1package securityinsight 2 3// Copyright (c) Microsoft Corporation. All rights reserved. 4// Licensed under the MIT License. See License.txt in the project root for license information. 5// 6// Code generated by Microsoft (R) AutoRest Code Generator. 7// Changes may cause incorrect behavior and will be lost if the code is regenerated. 8 9// AlertRuleKind enumerates the values for alert rule kind. 10type AlertRuleKind string 11 12const ( 13 // Fusion ... 14 Fusion AlertRuleKind = "Fusion" 15 // MicrosoftSecurityIncidentCreation ... 16 MicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation" 17 // Scheduled ... 18 Scheduled AlertRuleKind = "Scheduled" 19) 20 21// PossibleAlertRuleKindValues returns an array of possible values for the AlertRuleKind const type. 22func PossibleAlertRuleKindValues() []AlertRuleKind { 23 return []AlertRuleKind{Fusion, MicrosoftSecurityIncidentCreation, Scheduled} 24} 25 26// AlertSeverity enumerates the values for alert severity. 27type AlertSeverity string 28 29const ( 30 // High High severity 31 High AlertSeverity = "High" 32 // Informational Informational severity 33 Informational AlertSeverity = "Informational" 34 // Low Low severity 35 Low AlertSeverity = "Low" 36 // Medium Medium severity 37 Medium AlertSeverity = "Medium" 38) 39 40// PossibleAlertSeverityValues returns an array of possible values for the AlertSeverity const type. 41func PossibleAlertSeverityValues() []AlertSeverity { 42 return []AlertSeverity{High, Informational, Low, Medium} 43} 44 45// AttackTactic enumerates the values for attack tactic. 46type AttackTactic string 47 48const ( 49 // Collection ... 50 Collection AttackTactic = "Collection" 51 // CommandAndControl ... 52 CommandAndControl AttackTactic = "CommandAndControl" 53 // CredentialAccess ... 54 CredentialAccess AttackTactic = "CredentialAccess" 55 // DefenseEvasion ... 56 DefenseEvasion AttackTactic = "DefenseEvasion" 57 // Discovery ... 58 Discovery AttackTactic = "Discovery" 59 // Execution ... 60 Execution AttackTactic = "Execution" 61 // Exfiltration ... 62 Exfiltration AttackTactic = "Exfiltration" 63 // Impact ... 64 Impact AttackTactic = "Impact" 65 // InitialAccess ... 66 InitialAccess AttackTactic = "InitialAccess" 67 // LateralMovement ... 68 LateralMovement AttackTactic = "LateralMovement" 69 // Persistence ... 70 Persistence AttackTactic = "Persistence" 71 // PrivilegeEscalation ... 72 PrivilegeEscalation AttackTactic = "PrivilegeEscalation" 73) 74 75// PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type. 76func PossibleAttackTacticValues() []AttackTactic { 77 return []AttackTactic{Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation} 78} 79 80// CaseSeverity enumerates the values for case severity. 81type CaseSeverity string 82 83const ( 84 // CaseSeverityCritical Critical severity 85 CaseSeverityCritical CaseSeverity = "Critical" 86 // CaseSeverityHigh High severity 87 CaseSeverityHigh CaseSeverity = "High" 88 // CaseSeverityInformational Informational severity 89 CaseSeverityInformational CaseSeverity = "Informational" 90 // CaseSeverityLow Low severity 91 CaseSeverityLow CaseSeverity = "Low" 92 // CaseSeverityMedium Medium severity 93 CaseSeverityMedium CaseSeverity = "Medium" 94) 95 96// PossibleCaseSeverityValues returns an array of possible values for the CaseSeverity const type. 97func PossibleCaseSeverityValues() []CaseSeverity { 98 return []CaseSeverity{CaseSeverityCritical, CaseSeverityHigh, CaseSeverityInformational, CaseSeverityLow, CaseSeverityMedium} 99} 100 101// DataConnectorKind enumerates the values for data connector kind. 102type DataConnectorKind string 103 104const ( 105 // DataConnectorKindAmazonWebServicesCloudTrail ... 106 DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail" 107 // DataConnectorKindAzureActiveDirectory ... 108 DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory" 109 // DataConnectorKindAzureAdvancedThreatProtection ... 110 DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection" 111 // DataConnectorKindAzureSecurityCenter ... 112 DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter" 113 // DataConnectorKindMicrosoftCloudAppSecurity ... 114 DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity" 115 // DataConnectorKindMicrosoftDefenderAdvancedThreatProtection ... 116 DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection" 117 // DataConnectorKindOffice365 ... 118 DataConnectorKindOffice365 DataConnectorKind = "Office365" 119 // DataConnectorKindThreatIntelligence ... 120 DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence" 121) 122 123// PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type. 124func PossibleDataConnectorKindValues() []DataConnectorKind { 125 return []DataConnectorKind{DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindOffice365, DataConnectorKindThreatIntelligence} 126} 127 128// DataTypeState enumerates the values for data type state. 129type DataTypeState string 130 131const ( 132 // Disabled ... 133 Disabled DataTypeState = "Disabled" 134 // Enabled ... 135 Enabled DataTypeState = "Enabled" 136) 137 138// PossibleDataTypeStateValues returns an array of possible values for the DataTypeState const type. 139func PossibleDataTypeStateValues() []DataTypeState { 140 return []DataTypeState{Disabled, Enabled} 141} 142 143// IncidentClassification enumerates the values for incident classification. 144type IncidentClassification string 145 146const ( 147 // BenignPositive Incident was benign positive 148 BenignPositive IncidentClassification = "BenignPositive" 149 // FalsePositive Incident was false positive 150 FalsePositive IncidentClassification = "FalsePositive" 151 // TruePositive Incident was true positive 152 TruePositive IncidentClassification = "TruePositive" 153 // Undetermined Incident classification was undetermined 154 Undetermined IncidentClassification = "Undetermined" 155) 156 157// PossibleIncidentClassificationValues returns an array of possible values for the IncidentClassification const type. 158func PossibleIncidentClassificationValues() []IncidentClassification { 159 return []IncidentClassification{BenignPositive, FalsePositive, TruePositive, Undetermined} 160} 161 162// IncidentClassificationReason enumerates the values for incident classification reason. 163type IncidentClassificationReason string 164 165const ( 166 // InaccurateData Classification reason was inaccurate data 167 InaccurateData IncidentClassificationReason = "InaccurateData" 168 // IncorrectAlertLogic Classification reason was incorrect alert logic 169 IncorrectAlertLogic IncidentClassificationReason = "IncorrectAlertLogic" 170 // SuspiciousActivity Classification reason was suspicious activity 171 SuspiciousActivity IncidentClassificationReason = "SuspiciousActivity" 172 // SuspiciousButExpected Classification reason was suspicious but expected 173 SuspiciousButExpected IncidentClassificationReason = "SuspiciousButExpected" 174) 175 176// PossibleIncidentClassificationReasonValues returns an array of possible values for the IncidentClassificationReason const type. 177func PossibleIncidentClassificationReasonValues() []IncidentClassificationReason { 178 return []IncidentClassificationReason{InaccurateData, IncorrectAlertLogic, SuspiciousActivity, SuspiciousButExpected} 179} 180 181// IncidentLabelType enumerates the values for incident label type. 182type IncidentLabelType string 183 184const ( 185 // System Label automatically created by the system 186 System IncidentLabelType = "System" 187 // User Label manually created by a user 188 User IncidentLabelType = "User" 189) 190 191// PossibleIncidentLabelTypeValues returns an array of possible values for the IncidentLabelType const type. 192func PossibleIncidentLabelTypeValues() []IncidentLabelType { 193 return []IncidentLabelType{System, User} 194} 195 196// IncidentSeverity enumerates the values for incident severity. 197type IncidentSeverity string 198 199const ( 200 // IncidentSeverityHigh High severity 201 IncidentSeverityHigh IncidentSeverity = "High" 202 // IncidentSeverityInformational Informational severity 203 IncidentSeverityInformational IncidentSeverity = "Informational" 204 // IncidentSeverityLow Low severity 205 IncidentSeverityLow IncidentSeverity = "Low" 206 // IncidentSeverityMedium Medium severity 207 IncidentSeverityMedium IncidentSeverity = "Medium" 208) 209 210// PossibleIncidentSeverityValues returns an array of possible values for the IncidentSeverity const type. 211func PossibleIncidentSeverityValues() []IncidentSeverity { 212 return []IncidentSeverity{IncidentSeverityHigh, IncidentSeverityInformational, IncidentSeverityLow, IncidentSeverityMedium} 213} 214 215// IncidentStatus enumerates the values for incident status. 216type IncidentStatus string 217 218const ( 219 // IncidentStatusActive An active incident which is being handled 220 IncidentStatusActive IncidentStatus = "Active" 221 // IncidentStatusClosed A non-active incident 222 IncidentStatusClosed IncidentStatus = "Closed" 223 // IncidentStatusNew An active incident which isn't being handled currently 224 IncidentStatusNew IncidentStatus = "New" 225) 226 227// PossibleIncidentStatusValues returns an array of possible values for the IncidentStatus const type. 228func PossibleIncidentStatusValues() []IncidentStatus { 229 return []IncidentStatus{IncidentStatusActive, IncidentStatusClosed, IncidentStatusNew} 230} 231 232// Kind enumerates the values for kind. 233type Kind string 234 235const ( 236 // KindAlertRule ... 237 KindAlertRule Kind = "AlertRule" 238 // KindFusion ... 239 KindFusion Kind = "Fusion" 240 // KindMicrosoftSecurityIncidentCreation ... 241 KindMicrosoftSecurityIncidentCreation Kind = "MicrosoftSecurityIncidentCreation" 242 // KindScheduled ... 243 KindScheduled Kind = "Scheduled" 244) 245 246// PossibleKindValues returns an array of possible values for the Kind const type. 247func PossibleKindValues() []Kind { 248 return []Kind{KindAlertRule, KindFusion, KindMicrosoftSecurityIncidentCreation, KindScheduled} 249} 250 251// KindBasicAlertRuleTemplate enumerates the values for kind basic alert rule template. 252type KindBasicAlertRuleTemplate string 253 254const ( 255 // KindBasicAlertRuleTemplateKindAlertRuleTemplate ... 256 KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = "AlertRuleTemplate" 257 // KindBasicAlertRuleTemplateKindFusion ... 258 KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = "Fusion" 259 // KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation ... 260 KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation KindBasicAlertRuleTemplate = "MicrosoftSecurityIncidentCreation" 261 // KindBasicAlertRuleTemplateKindScheduled ... 262 KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = "Scheduled" 263) 264 265// PossibleKindBasicAlertRuleTemplateValues returns an array of possible values for the KindBasicAlertRuleTemplate const type. 266func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate { 267 return []KindBasicAlertRuleTemplate{KindBasicAlertRuleTemplateKindAlertRuleTemplate, KindBasicAlertRuleTemplateKindFusion, KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation, KindBasicAlertRuleTemplateKindScheduled} 268} 269 270// KindBasicDataConnector enumerates the values for kind basic data connector. 271type KindBasicDataConnector string 272 273const ( 274 // KindAmazonWebServicesCloudTrail ... 275 KindAmazonWebServicesCloudTrail KindBasicDataConnector = "AmazonWebServicesCloudTrail" 276 // KindAzureActiveDirectory ... 277 KindAzureActiveDirectory KindBasicDataConnector = "AzureActiveDirectory" 278 // KindAzureAdvancedThreatProtection ... 279 KindAzureAdvancedThreatProtection KindBasicDataConnector = "AzureAdvancedThreatProtection" 280 // KindAzureSecurityCenter ... 281 KindAzureSecurityCenter KindBasicDataConnector = "AzureSecurityCenter" 282 // KindDataConnector ... 283 KindDataConnector KindBasicDataConnector = "DataConnector" 284 // KindMicrosoftCloudAppSecurity ... 285 KindMicrosoftCloudAppSecurity KindBasicDataConnector = "MicrosoftCloudAppSecurity" 286 // KindMicrosoftDefenderAdvancedThreatProtection ... 287 KindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = "MicrosoftDefenderAdvancedThreatProtection" 288 // KindOffice365 ... 289 KindOffice365 KindBasicDataConnector = "Office365" 290 // KindThreatIntelligence ... 291 KindThreatIntelligence KindBasicDataConnector = "ThreatIntelligence" 292) 293 294// PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type. 295func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector { 296 return []KindBasicDataConnector{KindAmazonWebServicesCloudTrail, KindAzureActiveDirectory, KindAzureAdvancedThreatProtection, KindAzureSecurityCenter, KindDataConnector, KindMicrosoftCloudAppSecurity, KindMicrosoftDefenderAdvancedThreatProtection, KindOffice365, KindThreatIntelligence} 297} 298 299// KindBasicSettings enumerates the values for kind basic settings. 300type KindBasicSettings string 301 302const ( 303 // KindSettings ... 304 KindSettings KindBasicSettings = "Settings" 305 // KindToggleSettings ... 306 KindToggleSettings KindBasicSettings = "ToggleSettings" 307 // KindUebaSettings ... 308 KindUebaSettings KindBasicSettings = "UebaSettings" 309) 310 311// PossibleKindBasicSettingsValues returns an array of possible values for the KindBasicSettings const type. 312func PossibleKindBasicSettingsValues() []KindBasicSettings { 313 return []KindBasicSettings{KindSettings, KindToggleSettings, KindUebaSettings} 314} 315 316// LicenseStatus enumerates the values for license status. 317type LicenseStatus string 318 319const ( 320 // LicenseStatusDisabled ... 321 LicenseStatusDisabled LicenseStatus = "Disabled" 322 // LicenseStatusEnabled ... 323 LicenseStatusEnabled LicenseStatus = "Enabled" 324) 325 326// PossibleLicenseStatusValues returns an array of possible values for the LicenseStatus const type. 327func PossibleLicenseStatusValues() []LicenseStatus { 328 return []LicenseStatus{LicenseStatusDisabled, LicenseStatusEnabled} 329} 330 331// MicrosoftSecurityProductName enumerates the values for microsoft security product name. 332type MicrosoftSecurityProductName string 333 334const ( 335 // AzureActiveDirectoryIdentityProtection ... 336 AzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection" 337 // AzureAdvancedThreatProtection ... 338 AzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection" 339 // AzureSecurityCenter ... 340 AzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center" 341 // AzureSecurityCenterforIoT ... 342 AzureSecurityCenterforIoT MicrosoftSecurityProductName = "Azure Security Center for IoT" 343 // MicrosoftCloudAppSecurity ... 344 MicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security" 345) 346 347// PossibleMicrosoftSecurityProductNameValues returns an array of possible values for the MicrosoftSecurityProductName const type. 348func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName { 349 return []MicrosoftSecurityProductName{AzureActiveDirectoryIdentityProtection, AzureAdvancedThreatProtection, AzureSecurityCenter, AzureSecurityCenterforIoT, MicrosoftCloudAppSecurity} 350} 351 352// SettingKind enumerates the values for setting kind. 353type SettingKind string 354 355const ( 356 // SettingKindToggleSettings ... 357 SettingKindToggleSettings SettingKind = "ToggleSettings" 358 // SettingKindUebaSettings ... 359 SettingKindUebaSettings SettingKind = "UebaSettings" 360) 361 362// PossibleSettingKindValues returns an array of possible values for the SettingKind const type. 363func PossibleSettingKindValues() []SettingKind { 364 return []SettingKind{SettingKindToggleSettings, SettingKindUebaSettings} 365} 366 367// StatusInMcas enumerates the values for status in mcas. 368type StatusInMcas string 369 370const ( 371 // StatusInMcasDisabled ... 372 StatusInMcasDisabled StatusInMcas = "Disabled" 373 // StatusInMcasEnabled ... 374 StatusInMcasEnabled StatusInMcas = "Enabled" 375) 376 377// PossibleStatusInMcasValues returns an array of possible values for the StatusInMcas const type. 378func PossibleStatusInMcasValues() []StatusInMcas { 379 return []StatusInMcas{StatusInMcasDisabled, StatusInMcasEnabled} 380} 381 382// TemplateStatus enumerates the values for template status. 383type TemplateStatus string 384 385const ( 386 // Available Alert rule template is available. 387 Available TemplateStatus = "Available" 388 // Installed Alert rule template installed. and can not use more then once 389 Installed TemplateStatus = "Installed" 390 // NotAvailable Alert rule template is not available 391 NotAvailable TemplateStatus = "NotAvailable" 392) 393 394// PossibleTemplateStatusValues returns an array of possible values for the TemplateStatus const type. 395func PossibleTemplateStatusValues() []TemplateStatus { 396 return []TemplateStatus{Available, Installed, NotAvailable} 397} 398 399// TriggerOperator enumerates the values for trigger operator. 400type TriggerOperator string 401 402const ( 403 // Equal ... 404 Equal TriggerOperator = "Equal" 405 // GreaterThan ... 406 GreaterThan TriggerOperator = "GreaterThan" 407 // LessThan ... 408 LessThan TriggerOperator = "LessThan" 409 // NotEqual ... 410 NotEqual TriggerOperator = "NotEqual" 411) 412 413// PossibleTriggerOperatorValues returns an array of possible values for the TriggerOperator const type. 414func PossibleTriggerOperatorValues() []TriggerOperator { 415 return []TriggerOperator{Equal, GreaterThan, LessThan, NotEqual} 416} 417