] = None, - polling_frequency: Optional[Union[str, "_models.PollingFrequency"]] = None, - data_types: Optional["_models.TiTaxiiDataConnectorDataTypes"] = None, - **kwargs - ): + def __init__(self, *, object_id: Optional[str] = None, **kwargs: Any) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str - :keyword workspace_id: The workspace id. - :paramtype workspace_id: str - :keyword friendly_name: The friendly name for the TAXII server. - :paramtype friendly_name: str - :keyword taxii_server: The API root for the TAXII server. - :paramtype taxii_server: str - :keyword collection_id: The collection id of the TAXII server. - :paramtype collection_id: str - :keyword user_name: The userName for the TAXII server. - :paramtype user_name: str - :keyword password: The password for the TAXII server. - :paramtype password: str - :keyword taxii_lookback_period: The lookback period for the TAXII server. - :paramtype taxii_lookback_period: ~datetime.datetime - :keyword polling_frequency: The polling frequency for the TAXII server. Known values are: - "OnceAMinute", "OnceAnHour", and "OnceADay". - :paramtype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency - :keyword data_types: The available data types for Threat Intelligence TAXII data connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes + :keyword object_id: The object id of the user. + :paramtype object_id: str """ - super().__init__(etag=etag, **kwargs) - self.kind: str = "ThreatIntelligenceTaxii" - self.tenant_id = tenant_id - self.workspace_id = workspace_id - self.friendly_name = friendly_name - self.taxii_server = taxii_server - self.collection_id = collection_id - self.user_name = user_name - self.password = password - self.taxii_lookback_period = taxii_lookback_period - self.polling_frequency = polling_frequency - self.data_types = data_types + super().__init__(**kwargs) + self.email = None + self.name = None + self.object_id = object_id -class TiTaxiiDataConnectorDataTypes(_serialization.Model): - """The available data types for Threat Intelligence TAXII data connector. +class ValidationError(_serialization.Model): + """Describes an error encountered in the file during validation. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar taxii_client: Data type for TAXII connector. Required. - :vartype taxii_client: - ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypesTaxiiClient + :ivar record_index: The number of the record that has the error. + :vartype record_index: int + :ivar error_messages: A list of descriptions of the error. + :vartype error_messages: list[str] """ _validation = { - "taxii_client": {"required": True}, + "error_messages": {"readonly": True}, } _attribute_map = { - "taxii_client": {"key": "taxiiClient", "type": "TiTaxiiDataConnectorDataTypesTaxiiClient"}, + "record_index": {"key": "recordIndex", "type": "int"}, + "error_messages": {"key": "errorMessages", "type": "[str]"}, } - def __init__(self, *, taxii_client: "_models.TiTaxiiDataConnectorDataTypesTaxiiClient", **kwargs): + def __init__(self, *, record_index: Optional[int] = None, **kwargs: Any) -> None: """ - :keyword taxii_client: Data type for TAXII connector. Required. - :paramtype taxii_client: - ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypesTaxiiClient + :keyword record_index: The number of the record that has the error. + :paramtype record_index: int """ super().__init__(**kwargs) - self.taxii_client = taxii_client + self.record_index = record_index + self.error_messages = None -class TiTaxiiDataConnectorDataTypesTaxiiClient(DataConnectorDataTypeCommon): - """Data type for TAXII connector. +class Warning(_serialization.Model): + """Warning response structure. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :ivar warning: Warning data. + :vartype warning: ~azure.mgmt.securityinsight.models.WarningBody """ _validation = { - "state": {"required": True}, + "warning": {"readonly": True}, } _attribute_map = { - "state": {"key": "state", "type": "str"}, + "warning": {"key": "warning", "type": "WarningBody"}, } - def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): - """ - :keyword state: Describe whether this data type connection is enabled or not. Required. Known - values are: "Enabled" and "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - super().__init__(state=state, **kwargs) + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.warning = None -class TiTaxiiDataConnectorProperties(DataConnectorTenantId): - """Threat Intelligence TAXII data connector properties. +class WarningBody(_serialization.Model): + """Warning details. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar tenant_id: The tenant id to connect to, and get the data from. Required. - :vartype tenant_id: str - :ivar workspace_id: The workspace id. - :vartype workspace_id: str - :ivar friendly_name: The friendly name for the TAXII server. - :vartype friendly_name: str - :ivar taxii_server: The API root for the TAXII server. - :vartype taxii_server: str - :ivar collection_id: The collection id of the TAXII server. - :vartype collection_id: str - :ivar user_name: The userName for the TAXII server. - :vartype user_name: str - :ivar password: The password for the TAXII server. - :vartype password: str - :ivar taxii_lookback_period: The lookback period for the TAXII server. - :vartype taxii_lookback_period: ~datetime.datetime - :ivar polling_frequency: The polling frequency for the TAXII server. Required. Known values - are: "OnceAMinute", "OnceAnHour", and "OnceADay". - :vartype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency - :ivar data_types: The available data types for Threat Intelligence TAXII data connector. - Required. - :vartype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes + :ivar code: An identifier for the warning. Codes are invariant and are intended to be consumed + programmatically. Known values are: "SourceControlWarning_DeleteServicePrincipal", + "SourceControlWarning_DeletePipelineFromAzureDevOps", + "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub", + "SourceControlWarning_DeleteRoleAssignment", and "SourceControl_DeletedWithWarnings". + :vartype code: str or ~azure.mgmt.securityinsight.models.WarningCode + :ivar message: A message describing the warning, intended to be suitable for display in a user + interface. + :vartype message: str + :ivar details: + :vartype details: list[~azure.mgmt.securityinsight.models.WarningBody] """ _validation = { - "tenant_id": {"required": True}, - "polling_frequency": {"required": True}, - "data_types": {"required": True}, + "code": {"readonly": True}, + "message": {"readonly": True}, + "details": {"readonly": True}, } _attribute_map = { - "tenant_id": {"key": "tenantId", "type": "str"}, - "workspace_id": {"key": "workspaceId", "type": "str"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "taxii_server": {"key": "taxiiServer", "type": "str"}, - "collection_id": {"key": "collectionId", "type": "str"}, - "user_name": {"key": "userName", "type": "str"}, - "password": {"key": "password", "type": "str"}, - "taxii_lookback_period": {"key": "taxiiLookbackPeriod", "type": "iso-8601"}, - "polling_frequency": {"key": "pollingFrequency", "type": "str"}, - "data_types": {"key": "dataTypes", "type": "TiTaxiiDataConnectorDataTypes"}, + "code": {"key": "code", "type": "str"}, + "message": {"key": "message", "type": "str"}, + "details": {"key": "details", "type": "[WarningBody]"}, } - def __init__( - self, - *, - tenant_id: str, - polling_frequency: Union[str, "_models.PollingFrequency"], - data_types: "_models.TiTaxiiDataConnectorDataTypes", - workspace_id: Optional[str] = None, - friendly_name: Optional[str] = None, - taxii_server: Optional[str] = None, - collection_id: Optional[str] = None, - user_name: Optional[str] = None, - password: Optional[str] = None, - taxii_lookback_period: Optional[datetime.datetime] = None, - **kwargs - ): - """ - :keyword tenant_id: The tenant id to connect to, and get the data from. Required. - :paramtype tenant_id: str - :keyword workspace_id: The workspace id. - :paramtype workspace_id: str - :keyword friendly_name: The friendly name for the TAXII server. - :paramtype friendly_name: str - :keyword taxii_server: The API root for the TAXII server. - :paramtype taxii_server: str - :keyword collection_id: The collection id of the TAXII server. - :paramtype collection_id: str - :keyword user_name: The userName for the TAXII server. - :paramtype user_name: str - :keyword password: The password for the TAXII server. - :paramtype password: str - :keyword taxii_lookback_period: The lookback period for the TAXII server. - :paramtype taxii_lookback_period: ~datetime.datetime - :keyword polling_frequency: The polling frequency for the TAXII server. Required. Known values - are: "OnceAMinute", "OnceAnHour", and "OnceADay". - :paramtype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency - :keyword data_types: The available data types for Threat Intelligence TAXII data connector. - Required. - :paramtype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes - """ - super().__init__(tenant_id=tenant_id, **kwargs) - self.workspace_id = workspace_id - self.friendly_name = friendly_name - self.taxii_server = taxii_server - self.collection_id = collection_id - self.user_name = user_name - self.password = password - self.taxii_lookback_period = taxii_lookback_period - self.polling_frequency = polling_frequency - self.data_types = data_types + def __init__(self, **kwargs: Any) -> None: + """ """ + super().__init__(**kwargs) + self.code = None + self.message = None + self.details = None -class Ueba(Settings): - """Settings with single toggle. +class Watchlist(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Represents a Watchlist in Azure Security Insights. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -23124,11 +28506,55 @@ class Ueba(Settings): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", - "EntityAnalytics", and "Ueba". - :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind - :ivar data_sources: The relevant data sources that enriched by ueba. - :vartype data_sources: list[str or ~azure.mgmt.securityinsight.models.UebaDataSources] + :ivar watchlist_id: The id (a Guid) of the watchlist. + :vartype watchlist_id: str + :ivar display_name: The display name of the watchlist. + :vartype display_name: str + :ivar provider: The provider of the watchlist. + :vartype provider: str + :ivar source: The filename of the watchlist, called 'source'. + :vartype source: str + :ivar source_type: The sourceType of the watchlist. Known values are: "Local file" and "Remote + storage". + :vartype source_type: str or ~azure.mgmt.securityinsight.models.SourceType + :ivar created: The time the watchlist was created. + :vartype created: ~datetime.datetime + :ivar updated: The last time the watchlist was updated. + :vartype updated: ~datetime.datetime + :ivar created_by: Describes a user that created the watchlist. + :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar updated_by: Describes a user that updated the watchlist. + :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar description: A description of the watchlist. + :vartype description: str + :ivar watchlist_type: The type of the watchlist. + :vartype watchlist_type: str + :ivar watchlist_alias: The alias of the watchlist. + :vartype watchlist_alias: str + :ivar is_deleted: A flag that indicates if the watchlist is deleted or not. + :vartype is_deleted: bool + :ivar labels: List of labels relevant to this watchlist. + :vartype labels: list[str] + :ivar default_duration: The default duration of a watchlist (in ISO 8601 duration format). + :vartype default_duration: ~datetime.timedelta + :ivar tenant_id: The tenantId where the watchlist belongs to. + :vartype tenant_id: str + :ivar number_of_lines_to_skip: The number of lines in a csv/tsv content to skip before the + header. + :vartype number_of_lines_to_skip: int + :ivar raw_content: The raw content that represents to watchlist items to create. In case of + csv/tsv content type, it's the content of the file that will parsed by the endpoint. + :vartype raw_content: str + :ivar items_search_key: The search key is used to optimize query performance when using + watchlists for joins with other data. For example, enable a column with IP addresses to be the + designated SearchKey field, then use this field as the key field when joining to other event + data by IP address. + :vartype items_search_key: str + :ivar content_type: The content type of the raw content. Example : text/csv or text/tsv. + :vartype content_type: str + :ivar upload_status: The status of the Watchlist upload : New, InProgress or Complete. Pls note + : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted. + :vartype upload_status: str """ _validation = { @@ -23136,7 +28562,6 @@ class Ueba(Settings): "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, - "kind": {"required": True}, } _attribute_map = { @@ -23145,35 +28570,138 @@ class Ueba(Settings): "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, - "kind": {"key": "kind", "type": "str"}, - "data_sources": {"key": "properties.dataSources", "type": "[str]"}, + "watchlist_id": {"key": "properties.watchlistId", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "provider": {"key": "properties.provider", "type": "str"}, + "source": {"key": "properties.source", "type": "str"}, + "source_type": {"key": "properties.sourceType", "type": "str"}, + "created": {"key": "properties.created", "type": "iso-8601"}, + "updated": {"key": "properties.updated", "type": "iso-8601"}, + "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, + "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, + "description": {"key": "properties.description", "type": "str"}, + "watchlist_type": {"key": "properties.watchlistType", "type": "str"}, + "watchlist_alias": {"key": "properties.watchlistAlias", "type": "str"}, + "is_deleted": {"key": "properties.isDeleted", "type": "bool"}, + "labels": {"key": "properties.labels", "type": "[str]"}, + "default_duration": {"key": "properties.defaultDuration", "type": "duration"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "number_of_lines_to_skip": {"key": "properties.numberOfLinesToSkip", "type": "int"}, + "raw_content": {"key": "properties.rawContent", "type": "str"}, + "items_search_key": {"key": "properties.itemsSearchKey", "type": "str"}, + "content_type": {"key": "properties.contentType", "type": "str"}, + "upload_status": {"key": "properties.uploadStatus", "type": "str"}, } - def __init__( + def __init__( # pylint: disable=too-many-locals self, *, etag: Optional[str] = None, - data_sources: Optional[List[Union[str, "_models.UebaDataSources"]]] = None, - **kwargs - ): + watchlist_id: Optional[str] = None, + display_name: Optional[str] = None, + provider: Optional[str] = None, + source: Optional[str] = None, + source_type: Optional[Union[str, "_models.SourceType"]] = None, + created: Optional[datetime.datetime] = None, + updated: Optional[datetime.datetime] = None, + created_by: Optional["_models.UserInfo"] = None, + updated_by: Optional["_models.UserInfo"] = None, + description: Optional[str] = None, + watchlist_type: Optional[str] = None, + watchlist_alias: Optional[str] = None, + is_deleted: Optional[bool] = None, + labels: Optional[List[str]] = None, + default_duration: Optional[datetime.timedelta] = None, + tenant_id: Optional[str] = None, + number_of_lines_to_skip: Optional[int] = None, + raw_content: Optional[str] = None, + items_search_key: Optional[str] = None, + content_type: Optional[str] = None, + upload_status: Optional[str] = None, + **kwargs: Any + ) -> None: """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword data_sources: The relevant data sources that enriched by ueba. - :paramtype data_sources: list[str or ~azure.mgmt.securityinsight.models.UebaDataSources] + :keyword watchlist_id: The id (a Guid) of the watchlist. + :paramtype watchlist_id: str + :keyword display_name: The display name of the watchlist. + :paramtype display_name: str + :keyword provider: The provider of the watchlist. + :paramtype provider: str + :keyword source: The filename of the watchlist, called 'source'. + :paramtype source: str + :keyword source_type: The sourceType of the watchlist. Known values are: "Local file" and + "Remote storage". + :paramtype source_type: str or ~azure.mgmt.securityinsight.models.SourceType + :keyword created: The time the watchlist was created. + :paramtype created: ~datetime.datetime + :keyword updated: The last time the watchlist was updated. + :paramtype updated: ~datetime.datetime + :keyword created_by: Describes a user that created the watchlist. + :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword updated_by: Describes a user that updated the watchlist. + :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword description: A description of the watchlist. + :paramtype description: str + :keyword watchlist_type: The type of the watchlist. + :paramtype watchlist_type: str + :keyword watchlist_alias: The alias of the watchlist. + :paramtype watchlist_alias: str + :keyword is_deleted: A flag that indicates if the watchlist is deleted or not. + :paramtype is_deleted: bool + :keyword labels: List of labels relevant to this watchlist. + :paramtype labels: list[str] + :keyword default_duration: The default duration of a watchlist (in ISO 8601 duration format). + :paramtype default_duration: ~datetime.timedelta + :keyword tenant_id: The tenantId where the watchlist belongs to. + :paramtype tenant_id: str + :keyword number_of_lines_to_skip: The number of lines in a csv/tsv content to skip before the + header. + :paramtype number_of_lines_to_skip: int + :keyword raw_content: The raw content that represents to watchlist items to create. In case of + csv/tsv content type, it's the content of the file that will parsed by the endpoint. + :paramtype raw_content: str + :keyword items_search_key: The search key is used to optimize query performance when using + watchlists for joins with other data. For example, enable a column with IP addresses to be the + designated SearchKey field, then use this field as the key field when joining to other event + data by IP address. + :paramtype items_search_key: str + :keyword content_type: The content type of the raw content. Example : text/csv or text/tsv. + :paramtype content_type: str + :keyword upload_status: The status of the Watchlist upload : New, InProgress or Complete. Pls + note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted. + :paramtype upload_status: str """ super().__init__(etag=etag, **kwargs) - self.kind: str = "Ueba" - self.data_sources = data_sources + self.watchlist_id = watchlist_id + self.display_name = display_name + self.provider = provider + self.source = source + self.source_type = source_type + self.created = created + self.updated = updated + self.created_by = created_by + self.updated_by = updated_by + self.description = description + self.watchlist_type = watchlist_type + self.watchlist_alias = watchlist_alias + self.is_deleted = is_deleted + self.labels = labels + self.default_duration = default_duration + self.tenant_id = tenant_id + self.number_of_lines_to_skip = number_of_lines_to_skip + self.raw_content = raw_content + self.items_search_key = items_search_key + self.content_type = content_type + self.upload_status = upload_status -class UrlEntity(Entity): - """Represents a url entity. +class WatchlistItem(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Represents a Watchlist item in Azure Security Insights. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -23185,19 +28713,28 @@ class UrlEntity(Entity): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", - "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", - "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", - "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar url: A full URL the entity points to. - :vartype url: str + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar watchlist_item_type: The type of the watchlist item. + :vartype watchlist_item_type: str + :ivar watchlist_item_id: The id (a Guid) of the watchlist item. + :vartype watchlist_item_id: str + :ivar tenant_id: The tenantId to which the watchlist item belongs to. + :vartype tenant_id: str + :ivar is_deleted: A flag that indicates if the watchlist item is deleted or not. + :vartype is_deleted: bool + :ivar created: The time the watchlist item was created. + :vartype created: ~datetime.datetime + :ivar updated: The last time the watchlist item was updated. + :vartype updated: ~datetime.datetime + :ivar created_by: Describes a user that created the watchlist item. + :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar updated_by: Describes a user that updated the watchlist item. + :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar items_key_value: key-value pairs for a watchlist item. + :vartype items_key_value: dict[str, any] + :ivar entity_mapping: key-value pairs for a watchlist item entity mapping. + :vartype entity_mapping: dict[str, any] """ _validation = { @@ -23205,10 +28742,6 @@ class UrlEntity(Entity): "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, - "kind": {"required": True}, - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "url": {"readonly": True}, } _attribute_map = { @@ -23216,121 +28749,181 @@ class UrlEntity(Entity): "name": {"key": "name", "type": "str"}, "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, - "kind": {"key": "kind", "type": "str"}, - "additional_data": {"key": "properties.additionalData", "type": "{object}"}, - "friendly_name": {"key": "properties.friendlyName", "type": "str"}, - "url": {"key": "properties.url", "type": "str"}, + "etag": {"key": "etag", "type": "str"}, + "watchlist_item_type": {"key": "properties.watchlistItemType", "type": "str"}, + "watchlist_item_id": {"key": "properties.watchlistItemId", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "is_deleted": {"key": "properties.isDeleted", "type": "bool"}, + "created": {"key": "properties.created", "type": "iso-8601"}, + "updated": {"key": "properties.updated", "type": "iso-8601"}, + "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, + "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, + "items_key_value": {"key": "properties.itemsKeyValue", "type": "{object}"}, + "entity_mapping": {"key": "properties.entityMapping", "type": "{object}"}, } - def __init__(self, **kwargs): - """ """ - super().__init__(**kwargs) - self.kind: str = "Url" - self.additional_data = None - self.friendly_name = None - self.url = None + def __init__( + self, + *, + etag: Optional[str] = None, + watchlist_item_type: Optional[str] = None, + watchlist_item_id: Optional[str] = None, + tenant_id: Optional[str] = None, + is_deleted: Optional[bool] = None, + created: Optional[datetime.datetime] = None, + updated: Optional[datetime.datetime] = None, + created_by: Optional["_models.UserInfo"] = None, + updated_by: Optional["_models.UserInfo"] = None, + items_key_value: Optional[Dict[str, Any]] = None, + entity_mapping: Optional[Dict[str, Any]] = None, + **kwargs: Any + ) -> None: + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword watchlist_item_type: The type of the watchlist item. + :paramtype watchlist_item_type: str + :keyword watchlist_item_id: The id (a Guid) of the watchlist item. + :paramtype watchlist_item_id: str + :keyword tenant_id: The tenantId to which the watchlist item belongs to. + :paramtype tenant_id: str + :keyword is_deleted: A flag that indicates if the watchlist item is deleted or not. + :paramtype is_deleted: bool + :keyword created: The time the watchlist item was created. + :paramtype created: ~datetime.datetime + :keyword updated: The last time the watchlist item was updated. + :paramtype updated: ~datetime.datetime + :keyword created_by: Describes a user that created the watchlist item. + :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword updated_by: Describes a user that updated the watchlist item. + :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword items_key_value: key-value pairs for a watchlist item. + :paramtype items_key_value: dict[str, any] + :keyword entity_mapping: key-value pairs for a watchlist item entity mapping. + :paramtype entity_mapping: dict[str, any] + """ + super().__init__(etag=etag, **kwargs) + self.watchlist_item_type = watchlist_item_type + self.watchlist_item_id = watchlist_item_id + self.tenant_id = tenant_id + self.is_deleted = is_deleted + self.created = created + self.updated = updated + self.created_by = created_by + self.updated_by = updated_by + self.items_key_value = items_key_value + self.entity_mapping = entity_mapping -class UrlEntityProperties(EntityCommonProperties): - """Url entity property bag. +class WatchlistItemList(_serialization.Model): + """List all the watchlist items. Variables are only populated by the server, and will be ignored when sending a request. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar url: A full URL the entity points to. - :vartype url: str + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of watchlist item. + :vartype next_link: str + :ivar value: Array of watchlist items. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.WatchlistItem] """ _validation = { - "additional_data": {"readonly": True}, - "friendly_name": {"readonly": True}, - "url": {"readonly": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "additional_data": {"key": "additionalData", "type": "{object}"}, - "friendly_name": {"key": "friendlyName", "type": "str"}, - "url": {"key": "url", "type": "str"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[WatchlistItem]"}, } - def __init__(self, **kwargs): - """ """ + def __init__(self, *, value: List["_models.WatchlistItem"], **kwargs: Any) -> None: + """ + :keyword value: Array of watchlist items. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.WatchlistItem] + """ super().__init__(**kwargs) - self.url = None + self.next_link = None + self.value = value -class UserInfo(_serialization.Model): - """User information that made some action. +class WatchlistList(_serialization.Model): + """List all the watchlists. Variables are only populated by the server, and will be ignored when sending a request. - :ivar email: The email of the user. - :vartype email: str - :ivar name: The name of the user. - :vartype name: str - :ivar object_id: The object id of the user. - :vartype object_id: str + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of watchlists. + :vartype next_link: str + :ivar value: Array of watchlist. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Watchlist] """ _validation = { - "email": {"readonly": True}, - "name": {"readonly": True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - "email": {"key": "email", "type": "str"}, - "name": {"key": "name", "type": "str"}, - "object_id": {"key": "objectId", "type": "str"}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Watchlist]"}, } - def __init__(self, *, object_id: Optional[str] = None, **kwargs): + def __init__(self, *, value: List["_models.Watchlist"], **kwargs: Any) -> None: """ - :keyword object_id: The object id of the user. - :paramtype object_id: str + :keyword value: Array of watchlist. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Watchlist] """ super().__init__(**kwargs) - self.email = None - self.name = None - self.object_id = object_id + self.next_link = None + self.value = value -class ValidationError(_serialization.Model): - """Describes an error encountered in the file during validation. +class Webhook(_serialization.Model): + """Detail about the webhook object. Variables are only populated by the server, and will be ignored when sending a request. - :ivar record_index: The number of the record that has the error. - :vartype record_index: int - :ivar error_messages: A list of descriptions of the error. - :vartype error_messages: list[str] + :ivar webhook_id: Unique identifier for the webhook. + :vartype webhook_id: str + :ivar webhook_url: URL that gets invoked by the webhook. + :vartype webhook_url: str + :ivar webhook_secret_update_time: Time when the webhook secret was updated. + :vartype webhook_secret_update_time: ~datetime.datetime + :ivar rotate_webhook_secret: A flag to instruct the backend service to rotate webhook secret. + :vartype rotate_webhook_secret: bool """ _validation = { - "error_messages": {"readonly": True}, + "webhook_id": {"readonly": True}, + "webhook_url": {"readonly": True}, + "webhook_secret_update_time": {"readonly": True}, } _attribute_map = { - "record_index": {"key": "recordIndex", "type": "int"}, - "error_messages": {"key": "errorMessages", "type": "[str]"}, + "webhook_id": {"key": "webhookId", "type": "str"}, + "webhook_url": {"key": "webhookUrl", "type": "str"}, + "webhook_secret_update_time": {"key": "webhookSecretUpdateTime", "type": "iso-8601"}, + "rotate_webhook_secret": {"key": "rotateWebhookSecret", "type": "bool"}, } - def __init__(self, *, record_index: Optional[int] = None, **kwargs): + def __init__(self, *, rotate_webhook_secret: Optional[bool] = None, **kwargs: Any) -> None: """ - :keyword record_index: The number of the record that has the error. - :paramtype record_index: int + :keyword rotate_webhook_secret: A flag to instruct the backend service to rotate webhook + secret. + :paramtype rotate_webhook_secret: bool """ super().__init__(**kwargs) - self.record_index = record_index - self.error_messages = None + self.webhook_id = None + self.webhook_url = None + self.webhook_secret_update_time = None + self.rotate_webhook_secret = rotate_webhook_secret -class Watchlist(ResourceWithEtag): # pylint: disable=too-many-instance-attributes - """Represents a Watchlist in Azure Security Insights. +class WorkspaceManagerAssignment(AzureEntityResource): + """The workspace manager assignment. Variables are only populated by the server, and will be ignored when sending a request. @@ -23345,57 +28938,19 @@ class Watchlist(ResourceWithEtag): # pylint: disable=too-many-instance-attribut :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. + :ivar etag: Resource Etag. :vartype etag: str - :ivar watchlist_id: The id (a Guid) of the watchlist. - :vartype watchlist_id: str - :ivar display_name: The display name of the watchlist. - :vartype display_name: str - :ivar provider: The provider of the watchlist. - :vartype provider: str - :ivar source: The filename of the watchlist, called 'source'. - :vartype source: str - :ivar source_type: The sourceType of the watchlist. Known values are: "Local file" and "Remote - storage". - :vartype source_type: str or ~azure.mgmt.securityinsight.models.SourceType - :ivar created: The time the watchlist was created. - :vartype created: ~datetime.datetime - :ivar updated: The last time the watchlist was updated. - :vartype updated: ~datetime.datetime - :ivar created_by: Describes a user that created the watchlist. - :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar updated_by: Describes a user that updated the watchlist. - :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar description: A description of the watchlist. - :vartype description: str - :ivar watchlist_type: The type of the watchlist. - :vartype watchlist_type: str - :ivar watchlist_alias: The alias of the watchlist. - :vartype watchlist_alias: str - :ivar is_deleted: A flag that indicates if the watchlist is deleted or not. - :vartype is_deleted: bool - :ivar labels: List of labels relevant to this watchlist. - :vartype labels: list[str] - :ivar default_duration: The default duration of a watchlist (in ISO 8601 duration format). - :vartype default_duration: ~datetime.timedelta - :ivar tenant_id: The tenantId where the watchlist belongs to. - :vartype tenant_id: str - :ivar number_of_lines_to_skip: The number of lines in a csv/tsv content to skip before the - header. - :vartype number_of_lines_to_skip: int - :ivar raw_content: The raw content that represents to watchlist items to create. In case of - csv/tsv content type, it's the content of the file that will parsed by the endpoint. - :vartype raw_content: str - :ivar items_search_key: The search key is used to optimize query performance when using - watchlists for joins with other data. For example, enable a column with IP addresses to be the - designated SearchKey field, then use this field as the key field when joining to other event - data by IP address. - :vartype items_search_key: str - :ivar content_type: The content type of the raw content. Example : text/csv or text/tsv. - :vartype content_type: str - :ivar upload_status: The status of the Watchlist upload : New, InProgress or Complete. Pls note - : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted. - :vartype upload_status: str + :ivar target_resource_name: The resource name of the workspace manager group targeted by the + workspace manager assignment. + :vartype target_resource_name: str + :ivar last_job_end_time: The time the last job associated to this assignment ended at. + :vartype last_job_end_time: ~datetime.datetime + :ivar last_job_provisioning_state: State of the last job associated to this assignment. Known + values are: "Accepted", "InProgress", "Succeeded", "Failed", and "Canceled". + :vartype last_job_provisioning_state: str or + ~azure.mgmt.securityinsight.models.ProvisioningState + :ivar items: List of resources included in this workspace manager assignment. + :vartype items: list[~azure.mgmt.securityinsight.models.AssignmentItem] """ _validation = { @@ -23403,6 +28958,9 @@ class Watchlist(ResourceWithEtag): # pylint: disable=too-many-instance-attribut "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, + "etag": {"readonly": True}, + "last_job_end_time": {"readonly": True}, + "last_job_provisioning_state": {"readonly": True}, } _attribute_map = { @@ -23411,135 +28969,68 @@ class Watchlist(ResourceWithEtag): # pylint: disable=too-many-instance-attribut "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, - "watchlist_id": {"key": "properties.watchlistId", "type": "str"}, - "display_name": {"key": "properties.displayName", "type": "str"}, - "provider": {"key": "properties.provider", "type": "str"}, - "source": {"key": "properties.source", "type": "str"}, - "source_type": {"key": "properties.sourceType", "type": "str"}, - "created": {"key": "properties.created", "type": "iso-8601"}, - "updated": {"key": "properties.updated", "type": "iso-8601"}, - "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, - "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, - "description": {"key": "properties.description", "type": "str"}, - "watchlist_type": {"key": "properties.watchlistType", "type": "str"}, - "watchlist_alias": {"key": "properties.watchlistAlias", "type": "str"}, - "is_deleted": {"key": "properties.isDeleted", "type": "bool"}, - "labels": {"key": "properties.labels", "type": "[str]"}, - "default_duration": {"key": "properties.defaultDuration", "type": "duration"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "number_of_lines_to_skip": {"key": "properties.numberOfLinesToSkip", "type": "int"}, - "raw_content": {"key": "properties.rawContent", "type": "str"}, - "items_search_key": {"key": "properties.itemsSearchKey", "type": "str"}, - "content_type": {"key": "properties.contentType", "type": "str"}, - "upload_status": {"key": "properties.uploadStatus", "type": "str"}, + "target_resource_name": {"key": "properties.targetResourceName", "type": "str"}, + "last_job_end_time": {"key": "properties.lastJobEndTime", "type": "iso-8601"}, + "last_job_provisioning_state": {"key": "properties.lastJobProvisioningState", "type": "str"}, + "items": {"key": "properties.items", "type": "[AssignmentItem]"}, } - def __init__( # pylint: disable=too-many-locals + def __init__( self, *, - etag: Optional[str] = None, - watchlist_id: Optional[str] = None, - display_name: Optional[str] = None, - provider: Optional[str] = None, - source: Optional[str] = None, - source_type: Optional[Union[str, "_models.SourceType"]] = None, - created: Optional[datetime.datetime] = None, - updated: Optional[datetime.datetime] = None, - created_by: Optional["_models.UserInfo"] = None, - updated_by: Optional["_models.UserInfo"] = None, - description: Optional[str] = None, - watchlist_type: Optional[str] = None, - watchlist_alias: Optional[str] = None, - is_deleted: Optional[bool] = None, - labels: Optional[List[str]] = None, - default_duration: Optional[datetime.timedelta] = None, - tenant_id: Optional[str] = None, - number_of_lines_to_skip: Optional[int] = None, - raw_content: Optional[str] = None, - items_search_key: Optional[str] = None, - content_type: Optional[str] = None, - upload_status: Optional[str] = None, - **kwargs - ): + target_resource_name: Optional[str] = None, + items: Optional[List["_models.AssignmentItem"]] = None, + **kwargs: Any + ) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword watchlist_id: The id (a Guid) of the watchlist. - :paramtype watchlist_id: str - :keyword display_name: The display name of the watchlist. - :paramtype display_name: str - :keyword provider: The provider of the watchlist. - :paramtype provider: str - :keyword source: The filename of the watchlist, called 'source'. - :paramtype source: str - :keyword source_type: The sourceType of the watchlist. Known values are: "Local file" and - "Remote storage". - :paramtype source_type: str or ~azure.mgmt.securityinsight.models.SourceType - :keyword created: The time the watchlist was created. - :paramtype created: ~datetime.datetime - :keyword updated: The last time the watchlist was updated. - :paramtype updated: ~datetime.datetime - :keyword created_by: Describes a user that created the watchlist. - :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword updated_by: Describes a user that updated the watchlist. - :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword description: A description of the watchlist. - :paramtype description: str - :keyword watchlist_type: The type of the watchlist. - :paramtype watchlist_type: str - :keyword watchlist_alias: The alias of the watchlist. - :paramtype watchlist_alias: str - :keyword is_deleted: A flag that indicates if the watchlist is deleted or not. - :paramtype is_deleted: bool - :keyword labels: List of labels relevant to this watchlist. - :paramtype labels: list[str] - :keyword default_duration: The default duration of a watchlist (in ISO 8601 duration format). - :paramtype default_duration: ~datetime.timedelta - :keyword tenant_id: The tenantId where the watchlist belongs to. - :paramtype tenant_id: str - :keyword number_of_lines_to_skip: The number of lines in a csv/tsv content to skip before the - header. - :paramtype number_of_lines_to_skip: int - :keyword raw_content: The raw content that represents to watchlist items to create. In case of - csv/tsv content type, it's the content of the file that will parsed by the endpoint. - :paramtype raw_content: str - :keyword items_search_key: The search key is used to optimize query performance when using - watchlists for joins with other data. For example, enable a column with IP addresses to be the - designated SearchKey field, then use this field as the key field when joining to other event - data by IP address. - :paramtype items_search_key: str - :keyword content_type: The content type of the raw content. Example : text/csv or text/tsv. - :paramtype content_type: str - :keyword upload_status: The status of the Watchlist upload : New, InProgress or Complete. Pls - note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted. - :paramtype upload_status: str + :keyword target_resource_name: The resource name of the workspace manager group targeted by the + workspace manager assignment. + :paramtype target_resource_name: str + :keyword items: List of resources included in this workspace manager assignment. + :paramtype items: list[~azure.mgmt.securityinsight.models.AssignmentItem] + """ + super().__init__(**kwargs) + self.target_resource_name = target_resource_name + self.last_job_end_time = None + self.last_job_provisioning_state = None + self.items = items + + +class WorkspaceManagerAssignmentList(_serialization.Model): + """List of all the workspace manager assignments. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of workspace manager assignments. + :vartype next_link: str + :ivar value: Array of workspace manager assignments. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[WorkspaceManagerAssignment]"}, + } + + def __init__(self, *, value: List["_models.WorkspaceManagerAssignment"], **kwargs: Any) -> None: """ - super().__init__(etag=etag, **kwargs) - self.watchlist_id = watchlist_id - self.display_name = display_name - self.provider = provider - self.source = source - self.source_type = source_type - self.created = created - self.updated = updated - self.created_by = created_by - self.updated_by = updated_by - self.description = description - self.watchlist_type = watchlist_type - self.watchlist_alias = watchlist_alias - self.is_deleted = is_deleted - self.labels = labels - self.default_duration = default_duration - self.tenant_id = tenant_id - self.number_of_lines_to_skip = number_of_lines_to_skip - self.raw_content = raw_content - self.items_search_key = items_search_key - self.content_type = content_type - self.upload_status = upload_status + :keyword value: Array of workspace manager assignments. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value -class WatchlistItem(ResourceWithEtag): # pylint: disable=too-many-instance-attributes - """Represents a Watchlist item in Azure Security Insights. +class WorkspaceManagerConfiguration(AzureEntityResource): + """The workspace manager configuration. Variables are only populated by the server, and will be ignored when sending a request. @@ -23554,28 +29045,11 @@ class WatchlistItem(ResourceWithEtag): # pylint: disable=too-many-instance-attr :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. + :ivar etag: Resource Etag. :vartype etag: str - :ivar watchlist_item_type: The type of the watchlist item. - :vartype watchlist_item_type: str - :ivar watchlist_item_id: The id (a Guid) of the watchlist item. - :vartype watchlist_item_id: str - :ivar tenant_id: The tenantId to which the watchlist item belongs to. - :vartype tenant_id: str - :ivar is_deleted: A flag that indicates if the watchlist item is deleted or not. - :vartype is_deleted: bool - :ivar created: The time the watchlist item was created. - :vartype created: ~datetime.datetime - :ivar updated: The last time the watchlist item was updated. - :vartype updated: ~datetime.datetime - :ivar created_by: Describes a user that created the watchlist item. - :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar updated_by: Describes a user that updated the watchlist item. - :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar items_key_value: key-value pairs for a watchlist item. - :vartype items_key_value: dict[str, any] - :ivar entity_mapping: key-value pairs for a watchlist item entity mapping. - :vartype entity_mapping: dict[str, any] + :ivar mode: The current mode of the workspace manager configuration. Known values are: + "Enabled" and "Disabled". + :vartype mode: str or ~azure.mgmt.securityinsight.models.Mode """ _validation = { @@ -23583,6 +29057,7 @@ class WatchlistItem(ResourceWithEtag): # pylint: disable=too-many-instance-attr "name": {"readonly": True}, "type": {"readonly": True}, "system_data": {"readonly": True}, + "etag": {"readonly": True}, } _attribute_map = { @@ -23591,82 +29066,30 @@ class WatchlistItem(ResourceWithEtag): # pylint: disable=too-many-instance-attr "type": {"key": "type", "type": "str"}, "system_data": {"key": "systemData", "type": "SystemData"}, "etag": {"key": "etag", "type": "str"}, - "watchlist_item_type": {"key": "properties.watchlistItemType", "type": "str"}, - "watchlist_item_id": {"key": "properties.watchlistItemId", "type": "str"}, - "tenant_id": {"key": "properties.tenantId", "type": "str"}, - "is_deleted": {"key": "properties.isDeleted", "type": "bool"}, - "created": {"key": "properties.created", "type": "iso-8601"}, - "updated": {"key": "properties.updated", "type": "iso-8601"}, - "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, - "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, - "items_key_value": {"key": "properties.itemsKeyValue", "type": "{object}"}, - "entity_mapping": {"key": "properties.entityMapping", "type": "{object}"}, + "mode": {"key": "properties.mode", "type": "str"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - watchlist_item_type: Optional[str] = None, - watchlist_item_id: Optional[str] = None, - tenant_id: Optional[str] = None, - is_deleted: Optional[bool] = None, - created: Optional[datetime.datetime] = None, - updated: Optional[datetime.datetime] = None, - created_by: Optional["_models.UserInfo"] = None, - updated_by: Optional["_models.UserInfo"] = None, - items_key_value: Optional[Dict[str, Any]] = None, - entity_mapping: Optional[Dict[str, Any]] = None, - **kwargs - ): + def __init__(self, *, mode: Optional[Union[str, "_models.Mode"]] = None, **kwargs: Any) -> None: """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword watchlist_item_type: The type of the watchlist item. - :paramtype watchlist_item_type: str - :keyword watchlist_item_id: The id (a Guid) of the watchlist item. - :paramtype watchlist_item_id: str - :keyword tenant_id: The tenantId to which the watchlist item belongs to. - :paramtype tenant_id: str - :keyword is_deleted: A flag that indicates if the watchlist item is deleted or not. - :paramtype is_deleted: bool - :keyword created: The time the watchlist item was created. - :paramtype created: ~datetime.datetime - :keyword updated: The last time the watchlist item was updated. - :paramtype updated: ~datetime.datetime - :keyword created_by: Describes a user that created the watchlist item. - :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword updated_by: Describes a user that updated the watchlist item. - :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword items_key_value: key-value pairs for a watchlist item. - :paramtype items_key_value: dict[str, any] - :keyword entity_mapping: key-value pairs for a watchlist item entity mapping. - :paramtype entity_mapping: dict[str, any] + :keyword mode: The current mode of the workspace manager configuration. Known values are: + "Enabled" and "Disabled". + :paramtype mode: str or ~azure.mgmt.securityinsight.models.Mode """ - super().__init__(etag=etag, **kwargs) - self.watchlist_item_type = watchlist_item_type - self.watchlist_item_id = watchlist_item_id - self.tenant_id = tenant_id - self.is_deleted = is_deleted - self.created = created - self.updated = updated - self.created_by = created_by - self.updated_by = updated_by - self.items_key_value = items_key_value - self.entity_mapping = entity_mapping + super().__init__(**kwargs) + self.mode = mode -class WatchlistItemList(_serialization.Model): - """List all the watchlist items. +class WorkspaceManagerConfigurationList(_serialization.Model): + """List all the workspace manager configurations for the workspace. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of watchlist item. + :ivar next_link: URL to fetch the next set of workspace manager configurations. :vartype next_link: str - :ivar value: Array of watchlist items. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.WatchlistItem] + :ivar value: Array of workspace manager configurations. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration] """ _validation = { @@ -23676,30 +29099,99 @@ class WatchlistItemList(_serialization.Model): _attribute_map = { "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[WatchlistItem]"}, + "value": {"key": "value", "type": "[WorkspaceManagerConfiguration]"}, } - def __init__(self, *, value: List["_models.WatchlistItem"], **kwargs): + def __init__(self, *, value: List["_models.WorkspaceManagerConfiguration"], **kwargs: Any) -> None: """ - :keyword value: Array of watchlist items. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.WatchlistItem] + :keyword value: Array of workspace manager configurations. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration] """ super().__init__(**kwargs) self.next_link = None self.value = value -class WatchlistList(_serialization.Model): - """List all the watchlists. +class WorkspaceManagerGroup(AzureEntityResource): + """The workspace manager group. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Resource Etag. + :vartype etag: str + :ivar description: The description of the workspace manager group. + :vartype description: str + :ivar display_name: The display name of the workspace manager group. + :vartype display_name: str + :ivar member_resource_names: The names of the workspace manager members participating in this + group. + :vartype member_resource_names: list[str] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "etag": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "member_resource_names": {"key": "properties.memberResourceNames", "type": "[str]"}, + } + + def __init__( + self, + *, + description: Optional[str] = None, + display_name: Optional[str] = None, + member_resource_names: Optional[List[str]] = None, + **kwargs: Any + ) -> None: + """ + :keyword description: The description of the workspace manager group. + :paramtype description: str + :keyword display_name: The display name of the workspace manager group. + :paramtype display_name: str + :keyword member_resource_names: The names of the workspace manager members participating in + this group. + :paramtype member_resource_names: list[str] + """ + super().__init__(**kwargs) + self.description = description + self.display_name = display_name + self.member_resource_names = member_resource_names + + +class WorkspaceManagerGroupList(_serialization.Model): + """List of all the workspace manager groups. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of watchlists. + :ivar next_link: URL to fetch the next set of workspace manager groups. :vartype next_link: str - :ivar value: Array of watchlist. Required. - :vartype value: list[~azure.mgmt.securityinsight.models.Watchlist] + :ivar value: Array of workspace manager groups. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.WorkspaceManagerGroup] """ _validation = { @@ -23709,61 +29201,111 @@ class WatchlistList(_serialization.Model): _attribute_map = { "next_link": {"key": "nextLink", "type": "str"}, - "value": {"key": "value", "type": "[Watchlist]"}, + "value": {"key": "value", "type": "[WorkspaceManagerGroup]"}, } - def __init__(self, *, value: List["_models.Watchlist"], **kwargs): + def __init__(self, *, value: List["_models.WorkspaceManagerGroup"], **kwargs: Any) -> None: """ - :keyword value: Array of watchlist. Required. - :paramtype value: list[~azure.mgmt.securityinsight.models.Watchlist] + :keyword value: Array of workspace manager groups. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.WorkspaceManagerGroup] """ super().__init__(**kwargs) self.next_link = None self.value = value -class Webhook(_serialization.Model): - """Detail about the webhook object. +class WorkspaceManagerMember(AzureEntityResource): + """The workspace manager member. - :ivar webhook_id: Unique identifier for the webhook. - :vartype webhook_id: str - :ivar webhook_url: URL that gets invoked by the webhook. - :vartype webhook_url: str - :ivar webhook_secret_update_time: Time when the webhook secret was updated. - :vartype webhook_secret_update_time: str - :ivar rotate_webhook_secret: A flag to instruct the backend service to rotate webhook secret. - :vartype rotate_webhook_secret: bool + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Resource Etag. + :vartype etag: str + :ivar target_workspace_id: Fully qualified resource ID of the target Sentinel workspace joining + the given Sentinel workspace manager. + :vartype target_workspace_id: str + :ivar target_workspace_tenant_id: Tenant id of the target Sentinel workspace joining the given + Sentinel workspace manager. + :vartype target_workspace_tenant_id: str """ + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "etag": {"readonly": True}, + } + _attribute_map = { - "webhook_id": {"key": "webhookId", "type": "str"}, - "webhook_url": {"key": "webhookUrl", "type": "str"}, - "webhook_secret_update_time": {"key": "webhookSecretUpdateTime", "type": "str"}, - "rotate_webhook_secret": {"key": "rotateWebhookSecret", "type": "bool"}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "target_workspace_id": {"key": "properties.targetWorkspaceId", "type": "str"}, + "target_workspace_tenant_id": {"key": "properties.targetWorkspaceTenantId", "type": "str"}, } def __init__( self, *, - webhook_id: Optional[str] = None, - webhook_url: Optional[str] = None, - webhook_secret_update_time: Optional[str] = None, - rotate_webhook_secret: Optional[bool] = None, - **kwargs - ): - """ - :keyword webhook_id: Unique identifier for the webhook. - :paramtype webhook_id: str - :keyword webhook_url: URL that gets invoked by the webhook. - :paramtype webhook_url: str - :keyword webhook_secret_update_time: Time when the webhook secret was updated. - :paramtype webhook_secret_update_time: str - :keyword rotate_webhook_secret: A flag to instruct the backend service to rotate webhook - secret. - :paramtype rotate_webhook_secret: bool + target_workspace_id: Optional[str] = None, + target_workspace_tenant_id: Optional[str] = None, + **kwargs: Any + ) -> None: + """ + :keyword target_workspace_id: Fully qualified resource ID of the target Sentinel workspace + joining the given Sentinel workspace manager. + :paramtype target_workspace_id: str + :keyword target_workspace_tenant_id: Tenant id of the target Sentinel workspace joining the + given Sentinel workspace manager. + :paramtype target_workspace_tenant_id: str """ super().__init__(**kwargs) - self.webhook_id = webhook_id - self.webhook_url = webhook_url - self.webhook_secret_update_time = webhook_secret_update_time - self.rotate_webhook_secret = rotate_webhook_secret + self.target_workspace_id = target_workspace_id + self.target_workspace_tenant_id = target_workspace_tenant_id + + +class WorkspaceManagerMembersList(_serialization.Model): + """List of workspace manager members. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of workspace manager members. + :vartype next_link: str + :ivar value: Array of workspace manager members. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.WorkspaceManagerMember] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[WorkspaceManagerMember]"}, + } + + def __init__(self, *, value: List["_models.WorkspaceManagerMember"], **kwargs: Any) -> None: + """ + :keyword value: Array of workspace manager members. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.WorkspaceManagerMember] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_security_insights_enums.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_security_insights_enums.py index 455b7f96600f..b35f3fc29e49 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_security_insights_enums.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_security_insights_enums.py @@ -13,44 +13,44 @@ class ActionType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The type of the automation rule action.""" - #: Modify an object's properties MODIFY_PROPERTIES = "ModifyProperties" - #: Run a playbook on an object + """Modify an object's properties""" RUN_PLAYBOOK = "RunPlaybook" - #: Add a task to an incident object + """Run a playbook on an object""" ADD_INCIDENT_TASK = "AddIncidentTask" + """Add a task to an incident object""" class AlertDetail(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Alert detail.""" - #: Alert display name DISPLAY_NAME = "DisplayName" - #: Alert severity + """Alert display name""" SEVERITY = "Severity" + """Alert severity""" class AlertProperty(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The V3 alert property.""" - #: Alert's link ALERT_LINK = "AlertLink" - #: Confidence level property + """Alert's link""" CONFIDENCE_LEVEL = "ConfidenceLevel" - #: Confidence score + """Confidence level property""" CONFIDENCE_SCORE = "ConfidenceScore" - #: Extended links to the alert + """Confidence score""" EXTENDED_LINKS = "ExtendedLinks" - #: Product name alert property + """Extended links to the alert""" PRODUCT_NAME = "ProductName" - #: Provider name alert property + """Product name alert property""" PROVIDER_NAME = "ProviderName" - #: Product component name alert property + """Provider name alert property""" PRODUCT_COMPONENT_NAME = "ProductComponentName" - #: Remediation steps alert property + """Product component name alert property""" REMEDIATION_STEPS = "RemediationSteps" - #: Techniques alert property + """Remediation steps alert property""" TECHNIQUES = "Techniques" + """Techniques alert property""" class AlertRuleKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -67,42 +67,42 @@ class AlertRuleKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): class AlertSeverity(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The severity of the alert.""" - #: High severity HIGH = "High" - #: Medium severity + """High severity""" MEDIUM = "Medium" - #: Low severity + """Medium severity""" LOW = "Low" - #: Informational severity + """Low severity""" INFORMATIONAL = "Informational" + """Informational severity""" class AlertStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The lifecycle status of the alert.""" - #: Unknown value UNKNOWN = "Unknown" - #: New alert + """Unknown value""" NEW = "New" - #: Alert closed after handling + """New alert""" RESOLVED = "Resolved" - #: Alert dismissed as false positive + """Alert closed after handling""" DISMISSED = "Dismissed" - #: Alert is being handled + """Alert dismissed as false positive""" IN_PROGRESS = "InProgress" + """Alert is being handled""" class AntispamMailDirection(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The directionality of this mail message.""" - #: Unknown UNKNOWN = "Unknown" - #: Inbound + """Unknown""" INBOUND = "Inbound" - #: Outbound + """Inbound""" OUTBOUND = "Outbound" - #: Intraorg + """Outbound""" INTRAORG = "Intraorg" + """Intraorg""" class AttackTactic(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -130,249 +130,259 @@ class AttackTactic(str, Enum, metaclass=CaseInsensitiveEnumMeta): class AutomationRuleBooleanConditionSupportedOperator(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRuleBooleanConditionSupportedOperator.""" - #: Evaluates as true if all the item conditions are evaluated as true AND = "And" - #: Evaluates as true if at least one of the item conditions are evaluated as true + """Evaluates as true if all the item conditions are evaluated as true""" OR = "Or" + """Evaluates as true if at least one of the item conditions are evaluated as true""" + AND_ENUM = "And" + """Evaluates as true if all the item conditions are evaluated as true""" + OR_ENUM = "Or" + """Evaluates as true if at least one of the item conditions are evaluated as true""" class AutomationRulePropertyArrayChangedConditionSupportedArrayType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRulePropertyArrayChangedConditionSupportedArrayType.""" - #: Evaluate the condition on the alerts ALERTS = "Alerts" - #: Evaluate the condition on the labels + """Evaluate the condition on the alerts""" LABELS = "Labels" - #: Evaluate the condition on the tactics + """Evaluate the condition on the labels""" TACTICS = "Tactics" - #: Evaluate the condition on the comments + """Evaluate the condition on the tactics""" COMMENTS = "Comments" + """Evaluate the condition on the comments""" class AutomationRulePropertyArrayChangedConditionSupportedChangeType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRulePropertyArrayChangedConditionSupportedChangeType.""" - #: Evaluate the condition on items added to the array ADDED = "Added" + """Evaluate the condition on items added to the array""" class AutomationRulePropertyArrayConditionSupportedArrayConditionType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRulePropertyArrayConditionSupportedArrayConditionType.""" - #: Evaluate the condition as true if any item fulfills it ANY_ITEM = "AnyItem" + """Evaluate the condition as true if any item fulfills it""" class AutomationRulePropertyArrayConditionSupportedArrayType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRulePropertyArrayConditionSupportedArrayType.""" - #: Evaluate the condition on the custom detail keys CUSTOM_DETAILS = "CustomDetails" - #: Evaluate the condition on a custom detail's values + """Evaluate the condition on the custom detail keys""" CUSTOM_DETAIL_VALUES = "CustomDetailValues" + """Evaluate the condition on a custom detail's values""" class AutomationRulePropertyChangedConditionSupportedChangedType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRulePropertyChangedConditionSupportedChangedType.""" - #: Evaluate the condition on the previous value of the property CHANGED_FROM = "ChangedFrom" - #: Evaluate the condition on the updated value of the property + """Evaluate the condition on the previous value of the property""" CHANGED_TO = "ChangedTo" + """Evaluate the condition on the updated value of the property""" class AutomationRulePropertyChangedConditionSupportedPropertyType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRulePropertyChangedConditionSupportedPropertyType.""" - #: Evaluate the condition on the incident severity INCIDENT_SEVERITY = "IncidentSeverity" - #: Evaluate the condition on the incident status + """Evaluate the condition on the incident severity""" INCIDENT_STATUS = "IncidentStatus" - #: Evaluate the condition on the incident owner + """Evaluate the condition on the incident status""" INCIDENT_OWNER = "IncidentOwner" + """Evaluate the condition on the incident owner""" class AutomationRulePropertyConditionSupportedOperator(str, Enum, metaclass=CaseInsensitiveEnumMeta): """AutomationRulePropertyConditionSupportedOperator.""" - #: Evaluates if the property equals at least one of the condition values EQUALS = "Equals" - #: Evaluates if the property does not equal any of the condition values + """Evaluates if the property equals at least one of the condition values""" NOT_EQUALS = "NotEquals" - #: Evaluates if the property contains at least one of the condition values + """Evaluates if the property does not equal any of the condition values""" CONTAINS = "Contains" - #: Evaluates if the property does not contain any of the condition values + """Evaluates if the property contains at least one of the condition values""" NOT_CONTAINS = "NotContains" - #: Evaluates if the property starts with any of the condition values + """Evaluates if the property does not contain any of the condition values""" STARTS_WITH = "StartsWith" - #: Evaluates if the property does not start with any of the condition values + """Evaluates if the property starts with any of the condition values""" NOT_STARTS_WITH = "NotStartsWith" - #: Evaluates if the property ends with any of the condition values + """Evaluates if the property does not start with any of the condition values""" ENDS_WITH = "EndsWith" - #: Evaluates if the property does not end with any of the condition values + """Evaluates if the property ends with any of the condition values""" NOT_ENDS_WITH = "NotEndsWith" + """Evaluates if the property does not end with any of the condition values""" class AutomationRulePropertyConditionSupportedProperty(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The property to evaluate in an automation rule property condition.""" - #: The title of the incident INCIDENT_TITLE = "IncidentTitle" - #: The description of the incident + """The title of the incident""" INCIDENT_DESCRIPTION = "IncidentDescription" - #: The severity of the incident + """The description of the incident""" INCIDENT_SEVERITY = "IncidentSeverity" - #: The status of the incident + """The severity of the incident""" INCIDENT_STATUS = "IncidentStatus" - #: The related Analytic rule ids of the incident + """The status of the incident""" INCIDENT_RELATED_ANALYTIC_RULE_IDS = "IncidentRelatedAnalyticRuleIds" - #: The tactics of the incident + """The related Analytic rule ids of the incident""" INCIDENT_TACTICS = "IncidentTactics" - #: The labels of the incident + """The tactics of the incident""" INCIDENT_LABEL = "IncidentLabel" - #: The provider name of the incident + """The labels of the incident""" INCIDENT_PROVIDER_NAME = "IncidentProviderName" - #: The update source of the incident + """The provider name of the incident""" INCIDENT_UPDATED_BY_SOURCE = "IncidentUpdatedBySource" - #: The incident custom detail key + """The update source of the incident""" INCIDENT_CUSTOM_DETAILS_KEY = "IncidentCustomDetailsKey" - #: The incident custom detail value + """The incident custom detail key""" INCIDENT_CUSTOM_DETAILS_VALUE = "IncidentCustomDetailsValue" - #: The account Azure Active Directory tenant id + """The incident custom detail value""" ACCOUNT_AAD_TENANT_ID = "AccountAadTenantId" - #: The account Azure Active Directory user id + """The account Azure Active Directory tenant id""" ACCOUNT_AAD_USER_ID = "AccountAadUserId" - #: The account name + """The account Azure Active Directory user id""" ACCOUNT_NAME = "AccountName" - #: The account NetBIOS domain name + """The account name""" ACCOUNT_NT_DOMAIN = "AccountNTDomain" - #: The account Azure Active Directory Passport User ID + """The account NetBIOS domain name""" ACCOUNT_PUID = "AccountPUID" - #: The account security identifier + """The account Azure Active Directory Passport User ID""" ACCOUNT_SID = "AccountSid" - #: The account unique identifier + """The account security identifier""" ACCOUNT_OBJECT_GUID = "AccountObjectGuid" - #: The account user principal name suffix + """The account unique identifier""" ACCOUNT_UPN_SUFFIX = "AccountUPNSuffix" - #: The name of the product of the alert + """The account user principal name suffix""" ALERT_PRODUCT_NAMES = "AlertProductNames" - #: The analytic rule ids of the alert + """The name of the product of the alert""" ALERT_ANALYTIC_RULE_IDS = "AlertAnalyticRuleIds" - #: The Azure resource id + """The analytic rule ids of the alert""" AZURE_RESOURCE_RESOURCE_ID = "AzureResourceResourceId" - #: The Azure resource subscription id + """The Azure resource id""" AZURE_RESOURCE_SUBSCRIPTION_ID = "AzureResourceSubscriptionId" - #: The cloud application identifier + """The Azure resource subscription id""" CLOUD_APPLICATION_APP_ID = "CloudApplicationAppId" - #: The cloud application name + """The cloud application identifier""" CLOUD_APPLICATION_APP_NAME = "CloudApplicationAppName" - #: The dns record domain name + """The cloud application name""" DNS_DOMAIN_NAME = "DNSDomainName" - #: The file directory full path + """The dns record domain name""" FILE_DIRECTORY = "FileDirectory" - #: The file name without path + """The file directory full path""" FILE_NAME = "FileName" - #: The file hash value + """The file name without path""" FILE_HASH_VALUE = "FileHashValue" - #: The host Azure resource id + """The file hash value""" HOST_AZURE_ID = "HostAzureID" - #: The host name without domain + """The host Azure resource id""" HOST_NAME = "HostName" - #: The host NetBIOS name + """The host name without domain""" HOST_NET_BIOS_NAME = "HostNetBiosName" - #: The host NT domain + """The host NetBIOS name""" HOST_NT_DOMAIN = "HostNTDomain" - #: The host operating system + """The host NT domain""" HOST_OS_VERSION = "HostOSVersion" - #: "The IoT device id + """The host operating system""" IO_T_DEVICE_ID = "IoTDeviceId" - #: The IoT device name + """"The IoT device id""" IO_T_DEVICE_NAME = "IoTDeviceName" - #: The IoT device type + """The IoT device name""" IO_T_DEVICE_TYPE = "IoTDeviceType" - #: The IoT device vendor + """The IoT device type""" IO_T_DEVICE_VENDOR = "IoTDeviceVendor" - #: The IoT device model + """The IoT device vendor""" IO_T_DEVICE_MODEL = "IoTDeviceModel" - #: The IoT device operating system + """The IoT device model""" IO_T_DEVICE_OPERATING_SYSTEM = "IoTDeviceOperatingSystem" - #: The IP address + """The IoT device operating system""" IP_ADDRESS = "IPAddress" - #: The mailbox display name + """The IP address""" MAILBOX_DISPLAY_NAME = "MailboxDisplayName" - #: The mailbox primary address + """The mailbox display name""" MAILBOX_PRIMARY_ADDRESS = "MailboxPrimaryAddress" - #: The mailbox user principal name + """The mailbox primary address""" MAILBOX_UPN = "MailboxUPN" - #: The mail message delivery action + """The mailbox user principal name""" MAIL_MESSAGE_DELIVERY_ACTION = "MailMessageDeliveryAction" - #: The mail message delivery location + """The mail message delivery action""" MAIL_MESSAGE_DELIVERY_LOCATION = "MailMessageDeliveryLocation" - #: The mail message recipient + """The mail message delivery location""" MAIL_MESSAGE_RECIPIENT = "MailMessageRecipient" - #: The mail message sender IP address + """The mail message recipient""" MAIL_MESSAGE_SENDER_IP = "MailMessageSenderIP" - #: The mail message subject + """The mail message sender IP address""" MAIL_MESSAGE_SUBJECT = "MailMessageSubject" - #: The mail message P1 sender + """The mail message subject""" MAIL_MESSAGE_P1_SENDER = "MailMessageP1Sender" - #: The mail message P2 sender + """The mail message P1 sender""" MAIL_MESSAGE_P2_SENDER = "MailMessageP2Sender" - #: The malware category + """The mail message P2 sender""" MALWARE_CATEGORY = "MalwareCategory" - #: The malware name + """The malware category""" MALWARE_NAME = "MalwareName" - #: The process execution command line + """The malware name""" PROCESS_COMMAND_LINE = "ProcessCommandLine" - #: The process id + """The process execution command line""" PROCESS_ID = "ProcessId" - #: The registry key path + """The process id""" REGISTRY_KEY = "RegistryKey" - #: The registry key value in string formatted representation + """The registry key path""" REGISTRY_VALUE_DATA = "RegistryValueData" - #: The url + """The registry key value in string formatted representation""" URL = "Url" + """The url""" + + +class BillingStatisticKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The kind of the billing statistic.""" + + SAP_SOLUTION_USAGE = "SapSolutionUsage" class Category(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Categories of recommendations.""" - #: Onboarding recommendation. ONBOARDING = "Onboarding" - #: New feature recommendation. + """Onboarding recommendation.""" NEW_FEATURE = "NewFeature" - #: Soc Efficiency recommendation. + """New feature recommendation.""" SOC_EFFICIENCY = "SocEfficiency" - #: Cost optimization recommendation. + """Soc Efficiency recommendation.""" COST_OPTIMIZATION = "CostOptimization" - #: Demo recommendation. + """Cost optimization recommendation.""" DEMO = "Demo" + """Demo recommendation.""" class ConditionType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """ConditionType.""" - #: Evaluate an object property value PROPERTY = "Property" - #: Evaluate an object array property value + """Evaluate an object property value""" PROPERTY_ARRAY = "PropertyArray" - #: Evaluate an object property changed value + """Evaluate an object array property value""" PROPERTY_CHANGED = "PropertyChanged" - #: Evaluate an object array property changed value + """Evaluate an object property changed value""" PROPERTY_ARRAY_CHANGED = "PropertyArrayChanged" - #: Apply a boolean operator (e.g AND, OR) to conditions + """Evaluate an object array property changed value""" BOOLEAN = "Boolean" + """Apply a boolean operator (e.g AND, OR) to conditions""" class ConfidenceLevel(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The confidence level of this alert.""" - #: Unknown confidence, the is the default value UNKNOWN = "Unknown" - #: Low confidence, meaning we have some doubts this is indeed malicious or part of an attack + """Unknown confidence, the is the default value""" LOW = "Low" - #: High confidence that the alert is true positive malicious + """Low confidence, meaning we have some doubts this is indeed malicious or part of an attack""" HIGH = "High" + """High confidence that the alert is true positive malicious""" class ConfidenceScoreStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -380,15 +390,15 @@ class ConfidenceScoreStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): this alert, not applicable or final. """ - #: Score will not be calculated for this alert as it is not supported by virtual analyst NOT_APPLICABLE = "NotApplicable" - #: No score was set yet and calculation is in progress + """Score will not be calculated for this alert as it is not supported by virtual analyst""" IN_PROCESS = "InProcess" - #: Score is calculated and shown as part of the alert, but may be updated again at a later time - #: following the processing of additional data + """No score was set yet and calculation is in progress""" NOT_FINAL = "NotFinal" - #: Final score was calculated and available + """Score is calculated and shown as part of the alert, but may be updated again at a later time + #: following the processing of additional data""" FINAL = "Final" + """Final score was calculated and available""" class ConnectAuthKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -409,20 +419,24 @@ class ContentType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The content type of a source control path.""" ANALYTIC_RULE = "AnalyticRule" + AUTOMATION_RULE = "AutomationRule" + HUNTING_QUERY = "HuntingQuery" + PARSER = "Parser" + PLAYBOOK = "Playbook" WORKBOOK = "Workbook" class Context(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Context of recommendation.""" - #: Analytics context. ANALYTICS = "Analytics" - #: Incidents context. + """Analytics context.""" INCIDENTS = "Incidents" - #: Overview context. + """Incidents context.""" OVERVIEW = "Overview" - #: No context. + """Overview context.""" NONE = "None" + """No context.""" class CreatedByType(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -447,6 +461,12 @@ class DataConnectorAuthorizationState(str, Enum, metaclass=CaseInsensitiveEnumMe INVALID = "Invalid" +class DataConnectorDefinitionKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The kind of the data connector definitions.""" + + CUSTOMIZABLE = "Customizable" + + class DataConnectorKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The kind of the data connector.""" @@ -459,6 +479,7 @@ class DataConnectorKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): OFFICE_ATP = "OfficeATP" OFFICE_IRM = "OfficeIRM" OFFICE365_PROJECT = "Office365Project" + MICROSOFT_PURVIEW_INFORMATION_PROTECTION = "MicrosoftPurviewInformationProtection" OFFICE_POWER_BI = "OfficePowerBI" AMAZON_WEB_SERVICES_CLOUD_TRAIL = "AmazonWebServicesCloudTrail" AMAZON_WEB_SERVICES_S3 = "AmazonWebServicesS3" @@ -470,6 +491,7 @@ class DataConnectorKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): GENERIC_UI = "GenericUI" API_POLLING = "APIPolling" IOT = "IOT" + GCP = "GCP" class DataConnectorLicenseState(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -490,50 +512,50 @@ class DataTypeState(str, Enum, metaclass=CaseInsensitiveEnumMeta): class DeleteStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Indicates whether the file was deleted from the storage account.""" - #: The file was deleted. DELETED = "Deleted" - #: The file was not deleted. + """The file was deleted.""" NOT_DELETED = "NotDeleted" - #: Unspecified + """The file was not deleted.""" UNSPECIFIED = "Unspecified" + """Unspecified""" class DeliveryAction(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The delivery action of this mail message like Delivered, Blocked, Replaced etc.""" - #: Unknown UNKNOWN = "Unknown" - #: DeliveredAsSpam + """Unknown""" DELIVERED_AS_SPAM = "DeliveredAsSpam" - #: Delivered + """DeliveredAsSpam""" DELIVERED = "Delivered" - #: Blocked + """Delivered""" BLOCKED = "Blocked" - #: Replaced + """Blocked""" REPLACED = "Replaced" + """Replaced""" class DeliveryLocation(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The delivery location of this mail message like Inbox, JunkFolder etc.""" - #: Unknown UNKNOWN = "Unknown" - #: Inbox + """Unknown""" INBOX = "Inbox" - #: JunkFolder + """Inbox""" JUNK_FOLDER = "JunkFolder" - #: DeletedFolder + """JunkFolder""" DELETED_FOLDER = "DeletedFolder" - #: Quarantine + """DeletedFolder""" QUARANTINE = "Quarantine" - #: External + """Quarantine""" EXTERNAL = "External" - #: Failed + """External""" FAILED = "Failed" - #: Dropped + """Failed""" DROPPED = "Dropped" - #: Forwarded + """Dropped""" FORWARDED = "Forwarded" + """Forwarded""" class DeploymentFetchStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -564,122 +586,122 @@ class DeploymentState(str, Enum, metaclass=CaseInsensitiveEnumMeta): class DeviceImportance(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Device importance, determines if the device classified as 'crown jewel'.""" - #: Unknown - Default value UNKNOWN = "Unknown" - #: Low + """Unknown - Default value""" LOW = "Low" - #: Normal + """Low""" NORMAL = "Normal" - #: High + """Normal""" HIGH = "High" + """High""" class ElevationToken(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The elevation token associated with the process.""" - #: Default elevation token DEFAULT = "Default" - #: Full elevation token + """Default elevation token""" FULL = "Full" - #: Limited elevation token + """Full elevation token""" LIMITED = "Limited" + """Limited elevation token""" class EntityItemQueryKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): """EntityItemQueryKind.""" - #: insight INSIGHT = "Insight" + """insight""" -class EntityKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): +class EntityKindEnum(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The kind of the entity.""" - #: Entity represents account in the system. ACCOUNT = "Account" - #: Entity represents host in the system. + """Entity represents account in the system.""" HOST = "Host" - #: Entity represents file in the system. + """Entity represents host in the system.""" FILE = "File" - #: Entity represents azure resource in the system. + """Entity represents file in the system.""" AZURE_RESOURCE = "AzureResource" - #: Entity represents cloud application in the system. + """Entity represents azure resource in the system.""" CLOUD_APPLICATION = "CloudApplication" - #: Entity represents dns resolution in the system. + """Entity represents cloud application in the system.""" DNS_RESOLUTION = "DnsResolution" - #: Entity represents file hash in the system. + """Entity represents dns resolution in the system.""" FILE_HASH = "FileHash" - #: Entity represents ip in the system. + """Entity represents file hash in the system.""" IP = "Ip" - #: Entity represents malware in the system. + """Entity represents ip in the system.""" MALWARE = "Malware" - #: Entity represents process in the system. + """Entity represents malware in the system.""" PROCESS = "Process" - #: Entity represents registry key in the system. + """Entity represents process in the system.""" REGISTRY_KEY = "RegistryKey" - #: Entity represents registry value in the system. + """Entity represents registry key in the system.""" REGISTRY_VALUE = "RegistryValue" - #: Entity represents security group in the system. + """Entity represents registry value in the system.""" SECURITY_GROUP = "SecurityGroup" - #: Entity represents url in the system. + """Entity represents security group in the system.""" URL = "Url" - #: Entity represents IoT device in the system. + """Entity represents url in the system.""" IO_T_DEVICE = "IoTDevice" - #: Entity represents security alert in the system. + """Entity represents IoT device in the system.""" SECURITY_ALERT = "SecurityAlert" - #: Entity represents bookmark in the system. + """Entity represents security alert in the system.""" BOOKMARK = "Bookmark" - #: Entity represents mail cluster in the system. + """Entity represents bookmark in the system.""" MAIL_CLUSTER = "MailCluster" - #: Entity represents mail message in the system. + """Entity represents mail cluster in the system.""" MAIL_MESSAGE = "MailMessage" - #: Entity represents mailbox in the system. + """Entity represents mail message in the system.""" MAILBOX = "Mailbox" - #: Entity represents submission mail in the system. + """Entity represents mailbox in the system.""" SUBMISSION_MAIL = "SubmissionMail" - #: Entity represents network interface in the system. + """Entity represents submission mail in the system.""" NIC = "Nic" + """Entity represents network interface in the system.""" class EntityMappingType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The V3 type of the mapped entity.""" - #: User account entity type ACCOUNT = "Account" - #: Host entity type + """User account entity type""" HOST = "Host" - #: IP address entity type + """Host entity type""" IP = "IP" - #: Malware entity type + """IP address entity type""" MALWARE = "Malware" - #: System file entity type + """Malware entity type""" FILE = "File" - #: Process entity type + """System file entity type""" PROCESS = "Process" - #: Cloud app entity type + """Process entity type""" CLOUD_APPLICATION = "CloudApplication" - #: DNS entity type + """Cloud app entity type""" DNS = "DNS" - #: Azure resource entity type + """DNS entity type""" AZURE_RESOURCE = "AzureResource" - #: File-hash entity type + """Azure resource entity type""" FILE_HASH = "FileHash" - #: Registry key entity type + """File-hash entity type""" REGISTRY_KEY = "RegistryKey" - #: Registry value entity type + """Registry key entity type""" REGISTRY_VALUE = "RegistryValue" - #: Security group entity type + """Registry value entity type""" SECURITY_GROUP = "SecurityGroup" - #: URL entity type + """Security group entity type""" URL = "URL" - #: Mailbox entity type + """URL entity type""" MAILBOX = "Mailbox" - #: Mail cluster entity type + """Mailbox entity type""" MAIL_CLUSTER = "MailCluster" - #: Mail message entity type + """Mail cluster entity type""" MAIL_MESSAGE = "MailMessage" - #: Submission mail entity type + """Mail message entity type""" SUBMISSION_MAIL = "SubmissionMail" + """Submission mail entity type""" class EntityProviders(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -706,74 +728,74 @@ class EntityQueryTemplateKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): class EntityTimelineKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The entity query kind.""" - #: activity ACTIVITY = "Activity" - #: bookmarks + """activity""" BOOKMARK = "Bookmark" - #: security alerts + """bookmarks""" SECURITY_ALERT = "SecurityAlert" - #: anomaly + """security alerts""" ANOMALY = "Anomaly" + """anomaly""" class EntityType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The type of the entity.""" - #: Entity represents account in the system. ACCOUNT = "Account" - #: Entity represents host in the system. + """Entity represents account in the system.""" HOST = "Host" - #: Entity represents file in the system. + """Entity represents host in the system.""" FILE = "File" - #: Entity represents azure resource in the system. + """Entity represents file in the system.""" AZURE_RESOURCE = "AzureResource" - #: Entity represents cloud application in the system. + """Entity represents azure resource in the system.""" CLOUD_APPLICATION = "CloudApplication" - #: Entity represents dns in the system. + """Entity represents cloud application in the system.""" DNS = "DNS" - #: Entity represents file hash in the system. + """Entity represents dns in the system.""" FILE_HASH = "FileHash" - #: Entity represents ip in the system. + """Entity represents file hash in the system.""" IP = "IP" - #: Entity represents malware in the system. + """Entity represents ip in the system.""" MALWARE = "Malware" - #: Entity represents process in the system. + """Entity represents malware in the system.""" PROCESS = "Process" - #: Entity represents registry key in the system. + """Entity represents process in the system.""" REGISTRY_KEY = "RegistryKey" - #: Entity represents registry value in the system. + """Entity represents registry key in the system.""" REGISTRY_VALUE = "RegistryValue" - #: Entity represents security group in the system. + """Entity represents registry value in the system.""" SECURITY_GROUP = "SecurityGroup" - #: Entity represents url in the system. + """Entity represents security group in the system.""" URL = "URL" - #: Entity represents IoT device in the system. + """Entity represents url in the system.""" IO_T_DEVICE = "IoTDevice" - #: Entity represents security alert in the system. + """Entity represents IoT device in the system.""" SECURITY_ALERT = "SecurityAlert" - #: Entity represents HuntingBookmark in the system. + """Entity represents security alert in the system.""" HUNTING_BOOKMARK = "HuntingBookmark" - #: Entity represents mail cluster in the system. + """Entity represents HuntingBookmark in the system.""" MAIL_CLUSTER = "MailCluster" - #: Entity represents mail message in the system. + """Entity represents mail cluster in the system.""" MAIL_MESSAGE = "MailMessage" - #: Entity represents mailbox in the system. + """Entity represents mail message in the system.""" MAILBOX = "Mailbox" - #: Entity represents submission mail in the system. + """Entity represents mailbox in the system.""" SUBMISSION_MAIL = "SubmissionMail" - #: Entity represents network interface in the system. + """Entity represents submission mail in the system.""" NIC = "Nic" + """Entity represents network interface in the system.""" -class Enum13(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Enum13.""" +class Enum20(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """Enum20.""" EXPANSION = "Expansion" ACTIVITY = "Activity" -class Enum15(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Enum15.""" +class Enum22(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """Enum22.""" ACTIVITY = "Activity" @@ -788,58 +810,65 @@ class EventGroupingAggregationKind(str, Enum, metaclass=CaseInsensitiveEnumMeta) class FileFormat(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The format of the file.""" - #: A CSV file. CSV = "CSV" - #: A JSON file. + """A CSV file.""" JSON = "JSON" - #: A file of other format. + """A JSON file.""" UNSPECIFIED = "Unspecified" + """A file of other format.""" class FileHashAlgorithm(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The hash algorithm type.""" - #: Unknown hash algorithm UNKNOWN = "Unknown" - #: MD5 hash type + """Unknown hash algorithm""" MD5 = "MD5" - #: SHA1 hash type + """MD5 hash type""" SHA1 = "SHA1" - #: SHA256 hash type + """SHA1 hash type""" SHA256 = "SHA256" - #: SHA256 Authenticode hash type + """SHA256 hash type""" SHA256_AC = "SHA256AC" + """SHA256 Authenticode hash type""" class FileImportContentType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The content type of this file.""" - #: File containing records with the core fields of an indicator, plus the observables to construct - #: the STIX pattern. BASIC_INDICATOR = "BasicIndicator" - #: File containing STIX indicators. + """File containing records with the core fields of an indicator, plus the observables to construct + #: the STIX pattern.""" STIX_INDICATOR = "StixIndicator" - #: File containing other records. + """File containing STIX indicators.""" UNSPECIFIED = "Unspecified" + """File containing other records.""" class FileImportState(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The state of the file import.""" - #: A fatal error has occurred while ingesting the file. FATAL_ERROR = "FatalError" - #: The file has been ingested. + """A fatal error has occurred while ingesting the file.""" INGESTED = "Ingested" - #: The file has been ingested with errors. + """The file has been ingested.""" INGESTED_WITH_ERRORS = "IngestedWithErrors" - #: The file ingestion is in progress. + """The file has been ingested with errors.""" IN_PROGRESS = "InProgress" - #: The file is invalid. + """The file ingestion is in progress.""" INVALID = "Invalid" - #: Waiting for the file to be uploaded. + """The file is invalid.""" WAITING_FOR_UPLOAD = "WaitingForUpload" - #: Unspecified state. + """Waiting for the file to be uploaded.""" UNSPECIFIED = "Unspecified" + """Unspecified state.""" + + +class Flag(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The boolean value the metadata is for.""" + + TRUE = "true" + FALSE = "false" class GetInsightsError(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -848,156 +877,164 @@ class GetInsightsError(str, Enum, metaclass=CaseInsensitiveEnumMeta): INSIGHT = "Insight" +class HypothesisStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The hypothesis status of the hunt.""" + + UNKNOWN = "Unknown" + INVALIDATED = "Invalidated" + VALIDATED = "Validated" + + class IncidentClassification(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The reason the incident was closed.""" - #: Incident classification was undetermined UNDETERMINED = "Undetermined" - #: Incident was true positive + """Incident classification was undetermined""" TRUE_POSITIVE = "TruePositive" - #: Incident was benign positive + """Incident was true positive""" BENIGN_POSITIVE = "BenignPositive" - #: Incident was false positive + """Incident was benign positive""" FALSE_POSITIVE = "FalsePositive" + """Incident was false positive""" class IncidentClassificationReason(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The classification reason the incident was closed with.""" - #: Classification reason was suspicious activity SUSPICIOUS_ACTIVITY = "SuspiciousActivity" - #: Classification reason was suspicious but expected + """Classification reason was suspicious activity""" SUSPICIOUS_BUT_EXPECTED = "SuspiciousButExpected" - #: Classification reason was incorrect alert logic + """Classification reason was suspicious but expected""" INCORRECT_ALERT_LOGIC = "IncorrectAlertLogic" - #: Classification reason was inaccurate data + """Classification reason was incorrect alert logic""" INACCURATE_DATA = "InaccurateData" + """Classification reason was inaccurate data""" class IncidentLabelType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The type of the label.""" - #: Label manually created by a user USER = "User" - #: Label automatically created by the system + """Label manually created by a user""" AUTO_ASSIGNED = "AutoAssigned" + """Label automatically created by the system""" class IncidentSeverity(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The severity of the incident.""" - #: High severity HIGH = "High" - #: Medium severity + """High severity""" MEDIUM = "Medium" - #: Low severity + """Medium severity""" LOW = "Low" - #: Informational severity + """Low severity""" INFORMATIONAL = "Informational" + """Informational severity""" class IncidentStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The status of the incident.""" - #: An active incident which isn't being handled currently NEW = "New" - #: An active incident which is being handled + """An active incident which isn't being handled currently""" ACTIVE = "Active" - #: A non-active incident + """An active incident which is being handled""" CLOSED = "Closed" + """A non-active incident""" class IncidentTaskStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): """IncidentTaskStatus.""" - #: A new task NEW = "New" - #: A completed task + """A new task""" COMPLETED = "Completed" + """A completed task""" class IngestionMode(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Describes how to ingest the records in the file.""" - #: No records should be ingested when invalid records are detected. INGEST_ONLY_IF_ALL_ARE_VALID = "IngestOnlyIfAllAreValid" - #: Valid records should still be ingested when invalid records are detected. + """No records should be ingested when invalid records are detected.""" INGEST_ANY_VALID_RECORDS = "IngestAnyValidRecords" - #: Unspecified + """Valid records should still be ingested when invalid records are detected.""" UNSPECIFIED = "Unspecified" + """Unspecified""" class KillChainIntent(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The intent of the alert.""" - #: The default value. UNKNOWN = "Unknown" - #: Probing could be an attempt to access a certain resource regardless of a malicious intent or a + """The default value.""" + PROBING = "Probing" + """Probing could be an attempt to access a certain resource regardless of a malicious intent or a #: failed attempt to gain access to a target system to gather information prior to exploitation. #: This step is usually detected as an attempt originating from outside the network in attempt to - #: scan the target system and find a way in. - PROBING = "Probing" - #: Exploitation is the stage where an attacker manage to get foothold on the attacked resource. + #: scan the target system and find a way in.""" + EXPLOITATION = "Exploitation" + """Exploitation is the stage where an attacker manage to get foothold on the attacked resource. #: This stage is applicable not only for compute hosts, but also for resources such as user #: accounts, certificates etc. Adversaries will often be able to control the resource after this - #: stage. - EXPLOITATION = "Exploitation" - #: Persistence is any access, action, or configuration change to a system that gives an adversary + #: stage.""" + PERSISTENCE = "Persistence" + """Persistence is any access, action, or configuration change to a system that gives an adversary #: a persistent presence on that system. Adversaries will often need to maintain access to systems #: through interruptions such as system restarts, loss of credentials, or other failures that - #: would require a remote access tool to restart or alternate backdoor for them to regain access. - PERSISTENCE = "Persistence" - #: Privilege escalation is the result of actions that allow an adversary to obtain a higher level + #: would require a remote access tool to restart or alternate backdoor for them to regain access.""" + PRIVILEGE_ESCALATION = "PrivilegeEscalation" + """Privilege escalation is the result of actions that allow an adversary to obtain a higher level #: of permissions on a system or network. Certain tools or actions require a higher level of #: privilege to work and are likely necessary at many points throughout an operation. User #: accounts with permissions to access specific systems or perform specific functions necessary - #: for adversaries to achieve their objective may also be considered an escalation of privilege. - PRIVILEGE_ESCALATION = "PrivilegeEscalation" - #: Defense evasion consists of techniques an adversary may use to evade detection or avoid other - #: defenses. Sometimes these actions are the same as or variations of techniques in other - #: categories that have the added benefit of subverting a particular defense or mitigation. + #: for adversaries to achieve their objective may also be considered an escalation of privilege.""" DEFENSE_EVASION = "DefenseEvasion" - #: Credential access represents techniques resulting in access to or control over system, domain, + """Defense evasion consists of techniques an adversary may use to evade detection or avoid other + #: defenses. Sometimes these actions are the same as or variations of techniques in other + #: categories that have the added benefit of subverting a particular defense or mitigation.""" + CREDENTIAL_ACCESS = "CredentialAccess" + """Credential access represents techniques resulting in access to or control over system, domain, #: or service credentials that are used within an enterprise environment. Adversaries will likely #: attempt to obtain legitimate credentials from users or administrator accounts (local system #: administrator or domain users with administrator access) to use within the network. With #: sufficient access within a network, an adversary can create accounts for later use within the - #: environment. - CREDENTIAL_ACCESS = "CredentialAccess" - #: Discovery consists of techniques that allow the adversary to gain knowledge about the system - #: and internal network. When adversaries gain access to a new system, they must orient themselves - #: to what they now have control of and what benefits operating from that system give to their - #: current objective or overall goals during the intrusion. The operating system provides many - #: native tools that aid in this post-compromise information-gathering phase. + #: environment.""" DISCOVERY = "Discovery" - #: Lateral movement consists of techniques that enable an adversary to access and control remote + """Discovery consists of techniques that allow the adversary to gain knowledge about the system + #: and internal network. When adversaries gain access to a new system, they must navigate + #: themselves to what they now have control of and what benefits operating from that system give + #: to their current objective or overall goals during the intrusion. The operating system provides + #: many native tools that aid in this post-compromise information-gathering phase.""" + LATERAL_MOVEMENT = "LateralMovement" + """Lateral movement consists of techniques that enable an adversary to access and control remote #: systems on a network and could, but does not necessarily, include execution of tools on remote #: systems. The lateral movement techniques could allow an adversary to gather information from a #: system without needing additional tools, such as a remote access tool. An adversary can use #: lateral movement for many purposes, including remote Execution of tools, pivoting to additional #: systems, access to specific information or files, access to additional credentials, or to cause - #: an effect. - LATERAL_MOVEMENT = "LateralMovement" - #: The execution tactic represents techniques that result in execution of adversary-controlled - #: code on a local or remote system. This tactic is often used in conjunction with lateral - #: movement to expand access to remote systems on a network. + #: an effect.""" EXECUTION = "Execution" - #: Collection consists of techniques used to identify and gather information, such as sensitive - #: files, from a target network prior to exfiltration. This category also covers locations on a - #: system or network where the adversary may look for information to exfiltrate. + """The execution tactic represents techniques that result in execution of adversary-controlled + #: code on a local or remote system. This tactic is often used in conjunction with lateral + #: movement to expand access to remote systems on a network.""" COLLECTION = "Collection" - #: Exfiltration refers to techniques and attributes that result or aid in the adversary removing - #: files and information from a target network. This category also covers locations on a system or - #: network where the adversary may look for information to exfiltrate. + """Collection consists of techniques used to identify and gather information, such as sensitive + #: files, from a target network prior to exfiltration. This category also covers locations on a + #: system or network where the adversary may look for information to exfiltrate.""" EXFILTRATION = "Exfiltration" - #: The command and control tactic represents how adversaries communicate with systems under their - #: control within a target network. + """Exfiltration refers to techniques and attributes that result or aid in the adversary removing + #: files and information from a target network. This category also covers locations on a system or + #: network where the adversary may look for information to exfiltrate.""" COMMAND_AND_CONTROL = "CommandAndControl" - #: The impact intent primary objective is to directly reduce the availability or integrity of a + """The command and control tactic represents how adversaries communicate with systems under their + #: control within a target network.""" + IMPACT = "Impact" + """The impact intent primary objective is to directly reduce the availability or integrity of a #: system, service, or network; including manipulation of data to impact a business or operational #: process. This would often refer to techniques such as ransom-ware, defacement, data - #: manipulation and others. - IMPACT = "Impact" + #: manipulation and others.""" class Kind(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1027,13 +1064,13 @@ class MatchingMethod(str, Enum, metaclass=CaseInsensitiveEnumMeta): groupByAlertDetails, groupByCustomDetails must be provided and not empty. """ - #: Grouping alerts into a single incident if all the entities match ALL_ENTITIES = "AllEntities" - #: Grouping any alerts triggered by this rule into a single incident + """Grouping alerts into a single incident if all the entities match""" ANY_ALERT = "AnyAlert" - #: Grouping alerts into a single incident if the selected entities, custom details and alert - #: details match + """Grouping any alerts triggered by this rule into a single incident""" SELECTED = "Selected" + """Grouping alerts into a single incident if the selected entities, custom details and alert + #: details match""" class MicrosoftSecurityProductName(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1048,26 +1085,44 @@ class MicrosoftSecurityProductName(str, Enum, metaclass=CaseInsensitiveEnumMeta) MICROSOFT_DEFENDER_ADVANCED_THREAT_PROTECTION = "Microsoft Defender Advanced Threat Protection" +class Mode(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The current mode of the workspace manager configuration.""" + + ENABLED = "Enabled" + """The workspace manager configuration is enabled""" + DISABLED = "Disabled" + """The workspace manager configuration is disabled""" + + +class MtpProvider(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The available data providers.""" + + MICROSOFT_DEFENDER_FOR_CLOUD_APPS = "microsoftDefenderForCloudApps" + MICROSOFT_DEFENDER_FOR_IDENTITY = "microsoftDefenderForIdentity" + + class Operator(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Operator used for list of dependencies in criteria array.""" AND = "AND" OR = "OR" + AND_ENUM = "AND" + OR_ENUM = "OR" class OSFamily(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The operating system type.""" - #: Host with Linux operating system. LINUX = "Linux" - #: Host with Windows operating system. + """Host with Linux operating system.""" WINDOWS = "Windows" - #: Host with Android operating system. + """Host with Windows operating system.""" ANDROID = "Android" - #: Host with IOS operating system. + """Host with Android operating system.""" IOS = "IOS" - #: Host with Unknown operating system. + """Host with IOS operating system.""" UNKNOWN = "Unknown" + """Host with Unknown operating system.""" class OutputType(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1080,14 +1135,21 @@ class OutputType(str, Enum, metaclass=CaseInsensitiveEnumMeta): class OwnerType(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The type of the owner the incident is assigned to.""" + """The type of the owner the hunt is assigned to.""" - #: The incident owner type is unknown UNKNOWN = "Unknown" - #: The incident owner type is an AAD user + """The hunt owner type is unknown""" USER = "User" - #: The incident owner type is an AAD group + """The hunt owner type is an AAD user""" GROUP = "Group" + """The hunt owner type is an AAD group""" + + +class PackageKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The package kind.""" + + SOLUTION = "Solution" + STANDALONE = "Standalone" class PermissionProviderScope(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1101,23 +1163,23 @@ class PermissionProviderScope(str, Enum, metaclass=CaseInsensitiveEnumMeta): class PollingFrequency(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The polling frequency for the TAXII server.""" - #: Once a minute ONCE_A_MINUTE = "OnceAMinute" - #: Once an hour + """Once a minute""" ONCE_AN_HOUR = "OnceAnHour" - #: Once a day + """Once an hour""" ONCE_A_DAY = "OnceADay" + """Once a day""" class Priority(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Priority of recommendation.""" - #: Low priority for recommendation. LOW = "Low" - #: Medium priority for recommendation. + """Low priority for recommendation.""" MEDIUM = "Medium" - #: High priority for recommendation. + """Medium priority for recommendation.""" HIGH = "High" + """High priority for recommendation.""" class ProviderName(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1131,29 +1193,47 @@ class ProviderName(str, Enum, metaclass=CaseInsensitiveEnumMeta): MICROSOFT_AUTHORIZATION_POLICY_ASSIGNMENTS = "Microsoft.Authorization/policyAssignments" +class ProviderPermissionsScope(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The scope on which the user should have permissions, in order to be able to create connections.""" + + SUBSCRIPTION = "Subscription" + RESOURCE_GROUP = "ResourceGroup" + WORKSPACE = "Workspace" + + +class ProvisioningState(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The triggered analytics rule run provisioning state.""" + + ACCEPTED = "Accepted" + IN_PROGRESS = "InProgress" + SUCCEEDED = "Succeeded" + FAILED = "Failed" + CANCELED = "Canceled" + + class RegistryHive(str, Enum, metaclass=CaseInsensitiveEnumMeta): """the hive that holds the registry key.""" - #: HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE = "HKEY_LOCAL_MACHINE" - #: HKEY_CLASSES_ROOT + """HKEY_LOCAL_MACHINE""" HKEY_CLASSES_ROOT = "HKEY_CLASSES_ROOT" - #: HKEY_CURRENT_CONFIG + """HKEY_CLASSES_ROOT""" HKEY_CURRENT_CONFIG = "HKEY_CURRENT_CONFIG" - #: HKEY_USERS + """HKEY_CURRENT_CONFIG""" HKEY_USERS = "HKEY_USERS" - #: HKEY_CURRENT_USER_LOCAL_SETTINGS + """HKEY_USERS""" HKEY_CURRENT_USER_LOCAL_SETTINGS = "HKEY_CURRENT_USER_LOCAL_SETTINGS" - #: HKEY_PERFORMANCE_DATA + """HKEY_CURRENT_USER_LOCAL_SETTINGS""" HKEY_PERFORMANCE_DATA = "HKEY_PERFORMANCE_DATA" - #: HKEY_PERFORMANCE_NLSTEXT + """HKEY_PERFORMANCE_DATA""" HKEY_PERFORMANCE_NLSTEXT = "HKEY_PERFORMANCE_NLSTEXT" - #: HKEY_PERFORMANCE_TEXT + """HKEY_PERFORMANCE_NLSTEXT""" HKEY_PERFORMANCE_TEXT = "HKEY_PERFORMANCE_TEXT" - #: HKEY_A + """HKEY_PERFORMANCE_TEXT""" HKEY_A = "HKEY_A" - #: HKEY_CURRENT_USER + """HKEY_A""" HKEY_CURRENT_USER = "HKEY_CURRENT_USER" + """HKEY_CURRENT_USER""" class RegistryValueKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1161,29 +1241,37 @@ class RegistryValueKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): type of a value in the registry. """ - #: None NONE = "None" - #: Unknown value type + """None""" UNKNOWN = "Unknown" - #: String value type + """Unknown value type""" STRING = "String" - #: ExpandString value type + """String value type""" EXPAND_STRING = "ExpandString" - #: Binary value type + """ExpandString value type""" BINARY = "Binary" - #: DWord value type + """Binary value type""" D_WORD = "DWord" - #: MultiString value type + """DWord value type""" MULTI_STRING = "MultiString" - #: QWord value type + """MultiString value type""" Q_WORD = "QWord" + """QWord value type""" + + +class RepositoryAccessKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The kind of repository access credentials.""" + + O_AUTH = "OAuth" + PAT = "PAT" + APP = "App" class RepoType(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The type of repository.""" GITHUB = "Github" - DEV_OPS = "DevOps" + AZURE_DEV_OPS = "AzureDevOps" class SecurityMLAnalyticsSettingsKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1204,10 +1292,10 @@ class SettingKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): class SettingsStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The anomaly SecurityMLAnalyticsSettings status.""" - #: Anomaly settings status in Production mode PRODUCTION = "Production" - #: Anomaly settings status in Flighting mode + """Anomaly settings status in Production mode""" FLIGHTING = "Flighting" + """Anomaly settings status in Flighting mode""" class SettingType(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1237,16 +1325,29 @@ class SourceType(str, Enum, metaclass=CaseInsensitiveEnumMeta): class State(str, Enum, metaclass=CaseInsensitiveEnumMeta): """State of recommendation.""" - #: Recommendation is active. ACTIVE = "Active" - #: Recommendation is disabled. + """Recommendation is active.""" DISABLED = "Disabled" - #: Recommendation has been completed by user. + """Recommendation is disabled.""" COMPLETED_BY_USER = "CompletedByUser" - #: Recommendation has been completed by action. + """Recommendation has been completed by user.""" COMPLETED_BY_ACTION = "CompletedByAction" - #: Recommendation is hidden. + """Recommendation has been completed by action.""" HIDDEN = "Hidden" + """Recommendation is hidden.""" + + +class Status(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The status of the hunt.""" + + NEW = "New" + ACTIVE = "Active" + CLOSED = "Closed" + BACKLOG = "Backlog" + APPROVED = "Approved" + SUCCEEDED = "Succeeded" + FAILED = "Failed" + IN_PROGRESS = "InProgress" class SupportTier(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1260,22 +1361,22 @@ class SupportTier(str, Enum, metaclass=CaseInsensitiveEnumMeta): class TemplateStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The alert rule template status.""" - #: Alert rule template installed. and can not use more then once INSTALLED = "Installed" - #: Alert rule template is available. + """Alert rule template installed. and can not use more then once""" AVAILABLE = "Available" - #: Alert rule template is not available + """Alert rule template is available.""" NOT_AVAILABLE = "NotAvailable" + """Alert rule template is not available""" -class ThreatIntelligenceResourceKindEnum(str, Enum, metaclass=CaseInsensitiveEnumMeta): +class ThreatIntelligenceResourceInnerKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The kind of the threat intelligence entity.""" - #: Entity represents threat intelligence indicator in the system. INDICATOR = "indicator" + """Entity represents threat intelligence indicator in the system.""" -class ThreatIntelligenceSortingCriteriaEnum(str, Enum, metaclass=CaseInsensitiveEnumMeta): +class ThreatIntelligenceSortingOrder(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Sorting order (ascending/descending/unsorted).""" UNSORTED = "unsorted" @@ -1295,19 +1396,19 @@ class TriggerOperator(str, Enum, metaclass=CaseInsensitiveEnumMeta): class TriggersOn(str, Enum, metaclass=CaseInsensitiveEnumMeta): """TriggersOn.""" - #: Trigger on Incidents INCIDENTS = "Incidents" - #: Trigger on Alerts + """Trigger on Incidents""" ALERTS = "Alerts" + """Trigger on Alerts""" class TriggersWhen(str, Enum, metaclass=CaseInsensitiveEnumMeta): """TriggersWhen.""" - #: Trigger on created objects CREATED = "Created" - #: Trigger on updated objects + """Trigger on created objects""" UPDATED = "Updated" + """Trigger on updated objects""" class UebaDataSources(str, Enum, metaclass=CaseInsensitiveEnumMeta): @@ -1324,3 +1425,15 @@ class Version(str, Enum, metaclass=CaseInsensitiveEnumMeta): V1 = "V1" V2 = "V2" + + +class WarningCode(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The type of repository.""" + + SOURCE_CONTROL_WARNING_DELETE_SERVICE_PRINCIPAL = "SourceControlWarning_DeleteServicePrincipal" + SOURCE_CONTROL_WARNING_DELETE_PIPELINE_FROM_AZURE_DEV_OPS = "SourceControlWarning_DeletePipelineFromAzureDevOps" + SOURCE_CONTROL_WARNING_DELETE_WORKFLOW_AND_SECRET_FROM_GIT_HUB = ( + "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub" + ) + SOURCE_CONTROL_WARNING_DELETE_ROLE_ASSIGNMENT = "SourceControlWarning_DeleteRoleAssignment" + SOURCE_CONTROL_DELETED_WITH_WARNINGS = "SourceControl_DeletedWithWarnings" diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py index 802d895ef601..3cef9c159131 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py @@ -10,19 +10,31 @@ from ._actions_operations import ActionsOperations from ._alert_rule_templates_operations import AlertRuleTemplatesOperations from ._automation_rules_operations import AutomationRulesOperations +from ._entities_operations import EntitiesOperations from ._incidents_operations import IncidentsOperations +from ._billing_statistics_operations import BillingStatisticsOperations from ._bookmarks_operations import BookmarksOperations from ._bookmark_relations_operations import BookmarkRelationsOperations from ._bookmark_operations import BookmarkOperations +from ._content_packages_operations import ContentPackagesOperations +from ._content_package_operations import ContentPackageOperations +from ._product_packages_operations import ProductPackagesOperations +from ._product_package_operations import ProductPackageOperations +from ._product_templates_operations import ProductTemplatesOperations +from ._product_template_operations import ProductTemplateOperations +from ._content_templates_operations import ContentTemplatesOperations +from ._content_template_operations import ContentTemplateOperations from ._ip_geodata_operations import IPGeodataOperations from ._domain_whois_operations import DomainWhoisOperations -from ._entities_operations import EntitiesOperations from ._entities_get_timeline_operations import EntitiesGetTimelineOperations from ._entities_relations_operations import EntitiesRelationsOperations from ._entity_relations_operations import EntityRelationsOperations from ._entity_queries_operations import EntityQueriesOperations from ._entity_query_templates_operations import EntityQueryTemplatesOperations from ._file_imports_operations import FileImportsOperations +from ._hunts_operations import HuntsOperations +from ._hunt_relations_operations import HuntRelationsOperations +from ._hunt_comments_operations import HuntCommentsOperations from ._incident_comments_operations import IncidentCommentsOperations from ._incident_relations_operations import IncidentRelationsOperations from ._incident_tasks_operations import IncidentTasksOperations @@ -39,8 +51,17 @@ from ._threat_intelligence_indicator_operations import ThreatIntelligenceIndicatorOperations from ._threat_intelligence_indicators_operations import ThreatIntelligenceIndicatorsOperations from ._threat_intelligence_indicator_metrics_operations import ThreatIntelligenceIndicatorMetricsOperations +from ._triggered_analytics_rule_run_operations import TriggeredAnalyticsRuleRunOperations +from ._get_triggered_analytics_rule_runs_operations import GetTriggeredAnalyticsRuleRunsOperations +from ._alert_rule_operations import AlertRuleOperations from ._watchlists_operations import WatchlistsOperations from ._watchlist_items_operations import WatchlistItemsOperations +from ._workspace_manager_assignments_operations import WorkspaceManagerAssignmentsOperations +from ._workspace_manager_assignment_jobs_operations import WorkspaceManagerAssignmentJobsOperations +from ._workspace_manager_configurations_operations import WorkspaceManagerConfigurationsOperations +from ._workspace_manager_groups_operations import WorkspaceManagerGroupsOperations +from ._workspace_manager_members_operations import WorkspaceManagerMembersOperations +from ._data_connector_definitions_operations import DataConnectorDefinitionsOperations from ._data_connectors_operations import DataConnectorsOperations from ._data_connectors_check_requirements_operations import DataConnectorsCheckRequirementsOperations from ._operations import Operations @@ -54,19 +75,31 @@ "ActionsOperations", "AlertRuleTemplatesOperations", "AutomationRulesOperations", + "EntitiesOperations", "IncidentsOperations", + "BillingStatisticsOperations", "BookmarksOperations", "BookmarkRelationsOperations", "BookmarkOperations", + "ContentPackagesOperations", + "ContentPackageOperations", + "ProductPackagesOperations", + "ProductPackageOperations", + "ProductTemplatesOperations", + "ProductTemplateOperations", + "ContentTemplatesOperations", + "ContentTemplateOperations", "IPGeodataOperations", "DomainWhoisOperations", - "EntitiesOperations", "EntitiesGetTimelineOperations", "EntitiesRelationsOperations", "EntityRelationsOperations", "EntityQueriesOperations", "EntityQueryTemplatesOperations", "FileImportsOperations", + "HuntsOperations", + "HuntRelationsOperations", + "HuntCommentsOperations", "IncidentCommentsOperations", "IncidentRelationsOperations", "IncidentTasksOperations", @@ -83,8 +116,17 @@ "ThreatIntelligenceIndicatorOperations", "ThreatIntelligenceIndicatorsOperations", "ThreatIntelligenceIndicatorMetricsOperations", + "TriggeredAnalyticsRuleRunOperations", + "GetTriggeredAnalyticsRuleRunsOperations", + "AlertRuleOperations", "WatchlistsOperations", "WatchlistItemsOperations", + "WorkspaceManagerAssignmentsOperations", + "WorkspaceManagerAssignmentJobsOperations", + "WorkspaceManagerConfigurationsOperations", + "WorkspaceManagerGroupsOperations", + "WorkspaceManagerMembersOperations", + "DataConnectorDefinitionsOperations", "DataConnectorsOperations", "DataConnectorsCheckRequirementsOperations", "Operations", diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_actions_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_actions_operations.py index a26c034dbc69..ff48b819fabc 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_actions_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_actions_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +43,7 @@ def build_list_by_alert_rule_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -73,7 +67,7 @@ def build_list_by_alert_rule_request( "ruleId": _SERIALIZER.url("rule_id", rule_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -90,9 +84,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -117,7 +109,7 @@ def build_get_request( "actionId": _SERIALIZER.url("action_id", action_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -134,9 +126,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -162,7 +152,7 @@ def build_create_or_update_request( "actionId": _SERIALIZER.url("action_id", action_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -181,9 +171,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -208,7 +196,7 @@ def build_delete_request( "actionId": _SERIALIZER.url("action_id", action_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -259,9 +247,7 @@ def list_by_alert_rule( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.ActionsList] = kwargs.pop("cls", None) error_map = { @@ -316,8 +302,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -364,9 +351,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.ActionResponse] = kwargs.pop("cls", None) request = build_get_request( @@ -383,8 +368,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -493,7 +479,7 @@ def create_or_update( :type rule_id: str :param action_id: Action ID. Required. :type action_id: str - :param action: The action. Is either a model type or a IO type. Required. + :param action: The action. Is either a ActionRequest type or a IO type. Required. :type action: ~azure.mgmt.securityinsight.models.ActionRequest or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -514,16 +500,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.ActionResponse] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(action, (IO, bytes)): + if isinstance(action, (IOBase, bytes)): _content = action else: _json = self._serialize.body(action, "ActionRequest") @@ -545,8 +529,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -601,9 +586,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -620,8 +603,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_operations.py new file mode 100644 index 000000000000..395fa7c89d1f --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_operations.py @@ -0,0 +1,334 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, cast, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.polling import LROPoller, NoPolling, PollingMethod +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat +from azure.mgmt.core.polling.arm_polling import ARMPolling + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_trigger_rule_run_request( + resource_group_name: str, workspace_name: str, rule_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/triggerRuleRun", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "ruleId": _SERIALIZER.url("rule_id", rule_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) + + +class AlertRuleOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`alert_rule` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + def _trigger_rule_run_initial( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + analytics_rule_run_trigger_parameter: Union[_models.AnalyticsRuleRunTrigger, IO], + **kwargs: Any + ) -> None: + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[None] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(analytics_rule_run_trigger_parameter, (IOBase, bytes)): + _content = analytics_rule_run_trigger_parameter + else: + _json = self._serialize.body(analytics_rule_run_trigger_parameter, "AnalyticsRuleRunTrigger") + + request = build_trigger_rule_run_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self._trigger_rule_run_initial.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [202]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + response_headers = {} + response_headers["Location"] = self._deserialize("str", response.headers.get("Location")) + + if cls: + return cls(pipeline_response, None, response_headers) + + _trigger_rule_run_initial.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/triggerRuleRun" + } + + @overload + def begin_trigger_rule_run( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + analytics_rule_run_trigger_parameter: _models.AnalyticsRuleRunTrigger, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> LROPoller[None]: + """triggers analytics rule run. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_id: Alert rule ID. Required. + :type rule_id: str + :param analytics_rule_run_trigger_parameter: The Analytics Rule Run Trigger parameter. + Required. + :type analytics_rule_run_trigger_parameter: + ~azure.mgmt.securityinsight.models.AnalyticsRuleRunTrigger + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :keyword str continuation_token: A continuation token to restart a poller from a saved state. + :keyword polling: By default, your polling method will be ARMPolling. Pass in False for this + operation to not poll, or pass in your own initialized polling object for a personal polling + strategy. + :paramtype polling: bool or ~azure.core.polling.PollingMethod + :keyword int polling_interval: Default waiting time between two polls for LRO operations if no + Retry-After header is present. + :return: An instance of LROPoller that returns either None or the result of cls(response) + :rtype: ~azure.core.polling.LROPoller[None] + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def begin_trigger_rule_run( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + analytics_rule_run_trigger_parameter: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> LROPoller[None]: + """triggers analytics rule run. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_id: Alert rule ID. Required. + :type rule_id: str + :param analytics_rule_run_trigger_parameter: The Analytics Rule Run Trigger parameter. + Required. + :type analytics_rule_run_trigger_parameter: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :keyword str continuation_token: A continuation token to restart a poller from a saved state. + :keyword polling: By default, your polling method will be ARMPolling. Pass in False for this + operation to not poll, or pass in your own initialized polling object for a personal polling + strategy. + :paramtype polling: bool or ~azure.core.polling.PollingMethod + :keyword int polling_interval: Default waiting time between two polls for LRO operations if no + Retry-After header is present. + :return: An instance of LROPoller that returns either None or the result of cls(response) + :rtype: ~azure.core.polling.LROPoller[None] + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def begin_trigger_rule_run( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + analytics_rule_run_trigger_parameter: Union[_models.AnalyticsRuleRunTrigger, IO], + **kwargs: Any + ) -> LROPoller[None]: + """triggers analytics rule run. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_id: Alert rule ID. Required. + :type rule_id: str + :param analytics_rule_run_trigger_parameter: The Analytics Rule Run Trigger parameter. Is + either a AnalyticsRuleRunTrigger type or a IO type. Required. + :type analytics_rule_run_trigger_parameter: + ~azure.mgmt.securityinsight.models.AnalyticsRuleRunTrigger or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :keyword str continuation_token: A continuation token to restart a poller from a saved state. + :keyword polling: By default, your polling method will be ARMPolling. Pass in False for this + operation to not poll, or pass in your own initialized polling object for a personal polling + strategy. + :paramtype polling: bool or ~azure.core.polling.PollingMethod + :keyword int polling_interval: Default waiting time between two polls for LRO operations if no + Retry-After header is present. + :return: An instance of LROPoller that returns either None or the result of cls(response) + :rtype: ~azure.core.polling.LROPoller[None] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[None] = kwargs.pop("cls", None) + polling: Union[bool, PollingMethod] = kwargs.pop("polling", True) + lro_delay = kwargs.pop("polling_interval", self._config.polling_interval) + cont_token: Optional[str] = kwargs.pop("continuation_token", None) + if cont_token is None: + raw_result = self._trigger_rule_run_initial( # type: ignore + resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + analytics_rule_run_trigger_parameter=analytics_rule_run_trigger_parameter, + api_version=api_version, + content_type=content_type, + cls=lambda x, y, z: x, + headers=_headers, + params=_params, + **kwargs + ) + kwargs.pop("error_map", None) + + def get_long_running_output(pipeline_response): # pylint: disable=inconsistent-return-statements + if cls: + return cls(pipeline_response, None, {}) + + if polling is True: + polling_method: PollingMethod = cast( + PollingMethod, ARMPolling(lro_delay, lro_options={"final-state-via": "location"}, **kwargs) + ) + elif polling is False: + polling_method = cast(PollingMethod, NoPolling()) + else: + polling_method = polling + if cont_token: + return LROPoller.from_continuation_token( + polling_method=polling_method, + continuation_token=cont_token, + client=self._client, + deserialization_callback=get_long_running_output, + ) + return LROPoller(self._client, raw_result, get_long_running_output, polling_method) # type: ignore + + begin_trigger_rule_run.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/triggerRuleRun" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_templates_operations.py index 938d7e565001..343ae03c0758 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_templates_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_templates_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Iterable, Optional, TypeVar import urllib.parse @@ -28,12 +27,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +42,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -72,7 +65,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -89,9 +82,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -115,7 +106,7 @@ def build_get_request( "alertRuleTemplateId": _SERIALIZER.url("alert_rule_template_id", alert_rule_template_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -164,9 +155,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AlertRuleTemplatesList] = kwargs.pop("cls", None) error_map = { @@ -220,8 +209,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -266,9 +256,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AlertRuleTemplate] = kwargs.pop("cls", None) request = build_get_request( @@ -284,8 +272,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rules_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rules_operations.py index 911942febd7a..68824c2897a5 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rules_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rules_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +43,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -72,7 +66,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -89,9 +83,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -115,7 +107,7 @@ def build_get_request( "ruleId": _SERIALIZER.url("rule_id", rule_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -132,9 +124,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -159,7 +149,7 @@ def build_create_or_update_request( "ruleId": _SERIALIZER.url("rule_id", rule_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -178,9 +168,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -204,7 +192,7 @@ def build_delete_request( "ruleId": _SERIALIZER.url("rule_id", rule_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -251,9 +239,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AlertRulesList] = kwargs.pop("cls", None) error_map = { @@ -307,8 +293,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -351,9 +338,7 @@ def get(self, resource_group_name: str, workspace_name: str, rule_id: str, **kwa _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AlertRule] = kwargs.pop("cls", None) request = build_get_request( @@ -369,8 +354,9 @@ def get(self, resource_group_name: str, workspace_name: str, rule_id: str, **kwa request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -470,7 +456,7 @@ def create_or_update( :type workspace_name: str :param rule_id: Alert rule ID. Required. :type rule_id: str - :param alert_rule: The alert rule. Is either a model type or a IO type. Required. + :param alert_rule: The alert rule. Is either a AlertRule type or a IO type. Required. :type alert_rule: ~azure.mgmt.securityinsight.models.AlertRule or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -491,16 +477,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.AlertRule] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(alert_rule, (IO, bytes)): + if isinstance(alert_rule, (IOBase, bytes)): _content = alert_rule else: _json = self._serialize.body(alert_rule, "AlertRule") @@ -521,8 +505,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -575,9 +560,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -593,8 +576,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_automation_rules_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_automation_rules_operations.py index bb9e386f6773..61d4ce978b99 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_automation_rules_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_automation_rules_operations.py @@ -6,6 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- +from io import IOBase import sys from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,16 +29,12 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request if sys.version_info >= (3, 9): from collections.abc import MutableMapping else: from typing import MutableMapping # type: ignore # pylint: disable=ungrouped-imports -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports JSON = MutableMapping[str, Any] # pylint: disable=unsubscriptable-object T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -52,9 +49,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -78,7 +73,7 @@ def build_get_request( "automationRuleId": _SERIALIZER.url("automation_rule_id", automation_rule_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -95,9 +90,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -122,7 +115,7 @@ def build_create_or_update_request( "automationRuleId": _SERIALIZER.url("automation_rule_id", automation_rule_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -141,9 +134,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -167,7 +158,7 @@ def build_delete_request( "automationRuleId": _SERIALIZER.url("automation_rule_id", automation_rule_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -184,9 +175,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -209,7 +198,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -268,9 +257,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AutomationRule] = kwargs.pop("cls", None) request = build_get_request( @@ -286,8 +273,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -387,8 +375,8 @@ def create_or_update( :type workspace_name: str :param automation_rule_id: Automation rule ID. Required. :type automation_rule_id: str - :param automation_rule_to_upsert: The automation rule. Is either a model type or a IO type. - Default value is None. + :param automation_rule_to_upsert: The automation rule. Is either a AutomationRule type or a IO + type. Default value is None. :type automation_rule_to_upsert: ~azure.mgmt.securityinsight.models.AutomationRule or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -409,16 +397,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.AutomationRule] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(automation_rule_to_upsert, (IO, bytes)): + if isinstance(automation_rule_to_upsert, (IOBase, bytes)): _content = automation_rule_to_upsert else: if automation_rule_to_upsert is not None: @@ -442,8 +428,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -494,9 +481,7 @@ def delete(self, resource_group_name: str, workspace_name: str, automation_rule_ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[JSON] = kwargs.pop("cls", None) request = build_delete_request( @@ -512,8 +497,9 @@ def delete(self, resource_group_name: str, workspace_name: str, automation_rule_ request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -554,9 +540,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.AutomationRulesList] = kwargs.pop("cls", None) error_map = { @@ -610,8 +594,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_billing_statistics_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_billing_statistics_operations.py new file mode 100644 index 000000000000..7da42fadd49b --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_billing_statistics_operations.py @@ -0,0 +1,299 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Iterable, Optional, TypeVar +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, workspace_name: str, billing_statistic_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics/{billingStatisticName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "billingStatisticName": _SERIALIZER.url( + "billing_statistic_name", billing_statistic_name, "str", pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class BillingStatisticsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`billing_statistics` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, resource_group_name: str, workspace_name: str, **kwargs: Any + ) -> Iterable["_models.BillingStatistic"]: + """Gets all Microsoft Sentinel billing statistics. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either BillingStatistic or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.BillingStatistic] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.BillingStatisticList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("BillingStatisticList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics" + } + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, billing_statistic_name: str, **kwargs: Any + ) -> _models.BillingStatistic: + """Gets a billing statistic. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param billing_statistic_name: The name of the billing statistic. Required. + :type billing_statistic_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: BillingStatistic or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.BillingStatistic + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.BillingStatistic] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + billing_statistic_name=billing_statistic_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("BillingStatistic", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics/{billingStatisticName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_operations.py index 493b78b645ee..a13232995a63 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload from azure.core.exceptions import ( @@ -26,12 +26,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -45,9 +41,7 @@ def build_expand_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -72,7 +66,7 @@ def build_expand_request( "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -187,7 +181,7 @@ def expand( :param bookmark_id: Bookmark ID. Required. :type bookmark_id: str :param parameters: The parameters required to execute an expand operation on the given - bookmark. Is either a model type or a IO type. Required. + bookmark. Is either a BookmarkExpandParameters type or a IO type. Required. :type parameters: ~azure.mgmt.securityinsight.models.BookmarkExpandParameters or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -208,16 +202,14 @@ def expand( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.BookmarkExpandResponse] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(parameters, (IO, bytes)): + if isinstance(parameters, (IOBase, bytes)): _content = parameters else: _json = self._serialize.body(parameters, "BookmarkExpandParameters") @@ -238,8 +230,9 @@ def expand( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_relations_operations.py index ea17c2058589..47e51829dd70 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_relations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_relations_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -56,9 +52,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -82,7 +76,7 @@ def build_list_request( "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -112,9 +106,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -139,7 +131,7 @@ def build_get_request( "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -161,9 +153,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -189,7 +179,7 @@ def build_create_or_update_request( "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -213,9 +203,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -240,7 +228,7 @@ def build_delete_request( "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -311,9 +299,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.RelationList] = kwargs.pop("cls", None) error_map = { @@ -372,8 +358,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -420,9 +407,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) request = build_get_request( @@ -439,8 +424,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -549,7 +535,7 @@ def create_or_update( :type bookmark_id: str :param relation_name: Relation Name. Required. :type relation_name: str - :param relation: The relation model. Is either a model type or a IO type. Required. + :param relation: The relation model. Is either a Relation type or a IO type. Required. :type relation: ~azure.mgmt.securityinsight.models.Relation or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -570,16 +556,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(relation, (IO, bytes)): + if isinstance(relation, (IOBase, bytes)): _content = relation else: _json = self._serialize.body(relation, "Relation") @@ -601,8 +585,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -657,9 +642,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -676,8 +659,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmarks_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmarks_operations.py index 3f7b2f8ad3de..07dc7e70995a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmarks_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmarks_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +43,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -72,7 +66,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -89,9 +83,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -115,7 +107,7 @@ def build_get_request( "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -132,9 +124,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -159,7 +149,7 @@ def build_create_or_update_request( "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -178,9 +168,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -204,7 +192,7 @@ def build_delete_request( "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -251,9 +239,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.BookmarkList] = kwargs.pop("cls", None) error_map = { @@ -307,8 +293,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -351,9 +338,7 @@ def get(self, resource_group_name: str, workspace_name: str, bookmark_id: str, * _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Bookmark] = kwargs.pop("cls", None) request = build_get_request( @@ -369,8 +354,9 @@ def get(self, resource_group_name: str, workspace_name: str, bookmark_id: str, * request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -470,7 +456,7 @@ def create_or_update( :type workspace_name: str :param bookmark_id: Bookmark ID. Required. :type bookmark_id: str - :param bookmark: The bookmark. Is either a model type or a IO type. Required. + :param bookmark: The bookmark. Is either a Bookmark type or a IO type. Required. :type bookmark: ~azure.mgmt.securityinsight.models.Bookmark or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -491,16 +477,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Bookmark] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(bookmark, (IO, bytes)): + if isinstance(bookmark, (IOBase, bytes)): _content = bookmark else: _json = self._serialize.body(bookmark, "Bookmark") @@ -521,8 +505,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -575,9 +560,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -593,8 +576,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_package_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_package_operations.py new file mode 100644 index 000000000000..832b70451430 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_package_operations.py @@ -0,0 +1,359 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_install_request( + resource_group_name: str, workspace_name: str, package_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "packageId": _SERIALIZER.url("package_id", package_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_uninstall_request( + resource_group_name: str, workspace_name: str, package_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "packageId": _SERIALIZER.url("package_id", package_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +class ContentPackageOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`content_package` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @overload + def install( + self, + resource_group_name: str, + workspace_name: str, + package_id: str, + package_installation_properties: _models.PackageModel, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.PackageModel: + """Install a package to the workspace. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :param package_installation_properties: Package installation properties. Required. + :type package_installation_properties: ~azure.mgmt.securityinsight.models.PackageModel + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: PackageModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.PackageModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def install( + self, + resource_group_name: str, + workspace_name: str, + package_id: str, + package_installation_properties: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.PackageModel: + """Install a package to the workspace. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :param package_installation_properties: Package installation properties. Required. + :type package_installation_properties: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: PackageModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.PackageModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def install( + self, + resource_group_name: str, + workspace_name: str, + package_id: str, + package_installation_properties: Union[_models.PackageModel, IO], + **kwargs: Any + ) -> _models.PackageModel: + """Install a package to the workspace. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :param package_installation_properties: Package installation properties. Is either a + PackageModel type or a IO type. Required. + :type package_installation_properties: ~azure.mgmt.securityinsight.models.PackageModel or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: PackageModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.PackageModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.PackageModel] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(package_installation_properties, (IOBase, bytes)): + _content = package_installation_properties + else: + _json = self._serialize.body(package_installation_properties, "PackageModel") + + request = build_install_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + package_id=package_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.install.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("PackageModel", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("PackageModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + install.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}" + } + + @distributed_trace + def uninstall( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, package_id: str, **kwargs: Any + ) -> None: + """Uninstall a package from the workspace. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_uninstall_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + package_id=package_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.uninstall.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + uninstall.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_packages_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_packages_operations.py new file mode 100644 index 000000000000..b0b2dd8f0c9e --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_packages_operations.py @@ -0,0 +1,334 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Iterable, Optional, TypeVar +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if filter is not None: + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, workspace_name: str, package_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "packageId": _SERIALIZER.url("package_id", package_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class ContentPackagesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`content_packages` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.PackageModel"]: + """Gets all installed packages. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either PackageModel or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.PackageModel] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.PackageList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("PackageList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages" + } + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, package_id: str, **kwargs: Any + ) -> _models.PackageModel: + """Gets an installed packages by its id. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: PackageModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.PackageModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.PackageModel] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + package_id=package_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("PackageModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_template_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_template_operations.py new file mode 100644 index 000000000000..668de59f0392 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_template_operations.py @@ -0,0 +1,467 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_install_request( + resource_group_name: str, workspace_name: str, template_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "templateId": _SERIALIZER.url("template_id", template_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, workspace_name: str, template_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "templateId": _SERIALIZER.url("template_id", template_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, workspace_name: str, template_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "templateId": _SERIALIZER.url("template_id", template_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +class ContentTemplateOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`content_template` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @overload + def install( + self, + resource_group_name: str, + workspace_name: str, + template_id: str, + template_installation_properties: _models.TemplateModel, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.TemplateModel: + """Install a template. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :param template_installation_properties: Template installation properties. Required. + :type template_installation_properties: ~azure.mgmt.securityinsight.models.TemplateModel + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TemplateModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TemplateModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def install( + self, + resource_group_name: str, + workspace_name: str, + template_id: str, + template_installation_properties: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.TemplateModel: + """Install a template. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :param template_installation_properties: Template installation properties. Required. + :type template_installation_properties: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TemplateModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TemplateModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def install( + self, + resource_group_name: str, + workspace_name: str, + template_id: str, + template_installation_properties: Union[_models.TemplateModel, IO], + **kwargs: Any + ) -> _models.TemplateModel: + """Install a template. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :param template_installation_properties: Template installation properties. Is either a + TemplateModel type or a IO type. Required. + :type template_installation_properties: ~azure.mgmt.securityinsight.models.TemplateModel or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TemplateModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TemplateModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.TemplateModel] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(template_installation_properties, (IOBase, bytes)): + _content = template_installation_properties + else: + _json = self._serialize.body(template_installation_properties, "TemplateModel") + + request = build_install_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + template_id=template_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.install.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("TemplateModel", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("TemplateModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + install.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}" + } + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, template_id: str, **kwargs: Any + ) -> _models.TemplateModel: + """Gets a template byt its identifier. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TemplateModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TemplateModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.TemplateModel] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + template_id=template_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("TemplateModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}" + } + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, template_id: str, **kwargs: Any + ) -> None: + """Delete an installed template. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + template_id=template_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_templates_operations.py new file mode 100644 index 000000000000..febc2ada0e50 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_content_templates_operations.py @@ -0,0 +1,226 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Iterable, Optional, TypeVar +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if filter is not None: + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class ContentTemplatesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`content_templates` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.TemplateModel"]: + """Gets all installed templates. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either TemplateModel or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.TemplateModel] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.TemplateList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("TemplateList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connector_definitions_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connector_definitions_operations.py new file mode 100644 index 000000000000..704cb7a23927 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connector_definitions_operations.py @@ -0,0 +1,621 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, + workspace_name: str, + data_connector_definition_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "dataConnectorDefinitionName": _SERIALIZER.url( + "data_connector_definition_name", data_connector_definition_name, "str", pattern=r"^[a-z0-9A-Z-_]*$" + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_or_update_request( + resource_group_name: str, + workspace_name: str, + data_connector_definition_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "dataConnectorDefinitionName": _SERIALIZER.url( + "data_connector_definition_name", data_connector_definition_name, "str", pattern=r"^[a-z0-9A-Z-_]*$" + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, + workspace_name: str, + data_connector_definition_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "dataConnectorDefinitionName": _SERIALIZER.url( + "data_connector_definition_name", data_connector_definition_name, "str", pattern=r"^[a-z0-9A-Z-_]*$" + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +class DataConnectorDefinitionsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`data_connector_definitions` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, resource_group_name: str, workspace_name: str, **kwargs: Any + ) -> Iterable["_models.DataConnectorDefinition"]: + """Gets all data connector definitions. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either DataConnectorDefinition or the result of + cls(response) + :rtype: + ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.DataConnectorDefinition] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.DataConnectorDefinitionArmCollectionWrapper] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("DataConnectorDefinitionArmCollectionWrapper", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions" + } + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, data_connector_definition_name: str, **kwargs: Any + ) -> _models.DataConnectorDefinition: + """Gets a data connector definition. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_definition_name: The data connector definition name. Required. + :type data_connector_definition_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorDefinition or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorDefinition + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.DataConnectorDefinition] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_definition_name=data_connector_definition_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("DataConnectorDefinition", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}" + } + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + data_connector_definition_name: str, + connector_definition_input: _models.DataConnectorDefinition, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.DataConnectorDefinition: + """Creates or updates the data connector definition. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_definition_name: The data connector definition name. Required. + :type data_connector_definition_name: str + :param connector_definition_input: The data connector definition. Required. + :type connector_definition_input: ~azure.mgmt.securityinsight.models.DataConnectorDefinition + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorDefinition or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorDefinition + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + data_connector_definition_name: str, + connector_definition_input: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.DataConnectorDefinition: + """Creates or updates the data connector definition. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_definition_name: The data connector definition name. Required. + :type data_connector_definition_name: str + :param connector_definition_input: The data connector definition. Required. + :type connector_definition_input: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorDefinition or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorDefinition + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + data_connector_definition_name: str, + connector_definition_input: Union[_models.DataConnectorDefinition, IO], + **kwargs: Any + ) -> _models.DataConnectorDefinition: + """Creates or updates the data connector definition. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_definition_name: The data connector definition name. Required. + :type data_connector_definition_name: str + :param connector_definition_input: The data connector definition. Is either a + DataConnectorDefinition type or a IO type. Required. + :type connector_definition_input: ~azure.mgmt.securityinsight.models.DataConnectorDefinition or + IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorDefinition or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorDefinition + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.DataConnectorDefinition] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(connector_definition_input, (IOBase, bytes)): + _content = connector_definition_input + else: + _json = self._serialize.body(connector_definition_input, "DataConnectorDefinition") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_definition_name=data_connector_definition_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("DataConnectorDefinition", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("DataConnectorDefinition", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}" + } + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, data_connector_definition_name: str, **kwargs: Any + ) -> None: + """Delete the data connector definition. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_definition_name: The data connector definition name. Required. + :type data_connector_definition_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_definition_name=data_connector_definition_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_check_requirements_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_check_requirements_operations.py index a443aede96d7..0a7eef9aafab 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_check_requirements_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_check_requirements_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload from azure.core.exceptions import ( @@ -26,12 +26,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -45,9 +41,7 @@ def build_post_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -71,7 +65,7 @@ def build_post_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -178,7 +172,7 @@ def post( :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param data_connectors_check_requirements: The parameters for requirements check message. Is - either a model type or a IO type. Required. + either a DataConnectorsCheckRequirements type or a IO type. Required. :type data_connectors_check_requirements: ~azure.mgmt.securityinsight.models.DataConnectorsCheckRequirements or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -200,16 +194,14 @@ def post( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.DataConnectorRequirementsState] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(data_connectors_check_requirements, (IO, bytes)): + if isinstance(data_connectors_check_requirements, (IOBase, bytes)): _content = data_connectors_check_requirements else: _json = self._serialize.body(data_connectors_check_requirements, "DataConnectorsCheckRequirements") @@ -229,8 +221,9 @@ def post( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_operations.py index d0adeeadb0c8..a1689a399ca1 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +43,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -72,7 +66,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -89,9 +83,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -115,7 +107,7 @@ def build_get_request( "dataConnectorId": _SERIALIZER.url("data_connector_id", data_connector_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -132,9 +124,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -159,7 +149,7 @@ def build_create_or_update_request( "dataConnectorId": _SERIALIZER.url("data_connector_id", data_connector_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -178,9 +168,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -204,7 +192,7 @@ def build_delete_request( "dataConnectorId": _SERIALIZER.url("data_connector_id", data_connector_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -221,9 +209,7 @@ def build_connect_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -248,7 +234,7 @@ def build_connect_request( "dataConnectorId": _SERIALIZER.url("data_connector_id", data_connector_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -267,9 +253,7 @@ def build_disconnect_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -293,7 +277,7 @@ def build_disconnect_request( "dataConnectorId": _SERIALIZER.url("data_connector_id", data_connector_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -340,9 +324,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.DataConnectorList] = kwargs.pop("cls", None) error_map = { @@ -396,8 +378,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -442,9 +425,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.DataConnector] = kwargs.pop("cls", None) request = build_get_request( @@ -460,8 +441,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -561,7 +543,8 @@ def create_or_update( :type workspace_name: str :param data_connector_id: Connector ID. Required. :type data_connector_id: str - :param data_connector: The data connector. Is either a model type or a IO type. Required. + :param data_connector: The data connector. Is either a DataConnector type or a IO type. + Required. :type data_connector: ~azure.mgmt.securityinsight.models.DataConnector or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -582,16 +565,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.DataConnector] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(data_connector, (IO, bytes)): + if isinstance(data_connector, (IOBase, bytes)): _content = data_connector else: _json = self._serialize.body(data_connector, "DataConnector") @@ -612,8 +593,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -666,9 +648,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -684,8 +664,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -781,7 +762,8 @@ def connect( # pylint: disable=inconsistent-return-statements :type workspace_name: str :param data_connector_id: Connector ID. Required. :type data_connector_id: str - :param connect_body: The data connector. Is either a model type or a IO type. Required. + :param connect_body: The data connector. Is either a DataConnectorConnectBody type or a IO + type. Required. :type connect_body: ~azure.mgmt.securityinsight.models.DataConnectorConnectBody or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -802,16 +784,14 @@ def connect( # pylint: disable=inconsistent-return-statements _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[None] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(connect_body, (IO, bytes)): + if isinstance(connect_body, (IOBase, bytes)): _content = connect_body else: _json = self._serialize.body(connect_body, "DataConnectorConnectBody") @@ -832,8 +812,9 @@ def connect( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -878,9 +859,7 @@ def disconnect( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_disconnect_request( @@ -896,8 +875,9 @@ def disconnect( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_domain_whois_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_domain_whois_operations.py index ce39a050336d..de13c0c009ec 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_domain_whois_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_domain_whois_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -26,12 +25,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -43,9 +38,7 @@ def build_get_request(resource_group_name: str, subscription_id: str, *, domain: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -60,7 +53,7 @@ def build_get_request(resource_group_name: str, subscription_id: str, *, domain: ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -116,9 +109,7 @@ def get(self, resource_group_name: str, domain: str, **kwargs: Any) -> _models.E _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EnrichmentDomainWhois] = kwargs.pop("cls", None) request = build_get_request( @@ -133,8 +124,9 @@ def get(self, resource_group_name: str, domain: str, **kwargs: Any) -> _models.E request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_get_timeline_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_get_timeline_operations.py index 0cdd1ffdd887..20f09356ceab 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_get_timeline_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_get_timeline_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload from azure.core.exceptions import ( @@ -26,12 +26,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -45,9 +41,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -72,7 +66,7 @@ def build_list_request( "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -187,7 +181,7 @@ def list( :param entity_id: entity ID. Required. :type entity_id: str :param parameters: The parameters required to execute an timeline operation on the given - entity. Is either a model type or a IO type. Required. + entity. Is either a EntityTimelineParameters type or a IO type. Required. :type parameters: ~azure.mgmt.securityinsight.models.EntityTimelineParameters or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -208,16 +202,14 @@ def list( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.EntityTimelineResponse] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(parameters, (IO, bytes)): + if isinstance(parameters, (IOBase, bytes)): _content = parameters else: _json = self._serialize.body(parameters, "EntityTimelineParameters") @@ -238,8 +230,9 @@ def list( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_operations.py index 7a25ea360d46..fa0068df3728 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -41,15 +37,57 @@ _SERIALIZER.client_side_validation = False +def build_run_playbook_request( + resource_group_name: str, workspace_name: str, entity_identifier: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityIdentifier}/runPlaybook", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "entityIdentifier": _SERIALIZER.url("entity_identifier", entity_identifier, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) + + def build_list_request( resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -72,7 +110,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -89,9 +127,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -115,7 +151,7 @@ def build_get_request( "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -132,9 +168,7 @@ def build_expand_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -159,7 +193,7 @@ def build_expand_request( "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -184,9 +218,7 @@ def build_queries_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -210,7 +242,7 @@ def build_queries_request( "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -228,9 +260,7 @@ def build_get_insights_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -255,7 +285,7 @@ def build_get_insights_request( "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -287,6 +317,159 @@ def __init__(self, *args, **kwargs): self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + @overload + def run_playbook( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + entity_identifier: str, + request_body: Optional[_models.EntityManualTriggerRequestBody] = None, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> None: + """Triggers playbook on a specific entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_identifier: Entity identifier. Required. + :type entity_identifier: str + :param request_body: Describes the request body for triggering a playbook on an entity. Default + value is None. + :type request_body: ~azure.mgmt.securityinsight.models.EntityManualTriggerRequestBody + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def run_playbook( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + entity_identifier: str, + request_body: Optional[IO] = None, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> None: + """Triggers playbook on a specific entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_identifier: Entity identifier. Required. + :type entity_identifier: str + :param request_body: Describes the request body for triggering a playbook on an entity. Default + value is None. + :type request_body: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def run_playbook( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + entity_identifier: str, + request_body: Optional[Union[_models.EntityManualTriggerRequestBody, IO]] = None, + **kwargs: Any + ) -> None: + """Triggers playbook on a specific entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_identifier: Entity identifier. Required. + :type entity_identifier: str + :param request_body: Describes the request body for triggering a playbook on an entity. Is + either a EntityManualTriggerRequestBody type or a IO type. Default value is None. + :type request_body: ~azure.mgmt.securityinsight.models.EntityManualTriggerRequestBody or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[None] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(request_body, (IOBase, bytes)): + _content = request_body + else: + if request_body is not None: + _json = self._serialize.body(request_body, "EntityManualTriggerRequestBody") + else: + _json = None + + request = build_run_playbook_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_identifier=entity_identifier, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.run_playbook.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + run_playbook.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityIdentifier}/runPlaybook" + } + @distributed_trace def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> Iterable["_models.Entity"]: """Gets all entities. @@ -304,9 +487,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EntityList] = kwargs.pop("cls", None) error_map = { @@ -360,8 +541,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -404,9 +586,7 @@ def get(self, resource_group_name: str, workspace_name: str, entity_id: str, **k _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Entity] = kwargs.pop("cls", None) request = build_get_request( @@ -422,8 +602,9 @@ def get(self, resource_group_name: str, workspace_name: str, entity_id: str, **k request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -526,7 +707,7 @@ def expand( :param entity_id: entity ID. Required. :type entity_id: str :param parameters: The parameters required to execute an expand operation on the given entity. - Is either a model type or a IO type. Required. + Is either a EntityExpandParameters type or a IO type. Required. :type parameters: ~azure.mgmt.securityinsight.models.EntityExpandParameters or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -547,16 +728,14 @@ def expand( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.EntityExpandResponse] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(parameters, (IO, bytes)): + if isinstance(parameters, (IOBase, bytes)): _content = parameters else: _json = self._serialize.body(parameters, "EntityExpandParameters") @@ -577,8 +756,9 @@ def expand( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -634,9 +814,7 @@ def queries( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.GetQueriesResponse] = kwargs.pop("cls", None) request = build_queries_request( @@ -653,8 +831,9 @@ def queries( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -755,7 +934,7 @@ def get_insights( :param entity_id: entity ID. Required. :type entity_id: str :param parameters: The parameters required to execute insights on the given entity. Is either a - model type or a IO type. Required. + EntityGetInsightsParameters type or a IO type. Required. :type parameters: ~azure.mgmt.securityinsight.models.EntityGetInsightsParameters or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -776,16 +955,14 @@ def get_insights( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.EntityGetInsightsResponse] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(parameters, (IO, bytes)): + if isinstance(parameters, (IOBase, bytes)): _content = parameters else: _json = self._serialize.body(parameters, "EntityGetInsightsParameters") @@ -806,8 +983,9 @@ def get_insights( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_relations_operations.py index e160a77e83f7..1c392bf30b15 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_relations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_relations_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Iterable, Optional, TypeVar import urllib.parse @@ -28,12 +27,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -56,9 +51,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -82,7 +75,7 @@ def build_list_request( "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -161,9 +154,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.RelationList] = kwargs.pop("cls", None) error_map = { @@ -222,8 +213,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_queries_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_queries_operations.py index 89f9d636c466..a1bd934503ba 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_queries_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_queries_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -46,15 +42,13 @@ def build_list_request( workspace_name: str, subscription_id: str, *, - kind: Optional[Union[str, _models.Enum13]] = None, + kind: Optional[Union[str, _models.Enum20]] = None, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -77,7 +71,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters if kind is not None: @@ -96,9 +90,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -122,7 +114,7 @@ def build_get_request( "entityQueryId": _SERIALIZER.url("entity_query_id", entity_query_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -139,9 +131,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -166,7 +156,7 @@ def build_create_or_update_request( "entityQueryId": _SERIALIZER.url("entity_query_id", entity_query_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -185,9 +175,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -211,7 +199,7 @@ def build_delete_request( "entityQueryId": _SERIALIZER.url("entity_query_id", entity_query_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -246,7 +234,7 @@ def list( self, resource_group_name: str, workspace_name: str, - kind: Optional[Union[str, _models.Enum13]] = None, + kind: Optional[Union[str, _models.Enum20]] = None, **kwargs: Any ) -> Iterable["_models.EntityQuery"]: """Gets all entity queries. @@ -258,7 +246,7 @@ def list( :type workspace_name: str :param kind: The entity query kind we want to fetch. Known values are: "Expansion" and "Activity". Default value is None. - :type kind: str or ~azure.mgmt.securityinsight.models.Enum13 + :type kind: str or ~azure.mgmt.securityinsight.models.Enum20 :keyword callable cls: A custom type or function that will be passed the direct response :return: An iterator like instance of either EntityQuery or the result of cls(response) :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.EntityQuery] @@ -267,9 +255,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EntityQueryList] = kwargs.pop("cls", None) error_map = { @@ -324,8 +310,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -370,9 +357,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EntityQuery] = kwargs.pop("cls", None) request = build_get_request( @@ -388,8 +373,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -489,8 +475,8 @@ def create_or_update( :type workspace_name: str :param entity_query_id: entity query ID. Required. :type entity_query_id: str - :param entity_query: The entity query we want to create or update. Is either a model type or a - IO type. Required. + :param entity_query: The entity query we want to create or update. Is either a + CustomEntityQuery type or a IO type. Required. :type entity_query: ~azure.mgmt.securityinsight.models.CustomEntityQuery or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -511,16 +497,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.EntityQuery] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(entity_query, (IO, bytes)): + if isinstance(entity_query, (IOBase, bytes)): _content = entity_query else: _json = self._serialize.body(entity_query, "CustomEntityQuery") @@ -541,8 +525,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -595,9 +580,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -613,8 +596,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_query_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_query_templates_operations.py index cd961f94a317..3d9fac40328b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_query_templates_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_query_templates_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Iterable, Optional, TypeVar, Union import urllib.parse @@ -28,12 +27,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -46,15 +41,13 @@ def build_list_request( workspace_name: str, subscription_id: str, *, - kind: Optional[Union[str, _models.Enum15]] = None, + kind: Optional[Union[str, _models.Enum22]] = None, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -77,7 +70,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters if kind is not None: @@ -96,9 +89,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -122,7 +113,7 @@ def build_get_request( "entityQueryTemplateId": _SERIALIZER.url("entity_query_template_id", entity_query_template_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -157,7 +148,7 @@ def list( self, resource_group_name: str, workspace_name: str, - kind: Optional[Union[str, _models.Enum15]] = None, + kind: Optional[Union[str, _models.Enum22]] = None, **kwargs: Any ) -> Iterable["_models.EntityQueryTemplate"]: """Gets all entity query templates. @@ -168,7 +159,7 @@ def list( :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param kind: The entity template query kind we want to fetch. "Activity" Default value is None. - :type kind: str or ~azure.mgmt.securityinsight.models.Enum15 + :type kind: str or ~azure.mgmt.securityinsight.models.Enum22 :keyword callable cls: A custom type or function that will be passed the direct response :return: An iterator like instance of either EntityQueryTemplate or the result of cls(response) :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.EntityQueryTemplate] @@ -177,9 +168,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EntityQueryTemplateList] = kwargs.pop("cls", None) error_map = { @@ -234,8 +223,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -280,9 +270,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EntityQueryTemplate] = kwargs.pop("cls", None) request = build_get_request( @@ -298,8 +286,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_relations_operations.py index 676e478cc9d2..ddca19d217ce 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_relations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_relations_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -26,12 +25,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -50,9 +45,7 @@ def build_get_relation_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -77,7 +70,7 @@ def build_get_relation_request( "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -138,9 +131,7 @@ def get_relation( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) request = build_get_relation_request( @@ -157,8 +148,9 @@ def get_relation( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_file_imports_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_file_imports_operations.py index 156bf96f7654..e9d9bd030ec0 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_file_imports_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_file_imports_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, cast, overload import urllib.parse @@ -30,12 +30,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -57,9 +53,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -82,7 +76,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -107,9 +101,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -133,7 +125,7 @@ def build_get_request( "fileImportId": _SERIALIZER.url("file_import_id", file_import_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -150,9 +142,7 @@ def build_create_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -177,7 +167,7 @@ def build_create_request( "fileImportId": _SERIALIZER.url("file_import_id", file_import_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -196,9 +186,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -222,7 +210,7 @@ def build_delete_request( "fileImportId": _SERIALIZER.url("file_import_id", file_import_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -290,9 +278,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.FileImportList] = kwargs.pop("cls", None) error_map = { @@ -350,8 +336,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -396,9 +383,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.FileImport] = kwargs.pop("cls", None) request = build_get_request( @@ -414,8 +399,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -515,7 +501,7 @@ def create( :type workspace_name: str :param file_import_id: File import ID. Required. :type file_import_id: str - :param file_import: The file import. Is either a model type or a IO type. Required. + :param file_import: The file import. Is either a FileImport type or a IO type. Required. :type file_import: ~azure.mgmt.securityinsight.models.FileImport or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -536,16 +522,14 @@ def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.FileImport] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(file_import, (IO, bytes)): + if isinstance(file_import, (IOBase, bytes)): _content = file_import else: _json = self._serialize.body(file_import, "FileImport") @@ -566,8 +550,9 @@ def create( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -601,9 +586,7 @@ def _delete_initial( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[Optional[_models.FileImport]] = kwargs.pop("cls", None) request = build_delete_request( @@ -619,8 +602,9 @@ def _delete_initial( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -670,9 +654,7 @@ def begin_delete( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.FileImport] = kwargs.pop("cls", None) polling: Union[bool, PollingMethod] = kwargs.pop("polling", True) lro_delay = kwargs.pop("polling_interval", self._config.polling_interval) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_operations.py index 8d495ea329ef..7c20e4407923 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -26,12 +25,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -45,9 +40,7 @@ def build_single_recommendation_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -71,7 +64,7 @@ def build_single_recommendation_request( "recommendationId": _SERIALIZER.url("recommendation_id", recommendation_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -130,9 +123,7 @@ def single_recommendation( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Recommendation] = kwargs.pop("cls", None) request = build_single_recommendation_request( @@ -148,8 +139,9 @@ def single_recommendation( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_recommendations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_recommendations_operations.py index a6e5f145a99f..f36d1e3bc1b1 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_recommendations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_recommendations_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -26,12 +25,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -45,9 +40,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -70,7 +63,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -125,9 +118,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.RecommendationList] = kwargs.pop("cls", None) request = build_list_request( @@ -142,8 +133,9 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_triggered_analytics_rule_runs_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_triggered_analytics_rule_runs_operations.py new file mode 100644 index 000000000000..310ca6000492 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_get_triggered_analytics_rule_runs_operations.py @@ -0,0 +1,189 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Iterable, Optional, TypeVar +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class GetTriggeredAnalyticsRuleRunsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`get_triggered_analytics_rule_runs` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, resource_group_name: str, workspace_name: str, **kwargs: Any + ) -> Iterable["_models.TriggeredAnalyticsRuleRun"]: + """Gets the triggered analytics rule runs. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either TriggeredAnalyticsRuleRun or the result of + cls(response) + :rtype: + ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.TriggeredAnalyticsRuleRun] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.TriggeredAnalyticsRuleRuns] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("TriggeredAnalyticsRuleRuns", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunt_comments_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunt_comments_operations.py new file mode 100644 index 000000000000..79749bfd923d --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunt_comments_operations.py @@ -0,0 +1,678 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + hunt_id: str, + subscription_id: str, + *, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if filter is not None: + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_comment_id: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + "huntCommentId": _SERIALIZER.url("hunt_comment_id", hunt_comment_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_comment_id: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + "huntCommentId": _SERIALIZER.url("hunt_comment_id", hunt_comment_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_or_update_request( + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_comment_id: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + "huntCommentId": _SERIALIZER.url("hunt_comment_id", hunt_comment_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +class HuntCommentsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`hunt_comments` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.HuntComment"]: + """Gets all hunt comments. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either HuntComment or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.HuntComment] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.HuntCommentList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("HuntCommentList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments" + } + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, hunt_id: str, hunt_comment_id: str, **kwargs: Any + ) -> _models.HuntComment: + """Gets a hunt comment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_comment_id: The hunt comment id (GUID). Required. + :type hunt_comment_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntComment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntComment + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.HuntComment] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_comment_id=hunt_comment_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("HuntComment", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}" + } + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, hunt_id: str, hunt_comment_id: str, **kwargs: Any + ) -> None: + """Delete a hunt comment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_comment_id: The hunt comment id (GUID). Required. + :type hunt_comment_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_comment_id=hunt_comment_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}" + } + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_comment_id: str, + hunt_comment: _models.HuntComment, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.HuntComment: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_comment_id: The hunt comment id (GUID). Required. + :type hunt_comment_id: str + :param hunt_comment: The hunt comment. Required. + :type hunt_comment: ~azure.mgmt.securityinsight.models.HuntComment + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntComment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntComment + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_comment_id: str, + hunt_comment: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.HuntComment: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_comment_id: The hunt comment id (GUID). Required. + :type hunt_comment_id: str + :param hunt_comment: The hunt comment. Required. + :type hunt_comment: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntComment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntComment + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_comment_id: str, + hunt_comment: Union[_models.HuntComment, IO], + **kwargs: Any + ) -> _models.HuntComment: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_comment_id: The hunt comment id (GUID). Required. + :type hunt_comment_id: str + :param hunt_comment: The hunt comment. Is either a HuntComment type or a IO type. Required. + :type hunt_comment: ~azure.mgmt.securityinsight.models.HuntComment or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntComment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntComment + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.HuntComment] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(hunt_comment, (IOBase, bytes)): + _content = hunt_comment + else: + _json = self._serialize.body(hunt_comment, "HuntComment") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_comment_id=hunt_comment_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("HuntComment", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("HuntComment", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunt_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunt_relations_operations.py new file mode 100644 index 000000000000..d7767f24c747 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunt_relations_operations.py @@ -0,0 +1,678 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + hunt_id: str, + subscription_id: str, + *, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if filter is not None: + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_relation_id: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + "huntRelationId": _SERIALIZER.url("hunt_relation_id", hunt_relation_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_relation_id: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + "huntRelationId": _SERIALIZER.url("hunt_relation_id", hunt_relation_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_or_update_request( + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_relation_id: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + "huntRelationId": _SERIALIZER.url("hunt_relation_id", hunt_relation_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +class HuntRelationsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`hunt_relations` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.HuntRelation"]: + """Gets all hunt relations. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either HuntRelation or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.HuntRelation] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.HuntRelationList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("HuntRelationList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations" + } + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, hunt_id: str, hunt_relation_id: str, **kwargs: Any + ) -> _models.HuntRelation: + """Gets a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_relation_id: The hunt relation id (GUID). Required. + :type hunt_relation_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntRelation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntRelation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.HuntRelation] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_relation_id=hunt_relation_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("HuntRelation", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}" + } + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, hunt_id: str, hunt_relation_id: str, **kwargs: Any + ) -> None: + """Delete a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_relation_id: The hunt relation id (GUID). Required. + :type hunt_relation_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_relation_id=hunt_relation_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}" + } + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_relation_id: str, + hunt_relation: _models.HuntRelation, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.HuntRelation: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_relation_id: The hunt relation id (GUID). Required. + :type hunt_relation_id: str + :param hunt_relation: The hunt relation. Required. + :type hunt_relation: ~azure.mgmt.securityinsight.models.HuntRelation + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntRelation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntRelation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_relation_id: str, + hunt_relation: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.HuntRelation: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_relation_id: The hunt relation id (GUID). Required. + :type hunt_relation_id: str + :param hunt_relation: The hunt relation. Required. + :type hunt_relation: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntRelation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntRelation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt_relation_id: str, + hunt_relation: Union[_models.HuntRelation, IO], + **kwargs: Any + ) -> _models.HuntRelation: + """Creates or updates a hunt relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt_relation_id: The hunt relation id (GUID). Required. + :type hunt_relation_id: str + :param hunt_relation: The hunt relation. Is either a HuntRelation type or a IO type. Required. + :type hunt_relation: ~azure.mgmt.securityinsight.models.HuntRelation or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: HuntRelation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.HuntRelation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.HuntRelation] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(hunt_relation, (IOBase, bytes)): + _content = hunt_relation + else: + _json = self._serialize.body(hunt_relation, "HuntRelation") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + hunt_relation_id=hunt_relation_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("HuntRelation", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("HuntRelation", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunts_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunts_operations.py new file mode 100644 index 000000000000..fbcd39213f25 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_hunts_operations.py @@ -0,0 +1,631 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if filter is not None: + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, workspace_name: str, hunt_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, workspace_name: str, hunt_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_or_update_request( + resource_group_name: str, workspace_name: str, hunt_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "huntId": _SERIALIZER.url("hunt_id", hunt_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +class HuntsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`hunts` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.Hunt"]: + """Gets all hunts, without relations and comments. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either Hunt or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.Hunt] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.HuntList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("HuntList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts" + } + + @distributed_trace + def get(self, resource_group_name: str, workspace_name: str, hunt_id: str, **kwargs: Any) -> _models.Hunt: + """Gets a hunt, without relations and comments. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Hunt or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Hunt + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.Hunt] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Hunt", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}" + } + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, hunt_id: str, **kwargs: Any + ) -> None: + """Delete a hunt. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}" + } + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt: _models.Hunt, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Hunt: + """Create or update a hunt. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt: The hunt. Required. + :type hunt: ~azure.mgmt.securityinsight.models.Hunt + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Hunt or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Hunt + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + hunt_id: str, + hunt: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Hunt: + """Create or update a hunt. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt: The hunt. Required. + :type hunt: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Hunt or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Hunt + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, resource_group_name: str, workspace_name: str, hunt_id: str, hunt: Union[_models.Hunt, IO], **kwargs: Any + ) -> _models.Hunt: + """Create or update a hunt. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param hunt_id: The hunt id (GUID). Required. + :type hunt_id: str + :param hunt: The hunt. Is either a Hunt type or a IO type. Required. + :type hunt: ~azure.mgmt.securityinsight.models.Hunt or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Hunt or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Hunt + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.Hunt] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(hunt, (IOBase, bytes)): + _content = hunt + else: + _json = self._serialize.body(hunt, "Hunt") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + hunt_id=hunt_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("Hunt", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("Hunt", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_comments_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_comments_operations.py index 8b63ffbf0831..015ed0f635e2 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_comments_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_comments_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -56,9 +52,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -82,7 +76,7 @@ def build_list_request( "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -112,9 +106,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -139,7 +131,7 @@ def build_get_request( "incidentCommentId": _SERIALIZER.url("incident_comment_id", incident_comment_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -161,9 +153,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -189,7 +179,7 @@ def build_create_or_update_request( "incidentCommentId": _SERIALIZER.url("incident_comment_id", incident_comment_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -213,9 +203,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -240,7 +228,7 @@ def build_delete_request( "incidentCommentId": _SERIALIZER.url("incident_comment_id", incident_comment_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -311,9 +299,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentCommentList] = kwargs.pop("cls", None) error_map = { @@ -372,8 +358,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -420,9 +407,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentComment] = kwargs.pop("cls", None) request = build_get_request( @@ -439,8 +424,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -549,7 +535,8 @@ def create_or_update( :type incident_id: str :param incident_comment_id: Incident comment ID. Required. :type incident_comment_id: str - :param incident_comment: The incident comment. Is either a model type or a IO type. Required. + :param incident_comment: The incident comment. Is either a IncidentComment type or a IO type. + Required. :type incident_comment: ~azure.mgmt.securityinsight.models.IncidentComment or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -570,16 +557,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.IncidentComment] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(incident_comment, (IO, bytes)): + if isinstance(incident_comment, (IOBase, bytes)): _content = incident_comment else: _json = self._serialize.body(incident_comment, "IncidentComment") @@ -601,8 +586,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -657,9 +643,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -676,8 +660,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_relations_operations.py index 4c9164691097..5f99261e9bf5 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_relations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_relations_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -56,9 +52,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -82,7 +76,7 @@ def build_list_request( "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -112,9 +106,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -139,7 +131,7 @@ def build_get_request( "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -161,9 +153,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -189,7 +179,7 @@ def build_create_or_update_request( "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -213,9 +203,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -240,7 +228,7 @@ def build_delete_request( "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -311,9 +299,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.RelationList] = kwargs.pop("cls", None) error_map = { @@ -372,8 +358,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -420,9 +407,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) request = build_get_request( @@ -439,8 +424,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -549,7 +535,7 @@ def create_or_update( :type incident_id: str :param relation_name: Relation Name. Required. :type relation_name: str - :param relation: The relation model. Is either a model type or a IO type. Required. + :param relation: The relation model. Is either a Relation type or a IO type. Required. :type relation: ~azure.mgmt.securityinsight.models.Relation or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -570,16 +556,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Relation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(relation, (IO, bytes)): + if isinstance(relation, (IOBase, bytes)): _content = relation else: _json = self._serialize.body(relation, "Relation") @@ -601,8 +585,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -657,9 +642,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -676,8 +659,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_tasks_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_tasks_operations.py index 95ff858a910f..9ee1320ca2ab 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_tasks_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_tasks_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +43,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -73,7 +67,7 @@ def build_list_request( "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -95,9 +89,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -122,7 +114,7 @@ def build_get_request( "incidentTaskId": _SERIALIZER.url("incident_task_id", incident_task_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -144,9 +136,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -172,7 +162,7 @@ def build_create_or_update_request( "incidentTaskId": _SERIALIZER.url("incident_task_id", incident_task_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -196,9 +186,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -223,7 +211,7 @@ def build_delete_request( "incidentTaskId": _SERIALIZER.url("incident_task_id", incident_task_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -274,9 +262,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentTaskList] = kwargs.pop("cls", None) error_map = { @@ -331,8 +317,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -379,9 +366,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentTask] = kwargs.pop("cls", None) request = build_get_request( @@ -398,8 +383,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -508,7 +494,7 @@ def create_or_update( :type incident_id: str :param incident_task_id: Incident task ID. Required. :type incident_task_id: str - :param incident_task: The incident task. Is either a model type or a IO type. Required. + :param incident_task: The incident task. Is either a IncidentTask type or a IO type. Required. :type incident_task: ~azure.mgmt.securityinsight.models.IncidentTask or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -529,16 +515,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.IncidentTask] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(incident_task, (IO, bytes)): + if isinstance(incident_task, (IOBase, bytes)): _content = incident_task else: _json = self._serialize.body(incident_task, "IncidentTask") @@ -560,8 +544,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -616,9 +601,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -635,8 +618,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incidents_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incidents_operations.py index fcbe3e15a34c..ffd5e3614829 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incidents_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incidents_operations.py @@ -6,6 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- +from io import IOBase import sys from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,16 +29,12 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request if sys.version_info >= (3, 9): from collections.abc import MutableMapping else: from typing import MutableMapping # type: ignore # pylint: disable=ungrouped-imports -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports JSON = MutableMapping[str, Any] # pylint: disable=unsubscriptable-object T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -52,9 +49,7 @@ def build_run_playbook_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -79,7 +74,7 @@ def build_run_playbook_request( "incidentIdentifier": _SERIALIZER.url("incident_identifier", incident_identifier, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -106,9 +101,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -131,7 +124,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -156,9 +149,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -182,7 +173,7 @@ def build_get_request( "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -199,9 +190,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -226,7 +215,7 @@ def build_create_or_update_request( "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -245,9 +234,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -271,7 +258,7 @@ def build_delete_request( "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -288,9 +275,7 @@ def build_create_team_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -315,7 +300,7 @@ def build_create_team_request( "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -334,9 +319,7 @@ def build_list_alerts_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -360,7 +343,7 @@ def build_list_alerts_request( "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -377,9 +360,7 @@ def build_list_bookmarks_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -403,7 +384,7 @@ def build_list_bookmarks_request( "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -420,9 +401,7 @@ def build_list_entities_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -446,7 +425,7 @@ def build_list_entities_request( "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -556,7 +535,8 @@ def run_playbook( :type workspace_name: str :param incident_identifier: Required. :type incident_identifier: str - :param request_body: Is either a model type or a IO type. Default value is None. + :param request_body: Is either a ManualTriggerRequestBody type or a IO type. Default value is + None. :type request_body: ~azure.mgmt.securityinsight.models.ManualTriggerRequestBody or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -577,16 +557,14 @@ def run_playbook( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[JSON] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(request_body, (IO, bytes)): + if isinstance(request_body, (IOBase, bytes)): _content = request_body else: if request_body is not None: @@ -610,8 +588,9 @@ def run_playbook( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -669,9 +648,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentList] = kwargs.pop("cls", None) error_map = { @@ -729,8 +706,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -773,9 +751,7 @@ def get(self, resource_group_name: str, workspace_name: str, incident_id: str, * _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Incident] = kwargs.pop("cls", None) request = build_get_request( @@ -791,8 +767,9 @@ def get(self, resource_group_name: str, workspace_name: str, incident_id: str, * request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -892,7 +869,7 @@ def create_or_update( :type workspace_name: str :param incident_id: Incident ID. Required. :type incident_id: str - :param incident: The incident. Is either a model type or a IO type. Required. + :param incident: The incident. Is either a Incident type or a IO type. Required. :type incident: ~azure.mgmt.securityinsight.models.Incident or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -913,16 +890,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Incident] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(incident, (IO, bytes)): + if isinstance(incident, (IOBase, bytes)): _content = incident else: _json = self._serialize.body(incident, "Incident") @@ -943,8 +918,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -997,9 +973,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -1015,8 +989,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -1115,7 +1090,8 @@ def create_team( :type workspace_name: str :param incident_id: Incident ID. Required. :type incident_id: str - :param team_properties: Team properties. Is either a model type or a IO type. Required. + :param team_properties: Team properties. Is either a TeamInformation type or a IO type. + Required. :type team_properties: ~azure.mgmt.securityinsight.models.TeamInformation or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -1136,16 +1112,14 @@ def create_team( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.TeamInformation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(team_properties, (IO, bytes)): + if isinstance(team_properties, (IOBase, bytes)): _content = team_properties else: _json = self._serialize.body(team_properties, "TeamInformation") @@ -1166,8 +1140,9 @@ def create_team( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -1216,9 +1191,7 @@ def list_alerts( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentAlertList] = kwargs.pop("cls", None) request = build_list_alerts_request( @@ -1234,8 +1207,9 @@ def list_alerts( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -1284,9 +1258,7 @@ def list_bookmarks( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentBookmarkList] = kwargs.pop("cls", None) request = build_list_bookmarks_request( @@ -1302,8 +1274,9 @@ def list_bookmarks( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -1352,9 +1325,7 @@ def list_entities( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.IncidentEntitiesResponse] = kwargs.pop("cls", None) request = build_list_entities_request( @@ -1370,8 +1341,9 @@ def list_entities( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_ip_geodata_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_ip_geodata_operations.py index 89c8e309e108..1de7627b3649 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_ip_geodata_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_ip_geodata_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -26,12 +25,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -43,9 +38,7 @@ def build_get_request(resource_group_name: str, subscription_id: str, *, ip_addr _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -60,7 +53,7 @@ def build_get_request(resource_group_name: str, subscription_id: str, *, ip_addr ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -116,9 +109,7 @@ def get(self, resource_group_name: str, ip_address: str, **kwargs: Any) -> _mode _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.EnrichmentIpGeodata] = kwargs.pop("cls", None) request = build_get_request( @@ -133,8 +124,9 @@ def get(self, resource_group_name: str, ip_address: str, **kwargs: Any) -> _mode request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_metadata_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_metadata_operations.py index 532bea1e8db1..30a84ab25f49 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_metadata_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_metadata_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -55,9 +51,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -80,7 +74,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -105,9 +99,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -128,10 +120,10 @@ def build_get_request( min_length=1, pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", ), - "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str"), + "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str", pattern=r"^\S+$"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -148,9 +140,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -171,10 +161,10 @@ def build_delete_request( min_length=1, pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", ), - "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str"), + "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str", pattern=r"^\S+$"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -191,9 +181,7 @@ def build_create_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -215,10 +203,10 @@ def build_create_request( min_length=1, pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", ), - "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str"), + "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str", pattern=r"^\S+$"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -237,9 +225,7 @@ def build_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -261,10 +247,10 @@ def build_update_request( min_length=1, pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", ), - "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str"), + "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str", pattern=r"^\S+$"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -332,9 +318,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.MetadataList] = kwargs.pop("cls", None) error_map = { @@ -392,8 +376,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -438,9 +423,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.MetadataModel] = kwargs.pop("cls", None) request = build_get_request( @@ -456,8 +439,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -506,9 +490,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -524,8 +506,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -621,7 +604,7 @@ def create( :type workspace_name: str :param metadata_name: The Metadata name. Required. :type metadata_name: str - :param metadata: Metadata resource. Is either a model type or a IO type. Required. + :param metadata: Metadata resource. Is either a MetadataModel type or a IO type. Required. :type metadata: ~azure.mgmt.securityinsight.models.MetadataModel or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -642,16 +625,14 @@ def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.MetadataModel] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(metadata, (IO, bytes)): + if isinstance(metadata, (IOBase, bytes)): _content = metadata else: _json = self._serialize.body(metadata, "MetadataModel") @@ -672,8 +653,9 @@ def create( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -777,7 +759,8 @@ def update( :type workspace_name: str :param metadata_name: The Metadata name. Required. :type metadata_name: str - :param metadata_patch: Partial metadata request. Is either a model type or a IO type. Required. + :param metadata_patch: Partial metadata request. Is either a MetadataPatch type or a IO type. + Required. :type metadata_patch: ~azure.mgmt.securityinsight.models.MetadataPatch or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -798,16 +781,14 @@ def update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.MetadataModel] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(metadata_patch, (IO, bytes)): + if isinstance(metadata_patch, (IOBase, bytes)): _content = metadata_patch else: _json = self._serialize.body(metadata_patch, "MetadataPatch") @@ -828,8 +809,9 @@ def update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_office_consents_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_office_consents_operations.py index 6c185d8b07ac..2ca9d4a03b56 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_office_consents_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_office_consents_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Iterable, Optional, TypeVar import urllib.parse @@ -28,12 +27,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +42,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -72,7 +65,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -89,9 +82,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -115,7 +106,7 @@ def build_get_request( "consentId": _SERIALIZER.url("consent_id", consent_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -132,9 +123,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -158,7 +147,7 @@ def build_delete_request( "consentId": _SERIALIZER.url("consent_id", consent_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -205,9 +194,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.OfficeConsentList] = kwargs.pop("cls", None) error_map = { @@ -261,8 +248,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -307,9 +295,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.OfficeConsent] = kwargs.pop("cls", None) request = build_get_request( @@ -325,8 +311,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -375,9 +362,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -393,8 +378,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_operations.py index e74ff2e56de3..596d00c9c587 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Iterable, Optional, TypeVar import urllib.parse @@ -30,10 +29,6 @@ from .._serialization import Serializer from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -45,9 +40,7 @@ def build_list_request(**kwargs: Any) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -93,9 +86,7 @@ def list(self, **kwargs: Any) -> Iterable["_models.Operation"]: _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.OperationsList] = kwargs.pop("cls", None) error_map = { @@ -146,8 +137,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_package_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_package_operations.py new file mode 100644 index 000000000000..f690147d5227 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_package_operations.py @@ -0,0 +1,162 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Optional, TypeVar + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_get_request( + resource_group_name: str, workspace_name: str, package_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages/{packageId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "packageId": _SERIALIZER.url("package_id", package_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class ProductPackageOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`product_package` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, package_id: str, **kwargs: Any + ) -> _models.ProductPackageModel: + """Gets a package by its identifier from the catalog. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param package_id: package Id. Required. + :type package_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ProductPackageModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ProductPackageModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.ProductPackageModel] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + package_id=package_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("ProductPackageModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages/{packageId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_packages_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_packages_operations.py new file mode 100644 index 000000000000..3a66e6e2ecbe --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_packages_operations.py @@ -0,0 +1,226 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Iterable, Optional, TypeVar +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if filter is not None: + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class ProductPackagesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`product_packages` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.ProductPackageModel"]: + """Gets all packages from the catalog. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either ProductPackageModel or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.ProductPackageModel] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.ProductPackageList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("ProductPackageList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_settings_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_settings_operations.py index 86def718fd40..c524a57672c8 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_settings_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_settings_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload from azure.core.exceptions import ( @@ -26,12 +26,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -45,9 +41,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -70,7 +64,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -87,9 +81,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -113,7 +105,7 @@ def build_get_request( "settingsName": _SERIALIZER.url("settings_name", settings_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -130,9 +122,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -156,7 +146,7 @@ def build_delete_request( "settingsName": _SERIALIZER.url("settings_name", settings_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -173,9 +163,7 @@ def build_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -200,7 +188,7 @@ def build_update_request( "settingsName": _SERIALIZER.url("settings_name", settings_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -257,9 +245,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SettingList] = kwargs.pop("cls", None) request = build_list_request( @@ -274,8 +260,9 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -323,9 +310,7 @@ def get(self, resource_group_name: str, workspace_name: str, settings_name: str, _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Settings] = kwargs.pop("cls", None) request = build_get_request( @@ -341,8 +326,9 @@ def get(self, resource_group_name: str, workspace_name: str, settings_name: str, request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -392,9 +378,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -410,8 +394,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -510,7 +495,7 @@ def update( :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. Required. :type settings_name: str - :param settings: The setting. Is either a model type or a IO type. Required. + :param settings: The setting. Is either a Settings type or a IO type. Required. :type settings: ~azure.mgmt.securityinsight.models.Settings or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -531,16 +516,14 @@ def update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Settings] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(settings, (IO, bytes)): + if isinstance(settings, (IOBase, bytes)): _content = settings else: _json = self._serialize.body(settings, "Settings") @@ -561,8 +544,9 @@ def update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_template_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_template_operations.py new file mode 100644 index 000000000000..2fcd56aee76b --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_template_operations.py @@ -0,0 +1,162 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Optional, TypeVar + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_get_request( + resource_group_name: str, workspace_name: str, template_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentproducttemplates/{templateId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "templateId": _SERIALIZER.url("template_id", template_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class ProductTemplateOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`product_template` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, template_id: str, **kwargs: Any + ) -> _models.ProductTemplateModel: + """Gets a template by its identifier. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param template_id: template Id. Required. + :type template_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ProductTemplateModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ProductTemplateModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.ProductTemplateModel] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + template_id=template_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("ProductTemplateModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentproducttemplates/{templateId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_templates_operations.py new file mode 100644 index 000000000000..f6ccc7f3be30 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_templates_operations.py @@ -0,0 +1,227 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Iterable, Optional, TypeVar +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductTemplates", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if filter is not None: + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class ProductTemplatesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`product_templates` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.ProductTemplateModel"]: + """Gets all templates in the catalog. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either ProductTemplateModel or the result of + cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.ProductTemplateModel] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.ProductTemplateList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("ProductTemplateList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductTemplates" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_security_ml_analytics_settings_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_security_ml_analytics_settings_operations.py index 67f7732a0682..47a3caca8109 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_security_ml_analytics_settings_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_security_ml_analytics_settings_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +43,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -72,7 +66,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -89,9 +83,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -115,7 +107,7 @@ def build_get_request( "settingsResourceName": _SERIALIZER.url("settings_resource_name", settings_resource_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -132,9 +124,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -159,7 +149,7 @@ def build_create_or_update_request( "settingsResourceName": _SERIALIZER.url("settings_resource_name", settings_resource_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -178,9 +168,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -204,7 +192,7 @@ def build_delete_request( "settingsResourceName": _SERIALIZER.url("settings_resource_name", settings_resource_name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -255,9 +243,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SecurityMLAnalyticsSettingsList] = kwargs.pop("cls", None) error_map = { @@ -311,8 +297,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -357,9 +344,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SecurityMLAnalyticsSetting] = kwargs.pop("cls", None) request = build_get_request( @@ -375,8 +360,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -477,8 +463,8 @@ def create_or_update( :type workspace_name: str :param settings_resource_name: Security ML Analytics Settings resource name. Required. :type settings_resource_name: str - :param security_ml_analytics_setting: The security ML Analytics setting. Is either a model type - or a IO type. Required. + :param security_ml_analytics_setting: The security ML Analytics setting. Is either a + SecurityMLAnalyticsSetting type or a IO type. Required. :type security_ml_analytics_setting: ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -500,16 +486,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.SecurityMLAnalyticsSetting] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(security_ml_analytics_setting, (IO, bytes)): + if isinstance(security_ml_analytics_setting, (IOBase, bytes)): _content = security_ml_analytics_setting else: _json = self._serialize.body(security_ml_analytics_setting, "SecurityMLAnalyticsSetting") @@ -530,8 +514,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -584,9 +569,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -602,8 +585,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_sentinel_onboarding_states_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_sentinel_onboarding_states_operations.py index dede32ea1345..646a4d1d9870 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_sentinel_onboarding_states_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_sentinel_onboarding_states_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload from azure.core.exceptions import ( @@ -26,12 +26,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -49,9 +45,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -77,7 +71,7 @@ def build_get_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -98,9 +92,7 @@ def build_create_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -127,7 +119,7 @@ def build_create_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -150,9 +142,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -178,7 +168,7 @@ def build_delete_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -195,9 +185,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -220,7 +208,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -280,9 +268,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SentinelOnboardingState] = kwargs.pop("cls", None) request = build_get_request( @@ -298,8 +284,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -406,7 +393,7 @@ def create( Required. :type sentinel_onboarding_state_name: str :param sentinel_onboarding_state_parameter: The Sentinel onboarding state parameter. Is either - a model type or a IO type. Default value is None. + a SentinelOnboardingState type or a IO type. Default value is None. :type sentinel_onboarding_state_parameter: ~azure.mgmt.securityinsight.models.SentinelOnboardingState or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -428,16 +415,14 @@ def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.SentinelOnboardingState] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(sentinel_onboarding_state_parameter, (IO, bytes)): + if isinstance(sentinel_onboarding_state_parameter, (IOBase, bytes)): _content = sentinel_onboarding_state_parameter else: if sentinel_onboarding_state_parameter is not None: @@ -461,8 +446,9 @@ def create( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -516,9 +502,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -534,8 +518,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -578,9 +563,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SentinelOnboardingStatesList] = kwargs.pop("cls", None) request = build_list_request( @@ -595,8 +578,9 @@ def list( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_control_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_control_operations.py index 4a4957b10d8d..6f77f6d703c4 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_control_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_control_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Iterable, Optional, TypeVar, Union import urllib.parse @@ -28,12 +27,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -52,9 +47,7 @@ def build_list_repositories_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -78,7 +71,7 @@ def build_list_repositories_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -121,7 +114,7 @@ def list_repositories( :type resource_group_name: str :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param repo_type: The repo type. Known values are: "Github" and "DevOps". Required. + :param repo_type: The repo type. Known values are: "Github" and "AzureDevOps". Required. :type repo_type: str or ~azure.mgmt.securityinsight.models.RepoType :keyword callable cls: A custom type or function that will be passed the direct response :return: An iterator like instance of either Repo or the result of cls(response) @@ -131,9 +124,7 @@ def list_repositories( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: str = kwargs.pop("content_type", _headers.pop("Content-Type", "application/json")) cls: ClsType[_models.RepoList] = kwargs.pop("cls", None) @@ -191,8 +182,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_controls_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_controls_operations.py index e4f8c1291dc3..3ea5d8e1c9db 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_controls_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_controls_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +43,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -72,7 +66,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -89,9 +83,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -115,7 +107,7 @@ def build_get_request( "sourceControlId": _SERIALIZER.url("source_control_id", source_control_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -126,15 +118,14 @@ def build_get_request( return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) -def build_delete_request( +def build_create_request( resource_group_name: str, workspace_name: str, source_control_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -158,33 +149,33 @@ def build_delete_request( "sourceControlId": _SERIALIZER.url("source_control_id", source_control_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) -def build_create_request( +def build_delete_request( resource_group_name: str, workspace_name: str, source_control_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") # Construct URL _url = kwargs.pop( "template_url", - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}/delete", ) # pylint: disable=line-too-long path_format_arguments = { "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), @@ -202,7 +193,7 @@ def build_create_request( "sourceControlId": _SERIALIZER.url("source_control_id", source_control_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -212,7 +203,7 @@ def build_create_request( _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) class SourceControlsOperations: @@ -251,9 +242,7 @@ def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SourceControlList] = kwargs.pop("cls", None) error_map = { @@ -307,8 +296,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -353,9 +343,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.SourceControl] = kwargs.pop("cls", None) request = build_get_request( @@ -371,8 +359,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -392,11 +381,78 @@ def get( "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" } + @overload + def create( + self, + resource_group_name: str, + workspace_name: str, + source_control_id: str, + source_control: _models.SourceControl, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.SourceControl: + """Creates a source control. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param source_control_id: Source control Id. Required. + :type source_control_id: str + :param source_control: The SourceControl. Required. + :type source_control: ~azure.mgmt.securityinsight.models.SourceControl + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SourceControl or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create( + self, + resource_group_name: str, + workspace_name: str, + source_control_id: str, + source_control: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.SourceControl: + """Creates a source control. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param source_control_id: Source control Id. Required. + :type source_control_id: str + :param source_control: The SourceControl. Required. + :type source_control: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SourceControl or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :raises ~azure.core.exceptions.HttpResponseError: + """ + @distributed_trace - def delete( # pylint: disable=inconsistent-return-statements - self, resource_group_name: str, workspace_name: str, source_control_id: str, **kwargs: Any - ) -> None: - """Delete a source control. + def create( + self, + resource_group_name: str, + workspace_name: str, + source_control_id: str, + source_control: Union[_models.SourceControl, IO], + **kwargs: Any + ) -> _models.SourceControl: + """Creates a source control. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -405,9 +461,15 @@ def delete( # pylint: disable=inconsistent-return-statements :type workspace_name: str :param source_control_id: Source control Id. Required. :type source_control_id: str + :param source_control: The SourceControl. Is either a SourceControl type or a IO type. + Required. + :type source_control: ~azure.mgmt.securityinsight.models.SourceControl or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None or the result of cls(response) - :rtype: None + :return: SourceControl or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SourceControl :raises ~azure.core.exceptions.HttpResponseError: """ error_map = { @@ -418,56 +480,75 @@ def delete( # pylint: disable=inconsistent-return-statements } error_map.update(kwargs.pop("error_map", {}) or {}) - _headers = kwargs.pop("headers", {}) or {} + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) - cls: ClsType[None] = kwargs.pop("cls", None) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.SourceControl] = kwargs.pop("cls", None) - request = build_delete_request( + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(source_control, (IOBase, bytes)): + _content = source_control + else: + _json = self._serialize.body(source_control, "SourceControl") + + request = build_create_request( resource_group_name=resource_group_name, workspace_name=workspace_name, source_control_id=source_control_id, subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata["url"], + content_type=content_type, + json=_json, + content=_content, + template_url=self.create.metadata["url"], headers=_headers, params=_params, ) request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response - if response.status_code not in [200, 204]: + if response.status_code not in [200, 201]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) + if response.status_code == 200: + deserialized = self._deserialize("SourceControl", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("SourceControl", pipeline_response) + if cls: - return cls(pipeline_response, None, {}) + return cls(pipeline_response, deserialized, {}) # type: ignore - delete.metadata = { + return deserialized # type: ignore + + create.metadata = { "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" } @overload - def create( + def delete( self, resource_group_name: str, workspace_name: str, source_control_id: str, - source_control: _models.SourceControl, + repository_access: _models.Paths1J3Lu7WSubscriptionsSubscriptionidResourcegroupsResourcegroupnameProvidersMicrosoftOperationalinsightsWorkspacesWorkspacenameProvidersMicrosoftSecurityinsightsSourcecontrolsSourcecontrolidDeletePostRequestbodyContentApplicationJsonSchema, *, content_type: str = "application/json", **kwargs: Any - ) -> _models.SourceControl: - """Creates a source control. + ) -> _models.Warning: + """Delete a source control. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -476,29 +557,30 @@ def create( :type workspace_name: str :param source_control_id: Source control Id. Required. :type source_control_id: str - :param source_control: The SourceControl. Required. - :type source_control: ~azure.mgmt.securityinsight.models.SourceControl + :param repository_access: The repository access credentials. Required. + :type repository_access: + ~azure.mgmt.securityinsight.models.Paths1J3Lu7WSubscriptionsSubscriptionidResourcegroupsResourcegroupnameProvidersMicrosoftOperationalinsightsWorkspacesWorkspacenameProvidersMicrosoftSecurityinsightsSourcecontrolsSourcecontrolidDeletePostRequestbodyContentApplicationJsonSchema :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. Default value is "application/json". :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: SourceControl or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :return: Warning or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Warning :raises ~azure.core.exceptions.HttpResponseError: """ @overload - def create( + def delete( self, resource_group_name: str, workspace_name: str, source_control_id: str, - source_control: IO, + repository_access: IO, *, content_type: str = "application/json", **kwargs: Any - ) -> _models.SourceControl: - """Creates a source control. + ) -> _models.Warning: + """Delete a source control. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -507,27 +589,30 @@ def create( :type workspace_name: str :param source_control_id: Source control Id. Required. :type source_control_id: str - :param source_control: The SourceControl. Required. - :type source_control: IO + :param repository_access: The repository access credentials. Required. + :type repository_access: IO :keyword content_type: Body Parameter content-type. Content type parameter for binary body. Default value is "application/json". :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: SourceControl or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :return: Warning or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Warning :raises ~azure.core.exceptions.HttpResponseError: """ @distributed_trace - def create( + def delete( self, resource_group_name: str, workspace_name: str, source_control_id: str, - source_control: Union[_models.SourceControl, IO], + repository_access: Union[ + _models.Paths1J3Lu7WSubscriptionsSubscriptionidResourcegroupsResourcegroupnameProvidersMicrosoftOperationalinsightsWorkspacesWorkspacenameProvidersMicrosoftSecurityinsightsSourcecontrolsSourcecontrolidDeletePostRequestbodyContentApplicationJsonSchema, + IO, + ], **kwargs: Any - ) -> _models.SourceControl: - """Creates a source control. + ) -> _models.Warning: + """Delete a source control. :param resource_group_name: The name of the resource group. The name is case insensitive. Required. @@ -536,14 +621,18 @@ def create( :type workspace_name: str :param source_control_id: Source control Id. Required. :type source_control_id: str - :param source_control: The SourceControl. Is either a model type or a IO type. Required. - :type source_control: ~azure.mgmt.securityinsight.models.SourceControl or IO + :param repository_access: The repository access credentials. Is either a + Paths1J3Lu7WSubscriptionsSubscriptionidResourcegroupsResourcegroupnameProvidersMicrosoftOperationalinsightsWorkspacesWorkspacenameProvidersMicrosoftSecurityinsightsSourcecontrolsSourcecontrolidDeletePostRequestbodyContentApplicationJsonSchema + type or a IO type. Required. + :type repository_access: + ~azure.mgmt.securityinsight.models.Paths1J3Lu7WSubscriptionsSubscriptionidResourcegroupsResourcegroupnameProvidersMicrosoftOperationalinsightsWorkspacesWorkspacenameProvidersMicrosoftSecurityinsightsSourcecontrolsSourcecontrolidDeletePostRequestbodyContentApplicationJsonSchema + or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: SourceControl or the result of cls(response) - :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :return: Warning or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Warning :raises ~azure.core.exceptions.HttpResponseError: """ error_map = { @@ -557,21 +646,22 @@ def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) - cls: ClsType[_models.SourceControl] = kwargs.pop("cls", None) + cls: ClsType[_models.Warning] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(source_control, (IO, bytes)): - _content = source_control + if isinstance(repository_access, (IOBase, bytes)): + _content = repository_access else: - _json = self._serialize.body(source_control, "SourceControl") + _json = self._serialize.body( + repository_access, + "Paths1J3Lu7WSubscriptionsSubscriptionidResourcegroupsResourcegroupnameProvidersMicrosoftOperationalinsightsWorkspacesWorkspacenameProvidersMicrosoftSecurityinsightsSourcecontrolsSourcecontrolidDeletePostRequestbodyContentApplicationJsonSchema", + ) - request = build_create_request( + request = build_delete_request( resource_group_name=resource_group_name, workspace_name=workspace_name, source_control_id=source_control_id, @@ -580,34 +670,31 @@ def create( content_type=content_type, json=_json, content=_content, - template_url=self.create.metadata["url"], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response - if response.status_code not in [200, 201]: + if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - if response.status_code == 200: - deserialized = self._deserialize("SourceControl", pipeline_response) - - if response.status_code == 201: - deserialized = self._deserialize("SourceControl", pipeline_response) + deserialized = self._deserialize("Warning", pipeline_response) if cls: - return cls(pipeline_response, deserialized, {}) # type: ignore + return cls(pipeline_response, deserialized, {}) - return deserialized # type: ignore + return deserialized - create.metadata = { - "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}/delete" } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_metrics_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_metrics_operations.py index 282e791e6ca8..1d74e1d8a3a0 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_metrics_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_metrics_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Optional, TypeVar from azure.core.exceptions import ( @@ -26,12 +25,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -45,9 +40,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -70,7 +63,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -127,9 +120,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.ThreatIntelligenceMetricsList] = kwargs.pop("cls", None) request = build_list_request( @@ -144,8 +135,9 @@ def list( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_operations.py index 6800898f0f65..d4e5e0c9d245 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +43,7 @@ def build_create_indicator_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -73,7 +67,7 @@ def build_create_indicator_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -92,9 +86,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -118,7 +110,7 @@ def build_get_request( "name": _SERIALIZER.url("name", name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -135,9 +127,7 @@ def build_create_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -162,7 +152,7 @@ def build_create_request( "name": _SERIALIZER.url("name", name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -181,9 +171,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -207,7 +195,7 @@ def build_delete_request( "name": _SERIALIZER.url("name", name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -224,9 +212,7 @@ def build_query_indicators_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -250,7 +236,7 @@ def build_query_indicators_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -269,9 +255,7 @@ def build_append_tags_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -296,7 +280,7 @@ def build_append_tags_request( "name": _SERIALIZER.url("name", name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -315,9 +299,7 @@ def build_replace_tags_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -342,7 +324,7 @@ def build_replace_tags_request( "name": _SERIALIZER.url("name", name, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -449,7 +431,7 @@ def create_indicator( :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param threat_intelligence_properties: Properties of threat intelligence indicators to create - and update. Is either a model type or a IO type. Required. + and update. Is either a ThreatIntelligenceIndicatorModel type or a IO type. Required. :type threat_intelligence_properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -471,16 +453,14 @@ def create_indicator( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.ThreatIntelligenceInformation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(threat_intelligence_properties, (IO, bytes)): + if isinstance(threat_intelligence_properties, (IOBase, bytes)): _content = threat_intelligence_properties else: _json = self._serialize.body(threat_intelligence_properties, "ThreatIntelligenceIndicatorModel") @@ -500,8 +480,9 @@ def create_indicator( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -554,9 +535,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.ThreatIntelligenceInformation] = kwargs.pop("cls", None) request = build_get_request( @@ -572,8 +551,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -677,7 +657,7 @@ def create( :param name: Threat intelligence indicator name field. Required. :type name: str :param threat_intelligence_properties: Properties of threat intelligence indicators to create - and update. Is either a model type or a IO type. Required. + and update. Is either a ThreatIntelligenceIndicatorModel type or a IO type. Required. :type threat_intelligence_properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -699,16 +679,14 @@ def create( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.ThreatIntelligenceInformation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(threat_intelligence_properties, (IO, bytes)): + if isinstance(threat_intelligence_properties, (IOBase, bytes)): _content = threat_intelligence_properties else: _json = self._serialize.body(threat_intelligence_properties, "ThreatIntelligenceIndicatorModel") @@ -729,8 +707,9 @@ def create( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -783,9 +762,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -801,8 +778,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -897,7 +875,8 @@ def query_indicators( :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param threat_intelligence_filtering_criteria: Filtering criteria for querying threat - intelligence indicators. Is either a model type or a IO type. Required. + intelligence indicators. Is either a ThreatIntelligenceFilteringCriteria type or a IO type. + Required. :type threat_intelligence_filtering_criteria: ~azure.mgmt.securityinsight.models.ThreatIntelligenceFilteringCriteria or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -913,9 +892,7 @@ def query_indicators( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.ThreatIntelligenceInformationList] = kwargs.pop("cls", None) @@ -929,7 +906,7 @@ def query_indicators( content_type = content_type or "application/json" _json = None _content = None - if isinstance(threat_intelligence_filtering_criteria, (IO, bytes)): + if isinstance(threat_intelligence_filtering_criteria, (IOBase, bytes)): _content = threat_intelligence_filtering_criteria else: _json = self._serialize.body(threat_intelligence_filtering_criteria, "ThreatIntelligenceFilteringCriteria") @@ -980,8 +957,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -1081,7 +1059,7 @@ def append_tags( # pylint: disable=inconsistent-return-statements :param name: Threat intelligence indicator name field. Required. :type name: str :param threat_intelligence_append_tags: The threat intelligence append tags request body. Is - either a model type or a IO type. Required. + either a ThreatIntelligenceAppendTags type or a IO type. Required. :type threat_intelligence_append_tags: ~azure.mgmt.securityinsight.models.ThreatIntelligenceAppendTags or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -1103,16 +1081,14 @@ def append_tags( # pylint: disable=inconsistent-return-statements _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[None] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(threat_intelligence_append_tags, (IO, bytes)): + if isinstance(threat_intelligence_append_tags, (IOBase, bytes)): _content = threat_intelligence_append_tags else: _json = self._serialize.body(threat_intelligence_append_tags, "ThreatIntelligenceAppendTags") @@ -1133,8 +1109,9 @@ def append_tags( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -1234,7 +1211,7 @@ def replace_tags( :param name: Threat intelligence indicator name field. Required. :type name: str :param threat_intelligence_replace_tags: Tags in the threat intelligence indicator to be - replaced. Is either a model type or a IO type. Required. + replaced. Is either a ThreatIntelligenceIndicatorModel type or a IO type. Required. :type threat_intelligence_replace_tags: ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. @@ -1256,16 +1233,14 @@ def replace_tags( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.ThreatIntelligenceInformation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(threat_intelligence_replace_tags, (IO, bytes)): + if isinstance(threat_intelligence_replace_tags, (IOBase, bytes)): _content = threat_intelligence_replace_tags else: _json = self._serialize.body(threat_intelligence_replace_tags, "ThreatIntelligenceIndicatorModel") @@ -1286,8 +1261,9 @@ def replace_tags( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicators_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicators_operations.py index 8353884e05ce..ceda0abb94dc 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicators_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicators_operations.py @@ -6,7 +6,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys from typing import Any, Callable, Dict, Iterable, Optional, TypeVar import urllib.parse @@ -28,12 +27,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -55,9 +50,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -80,7 +73,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -158,9 +151,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.ThreatIntelligenceInformationList] = kwargs.pop("cls", None) error_map = { @@ -218,8 +209,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_triggered_analytics_rule_run_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_triggered_analytics_rule_run_operations.py new file mode 100644 index 000000000000..5a07f544de25 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_triggered_analytics_rule_run_operations.py @@ -0,0 +1,162 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Optional, TypeVar + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_get_request( + resource_group_name: str, workspace_name: str, rule_run_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/{ruleRunId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "ruleRunId": _SERIALIZER.url("rule_run_id", rule_run_id, "str"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class TriggeredAnalyticsRuleRunOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`triggered_analytics_rule_run` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, rule_run_id: str, **kwargs: Any + ) -> _models.TriggeredAnalyticsRuleRun: + """Gets the triggered analytics rule run. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_run_id: the triggered rule id. Required. + :type rule_run_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TriggeredAnalyticsRuleRun or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TriggeredAnalyticsRuleRun + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.TriggeredAnalyticsRuleRun] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_run_id=rule_run_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("TriggeredAnalyticsRuleRun", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/{ruleRunId}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_update_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_update_operations.py index b35219b0a81e..8ae3dabd7202 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_update_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_update_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, List, Optional, TypeVar, Union, cast, overload from azure.core.exceptions import ( @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -47,9 +43,7 @@ def build_recommendation_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -74,7 +68,7 @@ def build_recommendation_request( "recommendationId": _SERIALIZER.url("recommendation_id", recommendation_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -125,16 +119,14 @@ def _recommendation_initial( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Recommendation] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(recommendation_patch, (IO, bytes)): + if isinstance(recommendation_patch, (IOBase, bytes)): _content = recommendation_patch else: _json = self._serialize.body(recommendation_patch, "[RecommendationPatch]") @@ -155,8 +147,9 @@ def _recommendation_initial( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -272,8 +265,8 @@ def begin_recommendation( :type workspace_name: str :param recommendation_id: Recommendation Id. Required. :type recommendation_id: str - :param recommendation_patch: Recommendation Fields to Update. Is either a list type or a IO - type. Required. + :param recommendation_patch: Recommendation Fields to Update. Is either a [RecommendationPatch] + type or a IO type. Required. :type recommendation_patch: list[~azure.mgmt.securityinsight.models.RecommendationPatch] or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -294,9 +287,7 @@ def begin_recommendation( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Recommendation] = kwargs.pop("cls", None) polling: Union[bool, PollingMethod] = kwargs.pop("polling", True) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlist_items_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlist_items_operations.py index 1139c4e49331..99e860fe1dba 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlist_items_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlist_items_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -53,9 +49,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -79,7 +73,7 @@ def build_list_request( "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -103,9 +97,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -130,7 +122,7 @@ def build_get_request( "watchlistItemId": _SERIALIZER.url("watchlist_item_id", watchlist_item_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -152,9 +144,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -179,7 +169,7 @@ def build_delete_request( "watchlistItemId": _SERIALIZER.url("watchlist_item_id", watchlist_item_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -201,9 +191,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -229,7 +217,7 @@ def build_create_or_update_request( "watchlistItemId": _SERIALIZER.url("watchlist_item_id", watchlist_item_id, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -292,9 +280,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.WatchlistItemList] = kwargs.pop("cls", None) error_map = { @@ -350,8 +336,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -398,9 +385,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.WatchlistItem] = kwargs.pop("cls", None) request = build_get_request( @@ -417,8 +402,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -469,9 +455,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -488,8 +472,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -594,7 +579,8 @@ def create_or_update( :type watchlist_alias: str :param watchlist_item_id: Watchlist Item Id (GUID). Required. :type watchlist_item_id: str - :param watchlist_item: The watchlist item. Is either a model type or a IO type. Required. + :param watchlist_item: The watchlist item. Is either a WatchlistItem type or a IO type. + Required. :type watchlist_item: ~azure.mgmt.securityinsight.models.WatchlistItem or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -615,16 +601,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.WatchlistItem] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(watchlist_item, (IO, bytes)): + if isinstance(watchlist_item, (IOBase, bytes)): _content = watchlist_item else: _json = self._serialize.body(watchlist_item, "WatchlistItem") @@ -646,8 +630,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlists_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlists_operations.py index c675404d4edb..14964c388626 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlists_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlists_operations.py @@ -6,7 +6,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import sys +from io import IOBase from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload import urllib.parse @@ -28,12 +28,8 @@ from .. import models as _models from .._serialization import Serializer -from .._vendor import _convert_request, _format_url_section +from .._vendor import _convert_request -if sys.version_info >= (3, 8): - from typing import Literal # pylint: disable=no-name-in-module, ungrouped-imports -else: - from typing_extensions import Literal # type: ignore # pylint: disable=ungrouped-imports T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] @@ -52,9 +48,7 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -77,7 +71,7 @@ def build_list_request( ), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -96,9 +90,7 @@ def build_get_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -122,7 +114,7 @@ def build_get_request( "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -139,9 +131,7 @@ def build_delete_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) accept = _headers.pop("Accept", "application/json") # Construct URL @@ -165,7 +155,7 @@ def build_delete_request( "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -182,9 +172,7 @@ def build_create_or_update_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", "2022-12-01-preview") - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) accept = _headers.pop("Accept", "application/json") @@ -209,7 +197,7 @@ def build_create_or_update_request( "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, "str"), } - _url: str = _format_url_section(_url, **path_format_arguments) # type: ignore + _url: str = _url.format(**path_format_arguments) # type: ignore # Construct parameters _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") @@ -265,9 +253,7 @@ def list( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.WatchlistList] = kwargs.pop("cls", None) error_map = { @@ -322,8 +308,9 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -368,9 +355,7 @@ def get( _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[_models.Watchlist] = kwargs.pop("cls", None) request = build_get_request( @@ -386,8 +371,9 @@ def get( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -436,9 +422,7 @@ def delete( # pylint: disable=inconsistent-return-statements _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) cls: ClsType[None] = kwargs.pop("cls", None) request = build_delete_request( @@ -454,8 +438,9 @@ def delete( # pylint: disable=inconsistent-return-statements request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response @@ -572,7 +557,7 @@ def create_or_update( :type workspace_name: str :param watchlist_alias: Watchlist Alias. Required. :type watchlist_alias: str - :param watchlist: The watchlist. Is either a model type or a IO type. Required. + :param watchlist: The watchlist. Is either a Watchlist type or a IO type. Required. :type watchlist: ~azure.mgmt.securityinsight.models.Watchlist or IO :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. Default value is None. @@ -593,16 +578,14 @@ def create_or_update( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version: Literal["2022-12-01-preview"] = kwargs.pop( - "api_version", _params.pop("api-version", self._config.api_version) - ) + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) cls: ClsType[_models.Watchlist] = kwargs.pop("cls", None) content_type = content_type or "application/json" _json = None _content = None - if isinstance(watchlist, (IO, bytes)): + if isinstance(watchlist, (IOBase, bytes)): _content = watchlist else: _json = self._serialize.body(watchlist, "Watchlist") @@ -623,8 +606,9 @@ def create_or_update( request = _convert_request(request) request.url = self._client.format_url(request.url) + _stream = False pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access - request, stream=False, **kwargs + request, stream=_stream, **kwargs ) response = pipeline_response.http_response diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_assignment_jobs_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_assignment_jobs_operations.py new file mode 100644 index 000000000000..72ce66112afe --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_assignment_jobs_operations.py @@ -0,0 +1,604 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Iterable, Optional, TypeVar +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + subscription_id: str, + *, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerAssignmentName": _SERIALIZER.url( + "workspace_manager_assignment_name", + workspace_manager_assignment_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerAssignmentName": _SERIALIZER.url( + "workspace_manager_assignment_name", + workspace_manager_assignment_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + job_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs/{jobName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerAssignmentName": _SERIALIZER.url( + "workspace_manager_assignment_name", + workspace_manager_assignment_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "jobName": _SERIALIZER.url("job_name", job_name, "str", pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + job_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs/{jobName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerAssignmentName": _SERIALIZER.url( + "workspace_manager_assignment_name", + workspace_manager_assignment_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "jobName": _SERIALIZER.url("job_name", job_name, "str", pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$"), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +class WorkspaceManagerAssignmentJobsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`workspace_manager_assignment_jobs` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.Job"]: + """Get all jobs for the specified workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either Job or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.Job] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.JobList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + subscription_id=self._config.subscription_id, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("JobList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs" + } + + @distributed_trace + def create( + self, resource_group_name: str, workspace_name: str, workspace_manager_assignment_name: str, **kwargs: Any + ) -> _models.Job: + """Create a job for the specified workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Job or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Job + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.Job] = kwargs.pop("cls", None) + + request = build_create_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.create.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Job", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + create.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs" + } + + @distributed_trace + def get( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + job_name: str, + **kwargs: Any + ) -> _models.Job: + """Gets a job. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param job_name: The job name. Required. + :type job_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Job or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Job + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.Job] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + job_name=job_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Job", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs/{jobName}" + } + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + job_name: str, + **kwargs: Any + ) -> None: + """Deletes the specified job from the specified workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param job_name: The job name. Required. + :type job_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + job_name=job_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs/{jobName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_assignments_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_assignments_operations.py new file mode 100644 index 000000000000..3947544c6f7e --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_assignments_operations.py @@ -0,0 +1,671 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerAssignmentName": _SERIALIZER.url( + "workspace_manager_assignment_name", + workspace_manager_assignment_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_or_update_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerAssignmentName": _SERIALIZER.url( + "workspace_manager_assignment_name", + workspace_manager_assignment_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerAssignmentName": _SERIALIZER.url( + "workspace_manager_assignment_name", + workspace_manager_assignment_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +class WorkspaceManagerAssignmentsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`workspace_manager_assignments` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.WorkspaceManagerAssignment"]: + """Get all workspace manager assignments for the Sentinel workspace manager. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either WorkspaceManagerAssignment or the result of + cls(response) + :rtype: + ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerAssignmentList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("WorkspaceManagerAssignmentList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments" + } + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, workspace_manager_assignment_name: str, **kwargs: Any + ) -> _models.WorkspaceManagerAssignment: + """Gets a workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerAssignment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerAssignment] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("WorkspaceManagerAssignment", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}" + } + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + workspace_manager_assignment: _models.WorkspaceManagerAssignment, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerAssignment: + """Creates or updates a workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param workspace_manager_assignment: The workspace manager assignment. Required. + :type workspace_manager_assignment: + ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerAssignment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + workspace_manager_assignment: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerAssignment: + """Creates or updates a workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param workspace_manager_assignment: The workspace manager assignment. Required. + :type workspace_manager_assignment: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerAssignment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_assignment_name: str, + workspace_manager_assignment: Union[_models.WorkspaceManagerAssignment, IO], + **kwargs: Any + ) -> _models.WorkspaceManagerAssignment: + """Creates or updates a workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :param workspace_manager_assignment: The workspace manager assignment. Is either a + WorkspaceManagerAssignment type or a IO type. Required. + :type workspace_manager_assignment: + ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerAssignment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerAssignment + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.WorkspaceManagerAssignment] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(workspace_manager_assignment, (IOBase, bytes)): + _content = workspace_manager_assignment + else: + _json = self._serialize.body(workspace_manager_assignment, "WorkspaceManagerAssignment") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("WorkspaceManagerAssignment", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("WorkspaceManagerAssignment", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}" + } + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, workspace_manager_assignment_name: str, **kwargs: Any + ) -> None: + """Deletes a workspace manager assignment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_assignment_name: The name of the workspace manager assignment. + Required. + :type workspace_manager_assignment_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_assignment_name=workspace_manager_assignment_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_configurations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_configurations_operations.py new file mode 100644 index 000000000000..ee3435421963 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_configurations_operations.py @@ -0,0 +1,671 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_configuration_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerConfigurationName": _SERIALIZER.url( + "workspace_manager_configuration_name", + workspace_manager_configuration_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_configuration_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerConfigurationName": _SERIALIZER.url( + "workspace_manager_configuration_name", + workspace_manager_configuration_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_or_update_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_configuration_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerConfigurationName": _SERIALIZER.url( + "workspace_manager_configuration_name", + workspace_manager_configuration_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +class WorkspaceManagerConfigurationsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`workspace_manager_configurations` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.WorkspaceManagerConfiguration"]: + """Gets all workspace manager configurations for a Sentinel workspace. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either WorkspaceManagerConfiguration or the result of + cls(response) + :rtype: + ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerConfigurationList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("WorkspaceManagerConfigurationList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations" + } + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, workspace_manager_configuration_name: str, **kwargs: Any + ) -> _models.WorkspaceManagerConfiguration: + """Gets a workspace manager configuration. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_configuration_name: The name of the workspace manager configuration. + Required. + :type workspace_manager_configuration_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerConfiguration or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerConfiguration] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_configuration_name=workspace_manager_configuration_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("WorkspaceManagerConfiguration", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}" + } + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, workspace_manager_configuration_name: str, **kwargs: Any + ) -> None: + """Deletes a workspace manager configuration. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_configuration_name: The name of the workspace manager configuration. + Required. + :type workspace_manager_configuration_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_configuration_name=workspace_manager_configuration_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}" + } + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_configuration_name: str, + workspace_manager_configuration: _models.WorkspaceManagerConfiguration, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerConfiguration: + """Creates or updates a workspace manager configuration. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_configuration_name: The name of the workspace manager configuration. + Required. + :type workspace_manager_configuration_name: str + :param workspace_manager_configuration: The workspace manager configuration. Required. + :type workspace_manager_configuration: + ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerConfiguration or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_configuration_name: str, + workspace_manager_configuration: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerConfiguration: + """Creates or updates a workspace manager configuration. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_configuration_name: The name of the workspace manager configuration. + Required. + :type workspace_manager_configuration_name: str + :param workspace_manager_configuration: The workspace manager configuration. Required. + :type workspace_manager_configuration: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerConfiguration or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_configuration_name: str, + workspace_manager_configuration: Union[_models.WorkspaceManagerConfiguration, IO], + **kwargs: Any + ) -> _models.WorkspaceManagerConfiguration: + """Creates or updates a workspace manager configuration. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_configuration_name: The name of the workspace manager configuration. + Required. + :type workspace_manager_configuration_name: str + :param workspace_manager_configuration: The workspace manager configuration. Is either a + WorkspaceManagerConfiguration type or a IO type. Required. + :type workspace_manager_configuration: + ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerConfiguration or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerConfiguration + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.WorkspaceManagerConfiguration] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(workspace_manager_configuration, (IOBase, bytes)): + _content = workspace_manager_configuration + else: + _json = self._serialize.body(workspace_manager_configuration, "WorkspaceManagerConfiguration") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_configuration_name=workspace_manager_configuration_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("WorkspaceManagerConfiguration", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("WorkspaceManagerConfiguration", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_groups_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_groups_operations.py new file mode 100644 index 000000000000..95a538889409 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_groups_operations.py @@ -0,0 +1,663 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_group_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerGroupName": _SERIALIZER.url( + "workspace_manager_group_name", + workspace_manager_group_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_or_update_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_group_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerGroupName": _SERIALIZER.url( + "workspace_manager_group_name", + workspace_manager_group_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_group_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerGroupName": _SERIALIZER.url( + "workspace_manager_group_name", + workspace_manager_group_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +class WorkspaceManagerGroupsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`workspace_manager_groups` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.WorkspaceManagerGroup"]: + """Gets all workspace manager groups in the Sentinel workspace manager. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either WorkspaceManagerGroup or the result of + cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.WorkspaceManagerGroup] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerGroupList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("WorkspaceManagerGroupList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups" + } + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, workspace_manager_group_name: str, **kwargs: Any + ) -> _models.WorkspaceManagerGroup: + """Gets a workspace manager group. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_group_name: The name of the workspace manager group. Required. + :type workspace_manager_group_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerGroup or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerGroup] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_group_name=workspace_manager_group_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("WorkspaceManagerGroup", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}" + } + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_group_name: str, + workspace_manager_group: _models.WorkspaceManagerGroup, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerGroup: + """Creates or updates a workspace manager group. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_group_name: The name of the workspace manager group. Required. + :type workspace_manager_group_name: str + :param workspace_manager_group: The workspace manager group object. Required. + :type workspace_manager_group: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerGroup or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_group_name: str, + workspace_manager_group: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerGroup: + """Creates or updates a workspace manager group. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_group_name: The name of the workspace manager group. Required. + :type workspace_manager_group_name: str + :param workspace_manager_group: The workspace manager group object. Required. + :type workspace_manager_group: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerGroup or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_group_name: str, + workspace_manager_group: Union[_models.WorkspaceManagerGroup, IO], + **kwargs: Any + ) -> _models.WorkspaceManagerGroup: + """Creates or updates a workspace manager group. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_group_name: The name of the workspace manager group. Required. + :type workspace_manager_group_name: str + :param workspace_manager_group: The workspace manager group object. Is either a + WorkspaceManagerGroup type or a IO type. Required. + :type workspace_manager_group: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerGroup or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerGroup + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.WorkspaceManagerGroup] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(workspace_manager_group, (IOBase, bytes)): + _content = workspace_manager_group + else: + _json = self._serialize.body(workspace_manager_group, "WorkspaceManagerGroup") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_group_name=workspace_manager_group_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("WorkspaceManagerGroup", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("WorkspaceManagerGroup", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}" + } + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, workspace_manager_group_name: str, **kwargs: Any + ) -> None: + """Deletes a workspace manager group. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_group_name: The name of the workspace manager group. Required. + :type workspace_manager_group_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_group_name=workspace_manager_group_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_members_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_members_operations.py new file mode 100644 index 000000000000..c12ecdb605c8 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_workspace_manager_members_operations.py @@ -0,0 +1,663 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from io import IOBase +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +import urllib.parse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + ResourceNotModifiedError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_member_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerMemberName": _SERIALIZER.url( + "workspace_manager_member_name", + workspace_manager_member_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_or_update_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_member_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerMemberName": _SERIALIZER.url( + "workspace_manager_member_name", + workspace_manager_member_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, + workspace_name: str, + workspace_manager_member_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2023-08-01-preview")) + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url( + "workspace_name", + workspace_name, + "str", + max_length=90, + min_length=1, + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + "workspaceManagerMemberName": _SERIALIZER.url( + "workspace_manager_member_name", + workspace_manager_member_name, + "str", + pattern=r"^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + ), + } + + _url: str = _url.format(**path_format_arguments) # type: ignore + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +class WorkspaceManagerMembersOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`workspace_manager_members` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.WorkspaceManagerMember"]: + """Gets all workspace manager members that exist for the given Sentinel workspace manager. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either WorkspaceManagerMember or the result of + cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.WorkspaceManagerMember] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerMembersList] = kwargs.pop("cls", None) + + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + else: + # make call to next link with the client's api-version + _parsed_next_link = urllib.parse.urlparse(next_link) + _next_request_params = case_insensitive_dict( + { + key: [urllib.parse.quote(v) for v in value] + for key, value in urllib.parse.parse_qs(_parsed_next_link.query).items() + } + ) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest( + "GET", urllib.parse.urljoin(next_link, _parsed_next_link.path), params=_next_request_params + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("WorkspaceManagerMembersList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) # type: ignore + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/" + } + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, workspace_manager_member_name: str, **kwargs: Any + ) -> _models.WorkspaceManagerMember: + """Gets a workspace manager member. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_member_name: The name of the workspace manager member. Required. + :type workspace_manager_member_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerMember or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[_models.WorkspaceManagerMember] = kwargs.pop("cls", None) + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_member_name=workspace_manager_member_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + deserialized = self._deserialize("WorkspaceManagerMember", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}" + } + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_member_name: str, + workspace_manager_member: _models.WorkspaceManagerMember, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerMember: + """Creates or updates a workspace manager member. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_member_name: The name of the workspace manager member. Required. + :type workspace_manager_member_name: str + :param workspace_manager_member: The workspace manager member object. Required. + :type workspace_manager_member: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerMember or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_member_name: str, + workspace_manager_member: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WorkspaceManagerMember: + """Creates or updates a workspace manager member. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_member_name: The name of the workspace manager member. Required. + :type workspace_manager_member_name: str + :param workspace_manager_member: The workspace manager member object. Required. + :type workspace_manager_member: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerMember or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + workspace_manager_member_name: str, + workspace_manager_member: Union[_models.WorkspaceManagerMember, IO], + **kwargs: Any + ) -> _models.WorkspaceManagerMember: + """Creates or updates a workspace manager member. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_member_name: The name of the workspace manager member. Required. + :type workspace_manager_member_name: str + :param workspace_manager_member: The workspace manager member object. Is either a + WorkspaceManagerMember type or a IO type. Required. + :type workspace_manager_member: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WorkspaceManagerMember or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WorkspaceManagerMember + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None)) + cls: ClsType[_models.WorkspaceManagerMember] = kwargs.pop("cls", None) + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(workspace_manager_member, (IOBase, bytes)): + _content = workspace_manager_member + else: + _json = self._serialize.body(workspace_manager_member, "WorkspaceManagerMember") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_member_name=workspace_manager_member_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("WorkspaceManagerMember", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("WorkspaceManagerMember", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) # type: ignore + + return deserialized # type: ignore + + create_or_update.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}" + } + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, workspace_manager_member_name: str, **kwargs: Any + ) -> None: + """Deletes a workspace manager member. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param workspace_manager_member_name: The name of the workspace manager member. Required. + :type workspace_manager_member_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = { + 401: ClientAuthenticationError, + 404: ResourceNotFoundError, + 409: ResourceExistsError, + 304: ResourceNotModifiedError, + } + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version: str = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) + cls: ClsType[None] = kwargs.pop("cls", None) + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + workspace_manager_member_name=workspace_manager_member_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) + + _stream = False + pipeline_response: PipelineResponse = self._client._pipeline.run( # pylint: disable=protected-access + request, stream=_stream, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + error = self._deserialize.failsafe_deserialize(_models.ErrorResponse, pipeline_response) + raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = { + "url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}" + } diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_action_of_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/create_action_of_alert_rule.py similarity index 97% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_action_of_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/create_action_of_alert_rule.py index 805f96e8a4ec..5fee3a5ab9d6 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_action_of_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/create_action_of_alert_rule.py @@ -45,6 +45,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/actions/CreateActionOfAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/actions/CreateActionOfAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_action_of_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/delete_action_of_alert_rule.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_action_of_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/delete_action_of_alert_rule.py index 01907457a01d..1c1a3450bde1 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_action_of_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/delete_action_of_alert_rule.py @@ -29,15 +29,14 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.actions.delete( + client.actions.delete( resource_group_name="myRg", workspace_name="myWorkspace", rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", action_id="912bec42-cb66-4c03-ac63-1761b6898c3e", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/actions/DeleteActionOfAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/actions/DeleteActionOfAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_action_of_alert_rule_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/get_action_of_alert_rule_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_action_of_alert_rule_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/get_action_of_alert_rule_by_id.py index 6bf9693e038f..cdc0a07427b9 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_action_of_alert_rule_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/get_action_of_alert_rule_by_id.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/actions/GetActionOfAlertRuleById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/actions/GetActionOfAlertRuleById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_actions_by_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/get_all_actions_by_alert_rule.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_actions_by_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/get_all_actions_by_alert_rule.py index 71e28322c8e7..4d8162201c0c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_actions_by_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/actions/get_all_actions_by_alert_rule.py @@ -38,6 +38,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/actions/GetAllActionsByAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/actions/GetAllActionsByAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_alert_rule_template_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rule_templates/get_alert_rule_template_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_alert_rule_template_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rule_templates/get_alert_rule_template_by_id.py index 1d18bbcb0164..5c040991fb6e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_alert_rule_template_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rule_templates/get_alert_rule_template_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_alert_rule_templates.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rule_templates/get_alert_rule_templates.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_alert_rule_templates.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rule_templates/get_alert_rule_templates.py index 4f232d8a66d2..6439ec26935a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_alert_rule_templates.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rule_templates/get_alert_rule_templates.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_fusion_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_fusion_alert_rule.py similarity index 99% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_fusion_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_fusion_alert_rule.py index 7f4268b32cbc..4e557089fb7e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_fusion_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_fusion_alert_rule.py @@ -174,6 +174,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/CreateFusionAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/alertRules/CreateFusionAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_fusion_alert_rule_with_fusion_scenario_exclusion.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_fusion_alert_rule_with_fusion_scenario_exclusion.py similarity index 99% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_fusion_alert_rule_with_fusion_scenario_exclusion.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_fusion_alert_rule_with_fusion_scenario_exclusion.py index cea2c133fe51..7eb9a16a15a7 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_fusion_alert_rule_with_fusion_scenario_exclusion.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_fusion_alert_rule_with_fusion_scenario_exclusion.py @@ -174,6 +174,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_microsoft_security_incident_creation_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_microsoft_security_incident_creation_alert_rule.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_microsoft_security_incident_creation_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_microsoft_security_incident_creation_alert_rule.py index f1dae6d1fced..281749ecdf80 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_microsoft_security_incident_creation_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_microsoft_security_incident_creation_alert_rule.py @@ -46,6 +46,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_nrt_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_nrt_alert_rule.py similarity index 97% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_nrt_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_nrt_alert_rule.py index b52313895455..975df0985ae9 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_nrt_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_nrt_alert_rule.py @@ -63,6 +63,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/CreateNrtAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/alertRules/CreateNrtAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_scheduled_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_scheduled_alert_rule.py similarity index 98% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_scheduled_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_scheduled_alert_rule.py index 41f7815cc6e8..5bc52515b2ae 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_scheduled_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/create_scheduled_alert_rule.py @@ -84,6 +84,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/CreateScheduledAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/alertRules/CreateScheduledAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/delete_alert_rule.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/delete_alert_rule.py index e8eccd69f4ac..def9f490ee4f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/delete_alert_rule.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.alert_rules.delete( + client.alert_rules.delete( resource_group_name="myRg", workspace_name="myWorkspace", rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/DeleteAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/alertRules/DeleteAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_alert_rules.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_all_alert_rules.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_alert_rules.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_all_alert_rules.py index 6bfe39da69fe..c41ffcb6720f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_alert_rules.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_all_alert_rules.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/GetAllAlertRules.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/alertRules/GetAllAlertRules.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_fusion_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_fusion_alert_rule.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_fusion_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_fusion_alert_rule.py index 20bbac08277f..bdf7c37dbfcf 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_fusion_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_fusion_alert_rule.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/GetFusionAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/alertRules/GetFusionAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_security_incident_creation_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_microsoft_security_incident_creation_alert_rule.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_security_incident_creation_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_microsoft_security_incident_creation_alert_rule.py index fd1493e29bb6..895d30fed59d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_security_incident_creation_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_microsoft_security_incident_creation_alert_rule.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_nrt_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_nrt_alert_rule.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_nrt_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_nrt_alert_rule.py index e3ffcd9605df..17f5c5ca1280 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_nrt_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_nrt_alert_rule.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/GetNrtAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/alertRules/GetNrtAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_scheduled_alert_rule.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_scheduled_alert_rule.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_scheduled_alert_rule.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_scheduled_alert_rule.py index fe0d97781a54..567d2bb5d58c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_scheduled_alert_rule.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/alert_rules/get_scheduled_alert_rule.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/alertRules/GetScheduledAlertRule.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/alertRules/GetScheduledAlertRule.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_create_or_update.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_create_or_update.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_create_or_update.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_create_or_update.py index 41e25ad33c82..551892cccd43 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_create_or_update.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_create_or_update.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_delete.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_delete.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_delete.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_delete.py index 5425a32f6ccd..eb7050e60ea1 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_delete.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_delete.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/automationRules/AutomationRules_Delete.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/automationRules/AutomationRules_Delete.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_get.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_get.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_get.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_get.py index 56075cbd2de2..065d3443fcdb 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_get.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_get.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/automationRules/AutomationRules_Get.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/automationRules/AutomationRules_Get.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_list.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_list.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_list.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_list.py index 5916a50c7a2a..773ed8234150 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules_list.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/automation_rules/automation_rules_list.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/automationRules/AutomationRules_List.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/automationRules/AutomationRules_List.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/billing_statistics/get_all_billing_statistics.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/billing_statistics/get_all_billing_statistics.py new file mode 100644 index 000000000000..0cb17114f765 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/billing_statistics/get_all_billing_statistics.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_all_billing_statistics.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.billing_statistics.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/billingStatistics/GetAllBillingStatistics.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/billing_statistics/get_billing_statistic.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/billing_statistics/get_billing_statistic.py new file mode 100644 index 000000000000..781bc86cd927 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/billing_statistics/get_billing_statistic.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_billing_statistic.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.billing_statistics.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + billing_statistic_name="sapSolutionUsage", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/billingStatistics/GetBillingStatistic.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_bookmark.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/create_bookmark.py similarity index 97% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_bookmark.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/create_bookmark.py index 44e578eca8d0..3d10c9dab0a0 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_bookmark.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/create_bookmark.py @@ -59,6 +59,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/CreateBookmark.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/bookmarks/CreateBookmark.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_bookmark.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/delete_bookmark.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_bookmark.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/delete_bookmark.py index 5f63071b1758..2a6104b83c7e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_bookmark.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/delete_bookmark.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.bookmarks.delete( + client.bookmarks.delete( resource_group_name="myRg", workspace_name="myWorkspace", bookmark_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/DeleteBookmark.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/bookmarks/DeleteBookmark.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_expand_bookmark.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/expand/post_expand_bookmark.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_expand_bookmark.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/expand/post_expand_bookmark.py index 49329bae179a..de414a39c440 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_expand_bookmark.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/expand/post_expand_bookmark.py @@ -42,6 +42,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/expand/PostExpandBookmark.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/bookmarks/expand/PostExpandBookmark.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmark_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/get_bookmark_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmark_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/get_bookmark_by_id.py index 8e87468ceb1e..b20b2f6cc829 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmark_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/get_bookmark_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/GetBookmarkById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/bookmarks/GetBookmarkById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmarks.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/get_bookmarks.py similarity index 95% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmarks.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/get_bookmarks.py index 3bfe6238bf16..edd2a47eae75 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmarks.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/get_bookmarks.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/GetBookmarks.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/bookmarks/GetBookmarks.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_bookmark_relation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/create_bookmark_relation.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_bookmark_relation.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/create_bookmark_relation.py index fa4c8433745e..2f2b29f5d816 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_bookmark_relation.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/create_bookmark_relation.py @@ -43,6 +43,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_bookmark_relation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/delete_bookmark_relation.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_bookmark_relation.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/delete_bookmark_relation.py index 940f286c435e..76aadeceb00d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_bookmark_relation.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/delete_bookmark_relation.py @@ -29,15 +29,14 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.bookmark_relations.delete( + client.bookmark_relations.delete( resource_group_name="myRg", workspace_name="myWorkspace", bookmark_id="2216d0e1-91e3-4902-89fd-d2df8c535096", relation_name="4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_bookmark_relations.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/get_all_bookmark_relations.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_bookmark_relations.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/get_all_bookmark_relations.py index dd257f859112..770299a1f7bb 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_bookmark_relations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/get_all_bookmark_relations.py @@ -38,6 +38,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmark_relation_by_name.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/get_bookmark_relation_by_name.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmark_relation_by_name.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/get_bookmark_relation_by_name.py index 7426af196f31..f45476355075 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_bookmark_relation_by_name.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/bookmarks/relations/get_bookmark_relation_by_name.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_package_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_package_by_id.py new file mode 100644 index 000000000000..e77f5fcec285 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_package_by_id.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_package_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + response = client.content_packages.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + package_id="str.azure-sentinel-solution-str", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/contentPackages/GetPackageById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_packages.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_packages.py new file mode 100644 index 000000000000..c4a596d420c7 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_packages.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_packages.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + response = client.content_packages.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/contentPackages/GetPackages.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_product_package_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_product_package_by_id.py new file mode 100644 index 000000000000..1206433862f3 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_product_package_by_id.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_product_package_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + response = client.product_package.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + package_id="str.azure-sentinel-solution-str", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/contentPackages/GetProductPackageById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_product_packages.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_product_packages.py new file mode 100644 index 000000000000..13e41a6c1170 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/get_product_packages.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_product_packages.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + response = client.product_packages.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/contentPackages/GetProductPackages.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/install_package.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/install_package.py new file mode 100644 index 000000000000..4448fefbb0b1 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/install_package.py @@ -0,0 +1,52 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python install_package.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + response = client.content_package.install( + resource_group_name="myRg", + workspace_name="myWorkspace", + package_id="str.azure-sentinel-solution-str", + package_installation_properties={ + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "displayName": "str", + "version": "2.0.0", + }, + "tags": {"tag1": "str"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/contentPackages/InstallPackage.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/uninstall_package.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/uninstall_package.py new file mode 100644 index 000000000000..69aae4e009af --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_packages/uninstall_package.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python uninstall_package.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + client.content_package.uninstall( + resource_group_name="myRg", + workspace_name="myWorkspace", + package_id="str.azure-sentinel-solution-str", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/contentPackages/UninstallPackage.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/delete_template.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/delete_template.py new file mode 100644 index 000000000000..e94bfc003075 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/delete_template.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_template.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + client.content_template.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + template_id="8365ebfe-a381-45b7-ad08-7d818070e11f", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/contentTemplates/DeleteTemplate.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_product_template_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_product_template_by_id.py new file mode 100644 index 000000000000..ef6c0a9a2165 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_product_template_by_id.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_product_template_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + response = client.product_template.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + template_id="8365ebfe-a381-45b7-ad08-7d818070e11f", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/contentTemplates/GetProductTemplateById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_product_templates.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_product_templates.py new file mode 100644 index 000000000000..27e63ef25d3e --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_product_templates.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_product_templates.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + response = client.product_templates.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/contentTemplates/GetProductTemplates.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_template_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_template_by_id.py new file mode 100644 index 000000000000..ad18355d2a60 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_template_by_id.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_template_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + response = client.content_template.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + template_id="8365ebfe-a381-45b7-ad08-7d818070e11f", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/contentTemplates/GetTemplateById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_templates.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_templates.py new file mode 100644 index 000000000000..0f54793719ad --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/get_templates.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_templates.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + response = client.content_templates.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/contentTemplates/GetTemplates.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/install_template.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/install_template.py new file mode 100644 index 000000000000..de20cca27d57 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/content_templates/install_template.py @@ -0,0 +1,115 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python install_template.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + ) + + response = client.content_template.install( + resource_group_name="myRg", + workspace_name="myWorkspace", + template_id="str.azure-sentinel-solution-str", + template_installation_properties={ + "properties": { + "author": {"email": "support@microsoft.com", "name": "Microsoft"}, + "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "contentKind": "AnalyticsRule", + "contentProductId": "str.azure-sentinel-solution-str-ar-cbfe4fndz66bi", + "displayName": "API Protection workbook template", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.1", + "resources": [ + { + "apiVersion": "2022-04-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "properties": { + "description": "Creates an incident when a large number of Critical/High severity CrowdStrike Falcon sensor detections is triggered by a single user", + "displayName": "Critical or High Severity Detections by User", + "enabled": False, + "query": "...", + "queryFrequency": "PT1H", + "queryPeriod": "PT1H", + "severity": "High", + "status": "Available", + "suppressionDuration": "PT1H", + "suppressionEnabled": False, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + }, + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + }, + { + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split([resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)],'/'))))]", + "properties": { + "author": {"email": "support@microsoft.com", "name": "Microsoft"}, + "contentId": "4465ebde-b381-45f7-ad08-7d818070a11c", + "description": "CrowdStrike Falcon Endpoint Protection Analytics Rule 1", + "kind": "AnalyticsRule", + "parentId": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)]", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str", + }, + "support": { + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "name": "Microsoft Corporation", + "tier": "Microsoft", + }, + "version": "1.0.0", + }, + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + }, + ], + }, + "packageId": "str.azure-sentinel-solution-str", + "packageKind": "Solution", + "packageName": "str", + "packageVersion": "1.0.0", + "source": {"kind": "Solution", "name": "str", "sourceId": "str.azure-sentinel-solution-str"}, + "support": { + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "name": "Microsoft Corporation", + "tier": "Microsoft", + }, + "version": "1.0.1", + }, + "tags": {"tag1": "str"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/contentTemplates/InstallTemplate.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/create_customizable_data_connector_definition.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/create_customizable_data_connector_definition.py new file mode 100644 index 000000000000..39482cbbf6c5 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/create_customizable_data_connector_definition.py @@ -0,0 +1,110 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_customizable_data_connector_definition.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connector_definitions.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_definition_name="73e01a99-5cd7-4139-a149-9f2736ff2ab5", + connector_definition_input={ + "etag": '"0300bf09-0000-0000-0000-5c37296e0000"', + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "availability": {"isPreview": False, "status": 1}, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ], + } + ], + "dataTypes": [ + { + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)", + "name": "GitHubAuditLogPolling_CL", + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "GitHubAuditLogPolling_CL", + "legend": "GitHub audit log events", + "metricName": "Total events received", + } + ], + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow `this `_ to create or find your personal key", + "instructions": [ + { + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect", + }, + "type": "OAuthForm", + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + } + ], + "permissions": { + "customs": [ + { + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope", + "name": "GitHub API personal token Key", + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": {"action": False, "delete": False, "read": False, "write": True}, + "scope": "Workspace", + } + ], + }, + "publisher": "GitHub", + "sampleQueries": [{"description": "All logs", "query": "GitHubAuditLogPolling_CL \n | take 10"}], + "title": "GitHub Enterprise Audit Log", + } + }, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/delete_data_connector_definition_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/delete_data_connector_definition_by_id.py new file mode 100644 index 000000000000..9958dabd1ffd --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/delete_data_connector_definition_by_id.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_data_connector_definition_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.data_connector_definitions.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_definition_name="73e01a99-5cd7-4139-a149-9f2736ff2ab5", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/get_customizable_data_connectoe_definition_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/get_customizable_data_connectoe_definition_by_id.py new file mode 100644 index 000000000000..becdc8704a7b --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/get_customizable_data_connectoe_definition_by_id.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_customizable_data_connectoe_definition_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connector_definitions.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_definition_name="763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/get_data_connector_definitions.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/get_data_connector_definitions.py new file mode 100644 index 000000000000..168b04aed584 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connector_definitions/get_data_connector_definitions.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_data_connector_definitions.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connector_definitions.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory.py new file mode 100644 index 000000000000..ca6c236a9599 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_azure_active_directory.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "AzureActiveDirectory", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory_no_authorization.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory_no_authorization.py new file mode 100644 index 000000000000..8c97e858858b --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory_no_authorization.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_azure_active_directory_no_authorization.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "AzureActiveDirectory", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory_no_license.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory_no_license.py new file mode 100644 index 000000000000..1bca8f3d6e83 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_active_directory_no_license.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_azure_active_directory_no_license.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "AzureActiveDirectory", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_security_center.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_security_center.py new file mode 100644 index 000000000000..cebfda3cb8e7 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_azure_security_center.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_azure_security_center.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "AzureSecurityCenter", + "properties": {"subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_dynamics365.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_dynamics365.py new file mode 100644 index 000000000000..bfcc0ba3d8d2 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_dynamics365.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_dynamics365.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "Dynamics365", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_io_t.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_io_t.py new file mode 100644 index 000000000000..0403282c9246 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_io_t.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_io_t.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "IOT", + "properties": {"subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CheckRequirementsIoT.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_mdatp.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_mdatp.py new file mode 100644 index 000000000000..576911b6d3d1 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_mdatp.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_mdatp.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "MicrosoftCloudAppSecurity", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_cloud_app_security.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_cloud_app_security.py new file mode 100644 index 000000000000..2b85d0ea6476 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_cloud_app_security.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_microsoft_cloud_app_security.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "MicrosoftCloudAppSecurity", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_purview_information_protection.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_purview_information_protection.py new file mode 100644 index 000000000000..9c7620b7c6d2 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_purview_information_protection.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_microsoft_purview_information_protection.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "MicrosoftPurviewInformationProtection", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_threat_intelligence.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_threat_intelligence.py new file mode 100644 index 000000000000..e8481b2aa3c5 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_threat_intelligence.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_microsoft_threat_intelligence.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "MicrosoftThreatIntelligence", + "properties": {"tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_threat_protection.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_threat_protection.py new file mode 100644 index 000000000000..7c79f9462f51 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_microsoft_threat_protection.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_microsoft_threat_protection.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "MicrosoftThreatProtection", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office365_project.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office365_project.py new file mode 100644 index 000000000000..16d57ce28b52 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office365_project.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_office365_project.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "Office365Project", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_atp.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_atp.py new file mode 100644 index 000000000000..ae7f37a2542f --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_atp.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_office_atp.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "OfficeATP", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_irm.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_irm.py new file mode 100644 index 000000000000..e52fda1b4531 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_irm.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_office_irm.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "OfficeIRM", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_power_bi.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_power_bi.py new file mode 100644 index 000000000000..e090563e2bca --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_office_power_bi.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_office_power_bi.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "OfficePowerBI", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_threat_intelligence.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_threat_intelligence.py new file mode 100644 index 000000000000..b71ccc5b5eb2 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_threat_intelligence.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_threat_intelligence.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "ThreatIntelligence", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_threat_intelligence_taxii.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_threat_intelligence_taxii.py new file mode 100644 index 000000000000..b745d5ded554 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/check_requirements_threat_intelligence_taxii.py @@ -0,0 +1,45 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python check_requirements_threat_intelligence_taxii.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors_check_requirements.post( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connectors_check_requirements={ + "kind": "ThreatIntelligenceTaxii", + "properties": {"tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/connect_api_polling.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/connect_api_polling.py similarity index 93% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/connect_api_polling.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/connect_api_polling.py index 2a05669c46df..b4f19cdb0e2e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/connect_api_polling.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/connect_api_polling.py @@ -29,7 +29,7 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.data_connectors.connect( + client.data_connectors.connect( resource_group_name="myRg", workspace_name="myWorkspace", data_connector_id="316ec55e-7138-4d63-ab18-90c8a60fd1c8", @@ -46,9 +46,8 @@ def main(): ], }, ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/ConnectAPIPolling.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/ConnectAPIPolling.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/connect_api_polling_v2_logs.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/connect_api_polling_v2_logs.py similarity index 94% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/connect_api_polling_v2_logs.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/connect_api_polling_v2_logs.py index f63f252194af..1d31dfc361be 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/connect_api_polling_v2_logs.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/connect_api_polling_v2_logs.py @@ -29,7 +29,7 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.data_connectors.connect( + client.data_connectors.connect( resource_group_name="myRg", workspace_name="myWorkspace", data_connector_id="316ec55e-7138-4d63-ab18-90c8a60fd1c8", @@ -49,9 +49,8 @@ def main(): ], }, ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_api_polling.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_api_polling.py similarity index 99% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_api_polling.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_api_polling.py index ceceb21be0af..ba5eabd5bee8 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_api_polling.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_api_polling.py @@ -121,6 +121,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateAPIPolling.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CreateAPIPolling.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_dynamics365_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_dynamics365_data_connetor.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_dynamics365_data_connetor.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_dynamics365_data_connetor.py index 14c0e141de06..c9190289e4e0 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_dynamics365_data_connetor.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_dynamics365_data_connetor.py @@ -45,6 +45,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_generic_ui.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_generic_ui.py similarity index 99% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_generic_ui.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_generic_ui.py index b28a4a25f666..919f874d4994 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_generic_ui.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_generic_ui.py @@ -156,6 +156,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateGenericUI.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CreateGenericUI.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_google_cloud_platform.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_google_cloud_platform.py new file mode 100644 index 000000000000..17f945a12f78 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_google_cloud_platform.py @@ -0,0 +1,60 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_google_cloud_platform.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_id="GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + data_connector={ + "kind": "GCP", + "properties": { + "auth": { + "projectNumber": "123456789012", + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "type": "GCP", + "workloadIdentityProviderId": "sentinel-identity-provider", + }, + "connectorDefinitionName": "GcpConnector", + "dcrConfig": { + "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023", + "streamName": "SENTINEL_GCP_AUDIT_LOGS", + }, + "request": {"projectId": "project-id", "subscriptionNames": ["sentinel-subscription"]}, + }, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_purview_information_protection_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_purview_information_protection_data_connetor.py new file mode 100644 index 000000000000..f04ae8296a8c --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_purview_information_protection_data_connetor.py @@ -0,0 +1,50 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_microsoft_purview_information_protection_data_connetor.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", + data_connector={ + "etag": '"0300bf09-0000-0000-0000-5c37296e0000"', + "kind": "MicrosoftPurviewInformationProtection", + "properties": { + "dataTypes": {"logs": {"state": "Enabled"}}, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + }, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_threat_intelligence_data_connector.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_threat_intelligence_data_connector.py new file mode 100644 index 000000000000..08d48ddb31e0 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_threat_intelligence_data_connector.py @@ -0,0 +1,51 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_microsoft_threat_intelligence_data_connector.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_id="c345bf40-8509-4ed2-b947-50cb773aaf04", + data_connector={ + "kind": "MicrosoftThreatIntelligence", + "properties": { + "dataTypes": { + "microsoftEmergingThreatFeed": {"lookbackPeriod": "1970-01-01T00:00:00.000Z", "state": "Enabled"} + }, + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + }, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_threat_protection_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_threat_protection_data_connetor.py new file mode 100644 index 000000000000..9bfdc445582f --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_microsoft_threat_protection_data_connetor.py @@ -0,0 +1,51 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_microsoft_threat_protection_data_connetor.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", + data_connector={ + "etag": '"0300bf09-0000-0000-0000-5c37296e0000"', + "kind": "MicrosoftThreatProtection", + "properties": { + "dataTypes": {"alerts": {"state": "Enabled"}, "incidents": {"state": "Disabled"}}, + "filteredProviders": {"alerts": ["microsoftDefenderForCloudApps"]}, + "tenantId": "178265c4-3136-4ff6-8ed1-b5b62b4cb5f5", + }, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office365_project_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_office365_project_data_connetor.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office365_project_data_connetor.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_office365_project_data_connetor.py index 17400d2e0bbe..d8324ee50bc4 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office365_project_data_connetor.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_office365_project_data_connetor.py @@ -45,6 +45,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_office_data_connetor.py similarity index 97% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office_data_connetor.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_office_data_connetor.py index e64dbac15d70..e8c9c66bde90 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office_data_connetor.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_office_data_connetor.py @@ -49,6 +49,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office_power_bi_data_connector.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_office_power_bi_data_connector.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office_power_bi_data_connector.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_office_power_bi_data_connector.py index c2c0e69ee1c2..7d01343e19c5 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_office_power_bi_data_connector.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_office_power_bi_data_connector.py @@ -45,6 +45,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_threat_intelligence_data_connector.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_threat_intelligence_data_connector.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_threat_intelligence_data_connector.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_threat_intelligence_data_connector.py index e58c78df5816..3ff225232755 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_threat_intelligence_data_connector.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_threat_intelligence_data_connector.py @@ -45,6 +45,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_threat_intelligence_taxii_data_connector.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_threat_intelligence_taxii_data_connector.py similarity index 97% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_threat_intelligence_taxii_data_connector.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_threat_intelligence_taxii_data_connector.py index 1b4a4587c163..414bf52b3624 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_threat_intelligence_taxii_data_connector.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/create_threat_intelligence_taxii_data_connector.py @@ -53,6 +53,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_api_polling.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_api_polling.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_api_polling.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_api_polling.py index 49864982ae30..107aff358f3a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_api_polling.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_api_polling.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.data_connectors.delete( + client.data_connectors.delete( resource_group_name="myRg", workspace_name="myWorkspace", data_connector_id="316ec55e-7138-4d63-ab18-90c8a60fd1c8", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/DeleteAPIPolling.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/DeleteAPIPolling.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_generic_ui.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_generic_ui.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_generic_ui.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_generic_ui.py index b73a6e33886e..0cdf46dc58a0 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_generic_ui.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_generic_ui.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.data_connectors.delete( + client.data_connectors.delete( resource_group_name="myRg", workspace_name="myWorkspace", data_connector_id="316ec55e-7138-4d63-ab18-90c8a60fd1c8", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/DeleteGenericUI.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/DeleteGenericUI.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_google_cloud_platform.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_google_cloud_platform.py new file mode 100644 index 000000000000..09664e6a785b --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_google_cloud_platform.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_google_cloud_platform.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.data_connectors.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_id="GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_microsoft_purview_information_protection_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_microsoft_purview_information_protection_data_connetor.py new file mode 100644 index 000000000000..1e8d160970d5 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_microsoft_purview_information_protection_data_connetor.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_microsoft_purview_information_protection_data_connetor.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.data_connectors.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_microsoft_threat_intelligence_data_connector.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_microsoft_threat_intelligence_data_connector.py new file mode 100644 index 000000000000..19efd2c1743d --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_microsoft_threat_intelligence_data_connector.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_microsoft_threat_intelligence_data_connector.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.data_connectors.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_id="c345bf40-8509-4ed2-b947-50cb773aaf04", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office365_project_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_office365_project_data_connetor.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office365_project_data_connetor.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_office365_project_data_connetor.py index 8b565c226eb2..56fe91b27956 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office365_project_data_connetor.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_office365_project_data_connetor.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.data_connectors.delete( + client.data_connectors.delete( resource_group_name="myRg", workspace_name="myWorkspace", data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_office_data_connetor.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_data_connetor.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_office_data_connetor.py index ea1346bce56e..8e1227e2e301 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_data_connetor.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_office_data_connetor.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.data_connectors.delete( + client.data_connectors.delete( resource_group_name="myRg", workspace_name="myWorkspace", data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_power_bi_data_connetor.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_office_power_bi_data_connetor.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_power_bi_data_connetor.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_office_power_bi_data_connetor.py index 9e48c8e08851..11cc980712bd 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_power_bi_data_connetor.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/delete_office_power_bi_data_connetor.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.data_connectors.delete( + client.data_connectors.delete( resource_group_name="myRg", workspace_name="myWorkspace", data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/disconnect_api_polling.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/disconnect_api_polling.py similarity index 91% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/disconnect_api_polling.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/disconnect_api_polling.py index 86acefb3218e..6efd31b5d1b9 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/disconnect_api_polling.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/disconnect_api_polling.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.data_connectors.disconnect( + client.data_connectors.disconnect( resource_group_name="myRg", workspace_name="myWorkspace", data_connector_id="316ec55e-7138-4d63-ab18-90c8a60fd1c8", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/DisconnectAPIPolling.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/DisconnectAPIPolling.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_amazon_web_services_cloud_trail_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_amazon_web_services_cloud_trail_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_amazon_web_services_cloud_trail_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_amazon_web_services_cloud_trail_by_id.py index 763052e052f7..77c370f6f585 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_amazon_web_services_cloud_trail_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_amazon_web_services_cloud_trail_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_amazon_web_services_s3_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_amazon_web_services_s3_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_amazon_web_services_s3_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_amazon_web_services_s3_by_id.py index 6738b3b06f21..6cb77eff2a77 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_amazon_web_services_s3_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_amazon_web_services_s3_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_api_polling.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_api_polling.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_api_polling.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_api_polling.py index e36510675dde..47606c6cb66e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_api_polling.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_api_polling.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetAPIPolling.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetAPIPolling.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_active_directory_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_azure_active_directory_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_active_directory_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_azure_active_directory_by_id.py index 6fce52a1fd6c..65a2ddc82e16 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_active_directory_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_azure_active_directory_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_advanced_threat_protection_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_azure_advanced_threat_protection_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_advanced_threat_protection_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_azure_advanced_threat_protection_by_id.py index b6d603f21861..73e2b2b74927 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_advanced_threat_protection_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_azure_advanced_threat_protection_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_security_center_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_azure_security_center_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_security_center_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_azure_security_center_by_id.py index efd0ea37571e..6cf26b70055f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_security_center_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_azure_security_center_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_data_connectors.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_data_connectors.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_data_connectors.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_data_connectors.py index 3427dc2447ff..8e7b104afe4d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_data_connectors.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_data_connectors.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetDataConnectors.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetDataConnectors.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_dynamics365_data_connector_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_dynamics365_data_connector_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_dynamics365_data_connector_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_dynamics365_data_connector_by_id.py index 7b5578864e8a..12ee072d7640 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_dynamics365_data_connector_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_dynamics365_data_connector_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_generic_ui.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_generic_ui.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_generic_ui.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_generic_ui.py index 3d93903adcd8..fdb52a0c3d31 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_generic_ui.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_generic_ui.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetGenericUI.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetGenericUI.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_google_cloud_platform_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_google_cloud_platform_by_id.py new file mode 100644 index 000000000000..55d53160d970 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_google_cloud_platform_by_id.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_google_cloud_platform_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_id="GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_io_tby_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_io_tby_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_io_tby_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_io_tby_id.py index 2862942122ce..c8a5fdfb69f2 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_io_tby_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_io_tby_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetIoTById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetIoTById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_cloud_app_security_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_cloud_app_security_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_cloud_app_security_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_cloud_app_security_by_id.py index 31c5ac11df7d..dd7934f6195e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_cloud_app_security_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_cloud_app_security_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_defender_advanced_threat_protection_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_defender_advanced_threat_protection_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_defender_advanced_threat_protection_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_defender_advanced_threat_protection_by_id.py index b1d6154e90aa..3e7fe8c8695c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_defender_advanced_threat_protection_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_defender_advanced_threat_protection_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_insider_risk_management_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_insider_risk_management_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_insider_risk_management_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_insider_risk_management_by_id.py index 51ae83893b7d..4cf85aead694 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_insider_risk_management_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_insider_risk_management_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_purview_information_protection_data_connetor_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_purview_information_protection_data_connetor_by_id.py new file mode 100644 index 000000000000..bbb8bf50bb69 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_purview_information_protection_data_connetor_by_id.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_microsoft_purview_information_protection_data_connetor_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_threat_intelligence_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_threat_intelligence_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_threat_intelligence_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_threat_intelligence_by_id.py index 404e3265f958..062244991a4c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_threat_intelligence_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_threat_intelligence_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_threat_protection_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_threat_protection_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_threat_protection_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_threat_protection_by_id.py index d97c5ff04218..fd2f4ec2ab8b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_microsoft_threat_protection_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_microsoft_threat_protection_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office365_advanced_threat_protection_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office365_advanced_threat_protection_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office365_advanced_threat_protection_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office365_advanced_threat_protection_by_id.py index ce52eaf4847f..29ca4ef6207a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office365_advanced_threat_protection_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office365_advanced_threat_protection_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office365_project_data_connetor_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office365_project_data_connetor_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office365_project_data_connetor_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office365_project_data_connetor_by_id.py index 5486268cc6f0..5721c516b300 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office365_project_data_connetor_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office365_project_data_connetor_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_data_connetor_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office_data_connetor_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_data_connetor_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office_data_connetor_by_id.py index 0a4e4319b4f7..ce265eeaf6ce 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_data_connetor_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office_data_connetor_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_power_bi_data_connetor_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office_power_bi_data_connetor_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_power_bi_data_connetor_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office_power_bi_data_connetor_by_id.py index 6136caf31c43..60fb119f8369 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_power_bi_data_connetor_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_office_power_bi_data_connetor_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_threat_intelligence_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_threat_intelligence_by_id.py new file mode 100644 index 000000000000..930b6c09dd0a --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_threat_intelligence_by_id.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_threat_intelligence_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.data_connectors.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + data_connector_id="c345bf40-8509-4ed2-b947-50cb773aaf04", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence_taxii_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_threat_intelligence_taxii_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence_taxii_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_threat_intelligence_taxii_by_id.py index 52cb79c118e1..eb658d77fe8a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence_taxii_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/data_connectors/get_threat_intelligence_taxii_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_geodata_by_ip.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/enrichment/get_geodata_by_ip.py similarity index 95% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_geodata_by_ip.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/enrichment/get_geodata_by_ip.py index 93496f23f2d7..4b712baf2a3b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_geodata_by_ip.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/enrichment/get_geodata_by_ip.py @@ -36,6 +36,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/enrichment/GetGeodataByIp.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/enrichment/GetGeodataByIp.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_whois_by_domain_name.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/enrichment/get_whois_by_domain_name.py similarity index 95% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_whois_by_domain_name.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/enrichment/get_whois_by_domain_name.py index 53f54bfb1d25..7ab4a4213ad2 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_whois_by_domain_name.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/enrichment/get_whois_by_domain_name.py @@ -36,6 +36,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/enrichment/GetWhoisByDomainName.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/enrichment/GetWhoisByDomainName.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_expand_entity.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/expand/post_expand_entity.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_expand_entity.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/expand/post_expand_entity.py index 6419a34d794d..28857514c214 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_expand_entity.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/expand/post_expand_entity.py @@ -42,6 +42,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/expand/PostExpandEntity.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/expand/PostExpandEntity.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_account_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_account_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_account_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_account_entity_by_id.py index 4cdf7445de26..a0c64ae26b75 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_account_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_account_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetAccountEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetAccountEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_resource_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_azure_resource_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_resource_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_azure_resource_entity_by_id.py index b050cca4c7c5..21cd46ddfa3f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_azure_resource_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_azure_resource_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetAzureResourceEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetAzureResourceEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_cloud_application_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_cloud_application_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_cloud_application_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_cloud_application_entity_by_id.py index 6f0e16b2e736..98a56a645c6f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_cloud_application_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_cloud_application_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetCloudApplicationEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetCloudApplicationEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_dns_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_dns_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_dns_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_dns_entity_by_id.py index d12e56266b46..15e169855564 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_dns_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_dns_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetDnsEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetDnsEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entities.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_entities.py similarity index 95% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entities.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_entities.py index 7497dda7be87..bca03e6b4f8a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entities.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_entities.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetEntities.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetEntities.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_file_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_file_entity_by_id.py index 91f2d212d0ef..a77f84c85561 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_file_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetFileEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetFileEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_hash_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_file_hash_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_hash_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_file_hash_entity_by_id.py index e3191f6d250b..051546120c77 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_hash_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_file_hash_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetFileHashEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetFileHashEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_host_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_host_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_host_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_host_entity_by_id.py index da73796bf50e..8d1bb82f705f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_host_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_host_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetHostEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetHostEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_io_tdevice_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_io_tdevice_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_io_tdevice_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_io_tdevice_entity_by_id.py index eb492445a610..21f2acc5f495 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_io_tdevice_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_io_tdevice_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetIoTDeviceEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetIoTDeviceEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_ip_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_ip_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_ip_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_ip_entity_by_id.py index 0df0f6826bed..c9693ef07931 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_ip_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_ip_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetIpEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetIpEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mail_cluster_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_mail_cluster_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mail_cluster_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_mail_cluster_entity_by_id.py index f43526065efd..b66a2c9c5309 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mail_cluster_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_mail_cluster_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetMailClusterEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetMailClusterEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mail_message_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_mail_message_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mail_message_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_mail_message_entity_by_id.py index 5d9c55a18e9f..309103b8aac0 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mail_message_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_mail_message_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetMailMessageEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetMailMessageEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mailbox_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_mailbox_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mailbox_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_mailbox_entity_by_id.py index ab443b71cfd7..10da539ba693 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_mailbox_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_mailbox_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetMailboxEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetMailboxEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_malware_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_malware_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_malware_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_malware_entity_by_id.py index 5c8a14d51428..5922d31959ad 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_malware_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_malware_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetMalwareEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetMalwareEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_process_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_process_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_process_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_process_entity_by_id.py index f00cd0a7d744..efdf351bb2a8 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_process_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_process_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetProcessEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetProcessEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_queries.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_queries.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_queries.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_queries.py index eb816400aa67..11738823c999 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_queries.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_queries.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetQueries.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetQueries.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_registry_key_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_registry_key_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_registry_key_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_registry_key_entity_by_id.py index cb4e42df61ca..98733768fa62 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_registry_key_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_registry_key_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetRegistryKeyEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetRegistryKeyEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_registry_value_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_registry_value_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_registry_value_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_registry_value_entity_by_id.py index 5081e924eae9..732daee50eaf 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_registry_value_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_registry_value_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetRegistryValueEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetRegistryValueEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_security_alert_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_security_alert_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_security_alert_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_security_alert_entity_by_id.py index d97f34e82268..5c83bcce37b8 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_security_alert_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_security_alert_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetSecurityAlertEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetSecurityAlertEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_security_group_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_security_group_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_security_group_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_security_group_entity_by_id.py index 4dbc57ea7730..a1db4279e2a2 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_security_group_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_security_group_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetSecurityGroupEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetSecurityGroupEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_submission_mail_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_submission_mail_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_submission_mail_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_submission_mail_entity_by_id.py index 3ee652535e57..e6dfc86e4a3c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_submission_mail_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_submission_mail_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetSubmissionMailEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetSubmissionMailEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_url_entity_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_url_entity_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_url_entity_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_url_entity_by_id.py index fb4d819a677e..cda5155ec293 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_url_entity_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/get_url_entity_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/GetUrlEntityById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/GetUrlEntityById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_get_insights.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/insights/post_get_insights.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_get_insights.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/insights/post_get_insights.py index 4e210c82efb3..8da8bd12fa90 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_get_insights.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/insights/post_get_insights.py @@ -43,6 +43,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/insights/PostGetInsights.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/insights/PostGetInsights.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_entity_relations.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/relations/get_all_entity_relations.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_entity_relations.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/relations/get_all_entity_relations.py index 292751766fbf..195ffc16f32a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_entity_relations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/relations/get_all_entity_relations.py @@ -38,6 +38,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/relations/GetAllEntityRelations.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/relations/GetAllEntityRelations.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_relation_by_name.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/relations/get_entity_relation_by_name.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_relation_by_name.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/relations/get_entity_relation_by_name.py index 9f6da60a51c1..1ec6e7183aa2 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_relation_by_name.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/relations/get_entity_relation_by_name.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/relations/GetEntityRelationByName.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/relations/GetEntityRelationByName.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_timeline_entity.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/timeline/post_timeline_entity.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_timeline_entity.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/timeline/post_timeline_entity.py index 8d224b26250a..ce38b9f90e3d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/post_timeline_entity.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entities/timeline/post_timeline_entity.py @@ -42,6 +42,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entities/timeline/PostTimelineEntity.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entities/timeline/PostTimelineEntity.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_entity_query_activity.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/create_entity_query_activity.py similarity index 98% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_entity_query_activity.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/create_entity_query_activity.py index 0d31fbd40726..37f6dcc8359d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_entity_query_activity.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/create_entity_query_activity.py @@ -59,6 +59,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueries/CreateEntityQueryActivity.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entityQueries/CreateEntityQueryActivity.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_entity_query.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/delete_entity_query.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_entity_query.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/delete_entity_query.py index a65893898988..4306cedb4874 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_entity_query.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/delete_entity_query.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.entity_queries.delete( + client.entity_queries.delete( resource_group_name="myRg", workspace_name="myWorkspace", entity_query_id="07da3cc8-c8ad-4710-a44e-334cdcb7882b", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueries/DeleteEntityQuery.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entityQueries/DeleteEntityQuery.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_activity_entity_query_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/get_activity_entity_query_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_activity_entity_query_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/get_activity_entity_query_by_id.py index 627d89dee6b5..f598c15d229d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_activity_entity_query_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/get_activity_entity_query_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueries/GetActivityEntityQueryById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entityQueries/GetActivityEntityQueryById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_queries.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/get_entity_queries.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_queries.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/get_entity_queries.py index 8cee24ba1398..e7b194237d19 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_queries.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/get_entity_queries.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueries/GetEntityQueries.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entityQueries/GetEntityQueries.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_expansion_entity_query_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/get_expansion_entity_query_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_expansion_entity_query_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/get_expansion_entity_query_by_id.py index b602cd4c4c5f..6bcd5db5e6d0 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_expansion_entity_query_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_queries/get_expansion_entity_query_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_activity_entity_query_template_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_query_templates/get_activity_entity_query_template_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_activity_entity_query_template_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_query_templates/get_activity_entity_query_template_by_id.py index 8535ed42977e..f1e8ee06c9ff 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_activity_entity_query_template_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_query_templates/get_activity_entity_query_template_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_query_templates.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_query_templates/get_entity_query_templates.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_query_templates.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_query_templates/get_entity_query_templates.py index 9891a363b78b..17041987a638 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_entity_query_templates.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/entity_query_templates/get_entity_query_templates.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_file_import.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/create_file_import.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_file_import.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/create_file_import.py index 9a9744fd6ec9..68281d706d09 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_file_import.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/create_file_import.py @@ -45,6 +45,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/fileImports/CreateFileImport.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/fileImports/CreateFileImport.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_file_import.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/delete_file_import.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_file_import.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/delete_file_import.py index 3b966a3523f3..45c1ee24dc05 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_file_import.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/delete_file_import.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/fileImports/DeleteFileImport.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/fileImports/DeleteFileImport.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_import_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/get_file_import_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_import_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/get_file_import_by_id.py index 31cca3f33ca3..8fa031d203ba 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_import_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/get_file_import_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/fileImports/GetFileImportById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/fileImports/GetFileImportById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_imports.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/get_file_imports.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_imports.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/get_file_imports.py index 453ebae65bdc..7ca19a57b324 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_file_imports.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/file_imports/get_file_imports.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/fileImports/GetFileImports.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/fileImports/GetFileImports.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt.py new file mode 100644 index 000000000000..b629a5904e22 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt.py @@ -0,0 +1,54 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_hunt.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.hunts.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + hunt={ + "properties": { + "attackTactics": ["Reconnaissance"], + "attackTechniques": ["T1595"], + "description": "Log4J Hunt Description", + "displayName": "Log4J new hunt", + "hypothesisStatus": "Unknown", + "labels": ["Label1", "Label2"], + "owner": {"objectId": "873b5263-5d34-4149-b356-ad341b01e123"}, + "status": "New", + } + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/hunts/CreateHunt.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt_comment.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt_comment.py new file mode 100644 index 000000000000..ac9acd3dc1b8 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt_comment.py @@ -0,0 +1,44 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_hunt_comment.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.hunt_comments.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + hunt_comment_id="2216d0e1-91e3-4902-89fd-d2df8c535096", + hunt_comment={"properties": {"message": "This is a test comment."}}, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/hunts/CreateHuntComment.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt_relation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt_relation.py new file mode 100644 index 000000000000..ed599baab060 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/create_hunt_relation.py @@ -0,0 +1,49 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_hunt_relation.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.hunt_relations.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + hunt_relation_id="2216d0e1-91e3-4902-89fd-d2df8c535096", + hunt_relation={ + "properties": { + "labels": ["Test Label"], + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + } + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/hunts/CreateHuntRelation.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt.py new file mode 100644 index 000000000000..ca38b51cd9e9 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_hunt.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + client.hunts.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/hunts/DeleteHunt.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt_comment.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt_comment.py new file mode 100644 index 000000000000..fb2bc4e9051b --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt_comment.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_hunt_comment.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + client.hunt_comments.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + hunt_comment_id="2216d0e1-91e3-4902-89fd-d2df8c123456", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/hunts/DeleteHuntComment.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt_relation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt_relation.py new file mode 100644 index 000000000000..04ba45d9590f --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/delete_hunt_relation.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_hunt_relation.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + client.hunt_relations.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + hunt_relation_id="2216d0e1-91e3-4902-89fd-d2df8c535096", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/hunts/DeleteHuntRelation.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_by_id.py new file mode 100644 index 000000000000..932aa0d95538 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_by_id.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_hunt_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.hunts.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/hunts/GetHuntById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_comment_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_comment_by_id.py new file mode 100644 index 000000000000..ecf34bf0581a --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_comment_by_id.py @@ -0,0 +1,43 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_hunt_comment_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.hunt_comments.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + hunt_comment_id="2216d0e1-91e3-4902-89fd-d2df8c535096", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/hunts/GetHuntCommentById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_comments.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_comments.py new file mode 100644 index 000000000000..3f1519e9cbb3 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_comments.py @@ -0,0 +1,43 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_hunt_comments.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.hunt_comments.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/hunts/GetHuntComments.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_relation_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_relation_by_id.py new file mode 100644 index 000000000000..7478870ca18c --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_relation_by_id.py @@ -0,0 +1,43 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_hunt_relation_by_id.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.hunt_relations.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + hunt_relation_id="2216d0e1-91e3-4902-89fd-d2df8c535096", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/hunts/GetHuntRelationById.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_relations.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_relations.py new file mode 100644 index 000000000000..2f8664fdecef --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunt_relations.py @@ -0,0 +1,43 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_hunt_relations.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.hunt_relations.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + hunt_id="163e7b2a-a2ec-4041-aaba-d878a38f265f", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/hunts/GetHuntRelations.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunts.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunts.py new file mode 100644 index 000000000000..4f9c9242f6d4 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/hunts/get_hunts.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_hunts.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.hunts.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/hunts/GetHunts.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_alerts.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_alerts/incidents_list_alerts.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_alerts.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_alerts/incidents_list_alerts.py index a62de178a146..22c53ddc836d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_alerts.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_alerts/incidents_list_alerts.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_bookmarks.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_bookmarks/incidents_list_bookmarks.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_bookmarks.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_bookmarks/incidents_list_bookmarks.py index b931f0ff5499..283600a87b04 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_bookmarks.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_bookmarks/incidents_list_bookmarks.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_create_or_update.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_create_or_update.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_create_or_update.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_create_or_update.py index 76b762bca38f..4fe6d0cf057d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_create_or_update.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_create_or_update.py @@ -39,6 +39,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_delete.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_delete.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_delete.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_delete.py index 41de0f2f027c..6415e2933d10 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_delete.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_delete.py @@ -29,15 +29,14 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.incident_comments.delete( + client.incident_comments.delete( resource_group_name="myRg", workspace_name="myWorkspace", incident_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", incident_comment_id="4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_get.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_get.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_get.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_get.py index 376e884be9ca..858307e15d44 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_get.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_get.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_list.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_list.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_list.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_list.py index 7fce290b89df..8c71860c69c3 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_comments_list.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_comments/incident_comments_list.py @@ -38,6 +38,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_entities.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_entities/incidents_list_entities.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_entities.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_entities/incidents_list_entities.py index 93dbebcc10c5..2578b8c62387 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list_entities.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_entities/incidents_list_entities.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_create_or_update.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_create_or_update.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_create_or_update.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_create_or_update.py index 358cd15f754e..79bb1f6b6ad3 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_create_or_update.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_create_or_update.py @@ -39,6 +39,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_delete.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_delete.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_delete.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_delete.py index 4e742bfbd432..721283e39c72 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_delete.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_delete.py @@ -29,15 +29,14 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.incident_tasks.delete( + client.incident_tasks.delete( resource_group_name="myRg", workspace_name="myWorkspace", incident_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", incident_task_id="4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_get.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_get.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_get.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_get.py index e825d109fd60..7bed8116d673 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_get.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_get.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_list.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_list.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_list.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_list.py index 371a20ddd697..0fe762566d6b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incident_tasks_list.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_tasks/incident_tasks_list.py @@ -38,6 +38,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_create_team.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_team/incidents_create_team.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_create_team.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_team/incidents_create_team.py index 6f3462eb2a73..ac089f2ccf5e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_create_team.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incident_team/incidents_create_team.py @@ -43,6 +43,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_create_or_update.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_create_or_update.py similarity index 97% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_create_or_update.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_create_or_update.py index 99dd33a78950..746505c9592e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_create_or_update.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_create_or_update.py @@ -58,6 +58,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/Incidents_CreateOrUpdate.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/incidents/Incidents_CreateOrUpdate.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_delete.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_delete.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_delete.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_delete.py index 46d6ef624106..0ec563d95cba 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_delete.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_delete.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.incidents.delete( + client.incidents.delete( resource_group_name="myRg", workspace_name="myWorkspace", incident_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/Incidents_Delete.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/incidents/Incidents_Delete.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_get.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_get.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_get.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_get.py index 159a603b2460..1b8f967cac84 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_get.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_get.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/Incidents_Get.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/incidents/Incidents_Get.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_list.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_list.py index 92ad2ea10b6b..37645eb48a0c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_list.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/incidents_list.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/Incidents_List.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/incidents/Incidents_List.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_incident_relation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/create_incident_relation.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_incident_relation.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/create_incident_relation.py index 18684885840e..18bd71c48daa 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_incident_relation.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/create_incident_relation.py @@ -43,6 +43,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/relations/CreateIncidentRelation.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/incidents/relations/CreateIncidentRelation.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_incident_relation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/delete_incident_relation.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_incident_relation.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/delete_incident_relation.py index 78337555b97a..009584ca5a06 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_incident_relation.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/delete_incident_relation.py @@ -29,15 +29,14 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.incident_relations.delete( + client.incident_relations.delete( resource_group_name="myRg", workspace_name="myWorkspace", incident_id="afbd324f-6c48-459c-8710-8d1e1cd03812", relation_name="4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/relations/DeleteIncidentRelation.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/incidents/relations/DeleteIncidentRelation.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_relations.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/get_all_incident_relations.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_relations.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/get_all_incident_relations.py index d51befaed744..b44b6b641fb5 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_incident_relations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/get_all_incident_relations.py @@ -38,6 +38,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/relations/GetAllIncidentRelations.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/incidents/relations/GetAllIncidentRelations.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_incident_relation_by_name.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/get_incident_relation_by_name.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_incident_relation_by_name.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/get_incident_relation_by_name.py index 56607932ef56..3a67be77270e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_incident_relation_by_name.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents/relations/get_incident_relation_by_name.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/incidents/relations/GetIncidentRelationByName.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/incidents/relations/GetIncidentRelationByName.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/manual_trigger/entities_run_playbook.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/manual_trigger/entities_run_playbook.py new file mode 100644 index 000000000000..07f7ee48187f --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/manual_trigger/entities_run_playbook.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python entities_run_playbook.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.entities.run_playbook( + resource_group_name="myRg", + workspace_name="myWorkspace", + entity_identifier="72e01a22-5cd2-4139-a149-9f2736ff2ar2", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/manualTrigger/Entities_RunPlaybook.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_run_playbook.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/manual_trigger/incidents_run_playbook.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_run_playbook.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/manual_trigger/incidents_run_playbook.py index eeccd2e1694d..88433d0fd1ab 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/incidents_run_playbook.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/manual_trigger/incidents_run_playbook.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_metadata.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/delete_metadata.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_metadata.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/delete_metadata.py index 49bd06ba9428..532ef475b51f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_metadata.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/delete_metadata.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.metadata.delete( + client.metadata.delete( resource_group_name="myRg", workspace_name="myWorkspace", metadata_name="metadataName", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/DeleteMetadata.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/metadata/DeleteMetadata.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_metadata.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/get_all_metadata.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_metadata.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/get_all_metadata.py index 7db4cc0f8c28..2e401ed1c9e9 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_metadata.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/get_all_metadata.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/GetAllMetadata.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/metadata/GetAllMetadata.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_metadata_odata.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/get_all_metadata_odata.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_metadata_odata.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/get_all_metadata_odata.py index 5b4257bac619..edc42381e5cb 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_metadata_odata.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/get_all_metadata_odata.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/GetAllMetadataOData.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/metadata/GetAllMetadataOData.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_metadata.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/get_metadata.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_metadata.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/get_metadata.py index e8d786700ebb..5e4974232720 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_metadata.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/get_metadata.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/GetMetadata.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/metadata/GetMetadata.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/patch_metadata.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/patch_metadata.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/patch_metadata.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/patch_metadata.py index 7cbdf1b8fb56..1c8aaa0c3958 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/patch_metadata.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/patch_metadata.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/PatchMetadata.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/metadata/PatchMetadata.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/put_metadata.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/put_metadata.py similarity index 98% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/put_metadata.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/put_metadata.py index 62ff77bced8a..db3ca9c5e450 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/put_metadata.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/put_metadata.py @@ -90,6 +90,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/PutMetadata.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/metadata/PutMetadata.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/put_metadata_minimal.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/put_metadata_minimal.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/put_metadata_minimal.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/put_metadata_minimal.py index 10215a694f1a..d9fd7785b06f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/put_metadata_minimal.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/metadata/put_metadata_minimal.py @@ -44,6 +44,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/metadata/PutMetadataMinimal.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/metadata/PutMetadataMinimal.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_consents.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/office_consents/delete_office_consents.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_consents.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/office_consents/delete_office_consents.py index d66ae4ac7351..26283afd4c3e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_office_consents.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/office_consents/delete_office_consents.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.office_consents.delete( + client.office_consents.delete( resource_group_name="myRg", workspace_name="myWorkspace", consent_id="04e5fd05-ff86-4b97-b8d2-1c20933cb46c", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/officeConsents/DeleteOfficeConsents.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/officeConsents/DeleteOfficeConsents.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_consents.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/office_consents/get_office_consents.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_consents.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/office_consents/get_office_consents.py index 047adb41a559..b154458ea233 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_consents.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/office_consents/get_office_consents.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/officeConsents/GetOfficeConsents.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/officeConsents/GetOfficeConsents.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_consents_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/office_consents/get_office_consents_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_consents_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/office_consents/get_office_consents_by_id.py index 07d171e85fe9..fb5b59f10499 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_office_consents_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/office_consents/get_office_consents_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/officeConsents/GetOfficeConsentsById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/officeConsents/GetOfficeConsentsById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_sentinel_onboarding_state.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/create_sentinel_onboarding_state.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_sentinel_onboarding_state.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/create_sentinel_onboarding_state.py index 5c8fe53f325f..53a2aab77b21 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_sentinel_onboarding_state.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/create_sentinel_onboarding_state.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_sentinel_onboarding_state.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/delete_sentinel_onboarding_state.py similarity index 91% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_sentinel_onboarding_state.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/delete_sentinel_onboarding_state.py index 7efd7e514297..7a56c798b880 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_sentinel_onboarding_state.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/delete_sentinel_onboarding_state.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.sentinel_onboarding_states.delete( + client.sentinel_onboarding_states.delete( resource_group_name="myRg", workspace_name="myWorkspace", sentinel_onboarding_state_name="default", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_sentinel_onboarding_states.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/get_all_sentinel_onboarding_states.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_sentinel_onboarding_states.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/get_all_sentinel_onboarding_states.py index 50414b351665..ff2851ed3389 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_sentinel_onboarding_states.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/get_all_sentinel_onboarding_states.py @@ -36,6 +36,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_sentinel_onboarding_state.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/get_sentinel_onboarding_state.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_sentinel_onboarding_state.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/get_sentinel_onboarding_state.py index 9913163dbb50..49d519ce7dd4 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_sentinel_onboarding_state.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/onboarding_states/get_sentinel_onboarding_state.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/list_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/operations/list_operations.py similarity index 95% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/list_operations.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/operations/list_operations.py index c5bdf9face9c..2b77b151ece7 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/list_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/operations/list_operations.py @@ -34,6 +34,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/operations/ListOperations.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/operations/ListOperations.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_recommendation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/recommendations/get_recommendation.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_recommendation.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/recommendations/get_recommendation.py index 10ce219569fc..7bc479bcee6f 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_recommendation.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/recommendations/get_recommendation.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/recommendations/GetRecommendation.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/recommendations/GetRecommendation.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_recommendations.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/recommendations/get_recommendations.py similarity index 95% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_recommendations.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/recommendations/get_recommendations.py index 049b5a6b8a82..36bfe19e7a57 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_recommendations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/recommendations/get_recommendations.py @@ -36,6 +36,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/recommendations/GetRecommendations.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/recommendations/GetRecommendations.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/patch_recommendation.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/recommendations/patch_recommendation.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/patch_recommendation.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/recommendations/patch_recommendation.py index 42ed7cf1e6ac..a753f44249ad 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/patch_recommendation.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/recommendations/patch_recommendation.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/recommendations/PatchRecommendation.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/recommendations/PatchRecommendation.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_repositories.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/repositories/get_repositories.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_repositories.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/repositories/get_repositories.py index a79ba4b95ce1..4abd8ff6da93 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_repositories.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/repositories/get_repositories.py @@ -38,6 +38,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/repositories/GetRepositories.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/repositories/GetRepositories.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/create_anomaly_security_ml_analytics_setting.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/create_anomaly_security_ml_analytics_setting.py new file mode 100644 index 000000000000..fe4cb3ab24e8 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/create_anomaly_security_ml_analytics_setting.py @@ -0,0 +1,97 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_anomaly_security_ml_analytics_setting.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.security_ml_analytics_settings.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + settings_resource_name="f209187f-1d17-4431-94af-c141bf5f23db", + security_ml_analytics_setting={ + "etag": '"260090e2-0000-0d00-0000-5d6fb8670000"', + "kind": "Anomaly", + "properties": { + "anomalySettingsVersion": 0, + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": None, + "prioritizeExcludeObservations": None, + "singleSelectObservations": [ + { + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "name": "Device vendor", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "supportedValues": ["Palo Alto Networks", "Fortinet", "Check Point"], + "supportedValuesKql": None, + "value": ["Palo Alto Networks"], + "valuesKql": None, + } + ], + "singleValueObservations": None, + "thresholdObservations": [ + { + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "maximum": "100", + "minimum": "1", + "name": "Daily data transfer threshold in MB", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "value": "25", + }, + { + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "maximum": "10", + "minimum": "2", + "name": "Number of standard deviations", + "rerun": "RerunAlways", + "sequenceNumber": 2, + "value": "3", + }, + ], + }, + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "displayName": "Login from unusual region", + "enabled": True, + "frequency": "PT1H", + "isDefaultSettings": True, + "requiredDataConnectors": [{"connectorId": "AWS", "dataTypes": ["AWSCloudTrail"]}], + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db", + "settingsStatus": "Production", + "tactics": ["Exfiltration", "CommandAndControl"], + "techniques": ["T1037", "T1021"], + }, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_security_ml_analytics_setting.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/delete_security_ml_analytics_setting.py similarity index 91% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_security_ml_analytics_setting.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/delete_security_ml_analytics_setting.py index 10c84d42cbb3..e8f8ca1ca7f4 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_security_ml_analytics_setting.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/delete_security_ml_analytics_setting.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.security_ml_analytics_settings.delete( + client.security_ml_analytics_settings.delete( resource_group_name="myRg", workspace_name="myWorkspace", settings_resource_name="f209187f-1d17-4431-94af-c141bf5f23db", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_security_ml_analytics_settings.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/get_all_security_ml_analytics_settings.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_security_ml_analytics_settings.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/get_all_security_ml_analytics_settings.py index 1a674b133d69..09eeb2dd4c61 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_security_ml_analytics_settings.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/get_all_security_ml_analytics_settings.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_anomaly_security_ml_analytics_setting.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/get_anomaly_security_ml_analytics_setting.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_anomaly_security_ml_analytics_setting.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/get_anomaly_security_ml_analytics_setting.py index 58c9a9583e24..1080f2358bae 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_anomaly_security_ml_analytics_setting.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/security_ml_analytics_settings/get_anomaly_security_ml_analytics_setting.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_eyes_on_setting.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/delete_eyes_on_setting.py similarity index 91% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_eyes_on_setting.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/delete_eyes_on_setting.py index 599eaa20379e..d2e7d8d02c8c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_eyes_on_setting.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/delete_eyes_on_setting.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.product_settings.delete( + client.product_settings.delete( resource_group_name="myRg", workspace_name="myWorkspace", settings_name="EyesOn", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/settings/DeleteEyesOnSetting.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/settings/DeleteEyesOnSetting.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_settings.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/get_all_settings.py similarity index 95% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_settings.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/get_all_settings.py index 9686f64f3e57..0bd33a7b189d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_all_settings.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/get_all_settings.py @@ -36,6 +36,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/settings/GetAllSettings.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/settings/GetAllSettings.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_eyes_on_setting.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/get_eyes_on_setting.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_eyes_on_setting.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/get_eyes_on_setting.py index 631125a81101..2681d65e6832 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_eyes_on_setting.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/get_eyes_on_setting.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/settings/GetEyesOnSetting.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/settings/GetEyesOnSetting.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/update_eyes_on_setting.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/update_eyes_on_setting.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/update_eyes_on_setting.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/update_eyes_on_setting.py index 9f10f20bb113..59221af39edc 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/update_eyes_on_setting.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/settings/update_eyes_on_setting.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/settings/UpdateEyesOnSetting.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/settings/UpdateEyesOnSetting.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_source_control.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/create_source_control.py similarity index 87% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_source_control.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/create_source_control.py index e4ba898e9ea7..f92749584cdf 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_source_control.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/create_source_control.py @@ -43,18 +43,20 @@ def main(): "repository": { "branch": "master", "displayUrl": "https://github.com/user/repo", - "pathMapping": [ - {"contentType": "AnalyticRules", "path": "path/to/rules"}, - {"contentType": "Workbook", "path": "path/to/workbooks"}, - ], "url": "https://github.com/user/repo", }, + "repositoryAccess": { + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73", + "code": "939fd7c6caf754f4f41f", + "kind": "OAuth", + "state": "state", + }, }, }, ) print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/sourcecontrols/CreateSourceControl.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/sourcecontrols/CreateSourceControl.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_source_control.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/delete_source_control.py similarity index 82% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_source_control.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/delete_source_control.py index b39bed43c896..52e2bec8878a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_source_control.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/delete_source_control.py @@ -33,10 +33,18 @@ def main(): resource_group_name="myRg", workspace_name="myWorkspace", source_control_id="789e0c1f-4a3d-43ad-809c-e713b677b04a", + repository_access={ + "repositoryAccess": { + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73", + "code": "939fd7c6caf754f4f41f", + "kind": "OAuth", + "state": "state", + } + }, ) print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/sourcecontrols/DeleteSourceControl.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/sourcecontrols/DeleteSourceControl.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_source_control_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/get_source_control_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_source_control_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/get_source_control_by_id.py index 340237ce6a45..d88a4155b59e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_source_control_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/get_source_control_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/sourcecontrols/GetSourceControlById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/sourcecontrols/GetSourceControlById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_source_controls.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/get_source_controls.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_source_controls.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/get_source_controls.py index ceb9628d252b..ed3c05262608 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_source_controls.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/sourcecontrols/get_source_controls.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/sourcecontrols/GetSourceControls.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/sourcecontrols/GetSourceControls.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/append_tags_threat_intelligence.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/append_tags_threat_intelligence.py new file mode 100644 index 000000000000..f3be61d112cf --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/append_tags_threat_intelligence.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python append_tags_threat_intelligence.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + client.threat_intelligence_indicator.append_tags( + resource_group_name="myRg", + workspace_name="myWorkspace", + name="d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + threat_intelligence_append_tags={"threatIntelligenceTags": ["tag1", "tag2"]}, + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/collect_threat_intelligence_metrics.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/collect_threat_intelligence_metrics.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/collect_threat_intelligence_metrics.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/collect_threat_intelligence_metrics.py index a75c2fbfdef1..74a9eeb8df3c 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/collect_threat_intelligence_metrics.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/collect_threat_intelligence_metrics.py @@ -36,6 +36,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/create_threat_intelligence.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/create_threat_intelligence.py new file mode 100644 index 000000000000..12d7243e8b79 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/create_threat_intelligence.py @@ -0,0 +1,63 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_threat_intelligence.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.threat_intelligence_indicator.create_indicator( + resource_group_name="myRg", + workspace_name="myWorkspace", + threat_intelligence_properties={ + "kind": "indicator", + "properties": { + "confidence": 78, + "createdByRef": "contoso@contoso.com", + "description": "debugging indicators", + "displayName": "new schema", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "labels": [], + "modified": "", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": False, + "source": "Azure Sentinel", + "threatIntelligenceTags": ["new schema"], + "threatTypes": ["compromised"], + "validFrom": "2021-09-15T17:44:00.114052Z", + "validUntil": "", + }, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/threatintelligence/CreateThreatIntelligence.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_threat_intelligence.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/delete_threat_intelligence.py similarity index 91% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_threat_intelligence.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/delete_threat_intelligence.py index 254248e2572d..c34eec29922d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_threat_intelligence.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/delete_threat_intelligence.py @@ -29,14 +29,13 @@ def main(): subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", ) - response = client.threat_intelligence_indicator.delete( + client.threat_intelligence_indicator.delete( resource_group_name="myRg", workspace_name="myWorkspace", name="d9cd6f0b-96b9-3984-17cd-a779d1e15a93", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/get_threat_intelligence.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/get_threat_intelligence.py index 6dc9762759ac..603b8c0f53b4 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/get_threat_intelligence.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/threatintelligence/GetThreatIntelligence.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/threatintelligence/GetThreatIntelligence.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/get_threat_intelligence_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/get_threat_intelligence_by_id.py index 41e6c872c5ee..fba95b819ee2 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_threat_intelligence_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/get_threat_intelligence_by_id.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/query_threat_intelligence.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/query_threat_intelligence.py new file mode 100644 index 000000000000..1e9189a9e89c --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/query_threat_intelligence.py @@ -0,0 +1,51 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python query_threat_intelligence.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.threat_intelligence_indicator.query_indicators( + resource_group_name="myRg", + workspace_name="myWorkspace", + threat_intelligence_filtering_criteria={ + "maxConfidence": 80, + "maxValidUntil": "2021-04-25T17:44:00.114052Z", + "minConfidence": 25, + "minValidUntil": "2021-04-05T17:44:00.114052Z", + "pageSize": 100, + "sortBy": [{"itemKey": "lastUpdatedTimeUtc", "sortOrder": "descending"}], + "sources": ["Azure Sentinel"], + }, + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/threatintelligence/QueryThreatIntelligence.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/replace_tags_threat_intelligence.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/replace_tags_threat_intelligence.py new file mode 100644 index 000000000000..8c8c4b426a5d --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/replace_tags_threat_intelligence.py @@ -0,0 +1,47 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python replace_tags_threat_intelligence.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.threat_intelligence_indicator.replace_tags( + resource_group_name="myRg", + workspace_name="myWorkspace", + name="d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + threat_intelligence_replace_tags={ + "etag": '"0000262c-0000-0800-0000-5e9767060000"', + "kind": "indicator", + "properties": {"threatIntelligenceTags": ["patching tags"]}, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/update_threat_intelligence.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/update_threat_intelligence.py new file mode 100644 index 000000000000..3917b0403337 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/threatintelligence/update_threat_intelligence.py @@ -0,0 +1,64 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python update_threat_intelligence.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="bd794837-4d29-4647-9105-6339bfdb4e6a", + ) + + response = client.threat_intelligence_indicator.create( + resource_group_name="myRg", + workspace_name="myWorkspace", + name="d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + threat_intelligence_properties={ + "kind": "indicator", + "properties": { + "confidence": 78, + "createdByRef": "contoso@contoso.com", + "description": "debugging indicators", + "displayName": "new schema", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "labels": [], + "modified": "", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": False, + "source": "Azure Sentinel", + "threatIntelligenceTags": ["new schema"], + "threatTypes": ["compromised"], + "validFrom": "2020-04-15T17:44:00.114052Z", + "validUntil": "", + }, + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/trigger_rule_run_post.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/trigger_rule_run_post.py new file mode 100644 index 000000000000..92d4eb9929ef --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/trigger_rule_run_post.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python trigger_rule_run_post.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.alert_rule.begin_trigger_rule_run( + resource_group_name="myRg", + workspace_name="myWorkspace", + rule_id="65360bb0-8986-4ade-a89d-af3cf44d28aa", + analytics_rule_run_trigger_parameter={"properties": {"executionTimeUtc": "2022-12-22T15:37:03.074Z"}}, + ).result() + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/triggered_analytics_rule_run_get.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/triggered_analytics_rule_run_get.py new file mode 100644 index 000000000000..7cbdda2c46d1 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/triggered_analytics_rule_run_get.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python triggered_analytics_rule_run_get.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.triggered_analytics_rule_run.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + rule_run_id="65360bb0-8986-4ade-a89d-af3cf44d28aa", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/triggered_analytics_rule_runs_get.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/triggered_analytics_rule_runs_get.py new file mode 100644 index 000000000000..51cfeb161eb7 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/triggered_analytics_rule_runs/triggered_analytics_rule_runs_get.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python triggered_analytics_rule_runs_get.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.get_triggered_analytics_rule_runs.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/create_watchlist.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/create_watchlist.py index 47b0e922392f..74f35668323b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/create_watchlist.py @@ -48,6 +48,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/CreateWatchlist.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/watchlists/CreateWatchlist.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist_and_watchlist_items.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/create_watchlist_and_watchlist_items.py similarity index 97% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist_and_watchlist_items.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/create_watchlist_and_watchlist_items.py index 96205b46222e..52a2847db55a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist_and_watchlist_items.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/create_watchlist_and_watchlist_items.py @@ -51,6 +51,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist_item.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/create_watchlist_item.py similarity index 97% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist_item.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/create_watchlist_item.py index f527c1dbf8eb..a0f1784b9b1a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/create_watchlist_item.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/create_watchlist_item.py @@ -51,6 +51,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/CreateWatchlistItem.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/watchlists/CreateWatchlistItem.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_watchlist.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/delete_watchlist.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_watchlist.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/delete_watchlist.py index 657798684a34..b5307d111f48 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_watchlist.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/delete_watchlist.py @@ -29,14 +29,13 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.watchlists.delete( + client.watchlists.delete( resource_group_name="myRg", workspace_name="myWorkspace", watchlist_alias="highValueAsset", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/DeleteWatchlist.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/watchlists/DeleteWatchlist.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_watchlist_item.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/delete_watchlist_item.py similarity index 92% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_watchlist_item.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/delete_watchlist_item.py index d22cdfb7f9df..77e3b643d6de 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/delete_watchlist_item.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/delete_watchlist_item.py @@ -29,15 +29,14 @@ def main(): subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", ) - response = client.watchlist_items.delete( + client.watchlist_items.delete( resource_group_name="myRg", workspace_name="myWorkspace", watchlist_alias="highValueAsset", watchlist_item_id="4008512e-1d30-48b2-9ee2-d3612ed9d3ea", ) - print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/DeleteWatchlistItem.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/watchlists/DeleteWatchlistItem.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_by_alias.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlist_by_alias.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_by_alias.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlist_by_alias.py index 52d3b745e293..6473140ef741 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_by_alias.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlist_by_alias.py @@ -37,6 +37,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/GetWatchlistByAlias.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/watchlists/GetWatchlistByAlias.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_item_by_id.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlist_item_by_id.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_item_by_id.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlist_item_by_id.py index 412ba40fef43..f1baa1b7fba8 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_item_by_id.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlist_item_by_id.py @@ -38,6 +38,6 @@ def main(): print(response) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/GetWatchlistItemById.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/watchlists/GetWatchlistItemById.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_items.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlist_items.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_items.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlist_items.py index ca7c80699b5b..e66bdf934705 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlist_items.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlist_items.py @@ -38,6 +38,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/GetWatchlistItems.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/watchlists/GetWatchlistItems.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlists.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlists.py similarity index 96% rename from sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlists.py rename to sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlists.py index 2546e29b6ff9..c31aa7667048 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/get_watchlists.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/watchlists/get_watchlists.py @@ -37,6 +37,6 @@ def main(): print(item) -# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-12-01-preview/examples/watchlists/GetWatchlists.json +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/watchlists/GetWatchlists.json if __name__ == "__main__": main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/create_job.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/create_job.py new file mode 100644 index 000000000000..a3117e10a192 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/create_job.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_job.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_assignment_jobs.create( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_assignment_name="47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/workspaceManagerAssignments/CreateJob.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/create_or_update_workspace_manager_assignment.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/create_or_update_workspace_manager_assignment.py new file mode 100644 index 000000000000..6d33df4130a3 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/create_or_update_workspace_manager_assignment.py @@ -0,0 +1,55 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_or_update_workspace_manager_assignment.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_assignments.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_assignment_name="47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + workspace_manager_assignment={ + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + }, + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96", + } + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/delete_job.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/delete_job.py new file mode 100644 index 000000000000..324a9612330d --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/delete_job.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_job.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.workspace_manager_assignment_jobs.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_assignment_name="47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + job_name="cfbe1338-8276-4d5d-8b96-931117f9fa0e", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/workspaceManagerAssignments/DeleteJob.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/delete_workspace_manager_assignment.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/delete_workspace_manager_assignment.py new file mode 100644 index 000000000000..36bc7b46c787 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/delete_workspace_manager_assignment.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_workspace_manager_assignment.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.workspace_manager_assignments.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_assignment_name="47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_all_jobs.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_all_jobs.py new file mode 100644 index 000000000000..6f493b41edcb --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_all_jobs.py @@ -0,0 +1,43 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_all_jobs.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_assignment_jobs.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_assignment_name="47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_all_workspace_manager_assignments.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_all_workspace_manager_assignments.py new file mode 100644 index 000000000000..12d8a1e69511 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_all_workspace_manager_assignments.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_all_workspace_manager_assignments.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_assignments.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_job.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_job.py new file mode 100644 index 000000000000..69215ffd2e84 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_job.py @@ -0,0 +1,43 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_job.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_assignment_jobs.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_assignment_name="47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + job_name="cfbe1338-8276-4d5d-8b96-931117f9fa0e", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/workspaceManagerAssignments/GetJob.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_workspace_manager_assignment.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_workspace_manager_assignment.py new file mode 100644 index 000000000000..4e4a91172d1d --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_assignments/get_workspace_manager_assignment.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_workspace_manager_assignment.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_assignments.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_assignment_name="47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/create_or_update_workspace_manager_configuration.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/create_or_update_workspace_manager_configuration.py new file mode 100644 index 000000000000..20b44a994876 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/create_or_update_workspace_manager_configuration.py @@ -0,0 +1,43 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_or_update_workspace_manager_configuration.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_configurations.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_configuration_name="default", + workspace_manager_configuration={"properties": {"mode": "Enabled"}}, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/delete_workspace_manager_configuration.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/delete_workspace_manager_configuration.py new file mode 100644 index 000000000000..62b467b7b56f --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/delete_workspace_manager_configuration.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_workspace_manager_configuration.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.workspace_manager_configurations.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_configuration_name="default", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/get_all_workspace_manager_configurations.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/get_all_workspace_manager_configurations.py new file mode 100644 index 000000000000..e4d919733116 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/get_all_workspace_manager_configurations.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_all_workspace_manager_configurations.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_configurations.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/get_workspace_manager_configuration.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/get_workspace_manager_configuration.py new file mode 100644 index 000000000000..6b5ced0b88f3 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_configurations/get_workspace_manager_configuration.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_workspace_manager_configuration.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_configurations.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_configuration_name="default", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/create_or_update_workspace_manager_group.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/create_or_update_workspace_manager_group.py new file mode 100644 index 000000000000..580b4125a2ce --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/create_or_update_workspace_manager_group.py @@ -0,0 +1,49 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_or_update_workspace_manager_group.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_groups.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_group_name="37207a7a-3b8a-438f-a559-c7df400e1b96", + workspace_manager_group={ + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": ["afbd324f-6c48-459c-8710-8d1e1cd03812", "f5fa104e-c0e3-4747-9182-d342dc048a9e"], + } + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/delete_workspace_manager_group.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/delete_workspace_manager_group.py new file mode 100644 index 000000000000..2c7cb2b2ef92 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/delete_workspace_manager_group.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_workspace_manager_group.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.workspace_manager_groups.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_group_name="37207a7a-3b8a-438f-a559-c7df400e1b96", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/get_all_workspace_manager_groups.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/get_all_workspace_manager_groups.py new file mode 100644 index 000000000000..827411cd818c --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/get_all_workspace_manager_groups.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_all_workspace_manager_groups.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_groups.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/get_workspace_manager_group.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/get_workspace_manager_group.py new file mode 100644 index 000000000000..471a51c2a730 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_groups/get_workspace_manager_group.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_workspace_manager_group.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_groups.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_group_name="37207a7a-3b8a-438f-a559-c7df400e1b96", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/create_or_update_workspace_manager_member.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/create_or_update_workspace_manager_member.py new file mode 100644 index 000000000000..4c2b977241e6 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/create_or_update_workspace_manager_member.py @@ -0,0 +1,48 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python create_or_update_workspace_manager_member.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_members.create_or_update( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_member_name="afbd324f-6c48-459c-8710-8d1e1cd03812", + workspace_manager_member={ + "properties": { + "targetWorkspaceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd", + } + }, + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/delete_workspace_manager_member.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/delete_workspace_manager_member.py new file mode 100644 index 000000000000..751d608e5b9e --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/delete_workspace_manager_member.py @@ -0,0 +1,41 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python delete_workspace_manager_member.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + client.workspace_manager_members.delete( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_member_name="afbd324f-6c48-459c-8710-8d1e1cd03812", + ) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/get_all_workspace_manager_members.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/get_all_workspace_manager_members.py new file mode 100644 index 000000000000..f613a806f891 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/get_all_workspace_manager_members.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_all_workspace_manager_members.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_members.list( + resource_group_name="myRg", + workspace_name="myWorkspace", + ) + for item in response: + print(item) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json +if __name__ == "__main__": + main() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/get_workspace_manager_member.py b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/get_workspace_manager_member.py new file mode 100644 index 000000000000..dfeab5942076 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/generated_samples/workspace_manager_members/get_workspace_manager_member.py @@ -0,0 +1,42 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- + +from azure.identity import DefaultAzureCredential +from azure.mgmt.securityinsight import SecurityInsights + +""" +# PREREQUISITES + pip install azure-identity + pip install azure-mgmt-securityinsight +# USAGE + python get_workspace_manager_member.py + + Before run the sample, please set the values of the client ID, tenant ID and client secret + of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID, + AZURE_CLIENT_SECRET. For more info about how to get the value, please see: + https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal +""" + + +def main(): + client = SecurityInsights( + credential=DefaultAzureCredential(), + subscription_id="d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + ) + + response = client.workspace_manager_members.get( + resource_group_name="myRg", + workspace_name="myWorkspace", + workspace_manager_member_name="afbd324f-6c48-459c-8710-8d1e1cd03812", + ) + print(response) + + +# x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-08-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json +if __name__ == "__main__": + main()