From 870eeac701ab9291a8caf422d4475feea6e2bd7c Mon Sep 17 00:00:00 2001 From: Azure SDK for Python bot Date: Wed, 14 Aug 2019 23:05:46 -0700 Subject: [PATCH] [AutoPR securityinsights/resource-manager] Adding alertRuleTemplates swagger spec to securityInsight (#6773) * Generated from d731243f4645a2df9c8389e10e93be04ea78a620 Add alertRuleTemplates endpoint to securityInsight * Generated from d09f26c587fddd31fa13cb3d94d7a9bbe8d58ec8 fix merge conflict * Generated from efe14acff06c754692f29bffee877f29edb68b89 Bookmarks swagger updates * Generated from 07393c4915496b1768a08c5f408b05cdb2a27f10 fix typos * Generated from 98fdd0347934e59d39a7b6f803f170933c96d199 fix typo --- .../mgmt/securityinsight/models/__init__.py | 39 +++- .../models/alert_rule_kind1.py | 2 +- .../models/alert_rule_kind1_py3.py | 2 +- .../models/alert_rule_template.py | 64 ++++++ .../models/alert_rule_template_paged.py | 27 +++ .../models/alert_rule_template_py3.py | 64 ++++++ .../base_alert_rule_template_properties.py | 65 +++++++ ...base_alert_rule_template_properties_py3.py | 65 +++++++ .../mgmt/securityinsight/models/bookmark.py | 20 +- .../securityinsight/models/bookmark_py3.py | 22 ++- .../models/data_connector_status.py | 33 ++++ .../models/data_connector_status_py3.py | 33 ++++ .../models/filter_alert_rule_template.py | 108 +++++++++++ ...er_alert_rule_template_properties_model.py | 39 ++++ ...lert_rule_template_properties_model_py3.py | 39 ++++ .../models/filter_alert_rule_template_py3.py | 108 +++++++++++ .../models/fusion_alert_rule_template.py | 96 +++++++++ ...on_alert_rule_template_properties_model.py | 29 +++ ...lert_rule_template_properties_model_py3.py | 29 +++ .../models/fusion_alert_rule_template_py3.py | 96 +++++++++ .../models/scheduled_alert_rule_template.py | 129 ++++++++++++ ...ed_alert_rule_template_properties_model.py | 54 ++++++ ...lert_rule_template_properties_model_py3.py | 54 ++++++ .../scheduled_alert_rule_template_py3.py | 129 ++++++++++++ .../models/security_insights_enums.py | 40 +++- .../securityinsight/operations/__init__.py | 2 + .../alert_rule_templates_operations.py | 183 ++++++++++++++++++ .../mgmt/securityinsight/security_insights.py | 5 + 28 files changed, 1550 insertions(+), 26 deletions(-) create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/alert_rule_template.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/alert_rule_template_paged.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/alert_rule_template_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/base_alert_rule_template_properties.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/base_alert_rule_template_properties_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector_status.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector_status_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/filter_alert_rule_template.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/filter_alert_rule_template_properties_model.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/filter_alert_rule_template_properties_model_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/filter_alert_rule_template_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/fusion_alert_rule_template.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/fusion_alert_rule_template_properties_model.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/fusion_alert_rule_template_properties_model_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/fusion_alert_rule_template_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/scheduled_alert_rule_template.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/scheduled_alert_rule_template_properties_model.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/scheduled_alert_rule_template_properties_model_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/scheduled_alert_rule_template_py3.py create mode 100644 sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/alert_rule_templates_operations.py diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py index 131796556f8c..9f07b9b865b1 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py @@ -14,7 +14,16 @@ from .operation_py3 import Operation from .alert_rule_py3 import AlertRule from .alert_rule_kind1_py3 import AlertRuleKind1 + from .data_connector_status_py3 import DataConnectorStatus from .scheduled_alert_rule_py3 import ScheduledAlertRule + from .alert_rule_template_py3 import AlertRuleTemplate + from .scheduled_alert_rule_template_py3 import ScheduledAlertRuleTemplate + from .base_alert_rule_template_properties_py3 import BaseAlertRuleTemplateProperties + from .scheduled_alert_rule_template_properties_model_py3 import ScheduledAlertRuleTemplatePropertiesModel + from .filter_alert_rule_template_py3 import FilterAlertRuleTemplate + from .filter_alert_rule_template_properties_model_py3 import FilterAlertRuleTemplatePropertiesModel + from .fusion_alert_rule_template_py3 import FusionAlertRuleTemplate + from .fusion_alert_rule_template_properties_model_py3 import FusionAlertRuleTemplatePropertiesModel from .action_py3 import Action from .user_info_py3 import UserInfo from .case_py3 import Case @@ -87,7 +96,16 @@ from .operation import Operation from .alert_rule import AlertRule from .alert_rule_kind1 import AlertRuleKind1 + from .data_connector_status import DataConnectorStatus from .scheduled_alert_rule import ScheduledAlertRule + from .alert_rule_template import AlertRuleTemplate + from .scheduled_alert_rule_template import ScheduledAlertRuleTemplate + from .base_alert_rule_template_properties import BaseAlertRuleTemplateProperties + from .scheduled_alert_rule_template_properties_model import ScheduledAlertRuleTemplatePropertiesModel + from .filter_alert_rule_template import FilterAlertRuleTemplate + from .filter_alert_rule_template_properties_model import FilterAlertRuleTemplatePropertiesModel + from .fusion_alert_rule_template import FusionAlertRuleTemplate + from .fusion_alert_rule_template_properties_model import FusionAlertRuleTemplatePropertiesModel from .action import Action from .user_info import UserInfo from .case import Case @@ -158,6 +176,7 @@ from .operation_paged import OperationPaged from .alert_rule_paged import AlertRulePaged from .action_paged import ActionPaged +from .alert_rule_template_paged import AlertRuleTemplatePaged from .case_paged import CasePaged from .case_comment_paged import CaseCommentPaged from .bookmark_paged import BookmarkPaged @@ -167,8 +186,11 @@ from .entity_query_paged import EntityQueryPaged from .security_insights_enums import ( AlertRuleKind, - AlertSeverity, TriggerOperator, + AttackTactic, + DataTypeStatus, + AlertSeverity, + TemplateStatus, CaseSeverity, CaseStatus, CloseReason, @@ -196,7 +218,16 @@ 'Operation', 'AlertRule', 'AlertRuleKind1', + 'DataConnectorStatus', 'ScheduledAlertRule', + 'AlertRuleTemplate', + 'ScheduledAlertRuleTemplate', + 'BaseAlertRuleTemplateProperties', + 'ScheduledAlertRuleTemplatePropertiesModel', + 'FilterAlertRuleTemplate', + 'FilterAlertRuleTemplatePropertiesModel', + 'FusionAlertRuleTemplate', + 'FusionAlertRuleTemplatePropertiesModel', 'Action', 'UserInfo', 'Case', @@ -267,6 +298,7 @@ 'OperationPaged', 'AlertRulePaged', 'ActionPaged', + 'AlertRuleTemplatePaged', 'CasePaged', 'CaseCommentPaged', 'BookmarkPaged', @@ -275,8 +307,11 @@ 'OfficeConsentPaged', 'EntityQueryPaged', 'AlertRuleKind', - 'AlertSeverity', 'TriggerOperator', + 'AttackTactic', + 'DataTypeStatus', + 'AlertSeverity', + 'TemplateStatus', 'CaseSeverity', 'CaseStatus', 'CloseReason', diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/alert_rule_kind1.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/alert_rule_kind1.py index 204fa1ddf932..d21e590eef6b 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/alert_rule_kind1.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/alert_rule_kind1.py @@ -16,7 +16,7 @@ class AlertRuleKind1(Model): """Describes an Azure resource with kind. :param kind: The kind of the alert rule. Possible values include: - 'Scheduled' + 'Scheduled', 'Filter', 'Fusion' :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind """ diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/alert_rule_kind1_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/alert_rule_kind1_py3.py index aff9133b36c9..42357df49b41 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/alert_rule_kind1_py3.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/alert_rule_kind1_py3.py @@ -16,7 +16,7 @@ class AlertRuleKind1(Model): """Describes an Azure resource with kind. :param kind: The kind of the alert rule. Possible values include: - 'Scheduled' + 'Scheduled', 'Filter', 'Fusion' :type kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind """ diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/alert_rule_template.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/alert_rule_template.py new file mode 100644 index 000000000000..d701db1b9496 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/alert_rule_template.py @@ -0,0 +1,64 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class AlertRuleTemplate(Model): + """Alert rule template. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: ScheduledAlertRuleTemplate, FilterAlertRuleTemplate, + FusionAlertRuleTemplate + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param etag: Etag of the alert rule. + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + } + + _subtype_map = { + 'kind': {'Scheduled': 'ScheduledAlertRuleTemplate', 'Filter': 'FilterAlertRuleTemplate', 'Fusion': 'FusionAlertRuleTemplate'} + } + + def __init__(self, **kwargs): + super(AlertRuleTemplate, self).__init__(**kwargs) + self.id = None + self.type = None + self.name = None + self.etag = kwargs.get('etag', None) + self.kind = None diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/alert_rule_template_paged.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/alert_rule_template_paged.py new file mode 100644 index 000000000000..84b81e65f6a2 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/alert_rule_template_paged.py @@ -0,0 +1,27 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.paging import Paged + + +class AlertRuleTemplatePaged(Paged): + """ + A paging container for iterating over a list of :class:`AlertRuleTemplate ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[AlertRuleTemplate]'} + } + + def __init__(self, *args, **kwargs): + + super(AlertRuleTemplatePaged, self).__init__(*args, **kwargs) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/alert_rule_template_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/alert_rule_template_py3.py new file mode 100644 index 000000000000..31e99120f773 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/alert_rule_template_py3.py @@ -0,0 +1,64 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class AlertRuleTemplate(Model): + """Alert rule template. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: ScheduledAlertRuleTemplate, FilterAlertRuleTemplate, + FusionAlertRuleTemplate + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param etag: Etag of the alert rule. + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + } + + _subtype_map = { + 'kind': {'Scheduled': 'ScheduledAlertRuleTemplate', 'Filter': 'FilterAlertRuleTemplate', 'Fusion': 'FusionAlertRuleTemplate'} + } + + def __init__(self, *, etag: str=None, **kwargs) -> None: + super(AlertRuleTemplate, self).__init__(**kwargs) + self.id = None + self.type = None + self.name = None + self.etag = etag + self.kind = None diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/base_alert_rule_template_properties.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/base_alert_rule_template_properties.py new file mode 100644 index 000000000000..a1d8971afa3f --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/base_alert_rule_template_properties.py @@ -0,0 +1,65 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class BaseAlertRuleTemplateProperties(Model): + """Base alert rule template property bag. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param display_name: The display name for alert rule template. + :type display_name: str + :param description: The description of the alert rule template. + :type description: str + :param tactics: The tactics of the alert rule template + :type tactics: list[str or + ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar created_date_utc: The time that this alert rule template has been + added. + :vartype created_date_utc: str + :param status: The alert rule template status. Possible values include: + 'Installed', 'Available', 'NotAvailable' + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param required_data_connectors: The required data connectors for this + template + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.DataConnectorStatus] + :param alert_rules_created_by_template_count: the number of alert rules + that were created by this template + :type alert_rules_created_by_template_count: int + """ + + _validation = { + 'created_date_utc': {'readonly': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'tactics': {'key': 'tactics', 'type': '[AttackTactic]'}, + 'created_date_utc': {'key': 'createdDateUTC', 'type': 'str'}, + 'status': {'key': 'status', 'type': 'TemplateStatus'}, + 'required_data_connectors': {'key': 'requiredDataConnectors', 'type': '[DataConnectorStatus]'}, + 'alert_rules_created_by_template_count': {'key': 'alertRulesCreatedByTemplateCount', 'type': 'int'}, + } + + def __init__(self, **kwargs): + super(BaseAlertRuleTemplateProperties, self).__init__(**kwargs) + self.display_name = kwargs.get('display_name', None) + self.description = kwargs.get('description', None) + self.tactics = kwargs.get('tactics', None) + self.created_date_utc = None + self.status = kwargs.get('status', None) + self.required_data_connectors = kwargs.get('required_data_connectors', None) + self.alert_rules_created_by_template_count = kwargs.get('alert_rules_created_by_template_count', None) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/base_alert_rule_template_properties_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/base_alert_rule_template_properties_py3.py new file mode 100644 index 000000000000..05b194a15446 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/base_alert_rule_template_properties_py3.py @@ -0,0 +1,65 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class BaseAlertRuleTemplateProperties(Model): + """Base alert rule template property bag. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :param display_name: The display name for alert rule template. + :type display_name: str + :param description: The description of the alert rule template. + :type description: str + :param tactics: The tactics of the alert rule template + :type tactics: list[str or + ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar created_date_utc: The time that this alert rule template has been + added. + :vartype created_date_utc: str + :param status: The alert rule template status. Possible values include: + 'Installed', 'Available', 'NotAvailable' + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param required_data_connectors: The required data connectors for this + template + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.DataConnectorStatus] + :param alert_rules_created_by_template_count: the number of alert rules + that were created by this template + :type alert_rules_created_by_template_count: int + """ + + _validation = { + 'created_date_utc': {'readonly': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'tactics': {'key': 'tactics', 'type': '[AttackTactic]'}, + 'created_date_utc': {'key': 'createdDateUTC', 'type': 'str'}, + 'status': {'key': 'status', 'type': 'TemplateStatus'}, + 'required_data_connectors': {'key': 'requiredDataConnectors', 'type': '[DataConnectorStatus]'}, + 'alert_rules_created_by_template_count': {'key': 'alertRulesCreatedByTemplateCount', 'type': 'int'}, + } + + def __init__(self, *, display_name: str=None, description: str=None, tactics=None, status=None, required_data_connectors=None, alert_rules_created_by_template_count: int=None, **kwargs) -> None: + super(BaseAlertRuleTemplateProperties, self).__init__(**kwargs) + self.display_name = display_name + self.description = description + self.tactics = tactics + self.created_date_utc = None + self.status = status + self.required_data_connectors = required_data_connectors + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/bookmark.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/bookmark.py index 58230219559e..38b9762e2927 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/bookmark.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/bookmark.py @@ -30,10 +30,10 @@ class Bookmark(Resource): :type etag: str :param display_name: Required. The display name of the bookmark :type display_name: str - :param last_updated_time_utc: The last time the bookmark was updated - :type last_updated_time_utc: datetime - :param created_time_utc: The time the bookmark was created - :type created_time_utc: datetime + :param updated: The last time the bookmark was updated + :type updated: datetime + :param created: The time the bookmark was created + :type created: datetime :param created_by: Describes a user that created the bookmark :type created_by: ~azure.mgmt.securityinsight.models.UserInfo :param updated_by: Describes a user that updated the bookmark @@ -44,6 +44,8 @@ class Bookmark(Resource): :type labels: list[str] :param query: Required. The query of the bookmark. :type query: str + :param query_result: The query result of the bookmark. + :type query_result: str """ _validation = { @@ -60,23 +62,25 @@ class Bookmark(Resource): 'name': {'key': 'name', 'type': 'str'}, 'etag': {'key': 'etag', 'type': 'str'}, 'display_name': {'key': 'properties.displayName', 'type': 'str'}, - 'last_updated_time_utc': {'key': 'properties.lastUpdatedTimeUtc', 'type': 'iso-8601'}, - 'created_time_utc': {'key': 'properties.createdTimeUtc', 'type': 'iso-8601'}, + 'updated': {'key': 'properties.updated', 'type': 'iso-8601'}, + 'created': {'key': 'properties.created', 'type': 'iso-8601'}, 'created_by': {'key': 'properties.createdBy', 'type': 'UserInfo'}, 'updated_by': {'key': 'properties.updatedBy', 'type': 'UserInfo'}, 'notes': {'key': 'properties.notes', 'type': 'str'}, 'labels': {'key': 'properties.labels', 'type': '[str]'}, 'query': {'key': 'properties.query', 'type': 'str'}, + 'query_result': {'key': 'properties.queryResult', 'type': 'str'}, } def __init__(self, **kwargs): super(Bookmark, self).__init__(**kwargs) self.etag = kwargs.get('etag', None) self.display_name = kwargs.get('display_name', None) - self.last_updated_time_utc = kwargs.get('last_updated_time_utc', None) - self.created_time_utc = kwargs.get('created_time_utc', None) + self.updated = kwargs.get('updated', None) + self.created = kwargs.get('created', None) self.created_by = kwargs.get('created_by', None) self.updated_by = kwargs.get('updated_by', None) self.notes = kwargs.get('notes', None) self.labels = kwargs.get('labels', None) self.query = kwargs.get('query', None) + self.query_result = kwargs.get('query_result', None) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/bookmark_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/bookmark_py3.py index c051b561db38..a8e3bec9f6c4 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/bookmark_py3.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/bookmark_py3.py @@ -30,10 +30,10 @@ class Bookmark(Resource): :type etag: str :param display_name: Required. The display name of the bookmark :type display_name: str - :param last_updated_time_utc: The last time the bookmark was updated - :type last_updated_time_utc: datetime - :param created_time_utc: The time the bookmark was created - :type created_time_utc: datetime + :param updated: The last time the bookmark was updated + :type updated: datetime + :param created: The time the bookmark was created + :type created: datetime :param created_by: Describes a user that created the bookmark :type created_by: ~azure.mgmt.securityinsight.models.UserInfo :param updated_by: Describes a user that updated the bookmark @@ -44,6 +44,8 @@ class Bookmark(Resource): :type labels: list[str] :param query: Required. The query of the bookmark. :type query: str + :param query_result: The query result of the bookmark. + :type query_result: str """ _validation = { @@ -60,23 +62,25 @@ class Bookmark(Resource): 'name': {'key': 'name', 'type': 'str'}, 'etag': {'key': 'etag', 'type': 'str'}, 'display_name': {'key': 'properties.displayName', 'type': 'str'}, - 'last_updated_time_utc': {'key': 'properties.lastUpdatedTimeUtc', 'type': 'iso-8601'}, - 'created_time_utc': {'key': 'properties.createdTimeUtc', 'type': 'iso-8601'}, + 'updated': {'key': 'properties.updated', 'type': 'iso-8601'}, + 'created': {'key': 'properties.created', 'type': 'iso-8601'}, 'created_by': {'key': 'properties.createdBy', 'type': 'UserInfo'}, 'updated_by': {'key': 'properties.updatedBy', 'type': 'UserInfo'}, 'notes': {'key': 'properties.notes', 'type': 'str'}, 'labels': {'key': 'properties.labels', 'type': '[str]'}, 'query': {'key': 'properties.query', 'type': 'str'}, + 'query_result': {'key': 'properties.queryResult', 'type': 'str'}, } - def __init__(self, *, display_name: str, query: str, etag: str=None, last_updated_time_utc=None, created_time_utc=None, created_by=None, updated_by=None, notes: str=None, labels=None, **kwargs) -> None: + def __init__(self, *, display_name: str, query: str, etag: str=None, updated=None, created=None, created_by=None, updated_by=None, notes: str=None, labels=None, query_result: str=None, **kwargs) -> None: super(Bookmark, self).__init__(**kwargs) self.etag = etag self.display_name = display_name - self.last_updated_time_utc = last_updated_time_utc - self.created_time_utc = created_time_utc + self.updated = updated + self.created = created self.created_by = created_by self.updated_by = updated_by self.notes = notes self.labels = labels self.query = query + self.query_result = query_result diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector_status.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector_status.py new file mode 100644 index 000000000000..5e8f8d3f3657 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector_status.py @@ -0,0 +1,33 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class DataConnectorStatus(Model): + """alert rule template data connector status. + + :param connector_id: the connector id + :type connector_id: str + :param data_types: The data types availability map + :type data_types: dict[str, str or + ~azure.mgmt.securityinsight.models.DataTypeStatus] + """ + + _attribute_map = { + 'connector_id': {'key': 'connectorId', 'type': 'str'}, + 'data_types': {'key': 'dataTypes', 'type': '{DataTypeStatus}'}, + } + + def __init__(self, **kwargs): + super(DataConnectorStatus, self).__init__(**kwargs) + self.connector_id = kwargs.get('connector_id', None) + self.data_types = kwargs.get('data_types', None) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector_status_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector_status_py3.py new file mode 100644 index 000000000000..177633bf2618 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/data_connector_status_py3.py @@ -0,0 +1,33 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class DataConnectorStatus(Model): + """alert rule template data connector status. + + :param connector_id: the connector id + :type connector_id: str + :param data_types: The data types availability map + :type data_types: dict[str, str or + ~azure.mgmt.securityinsight.models.DataTypeStatus] + """ + + _attribute_map = { + 'connector_id': {'key': 'connectorId', 'type': 'str'}, + 'data_types': {'key': 'dataTypes', 'type': '{DataTypeStatus}'}, + } + + def __init__(self, *, connector_id: str=None, data_types=None, **kwargs) -> None: + super(DataConnectorStatus, self).__init__(**kwargs) + self.connector_id = connector_id + self.data_types = data_types diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/filter_alert_rule_template.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/filter_alert_rule_template.py new file mode 100644 index 000000000000..74836bdc2d2a --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/filter_alert_rule_template.py @@ -0,0 +1,108 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .alert_rule_template import AlertRuleTemplate + + +class FilterAlertRuleTemplate(AlertRuleTemplate): + """Represents filter alert rule template. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param etag: Etag of the alert rule. + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param display_name: Required. The display name for alert rule template. + :type display_name: str + :param description: Required. The description of the alert rule template. + :type description: str + :param tactics: The tactics of the alert rule template + :type tactics: list[str or + ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar created_date_utc: Required. The time that this alert rule template + has been added. + :vartype created_date_utc: str + :param status: Required. The alert rule template status. Possible values + include: 'Installed', 'Available', 'NotAvailable' + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param required_data_connectors: The required data connectors for this + template + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.DataConnectorStatus] + :param alert_rules_created_by_template_count: Required. the number of + alert rules that were created by this template + :type alert_rules_created_by_template_count: int + :param filter_product: Required. The filter product name for this template + rule. + :type filter_product: str + :param filter_severities: the alert’s severities on which the cases will + be generated + :type filter_severities: list[str or + ~azure.mgmt.securityinsight.models.AlertSeverity] + :param filter_titles: the alert’s titles on which the cases will be + generated + :type filter_titles: list[str] + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'display_name': {'required': True}, + 'description': {'required': True}, + 'created_date_utc': {'required': True, 'readonly': True}, + 'status': {'required': True}, + 'alert_rules_created_by_template_count': {'required': True}, + 'filter_product': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'tactics': {'key': 'properties.tactics', 'type': '[AttackTactic]'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'str'}, + 'status': {'key': 'properties.status', 'type': 'TemplateStatus'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[DataConnectorStatus]'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'filter_product': {'key': 'properties.filterProduct', 'type': 'str'}, + 'filter_severities': {'key': 'properties.filterSeverities', 'type': '[AlertSeverity]'}, + 'filter_titles': {'key': 'properties.filterTitles', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(FilterAlertRuleTemplate, self).__init__(**kwargs) + self.display_name = kwargs.get('display_name', None) + self.description = kwargs.get('description', None) + self.tactics = kwargs.get('tactics', None) + self.created_date_utc = None + self.status = kwargs.get('status', None) + self.required_data_connectors = kwargs.get('required_data_connectors', None) + self.alert_rules_created_by_template_count = kwargs.get('alert_rules_created_by_template_count', None) + self.filter_product = kwargs.get('filter_product', None) + self.filter_severities = kwargs.get('filter_severities', None) + self.filter_titles = kwargs.get('filter_titles', None) + self.kind = 'Filter' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/filter_alert_rule_template_properties_model.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/filter_alert_rule_template_properties_model.py new file mode 100644 index 000000000000..9be1050ae430 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/filter_alert_rule_template_properties_model.py @@ -0,0 +1,39 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class FilterAlertRuleTemplatePropertiesModel(Model): + """Filter alert rule template property bag. + + :param filter_product: The filter product name for this template rule. + :type filter_product: str + :param filter_severities: the alert’s severities on which the cases will + be generated + :type filter_severities: list[str or + ~azure.mgmt.securityinsight.models.AlertSeverity] + :param filter_titles: the alert’s titles on which the cases will be + generated + :type filter_titles: list[str] + """ + + _attribute_map = { + 'filter_product': {'key': 'filterProduct', 'type': 'str'}, + 'filter_severities': {'key': 'filterSeverities', 'type': '[AlertSeverity]'}, + 'filter_titles': {'key': 'filterTitles', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(FilterAlertRuleTemplatePropertiesModel, self).__init__(**kwargs) + self.filter_product = kwargs.get('filter_product', None) + self.filter_severities = kwargs.get('filter_severities', None) + self.filter_titles = kwargs.get('filter_titles', None) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/filter_alert_rule_template_properties_model_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/filter_alert_rule_template_properties_model_py3.py new file mode 100644 index 000000000000..9c74e0c3a165 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/filter_alert_rule_template_properties_model_py3.py @@ -0,0 +1,39 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class FilterAlertRuleTemplatePropertiesModel(Model): + """Filter alert rule template property bag. + + :param filter_product: The filter product name for this template rule. + :type filter_product: str + :param filter_severities: the alert’s severities on which the cases will + be generated + :type filter_severities: list[str or + ~azure.mgmt.securityinsight.models.AlertSeverity] + :param filter_titles: the alert’s titles on which the cases will be + generated + :type filter_titles: list[str] + """ + + _attribute_map = { + 'filter_product': {'key': 'filterProduct', 'type': 'str'}, + 'filter_severities': {'key': 'filterSeverities', 'type': '[AlertSeverity]'}, + 'filter_titles': {'key': 'filterTitles', 'type': '[str]'}, + } + + def __init__(self, *, filter_product: str=None, filter_severities=None, filter_titles=None, **kwargs) -> None: + super(FilterAlertRuleTemplatePropertiesModel, self).__init__(**kwargs) + self.filter_product = filter_product + self.filter_severities = filter_severities + self.filter_titles = filter_titles diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/filter_alert_rule_template_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/filter_alert_rule_template_py3.py new file mode 100644 index 000000000000..591d342e2254 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/filter_alert_rule_template_py3.py @@ -0,0 +1,108 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .alert_rule_template_py3 import AlertRuleTemplate + + +class FilterAlertRuleTemplate(AlertRuleTemplate): + """Represents filter alert rule template. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param etag: Etag of the alert rule. + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param display_name: Required. The display name for alert rule template. + :type display_name: str + :param description: Required. The description of the alert rule template. + :type description: str + :param tactics: The tactics of the alert rule template + :type tactics: list[str or + ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar created_date_utc: Required. The time that this alert rule template + has been added. + :vartype created_date_utc: str + :param status: Required. The alert rule template status. Possible values + include: 'Installed', 'Available', 'NotAvailable' + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param required_data_connectors: The required data connectors for this + template + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.DataConnectorStatus] + :param alert_rules_created_by_template_count: Required. the number of + alert rules that were created by this template + :type alert_rules_created_by_template_count: int + :param filter_product: Required. The filter product name for this template + rule. + :type filter_product: str + :param filter_severities: the alert’s severities on which the cases will + be generated + :type filter_severities: list[str or + ~azure.mgmt.securityinsight.models.AlertSeverity] + :param filter_titles: the alert’s titles on which the cases will be + generated + :type filter_titles: list[str] + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'display_name': {'required': True}, + 'description': {'required': True}, + 'created_date_utc': {'required': True, 'readonly': True}, + 'status': {'required': True}, + 'alert_rules_created_by_template_count': {'required': True}, + 'filter_product': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'tactics': {'key': 'properties.tactics', 'type': '[AttackTactic]'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'str'}, + 'status': {'key': 'properties.status', 'type': 'TemplateStatus'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[DataConnectorStatus]'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'filter_product': {'key': 'properties.filterProduct', 'type': 'str'}, + 'filter_severities': {'key': 'properties.filterSeverities', 'type': '[AlertSeverity]'}, + 'filter_titles': {'key': 'properties.filterTitles', 'type': '[str]'}, + } + + def __init__(self, *, display_name: str, description: str, status, alert_rules_created_by_template_count: int, filter_product: str, etag: str=None, tactics=None, required_data_connectors=None, filter_severities=None, filter_titles=None, **kwargs) -> None: + super(FilterAlertRuleTemplate, self).__init__(etag=etag, **kwargs) + self.display_name = display_name + self.description = description + self.tactics = tactics + self.created_date_utc = None + self.status = status + self.required_data_connectors = required_data_connectors + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.filter_product = filter_product + self.filter_severities = filter_severities + self.filter_titles = filter_titles + self.kind = 'Filter' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/fusion_alert_rule_template.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/fusion_alert_rule_template.py new file mode 100644 index 000000000000..efd0540c8bd6 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/fusion_alert_rule_template.py @@ -0,0 +1,96 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .alert_rule_template import AlertRuleTemplate + + +class FusionAlertRuleTemplate(AlertRuleTemplate): + """Represents fusion alert rule template. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param etag: Etag of the alert rule. + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param display_name: Required. The display name for alert rule template. + :type display_name: str + :param description: Required. The description of the alert rule template. + :type description: str + :param tactics: The tactics of the alert rule template + :type tactics: list[str or + ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar created_date_utc: Required. The time that this alert rule template + has been added. + :vartype created_date_utc: str + :param status: Required. The alert rule template status. Possible values + include: 'Installed', 'Available', 'NotAvailable' + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param required_data_connectors: The required data connectors for this + template + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.DataConnectorStatus] + :param alert_rules_created_by_template_count: Required. the number of + alert rules that were created by this template + :type alert_rules_created_by_template_count: int + :param severity: The severity for alerts created by this alert rule. + Possible values include: 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'display_name': {'required': True}, + 'description': {'required': True}, + 'created_date_utc': {'required': True, 'readonly': True}, + 'status': {'required': True}, + 'alert_rules_created_by_template_count': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'tactics': {'key': 'properties.tactics', 'type': '[AttackTactic]'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'str'}, + 'status': {'key': 'properties.status', 'type': 'TemplateStatus'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[DataConnectorStatus]'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'severity': {'key': 'properties.severity', 'type': 'AlertSeverity'}, + } + + def __init__(self, **kwargs): + super(FusionAlertRuleTemplate, self).__init__(**kwargs) + self.display_name = kwargs.get('display_name', None) + self.description = kwargs.get('description', None) + self.tactics = kwargs.get('tactics', None) + self.created_date_utc = None + self.status = kwargs.get('status', None) + self.required_data_connectors = kwargs.get('required_data_connectors', None) + self.alert_rules_created_by_template_count = kwargs.get('alert_rules_created_by_template_count', None) + self.severity = kwargs.get('severity', None) + self.kind = 'Fusion' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/fusion_alert_rule_template_properties_model.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/fusion_alert_rule_template_properties_model.py new file mode 100644 index 000000000000..bda0859c9716 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/fusion_alert_rule_template_properties_model.py @@ -0,0 +1,29 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class FusionAlertRuleTemplatePropertiesModel(Model): + """Filter alert rule template property bag. + + :param severity: The severity for alerts created by this alert rule. + Possible values include: 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + """ + + _attribute_map = { + 'severity': {'key': 'severity', 'type': 'AlertSeverity'}, + } + + def __init__(self, **kwargs): + super(FusionAlertRuleTemplatePropertiesModel, self).__init__(**kwargs) + self.severity = kwargs.get('severity', None) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/fusion_alert_rule_template_properties_model_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/fusion_alert_rule_template_properties_model_py3.py new file mode 100644 index 000000000000..098b055445a7 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/fusion_alert_rule_template_properties_model_py3.py @@ -0,0 +1,29 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class FusionAlertRuleTemplatePropertiesModel(Model): + """Filter alert rule template property bag. + + :param severity: The severity for alerts created by this alert rule. + Possible values include: 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + """ + + _attribute_map = { + 'severity': {'key': 'severity', 'type': 'AlertSeverity'}, + } + + def __init__(self, *, severity=None, **kwargs) -> None: + super(FusionAlertRuleTemplatePropertiesModel, self).__init__(**kwargs) + self.severity = severity diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/fusion_alert_rule_template_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/fusion_alert_rule_template_py3.py new file mode 100644 index 000000000000..cd321c3e89a6 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/fusion_alert_rule_template_py3.py @@ -0,0 +1,96 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .alert_rule_template_py3 import AlertRuleTemplate + + +class FusionAlertRuleTemplate(AlertRuleTemplate): + """Represents fusion alert rule template. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param etag: Etag of the alert rule. + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param display_name: Required. The display name for alert rule template. + :type display_name: str + :param description: Required. The description of the alert rule template. + :type description: str + :param tactics: The tactics of the alert rule template + :type tactics: list[str or + ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar created_date_utc: Required. The time that this alert rule template + has been added. + :vartype created_date_utc: str + :param status: Required. The alert rule template status. Possible values + include: 'Installed', 'Available', 'NotAvailable' + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param required_data_connectors: The required data connectors for this + template + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.DataConnectorStatus] + :param alert_rules_created_by_template_count: Required. the number of + alert rules that were created by this template + :type alert_rules_created_by_template_count: int + :param severity: The severity for alerts created by this alert rule. + Possible values include: 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'display_name': {'required': True}, + 'description': {'required': True}, + 'created_date_utc': {'required': True, 'readonly': True}, + 'status': {'required': True}, + 'alert_rules_created_by_template_count': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'tactics': {'key': 'properties.tactics', 'type': '[AttackTactic]'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'str'}, + 'status': {'key': 'properties.status', 'type': 'TemplateStatus'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[DataConnectorStatus]'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'severity': {'key': 'properties.severity', 'type': 'AlertSeverity'}, + } + + def __init__(self, *, display_name: str, description: str, status, alert_rules_created_by_template_count: int, etag: str=None, tactics=None, required_data_connectors=None, severity=None, **kwargs) -> None: + super(FusionAlertRuleTemplate, self).__init__(etag=etag, **kwargs) + self.display_name = display_name + self.description = description + self.tactics = tactics + self.created_date_utc = None + self.status = status + self.required_data_connectors = required_data_connectors + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.severity = severity + self.kind = 'Fusion' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/scheduled_alert_rule_template.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/scheduled_alert_rule_template.py new file mode 100644 index 000000000000..56bff363d6f6 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/scheduled_alert_rule_template.py @@ -0,0 +1,129 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .alert_rule_template import AlertRuleTemplate + + +class ScheduledAlertRuleTemplate(AlertRuleTemplate): + """Represents scheduled alert rule template. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param etag: Etag of the alert rule. + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param display_name: Required. The display name for alert rule template. + :type display_name: str + :param description: Required. The description of the alert rule template. + :type description: str + :param tactics: The tactics of the alert rule template + :type tactics: list[str or + ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar created_date_utc: Required. The time that this alert rule template + has been added. + :vartype created_date_utc: str + :param status: Required. The alert rule template status. Possible values + include: 'Installed', 'Available', 'NotAvailable' + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param required_data_connectors: Required. The required data connectors + for this template + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.DataConnectorStatus] + :param alert_rules_created_by_template_count: Required. the number of + alert rules that were created by this template + :type alert_rules_created_by_template_count: int + :param severity: Required. The severity for alerts created by this alert + rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param query: Required. The query that creates alerts for this rule. + :type query: str + :param query_frequency: Required. The frequency (in ISO 8601 duration + format) for this alert rule to run. + :type query_frequency: timedelta + :param query_period: Required. The period (in ISO 8601 duration format) + that this alert rule looks at. + :type query_period: timedelta + :param trigger_operator: Required. The operation against the threshold + that triggers alert rule. Possible values include: 'GreaterThan', + 'LessThan', 'Equal', 'NotEqual' + :type trigger_operator: str or + ~azure.mgmt.securityinsight.models.TriggerOperator + :param trigger_threshold: Required. The threshold triggers this alert + rule. + :type trigger_threshold: int + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'display_name': {'required': True}, + 'description': {'required': True}, + 'created_date_utc': {'required': True, 'readonly': True}, + 'status': {'required': True}, + 'required_data_connectors': {'required': True}, + 'alert_rules_created_by_template_count': {'required': True}, + 'severity': {'required': True}, + 'query': {'required': True}, + 'query_frequency': {'required': True}, + 'query_period': {'required': True}, + 'trigger_operator': {'required': True}, + 'trigger_threshold': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'tactics': {'key': 'properties.tactics', 'type': '[AttackTactic]'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'str'}, + 'status': {'key': 'properties.status', 'type': 'TemplateStatus'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[DataConnectorStatus]'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'severity': {'key': 'properties.severity', 'type': 'AlertSeverity'}, + 'query': {'key': 'properties.query', 'type': 'str'}, + 'query_frequency': {'key': 'properties.queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'properties.queryPeriod', 'type': 'duration'}, + 'trigger_operator': {'key': 'properties.triggerOperator', 'type': 'TriggerOperator'}, + 'trigger_threshold': {'key': 'properties.triggerThreshold', 'type': 'int'}, + } + + def __init__(self, **kwargs): + super(ScheduledAlertRuleTemplate, self).__init__(**kwargs) + self.display_name = kwargs.get('display_name', None) + self.description = kwargs.get('description', None) + self.tactics = kwargs.get('tactics', None) + self.created_date_utc = None + self.status = kwargs.get('status', None) + self.required_data_connectors = kwargs.get('required_data_connectors', None) + self.alert_rules_created_by_template_count = kwargs.get('alert_rules_created_by_template_count', None) + self.severity = kwargs.get('severity', None) + self.query = kwargs.get('query', None) + self.query_frequency = kwargs.get('query_frequency', None) + self.query_period = kwargs.get('query_period', None) + self.trigger_operator = kwargs.get('trigger_operator', None) + self.trigger_threshold = kwargs.get('trigger_threshold', None) + self.kind = 'Scheduled' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/scheduled_alert_rule_template_properties_model.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/scheduled_alert_rule_template_properties_model.py new file mode 100644 index 000000000000..2471c2aa6137 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/scheduled_alert_rule_template_properties_model.py @@ -0,0 +1,54 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class ScheduledAlertRuleTemplatePropertiesModel(Model): + """Schedule alert rule template property bag. + + :param severity: The severity for alerts created by this alert rule. + Possible values include: 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for + this alert rule to run. + :type query_frequency: timedelta + :param query_period: The period (in ISO 8601 duration format) that this + alert rule looks at. + :type query_period: timedelta + :param trigger_operator: The operation against the threshold that triggers + alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', + 'NotEqual' + :type trigger_operator: str or + ~azure.mgmt.securityinsight.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + """ + + _attribute_map = { + 'severity': {'key': 'severity', 'type': 'AlertSeverity'}, + 'query': {'key': 'query', 'type': 'str'}, + 'query_frequency': {'key': 'queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'queryPeriod', 'type': 'duration'}, + 'trigger_operator': {'key': 'triggerOperator', 'type': 'TriggerOperator'}, + 'trigger_threshold': {'key': 'triggerThreshold', 'type': 'int'}, + } + + def __init__(self, **kwargs): + super(ScheduledAlertRuleTemplatePropertiesModel, self).__init__(**kwargs) + self.severity = kwargs.get('severity', None) + self.query = kwargs.get('query', None) + self.query_frequency = kwargs.get('query_frequency', None) + self.query_period = kwargs.get('query_period', None) + self.trigger_operator = kwargs.get('trigger_operator', None) + self.trigger_threshold = kwargs.get('trigger_threshold', None) diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/scheduled_alert_rule_template_properties_model_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/scheduled_alert_rule_template_properties_model_py3.py new file mode 100644 index 000000000000..676caf25f347 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/scheduled_alert_rule_template_properties_model_py3.py @@ -0,0 +1,54 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.serialization import Model + + +class ScheduledAlertRuleTemplatePropertiesModel(Model): + """Schedule alert rule template property bag. + + :param severity: The severity for alerts created by this alert rule. + Possible values include: 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param query: The query that creates alerts for this rule. + :type query: str + :param query_frequency: The frequency (in ISO 8601 duration format) for + this alert rule to run. + :type query_frequency: timedelta + :param query_period: The period (in ISO 8601 duration format) that this + alert rule looks at. + :type query_period: timedelta + :param trigger_operator: The operation against the threshold that triggers + alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', + 'NotEqual' + :type trigger_operator: str or + ~azure.mgmt.securityinsight.models.TriggerOperator + :param trigger_threshold: The threshold triggers this alert rule. + :type trigger_threshold: int + """ + + _attribute_map = { + 'severity': {'key': 'severity', 'type': 'AlertSeverity'}, + 'query': {'key': 'query', 'type': 'str'}, + 'query_frequency': {'key': 'queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'queryPeriod', 'type': 'duration'}, + 'trigger_operator': {'key': 'triggerOperator', 'type': 'TriggerOperator'}, + 'trigger_threshold': {'key': 'triggerThreshold', 'type': 'int'}, + } + + def __init__(self, *, severity=None, query: str=None, query_frequency=None, query_period=None, trigger_operator=None, trigger_threshold: int=None, **kwargs) -> None: + super(ScheduledAlertRuleTemplatePropertiesModel, self).__init__(**kwargs) + self.severity = severity + self.query = query + self.query_frequency = query_frequency + self.query_period = query_period + self.trigger_operator = trigger_operator + self.trigger_threshold = trigger_threshold diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/scheduled_alert_rule_template_py3.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/scheduled_alert_rule_template_py3.py new file mode 100644 index 000000000000..45e74fa81a27 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/scheduled_alert_rule_template_py3.py @@ -0,0 +1,129 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .alert_rule_template_py3 import AlertRuleTemplate + + +class ScheduledAlertRuleTemplate(AlertRuleTemplate): + """Represents scheduled alert rule template. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Azure resource Id + :vartype id: str + :ivar type: Azure resource type + :vartype type: str + :ivar name: Azure resource name + :vartype name: str + :param etag: Etag of the alert rule. + :type etag: str + :param kind: Required. Constant filled by server. + :type kind: str + :param display_name: Required. The display name for alert rule template. + :type display_name: str + :param description: Required. The description of the alert rule template. + :type description: str + :param tactics: The tactics of the alert rule template + :type tactics: list[str or + ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar created_date_utc: Required. The time that this alert rule template + has been added. + :vartype created_date_utc: str + :param status: Required. The alert rule template status. Possible values + include: 'Installed', 'Available', 'NotAvailable' + :type status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :param required_data_connectors: Required. The required data connectors + for this template + :type required_data_connectors: + list[~azure.mgmt.securityinsight.models.DataConnectorStatus] + :param alert_rules_created_by_template_count: Required. the number of + alert rules that were created by this template + :type alert_rules_created_by_template_count: int + :param severity: Required. The severity for alerts created by this alert + rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + :type severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :param query: Required. The query that creates alerts for this rule. + :type query: str + :param query_frequency: Required. The frequency (in ISO 8601 duration + format) for this alert rule to run. + :type query_frequency: timedelta + :param query_period: Required. The period (in ISO 8601 duration format) + that this alert rule looks at. + :type query_period: timedelta + :param trigger_operator: Required. The operation against the threshold + that triggers alert rule. Possible values include: 'GreaterThan', + 'LessThan', 'Equal', 'NotEqual' + :type trigger_operator: str or + ~azure.mgmt.securityinsight.models.TriggerOperator + :param trigger_threshold: Required. The threshold triggers this alert + rule. + :type trigger_threshold: int + """ + + _validation = { + 'id': {'readonly': True}, + 'type': {'readonly': True}, + 'name': {'readonly': True}, + 'kind': {'required': True}, + 'display_name': {'required': True}, + 'description': {'required': True}, + 'created_date_utc': {'required': True, 'readonly': True}, + 'status': {'required': True}, + 'required_data_connectors': {'required': True}, + 'alert_rules_created_by_template_count': {'required': True}, + 'severity': {'required': True}, + 'query': {'required': True}, + 'query_frequency': {'required': True}, + 'query_period': {'required': True}, + 'trigger_operator': {'required': True}, + 'trigger_threshold': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'tactics': {'key': 'properties.tactics', 'type': '[AttackTactic]'}, + 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'str'}, + 'status': {'key': 'properties.status', 'type': 'TemplateStatus'}, + 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[DataConnectorStatus]'}, + 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, + 'severity': {'key': 'properties.severity', 'type': 'AlertSeverity'}, + 'query': {'key': 'properties.query', 'type': 'str'}, + 'query_frequency': {'key': 'properties.queryFrequency', 'type': 'duration'}, + 'query_period': {'key': 'properties.queryPeriod', 'type': 'duration'}, + 'trigger_operator': {'key': 'properties.triggerOperator', 'type': 'TriggerOperator'}, + 'trigger_threshold': {'key': 'properties.triggerThreshold', 'type': 'int'}, + } + + def __init__(self, *, display_name: str, description: str, status, required_data_connectors, alert_rules_created_by_template_count: int, severity, query: str, query_frequency, query_period, trigger_operator, trigger_threshold: int, etag: str=None, tactics=None, **kwargs) -> None: + super(ScheduledAlertRuleTemplate, self).__init__(etag=etag, **kwargs) + self.display_name = display_name + self.description = description + self.tactics = tactics + self.created_date_utc = None + self.status = status + self.required_data_connectors = required_data_connectors + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.severity = severity + self.query = query + self.query_frequency = query_frequency + self.query_period = query_period + self.trigger_operator = trigger_operator + self.trigger_threshold = trigger_threshold + self.kind = 'Scheduled' diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_insights_enums.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_insights_enums.py index eaba24083e36..f119300e89e2 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_insights_enums.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/security_insights_enums.py @@ -15,6 +15,37 @@ class AlertRuleKind(str, Enum): scheduled = "Scheduled" + filter = "Filter" + fusion = "Fusion" + + +class TriggerOperator(str, Enum): + + greater_than = "GreaterThan" + less_than = "LessThan" + equal = "Equal" + not_equal = "NotEqual" + + +class AttackTactic(str, Enum): + + initial_access = "InitialAccess" + execution = "Execution" + persistence = "Persistence" + privilege_escalation = "PrivilegeEscalation" + defense_evasion = "DefenseEvasion" + credential_access = "CredentialAccess" + discovery = "Discovery" + lateral_movement = "LateralMovement" + collection = "Collection" + exfiltration = "Exfiltration" + command_and_control = "CommandAndControl" + + +class DataTypeStatus(str, Enum): + + exist = "Exist" + not_exist = "NotExist" class AlertSeverity(str, Enum): @@ -25,12 +56,11 @@ class AlertSeverity(str, Enum): informational = "Informational" #: Informational severity -class TriggerOperator(str, Enum): +class TemplateStatus(str, Enum): - greater_than = "GreaterThan" - less_than = "LessThan" - equal = "Equal" - not_equal = "NotEqual" + installed = "Installed" #: Alert rule template installed. and can not use more then once + available = "Available" #: Alert rule template is available. + not_available = "NotAvailable" #: Alert rule template is not available class CaseSeverity(str, Enum): diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py index 7916a16b79ac..798ec5d6d81b 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py @@ -12,6 +12,7 @@ from .operations import Operations from .alert_rules_operations import AlertRulesOperations from .actions_operations import ActionsOperations +from .alert_rule_templates_operations import AlertRuleTemplatesOperations from .cases_operations import CasesOperations from .comments_operations import CommentsOperations from .case_comments_operations import CaseCommentsOperations @@ -27,6 +28,7 @@ 'Operations', 'AlertRulesOperations', 'ActionsOperations', + 'AlertRuleTemplatesOperations', 'CasesOperations', 'CommentsOperations', 'CaseCommentsOperations', diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/alert_rule_templates_operations.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/alert_rule_templates_operations.py new file mode 100644 index 000000000000..5f11a18599b3 --- /dev/null +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/alert_rule_templates_operations.py @@ -0,0 +1,183 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class AlertRuleTemplatesOperations(object): + """AlertRuleTemplatesOperations operations. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2019-01-01-preview". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2019-01-01-preview" + + self.config = config + + def list( + self, resource_group_name, operational_insights_resource_provider, workspace_name, custom_headers=None, raw=False, **operation_config): + """Gets all alert rule templates. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param operational_insights_resource_provider: The namespace of + workspaces resource provider- Microsoft.OperationalInsights. + :type operational_insights_resource_provider: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of AlertRuleTemplate + :rtype: + ~azure.mgmt.securityinsight.models.AlertRuleTemplatePaged[~azure.mgmt.securityinsight.models.AlertRuleTemplate] + :raises: :class:`CloudError` + """ + def internal_paging(next_link=None, raw=False): + + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'operationalInsightsResourceProvider': self._serialize.url("operational_insights_resource_provider", operational_insights_resource_provider, 'str'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1) + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + deserialized = models.AlertRuleTemplatePaged(internal_paging, self._deserialize.dependencies) + + if raw: + header_dict = {} + client_raw_response = models.AlertRuleTemplatePaged(internal_paging, self._deserialize.dependencies, header_dict) + return client_raw_response + + return deserialized + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates'} + + def get( + self, resource_group_name, operational_insights_resource_provider, workspace_name, alert_rule_template_id, custom_headers=None, raw=False, **operation_config): + """Gets the alert rule template. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param operational_insights_resource_provider: The namespace of + workspaces resource provider- Microsoft.OperationalInsights. + :type operational_insights_resource_provider: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param alert_rule_template_id: Alert rule template ID + :type alert_rule_template_id: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: AlertRuleTemplate or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.securityinsight.models.AlertRuleTemplate or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'operationalInsightsResourceProvider': self._serialize.url("operational_insights_resource_provider", operational_insights_resource_provider, 'str'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'alertRuleTemplateId': self._serialize.url("alert_rule_template_id", alert_rule_template_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 200: + deserialized = self._deserialize('AlertRuleTemplate', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}'} diff --git a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/security_insights.py b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/security_insights.py index 5b9de58d1381..496bd58a4113 100644 --- a/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/security_insights.py +++ b/sdk/azure-mgmt-securityinsight/azure/mgmt/securityinsight/security_insights.py @@ -16,6 +16,7 @@ from .operations.operations import Operations from .operations.alert_rules_operations import AlertRulesOperations from .operations.actions_operations import ActionsOperations +from .operations.alert_rule_templates_operations import AlertRuleTemplatesOperations from .operations.cases_operations import CasesOperations from .operations.comments_operations import CommentsOperations from .operations.case_comments_operations import CaseCommentsOperations @@ -73,6 +74,8 @@ class SecurityInsights(SDKClient): :vartype alert_rules: azure.mgmt.securityinsight.operations.AlertRulesOperations :ivar actions: Actions operations :vartype actions: azure.mgmt.securityinsight.operations.ActionsOperations + :ivar alert_rule_templates: AlertRuleTemplates operations + :vartype alert_rule_templates: azure.mgmt.securityinsight.operations.AlertRuleTemplatesOperations :ivar cases: Cases operations :vartype cases: azure.mgmt.securityinsight.operations.CasesOperations :ivar comments: Comments operations @@ -119,6 +122,8 @@ def __init__( self._client, self.config, self._serialize, self._deserialize) self.actions = ActionsOperations( self._client, self.config, self._serialize, self._deserialize) + self.alert_rule_templates = AlertRuleTemplatesOperations( + self._client, self.config, self._serialize, self._deserialize) self.cases = CasesOperations( self._client, self.config, self._serialize, self._deserialize) self.comments = CommentsOperations(