1package securityinsight 2 3// Copyright (c) Microsoft Corporation. All rights reserved. 4// Licensed under the MIT License. See License.txt in the project root for license information. 5// 6// Code generated by Microsoft (R) AutoRest Code Generator. 7// Changes may cause incorrect behavior and will be lost if the code is regenerated. 8 9// ActionType enumerates the values for action type. 10type ActionType string 11 12const ( 13 // ActionTypeAutomationRuleAction ... 14 ActionTypeAutomationRuleAction ActionType = "AutomationRuleAction" 15 // ActionTypeModifyProperties ... 16 ActionTypeModifyProperties ActionType = "ModifyProperties" 17 // ActionTypeRunPlaybook ... 18 ActionTypeRunPlaybook ActionType = "RunPlaybook" 19) 20 21// PossibleActionTypeValues returns an array of possible values for the ActionType const type. 22func PossibleActionTypeValues() []ActionType { 23 return []ActionType{ActionTypeAutomationRuleAction, ActionTypeModifyProperties, ActionTypeRunPlaybook} 24} 25 26// AlertRuleKind enumerates the values for alert rule kind. 27type AlertRuleKind string 28 29const ( 30 // AlertRuleKindFusion ... 31 AlertRuleKindFusion AlertRuleKind = "Fusion" 32 // AlertRuleKindMicrosoftSecurityIncidentCreation ... 33 AlertRuleKindMicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation" 34 // AlertRuleKindMLBehaviorAnalytics ... 35 AlertRuleKindMLBehaviorAnalytics AlertRuleKind = "MLBehaviorAnalytics" 36 // AlertRuleKindScheduled ... 37 AlertRuleKindScheduled AlertRuleKind = "Scheduled" 38 // AlertRuleKindThreatIntelligence ... 39 AlertRuleKindThreatIntelligence AlertRuleKind = "ThreatIntelligence" 40) 41 42// PossibleAlertRuleKindValues returns an array of possible values for the AlertRuleKind const type. 43func PossibleAlertRuleKindValues() []AlertRuleKind { 44 return []AlertRuleKind{AlertRuleKindFusion, AlertRuleKindMicrosoftSecurityIncidentCreation, AlertRuleKindMLBehaviorAnalytics, AlertRuleKindScheduled, AlertRuleKindThreatIntelligence} 45} 46 47// AlertSeverity enumerates the values for alert severity. 48type AlertSeverity string 49 50const ( 51 // AlertSeverityHigh High severity 52 AlertSeverityHigh AlertSeverity = "High" 53 // AlertSeverityInformational Informational severity 54 AlertSeverityInformational AlertSeverity = "Informational" 55 // AlertSeverityLow Low severity 56 AlertSeverityLow AlertSeverity = "Low" 57 // AlertSeverityMedium Medium severity 58 AlertSeverityMedium AlertSeverity = "Medium" 59) 60 61// PossibleAlertSeverityValues returns an array of possible values for the AlertSeverity const type. 62func PossibleAlertSeverityValues() []AlertSeverity { 63 return []AlertSeverity{AlertSeverityHigh, AlertSeverityInformational, AlertSeverityLow, AlertSeverityMedium} 64} 65 66// AlertStatus enumerates the values for alert status. 67type AlertStatus string 68 69const ( 70 // AlertStatusDismissed Alert dismissed as false positive 71 AlertStatusDismissed AlertStatus = "Dismissed" 72 // AlertStatusInProgress Alert is being handled 73 AlertStatusInProgress AlertStatus = "InProgress" 74 // AlertStatusNew New alert 75 AlertStatusNew AlertStatus = "New" 76 // AlertStatusResolved Alert closed after handling 77 AlertStatusResolved AlertStatus = "Resolved" 78 // AlertStatusUnknown Unknown value 79 AlertStatusUnknown AlertStatus = "Unknown" 80) 81 82// PossibleAlertStatusValues returns an array of possible values for the AlertStatus const type. 83func PossibleAlertStatusValues() []AlertStatus { 84 return []AlertStatus{AlertStatusDismissed, AlertStatusInProgress, AlertStatusNew, AlertStatusResolved, AlertStatusUnknown} 85} 86 87// AntispamMailDirection enumerates the values for antispam mail direction. 88type AntispamMailDirection string 89 90const ( 91 // AntispamMailDirectionInbound Inbound 92 AntispamMailDirectionInbound AntispamMailDirection = "Inbound" 93 // AntispamMailDirectionIntraorg Intraorg 94 AntispamMailDirectionIntraorg AntispamMailDirection = "Intraorg" 95 // AntispamMailDirectionOutbound Outbound 96 AntispamMailDirectionOutbound AntispamMailDirection = "Outbound" 97 // AntispamMailDirectionUnknown Unknown 98 AntispamMailDirectionUnknown AntispamMailDirection = "Unknown" 99) 100 101// PossibleAntispamMailDirectionValues returns an array of possible values for the AntispamMailDirection const type. 102func PossibleAntispamMailDirectionValues() []AntispamMailDirection { 103 return []AntispamMailDirection{AntispamMailDirectionInbound, AntispamMailDirectionIntraorg, AntispamMailDirectionOutbound, AntispamMailDirectionUnknown} 104} 105 106// AttackTactic enumerates the values for attack tactic. 107type AttackTactic string 108 109const ( 110 // AttackTacticCollection ... 111 AttackTacticCollection AttackTactic = "Collection" 112 // AttackTacticCommandAndControl ... 113 AttackTacticCommandAndControl AttackTactic = "CommandAndControl" 114 // AttackTacticCredentialAccess ... 115 AttackTacticCredentialAccess AttackTactic = "CredentialAccess" 116 // AttackTacticDefenseEvasion ... 117 AttackTacticDefenseEvasion AttackTactic = "DefenseEvasion" 118 // AttackTacticDiscovery ... 119 AttackTacticDiscovery AttackTactic = "Discovery" 120 // AttackTacticExecution ... 121 AttackTacticExecution AttackTactic = "Execution" 122 // AttackTacticExfiltration ... 123 AttackTacticExfiltration AttackTactic = "Exfiltration" 124 // AttackTacticImpact ... 125 AttackTacticImpact AttackTactic = "Impact" 126 // AttackTacticInitialAccess ... 127 AttackTacticInitialAccess AttackTactic = "InitialAccess" 128 // AttackTacticLateralMovement ... 129 AttackTacticLateralMovement AttackTactic = "LateralMovement" 130 // AttackTacticPersistence ... 131 AttackTacticPersistence AttackTactic = "Persistence" 132 // AttackTacticPreAttack ... 133 AttackTacticPreAttack AttackTactic = "PreAttack" 134 // AttackTacticPrivilegeEscalation ... 135 AttackTacticPrivilegeEscalation AttackTactic = "PrivilegeEscalation" 136) 137 138// PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type. 139func PossibleAttackTacticValues() []AttackTactic { 140 return []AttackTactic{AttackTacticCollection, AttackTacticCommandAndControl, AttackTacticCredentialAccess, AttackTacticDefenseEvasion, AttackTacticDiscovery, AttackTacticExecution, AttackTacticExfiltration, AttackTacticImpact, AttackTacticInitialAccess, AttackTacticLateralMovement, AttackTacticPersistence, AttackTacticPreAttack, AttackTacticPrivilegeEscalation} 141} 142 143// AutomationRulePropertyConditionSupportedOperator enumerates the values for automation rule property 144// condition supported operator. 145type AutomationRulePropertyConditionSupportedOperator string 146 147const ( 148 // AutomationRulePropertyConditionSupportedOperatorContains Evaluates if the property contains at least one 149 // of the condition values 150 AutomationRulePropertyConditionSupportedOperatorContains AutomationRulePropertyConditionSupportedOperator = "Contains" 151 // AutomationRulePropertyConditionSupportedOperatorEndsWith Evaluates if the property ends with any of the 152 // condition values 153 AutomationRulePropertyConditionSupportedOperatorEndsWith AutomationRulePropertyConditionSupportedOperator = "EndsWith" 154 // AutomationRulePropertyConditionSupportedOperatorEquals Evaluates if the property equals at least one of 155 // the condition values 156 AutomationRulePropertyConditionSupportedOperatorEquals AutomationRulePropertyConditionSupportedOperator = "Equals" 157 // AutomationRulePropertyConditionSupportedOperatorNotContains Evaluates if the property does not contain 158 // any of the condition values 159 AutomationRulePropertyConditionSupportedOperatorNotContains AutomationRulePropertyConditionSupportedOperator = "NotContains" 160 // AutomationRulePropertyConditionSupportedOperatorNotEndsWith Evaluates if the property does not end with 161 // any of the condition values 162 AutomationRulePropertyConditionSupportedOperatorNotEndsWith AutomationRulePropertyConditionSupportedOperator = "NotEndsWith" 163 // AutomationRulePropertyConditionSupportedOperatorNotEquals Evaluates if the property does not equal any 164 // of the condition values 165 AutomationRulePropertyConditionSupportedOperatorNotEquals AutomationRulePropertyConditionSupportedOperator = "NotEquals" 166 // AutomationRulePropertyConditionSupportedOperatorNotStartsWith Evaluates if the property does not start 167 // with any of the condition values 168 AutomationRulePropertyConditionSupportedOperatorNotStartsWith AutomationRulePropertyConditionSupportedOperator = "NotStartsWith" 169 // AutomationRulePropertyConditionSupportedOperatorStartsWith Evaluates if the property starts with any of 170 // the condition values 171 AutomationRulePropertyConditionSupportedOperatorStartsWith AutomationRulePropertyConditionSupportedOperator = "StartsWith" 172) 173 174// PossibleAutomationRulePropertyConditionSupportedOperatorValues returns an array of possible values for the AutomationRulePropertyConditionSupportedOperator const type. 175func PossibleAutomationRulePropertyConditionSupportedOperatorValues() []AutomationRulePropertyConditionSupportedOperator { 176 return []AutomationRulePropertyConditionSupportedOperator{AutomationRulePropertyConditionSupportedOperatorContains, AutomationRulePropertyConditionSupportedOperatorEndsWith, AutomationRulePropertyConditionSupportedOperatorEquals, AutomationRulePropertyConditionSupportedOperatorNotContains, AutomationRulePropertyConditionSupportedOperatorNotEndsWith, AutomationRulePropertyConditionSupportedOperatorNotEquals, AutomationRulePropertyConditionSupportedOperatorNotStartsWith, AutomationRulePropertyConditionSupportedOperatorStartsWith} 177} 178 179// AutomationRulePropertyConditionSupportedProperty enumerates the values for automation rule property 180// condition supported property. 181type AutomationRulePropertyConditionSupportedProperty string 182 183const ( 184 // AutomationRulePropertyConditionSupportedPropertyAccountAadTenantID The account Azure Active Directory 185 // tenant id 186 AutomationRulePropertyConditionSupportedPropertyAccountAadTenantID AutomationRulePropertyConditionSupportedProperty = "AccountAadTenantId" 187 // AutomationRulePropertyConditionSupportedPropertyAccountAadUserID The account Azure Active Directory user 188 // id. 189 AutomationRulePropertyConditionSupportedPropertyAccountAadUserID AutomationRulePropertyConditionSupportedProperty = "AccountAadUserId" 190 // AutomationRulePropertyConditionSupportedPropertyAccountName The account name 191 AutomationRulePropertyConditionSupportedPropertyAccountName AutomationRulePropertyConditionSupportedProperty = "AccountName" 192 // AutomationRulePropertyConditionSupportedPropertyAccountNTDomain The account NetBIOS domain name 193 AutomationRulePropertyConditionSupportedPropertyAccountNTDomain AutomationRulePropertyConditionSupportedProperty = "AccountNTDomain" 194 // AutomationRulePropertyConditionSupportedPropertyAccountObjectGUID The account unique identifier 195 AutomationRulePropertyConditionSupportedPropertyAccountObjectGUID AutomationRulePropertyConditionSupportedProperty = "AccountObjectGuid" 196 // AutomationRulePropertyConditionSupportedPropertyAccountPUID The account Azure Active Directory Passport 197 // User ID 198 AutomationRulePropertyConditionSupportedPropertyAccountPUID AutomationRulePropertyConditionSupportedProperty = "AccountPUID" 199 // AutomationRulePropertyConditionSupportedPropertyAccountSid The account security identifier 200 AutomationRulePropertyConditionSupportedPropertyAccountSid AutomationRulePropertyConditionSupportedProperty = "AccountSid" 201 // AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix The account user principal name suffix 202 AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix AutomationRulePropertyConditionSupportedProperty = "AccountUPNSuffix" 203 // AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceID The Azure resource id 204 AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceID AutomationRulePropertyConditionSupportedProperty = "AzureResourceResourceId" 205 // AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionID The Azure resource 206 // subscription id 207 AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionID AutomationRulePropertyConditionSupportedProperty = "AzureResourceSubscriptionId" 208 // AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppID The cloud application identifier 209 AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppID AutomationRulePropertyConditionSupportedProperty = "CloudApplicationAppId" 210 // AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName The cloud application name 211 AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName AutomationRulePropertyConditionSupportedProperty = "CloudApplicationAppName" 212 // AutomationRulePropertyConditionSupportedPropertyDNSDomainName The dns record domain name 213 AutomationRulePropertyConditionSupportedPropertyDNSDomainName AutomationRulePropertyConditionSupportedProperty = "DNSDomainName" 214 // AutomationRulePropertyConditionSupportedPropertyFileDirectory The file directory full path 215 AutomationRulePropertyConditionSupportedPropertyFileDirectory AutomationRulePropertyConditionSupportedProperty = "FileDirectory" 216 // AutomationRulePropertyConditionSupportedPropertyFileHashValue The file hash value 217 AutomationRulePropertyConditionSupportedPropertyFileHashValue AutomationRulePropertyConditionSupportedProperty = "FileHashValue" 218 // AutomationRulePropertyConditionSupportedPropertyFileName The file name without path 219 AutomationRulePropertyConditionSupportedPropertyFileName AutomationRulePropertyConditionSupportedProperty = "FileName" 220 // AutomationRulePropertyConditionSupportedPropertyHostAzureID The host Azure resource id 221 AutomationRulePropertyConditionSupportedPropertyHostAzureID AutomationRulePropertyConditionSupportedProperty = "HostAzureID" 222 // AutomationRulePropertyConditionSupportedPropertyHostName The host name without domain 223 AutomationRulePropertyConditionSupportedPropertyHostName AutomationRulePropertyConditionSupportedProperty = "HostName" 224 // AutomationRulePropertyConditionSupportedPropertyHostNetBiosName The host NetBIOS name 225 AutomationRulePropertyConditionSupportedPropertyHostNetBiosName AutomationRulePropertyConditionSupportedProperty = "HostNetBiosName" 226 // AutomationRulePropertyConditionSupportedPropertyHostNTDomain The host NT domain 227 AutomationRulePropertyConditionSupportedPropertyHostNTDomain AutomationRulePropertyConditionSupportedProperty = "HostNTDomain" 228 // AutomationRulePropertyConditionSupportedPropertyHostOSVersion The host operating system 229 AutomationRulePropertyConditionSupportedPropertyHostOSVersion AutomationRulePropertyConditionSupportedProperty = "HostOSVersion" 230 // AutomationRulePropertyConditionSupportedPropertyIncidentDescription The description of the incident 231 AutomationRulePropertyConditionSupportedPropertyIncidentDescription AutomationRulePropertyConditionSupportedProperty = "IncidentDescription" 232 // AutomationRulePropertyConditionSupportedPropertyIncidentProviderName The provider name of the incident 233 AutomationRulePropertyConditionSupportedPropertyIncidentProviderName AutomationRulePropertyConditionSupportedProperty = "IncidentProviderName" 234 // AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIds The related Analytic rule 235 // ids of the incident 236 AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIds AutomationRulePropertyConditionSupportedProperty = "IncidentRelatedAnalyticRuleIds" 237 // AutomationRulePropertyConditionSupportedPropertyIncidentSeverity The severity of the incident 238 AutomationRulePropertyConditionSupportedPropertyIncidentSeverity AutomationRulePropertyConditionSupportedProperty = "IncidentSeverity" 239 // AutomationRulePropertyConditionSupportedPropertyIncidentStatus The status of the incident 240 AutomationRulePropertyConditionSupportedPropertyIncidentStatus AutomationRulePropertyConditionSupportedProperty = "IncidentStatus" 241 // AutomationRulePropertyConditionSupportedPropertyIncidentTactics The tactics of the incident 242 AutomationRulePropertyConditionSupportedPropertyIncidentTactics AutomationRulePropertyConditionSupportedProperty = "IncidentTactics" 243 // AutomationRulePropertyConditionSupportedPropertyIncidentTitle The title of the incident 244 AutomationRulePropertyConditionSupportedPropertyIncidentTitle AutomationRulePropertyConditionSupportedProperty = "IncidentTitle" 245 // AutomationRulePropertyConditionSupportedPropertyIoTDeviceID The IoT device id 246 AutomationRulePropertyConditionSupportedPropertyIoTDeviceID AutomationRulePropertyConditionSupportedProperty = "IoTDeviceId" 247 // AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel The IoT device model 248 AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel AutomationRulePropertyConditionSupportedProperty = "IoTDeviceModel" 249 // AutomationRulePropertyConditionSupportedPropertyIoTDeviceName The IoT device name 250 AutomationRulePropertyConditionSupportedPropertyIoTDeviceName AutomationRulePropertyConditionSupportedProperty = "IoTDeviceName" 251 // AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem The IoT device operating system 252 AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem AutomationRulePropertyConditionSupportedProperty = "IoTDeviceOperatingSystem" 253 // AutomationRulePropertyConditionSupportedPropertyIoTDeviceType The IoT device type 254 AutomationRulePropertyConditionSupportedPropertyIoTDeviceType AutomationRulePropertyConditionSupportedProperty = "IoTDeviceType" 255 // AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor The IoT device vendor 256 AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor AutomationRulePropertyConditionSupportedProperty = "IoTDeviceVendor" 257 // AutomationRulePropertyConditionSupportedPropertyIPAddress The IP address 258 AutomationRulePropertyConditionSupportedPropertyIPAddress AutomationRulePropertyConditionSupportedProperty = "IPAddress" 259 // AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName The mailbox display name 260 AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName AutomationRulePropertyConditionSupportedProperty = "MailboxDisplayName" 261 // AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress The mailbox primary address 262 AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress AutomationRulePropertyConditionSupportedProperty = "MailboxPrimaryAddress" 263 // AutomationRulePropertyConditionSupportedPropertyMailboxUPN The mailbox user principal name 264 AutomationRulePropertyConditionSupportedPropertyMailboxUPN AutomationRulePropertyConditionSupportedProperty = "MailboxUPN" 265 // AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction The mail message delivery 266 // action 267 AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction AutomationRulePropertyConditionSupportedProperty = "MailMessageDeliveryAction" 268 // AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation The mail message delivery 269 // location 270 AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation AutomationRulePropertyConditionSupportedProperty = "MailMessageDeliveryLocation" 271 // AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender The mail message P1 sender 272 AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender AutomationRulePropertyConditionSupportedProperty = "MailMessageP1Sender" 273 // AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender The mail message P2 sender 274 AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender AutomationRulePropertyConditionSupportedProperty = "MailMessageP2Sender" 275 // AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient The mail message recipient 276 AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient AutomationRulePropertyConditionSupportedProperty = "MailMessageRecipient" 277 // AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP The mail message sender IP address 278 AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP AutomationRulePropertyConditionSupportedProperty = "MailMessageSenderIP" 279 // AutomationRulePropertyConditionSupportedPropertyMailMessageSubject The mail message subject 280 AutomationRulePropertyConditionSupportedPropertyMailMessageSubject AutomationRulePropertyConditionSupportedProperty = "MailMessageSubject" 281 // AutomationRulePropertyConditionSupportedPropertyMalwareCategory The malware category 282 AutomationRulePropertyConditionSupportedPropertyMalwareCategory AutomationRulePropertyConditionSupportedProperty = "MalwareCategory" 283 // AutomationRulePropertyConditionSupportedPropertyMalwareName The malware name 284 AutomationRulePropertyConditionSupportedPropertyMalwareName AutomationRulePropertyConditionSupportedProperty = "MalwareName" 285 // AutomationRulePropertyConditionSupportedPropertyProcessCommandLine The process execution command line 286 AutomationRulePropertyConditionSupportedPropertyProcessCommandLine AutomationRulePropertyConditionSupportedProperty = "ProcessCommandLine" 287 // AutomationRulePropertyConditionSupportedPropertyProcessID The process id 288 AutomationRulePropertyConditionSupportedPropertyProcessID AutomationRulePropertyConditionSupportedProperty = "ProcessId" 289 // AutomationRulePropertyConditionSupportedPropertyRegistryKey The registry key path 290 AutomationRulePropertyConditionSupportedPropertyRegistryKey AutomationRulePropertyConditionSupportedProperty = "RegistryKey" 291 // AutomationRulePropertyConditionSupportedPropertyRegistryValueData The registry key value in string 292 // formatted representation 293 AutomationRulePropertyConditionSupportedPropertyRegistryValueData AutomationRulePropertyConditionSupportedProperty = "RegistryValueData" 294 // AutomationRulePropertyConditionSupportedPropertyURL The url 295 AutomationRulePropertyConditionSupportedPropertyURL AutomationRulePropertyConditionSupportedProperty = "Url" 296) 297 298// PossibleAutomationRulePropertyConditionSupportedPropertyValues returns an array of possible values for the AutomationRulePropertyConditionSupportedProperty const type. 299func PossibleAutomationRulePropertyConditionSupportedPropertyValues() []AutomationRulePropertyConditionSupportedProperty { 300 return []AutomationRulePropertyConditionSupportedProperty{AutomationRulePropertyConditionSupportedPropertyAccountAadTenantID, AutomationRulePropertyConditionSupportedPropertyAccountAadUserID, AutomationRulePropertyConditionSupportedPropertyAccountName, AutomationRulePropertyConditionSupportedPropertyAccountNTDomain, AutomationRulePropertyConditionSupportedPropertyAccountObjectGUID, AutomationRulePropertyConditionSupportedPropertyAccountPUID, AutomationRulePropertyConditionSupportedPropertyAccountSid, AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix, AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceID, AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionID, AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppID, AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName, AutomationRulePropertyConditionSupportedPropertyDNSDomainName, AutomationRulePropertyConditionSupportedPropertyFileDirectory, AutomationRulePropertyConditionSupportedPropertyFileHashValue, AutomationRulePropertyConditionSupportedPropertyFileName, AutomationRulePropertyConditionSupportedPropertyHostAzureID, AutomationRulePropertyConditionSupportedPropertyHostName, AutomationRulePropertyConditionSupportedPropertyHostNetBiosName, AutomationRulePropertyConditionSupportedPropertyHostNTDomain, AutomationRulePropertyConditionSupportedPropertyHostOSVersion, AutomationRulePropertyConditionSupportedPropertyIncidentDescription, AutomationRulePropertyConditionSupportedPropertyIncidentProviderName, AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIds, AutomationRulePropertyConditionSupportedPropertyIncidentSeverity, AutomationRulePropertyConditionSupportedPropertyIncidentStatus, AutomationRulePropertyConditionSupportedPropertyIncidentTactics, AutomationRulePropertyConditionSupportedPropertyIncidentTitle, AutomationRulePropertyConditionSupportedPropertyIoTDeviceID, AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel, AutomationRulePropertyConditionSupportedPropertyIoTDeviceName, AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem, AutomationRulePropertyConditionSupportedPropertyIoTDeviceType, AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor, AutomationRulePropertyConditionSupportedPropertyIPAddress, AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName, AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress, AutomationRulePropertyConditionSupportedPropertyMailboxUPN, AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction, AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation, AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender, AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender, AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient, AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP, AutomationRulePropertyConditionSupportedPropertyMailMessageSubject, AutomationRulePropertyConditionSupportedPropertyMalwareCategory, AutomationRulePropertyConditionSupportedPropertyMalwareName, AutomationRulePropertyConditionSupportedPropertyProcessCommandLine, AutomationRulePropertyConditionSupportedPropertyProcessID, AutomationRulePropertyConditionSupportedPropertyRegistryKey, AutomationRulePropertyConditionSupportedPropertyRegistryValueData, AutomationRulePropertyConditionSupportedPropertyURL} 301} 302 303// CaseSeverity enumerates the values for case severity. 304type CaseSeverity string 305 306const ( 307 // CaseSeverityCritical Critical severity 308 CaseSeverityCritical CaseSeverity = "Critical" 309 // CaseSeverityHigh High severity 310 CaseSeverityHigh CaseSeverity = "High" 311 // CaseSeverityInformational Informational severity 312 CaseSeverityInformational CaseSeverity = "Informational" 313 // CaseSeverityLow Low severity 314 CaseSeverityLow CaseSeverity = "Low" 315 // CaseSeverityMedium Medium severity 316 CaseSeverityMedium CaseSeverity = "Medium" 317) 318 319// PossibleCaseSeverityValues returns an array of possible values for the CaseSeverity const type. 320func PossibleCaseSeverityValues() []CaseSeverity { 321 return []CaseSeverity{CaseSeverityCritical, CaseSeverityHigh, CaseSeverityInformational, CaseSeverityLow, CaseSeverityMedium} 322} 323 324// CaseStatus enumerates the values for case status. 325type CaseStatus string 326 327const ( 328 // CaseStatusClosed A non active case 329 CaseStatusClosed CaseStatus = "Closed" 330 // CaseStatusDraft Case that wasn't promoted yet to active 331 CaseStatusDraft CaseStatus = "Draft" 332 // CaseStatusInProgress An active case which is handled 333 CaseStatusInProgress CaseStatus = "InProgress" 334 // CaseStatusNew An active case which isn't handled currently 335 CaseStatusNew CaseStatus = "New" 336) 337 338// PossibleCaseStatusValues returns an array of possible values for the CaseStatus const type. 339func PossibleCaseStatusValues() []CaseStatus { 340 return []CaseStatus{CaseStatusClosed, CaseStatusDraft, CaseStatusInProgress, CaseStatusNew} 341} 342 343// CloseReason enumerates the values for close reason. 344type CloseReason string 345 346const ( 347 // CloseReasonDismissed Case was dismissed 348 CloseReasonDismissed CloseReason = "Dismissed" 349 // CloseReasonFalsePositive Case was false positive 350 CloseReasonFalsePositive CloseReason = "FalsePositive" 351 // CloseReasonOther Case was closed for another reason 352 CloseReasonOther CloseReason = "Other" 353 // CloseReasonResolved Case was resolved 354 CloseReasonResolved CloseReason = "Resolved" 355 // CloseReasonTruePositive Case was true positive 356 CloseReasonTruePositive CloseReason = "TruePositive" 357) 358 359// PossibleCloseReasonValues returns an array of possible values for the CloseReason const type. 360func PossibleCloseReasonValues() []CloseReason { 361 return []CloseReason{CloseReasonDismissed, CloseReasonFalsePositive, CloseReasonOther, CloseReasonResolved, CloseReasonTruePositive} 362} 363 364// ConditionType enumerates the values for condition type. 365type ConditionType string 366 367const ( 368 // ConditionTypeAutomationRuleCondition ... 369 ConditionTypeAutomationRuleCondition ConditionType = "AutomationRuleCondition" 370 // ConditionTypeProperty ... 371 ConditionTypeProperty ConditionType = "Property" 372) 373 374// PossibleConditionTypeValues returns an array of possible values for the ConditionType const type. 375func PossibleConditionTypeValues() []ConditionType { 376 return []ConditionType{ConditionTypeAutomationRuleCondition, ConditionTypeProperty} 377} 378 379// ConfidenceLevel enumerates the values for confidence level. 380type ConfidenceLevel string 381 382const ( 383 // ConfidenceLevelHigh High confidence that the alert is true positive malicious 384 ConfidenceLevelHigh ConfidenceLevel = "High" 385 // ConfidenceLevelLow Low confidence, meaning we have some doubts this is indeed malicious or part of an 386 // attack 387 ConfidenceLevelLow ConfidenceLevel = "Low" 388 // ConfidenceLevelUnknown Unknown confidence, the is the default value 389 ConfidenceLevelUnknown ConfidenceLevel = "Unknown" 390) 391 392// PossibleConfidenceLevelValues returns an array of possible values for the ConfidenceLevel const type. 393func PossibleConfidenceLevelValues() []ConfidenceLevel { 394 return []ConfidenceLevel{ConfidenceLevelHigh, ConfidenceLevelLow, ConfidenceLevelUnknown} 395} 396 397// ConfidenceScoreStatus enumerates the values for confidence score status. 398type ConfidenceScoreStatus string 399 400const ( 401 // ConfidenceScoreStatusFinal Final score was calculated and available 402 ConfidenceScoreStatusFinal ConfidenceScoreStatus = "Final" 403 // ConfidenceScoreStatusInProcess No score was set yet and calculation is in progress 404 ConfidenceScoreStatusInProcess ConfidenceScoreStatus = "InProcess" 405 // ConfidenceScoreStatusNotApplicable Score will not be calculated for this alert as it is not supported by 406 // virtual analyst 407 ConfidenceScoreStatusNotApplicable ConfidenceScoreStatus = "NotApplicable" 408 // ConfidenceScoreStatusNotFinal Score is calculated and shown as part of the alert, but may be updated 409 // again at a later time following the processing of additional data 410 ConfidenceScoreStatusNotFinal ConfidenceScoreStatus = "NotFinal" 411) 412 413// PossibleConfidenceScoreStatusValues returns an array of possible values for the ConfidenceScoreStatus const type. 414func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus { 415 return []ConfidenceScoreStatus{ConfidenceScoreStatusFinal, ConfidenceScoreStatusInProcess, ConfidenceScoreStatusNotApplicable, ConfidenceScoreStatusNotFinal} 416} 417 418// DataConnectorAuthorizationState enumerates the values for data connector authorization state. 419type DataConnectorAuthorizationState string 420 421const ( 422 // DataConnectorAuthorizationStateInvalid ... 423 DataConnectorAuthorizationStateInvalid DataConnectorAuthorizationState = "Invalid" 424 // DataConnectorAuthorizationStateValid ... 425 DataConnectorAuthorizationStateValid DataConnectorAuthorizationState = "Valid" 426) 427 428// PossibleDataConnectorAuthorizationStateValues returns an array of possible values for the DataConnectorAuthorizationState const type. 429func PossibleDataConnectorAuthorizationStateValues() []DataConnectorAuthorizationState { 430 return []DataConnectorAuthorizationState{DataConnectorAuthorizationStateInvalid, DataConnectorAuthorizationStateValid} 431} 432 433// DataConnectorKind enumerates the values for data connector kind. 434type DataConnectorKind string 435 436const ( 437 // DataConnectorKindAmazonWebServicesCloudTrail ... 438 DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail" 439 // DataConnectorKindAzureActiveDirectory ... 440 DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory" 441 // DataConnectorKindAzureAdvancedThreatProtection ... 442 DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection" 443 // DataConnectorKindAzureSecurityCenter ... 444 DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter" 445 // DataConnectorKindDynamics365 ... 446 DataConnectorKindDynamics365 DataConnectorKind = "Dynamics365" 447 // DataConnectorKindMicrosoftCloudAppSecurity ... 448 DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity" 449 // DataConnectorKindMicrosoftDefenderAdvancedThreatProtection ... 450 DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection" 451 // DataConnectorKindMicrosoftThreatIntelligence ... 452 DataConnectorKindMicrosoftThreatIntelligence DataConnectorKind = "MicrosoftThreatIntelligence" 453 // DataConnectorKindMicrosoftThreatProtection ... 454 DataConnectorKindMicrosoftThreatProtection DataConnectorKind = "MicrosoftThreatProtection" 455 // DataConnectorKindOffice365 ... 456 DataConnectorKindOffice365 DataConnectorKind = "Office365" 457 // DataConnectorKindOfficeATP ... 458 DataConnectorKindOfficeATP DataConnectorKind = "OfficeATP" 459 // DataConnectorKindThreatIntelligence ... 460 DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence" 461 // DataConnectorKindThreatIntelligenceTaxii ... 462 DataConnectorKindThreatIntelligenceTaxii DataConnectorKind = "ThreatIntelligenceTaxii" 463) 464 465// PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type. 466func PossibleDataConnectorKindValues() []DataConnectorKind { 467 return []DataConnectorKind{DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindDynamics365, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindMicrosoftThreatIntelligence, DataConnectorKindMicrosoftThreatProtection, DataConnectorKindOffice365, DataConnectorKindOfficeATP, DataConnectorKindThreatIntelligence, DataConnectorKindThreatIntelligenceTaxii} 468} 469 470// DataConnectorLicenseState enumerates the values for data connector license state. 471type DataConnectorLicenseState string 472 473const ( 474 // DataConnectorLicenseStateInvalid ... 475 DataConnectorLicenseStateInvalid DataConnectorLicenseState = "Invalid" 476 // DataConnectorLicenseStateUnknown ... 477 DataConnectorLicenseStateUnknown DataConnectorLicenseState = "Unknown" 478 // DataConnectorLicenseStateValid ... 479 DataConnectorLicenseStateValid DataConnectorLicenseState = "Valid" 480) 481 482// PossibleDataConnectorLicenseStateValues returns an array of possible values for the DataConnectorLicenseState const type. 483func PossibleDataConnectorLicenseStateValues() []DataConnectorLicenseState { 484 return []DataConnectorLicenseState{DataConnectorLicenseStateInvalid, DataConnectorLicenseStateUnknown, DataConnectorLicenseStateValid} 485} 486 487// DataTypeState enumerates the values for data type state. 488type DataTypeState string 489 490const ( 491 // DataTypeStateDisabled ... 492 DataTypeStateDisabled DataTypeState = "Disabled" 493 // DataTypeStateEnabled ... 494 DataTypeStateEnabled DataTypeState = "Enabled" 495) 496 497// PossibleDataTypeStateValues returns an array of possible values for the DataTypeState const type. 498func PossibleDataTypeStateValues() []DataTypeState { 499 return []DataTypeState{DataTypeStateDisabled, DataTypeStateEnabled} 500} 501 502// DeliveryAction enumerates the values for delivery action. 503type DeliveryAction string 504 505const ( 506 // DeliveryActionBlocked Blocked 507 DeliveryActionBlocked DeliveryAction = "Blocked" 508 // DeliveryActionDelivered Delivered 509 DeliveryActionDelivered DeliveryAction = "Delivered" 510 // DeliveryActionDeliveredAsSpam DeliveredAsSpam 511 DeliveryActionDeliveredAsSpam DeliveryAction = "DeliveredAsSpam" 512 // DeliveryActionReplaced Replaced 513 DeliveryActionReplaced DeliveryAction = "Replaced" 514 // DeliveryActionUnknown Unknown 515 DeliveryActionUnknown DeliveryAction = "Unknown" 516) 517 518// PossibleDeliveryActionValues returns an array of possible values for the DeliveryAction const type. 519func PossibleDeliveryActionValues() []DeliveryAction { 520 return []DeliveryAction{DeliveryActionBlocked, DeliveryActionDelivered, DeliveryActionDeliveredAsSpam, DeliveryActionReplaced, DeliveryActionUnknown} 521} 522 523// DeliveryLocation enumerates the values for delivery location. 524type DeliveryLocation string 525 526const ( 527 // DeliveryLocationDeletedFolder DeletedFolder 528 DeliveryLocationDeletedFolder DeliveryLocation = "DeletedFolder" 529 // DeliveryLocationDropped Dropped 530 DeliveryLocationDropped DeliveryLocation = "Dropped" 531 // DeliveryLocationExternal External 532 DeliveryLocationExternal DeliveryLocation = "External" 533 // DeliveryLocationFailed Failed 534 DeliveryLocationFailed DeliveryLocation = "Failed" 535 // DeliveryLocationForwarded Forwarded 536 DeliveryLocationForwarded DeliveryLocation = "Forwarded" 537 // DeliveryLocationInbox Inbox 538 DeliveryLocationInbox DeliveryLocation = "Inbox" 539 // DeliveryLocationJunkFolder JunkFolder 540 DeliveryLocationJunkFolder DeliveryLocation = "JunkFolder" 541 // DeliveryLocationQuarantine Quarantine 542 DeliveryLocationQuarantine DeliveryLocation = "Quarantine" 543 // DeliveryLocationUnknown Unknown 544 DeliveryLocationUnknown DeliveryLocation = "Unknown" 545) 546 547// PossibleDeliveryLocationValues returns an array of possible values for the DeliveryLocation const type. 548func PossibleDeliveryLocationValues() []DeliveryLocation { 549 return []DeliveryLocation{DeliveryLocationDeletedFolder, DeliveryLocationDropped, DeliveryLocationExternal, DeliveryLocationFailed, DeliveryLocationForwarded, DeliveryLocationInbox, DeliveryLocationJunkFolder, DeliveryLocationQuarantine, DeliveryLocationUnknown} 550} 551 552// ElevationToken enumerates the values for elevation token. 553type ElevationToken string 554 555const ( 556 // ElevationTokenDefault Default elevation token 557 ElevationTokenDefault ElevationToken = "Default" 558 // ElevationTokenFull Full elevation token 559 ElevationTokenFull ElevationToken = "Full" 560 // ElevationTokenLimited Limited elevation token 561 ElevationTokenLimited ElevationToken = "Limited" 562) 563 564// PossibleElevationTokenValues returns an array of possible values for the ElevationToken const type. 565func PossibleElevationTokenValues() []ElevationToken { 566 return []ElevationToken{ElevationTokenDefault, ElevationTokenFull, ElevationTokenLimited} 567} 568 569// EntitiesMatchingMethod enumerates the values for entities matching method. 570type EntitiesMatchingMethod string 571 572const ( 573 // EntitiesMatchingMethodAll Grouping alerts into a single incident if all the entities match 574 EntitiesMatchingMethodAll EntitiesMatchingMethod = "All" 575 // EntitiesMatchingMethodCustom Grouping alerts into a single incident if the selected entities match 576 EntitiesMatchingMethodCustom EntitiesMatchingMethod = "Custom" 577 // EntitiesMatchingMethodNone Grouping all alerts triggered by this rule into a single incident 578 EntitiesMatchingMethodNone EntitiesMatchingMethod = "None" 579) 580 581// PossibleEntitiesMatchingMethodValues returns an array of possible values for the EntitiesMatchingMethod const type. 582func PossibleEntitiesMatchingMethodValues() []EntitiesMatchingMethod { 583 return []EntitiesMatchingMethod{EntitiesMatchingMethodAll, EntitiesMatchingMethodCustom, EntitiesMatchingMethodNone} 584} 585 586// EntityKind enumerates the values for entity kind. 587type EntityKind string 588 589const ( 590 // EntityKindAccount Entity represents account in the system. 591 EntityKindAccount EntityKind = "Account" 592 // EntityKindAzureResource Entity represents azure resource in the system. 593 EntityKindAzureResource EntityKind = "AzureResource" 594 // EntityKindBookmark Entity represents bookmark in the system. 595 EntityKindBookmark EntityKind = "Bookmark" 596 // EntityKindCloudApplication Entity represents cloud application in the system. 597 EntityKindCloudApplication EntityKind = "CloudApplication" 598 // EntityKindDNSResolution Entity represents dns resolution in the system. 599 EntityKindDNSResolution EntityKind = "DnsResolution" 600 // EntityKindFile Entity represents file in the system. 601 EntityKindFile EntityKind = "File" 602 // EntityKindFileHash Entity represents file hash in the system. 603 EntityKindFileHash EntityKind = "FileHash" 604 // EntityKindHost Entity represents host in the system. 605 EntityKindHost EntityKind = "Host" 606 // EntityKindIoTDevice Entity represents IoT device in the system. 607 EntityKindIoTDevice EntityKind = "IoTDevice" 608 // EntityKindIP Entity represents ip in the system. 609 EntityKindIP EntityKind = "Ip" 610 // EntityKindMailbox Entity represents mailbox in the system. 611 EntityKindMailbox EntityKind = "Mailbox" 612 // EntityKindMailCluster Entity represents mail cluster in the system. 613 EntityKindMailCluster EntityKind = "MailCluster" 614 // EntityKindMailMessage Entity represents mail message in the system. 615 EntityKindMailMessage EntityKind = "MailMessage" 616 // EntityKindMalware Entity represents malware in the system. 617 EntityKindMalware EntityKind = "Malware" 618 // EntityKindProcess Entity represents process in the system. 619 EntityKindProcess EntityKind = "Process" 620 // EntityKindRegistryKey Entity represents registry key in the system. 621 EntityKindRegistryKey EntityKind = "RegistryKey" 622 // EntityKindRegistryValue Entity represents registry value in the system. 623 EntityKindRegistryValue EntityKind = "RegistryValue" 624 // EntityKindSecurityAlert Entity represents security alert in the system. 625 EntityKindSecurityAlert EntityKind = "SecurityAlert" 626 // EntityKindSecurityGroup Entity represents security group in the system. 627 EntityKindSecurityGroup EntityKind = "SecurityGroup" 628 // EntityKindSubmissionMail Entity represents submission mail in the system. 629 EntityKindSubmissionMail EntityKind = "SubmissionMail" 630 // EntityKindURL Entity represents url in the system. 631 EntityKindURL EntityKind = "Url" 632) 633 634// PossibleEntityKindValues returns an array of possible values for the EntityKind const type. 635func PossibleEntityKindValues() []EntityKind { 636 return []EntityKind{EntityKindAccount, EntityKindAzureResource, EntityKindBookmark, EntityKindCloudApplication, EntityKindDNSResolution, EntityKindFile, EntityKindFileHash, EntityKindHost, EntityKindIoTDevice, EntityKindIP, EntityKindMailbox, EntityKindMailCluster, EntityKindMailMessage, EntityKindMalware, EntityKindProcess, EntityKindRegistryKey, EntityKindRegistryValue, EntityKindSecurityAlert, EntityKindSecurityGroup, EntityKindSubmissionMail, EntityKindURL} 637} 638 639// EntityQueryKind enumerates the values for entity query kind. 640type EntityQueryKind string 641 642const ( 643 // EntityQueryKindExpansion ... 644 EntityQueryKindExpansion EntityQueryKind = "Expansion" 645 // EntityQueryKindInsight ... 646 EntityQueryKindInsight EntityQueryKind = "Insight" 647) 648 649// PossibleEntityQueryKindValues returns an array of possible values for the EntityQueryKind const type. 650func PossibleEntityQueryKindValues() []EntityQueryKind { 651 return []EntityQueryKind{EntityQueryKindExpansion, EntityQueryKindInsight} 652} 653 654// EntityTimelineKind enumerates the values for entity timeline kind. 655type EntityTimelineKind string 656 657const ( 658 // EntityTimelineKindActivity activity 659 EntityTimelineKindActivity EntityTimelineKind = "Activity" 660 // EntityTimelineKindBookmark bookmarks 661 EntityTimelineKindBookmark EntityTimelineKind = "Bookmark" 662 // EntityTimelineKindSecurityAlert security alerts 663 EntityTimelineKindSecurityAlert EntityTimelineKind = "SecurityAlert" 664) 665 666// PossibleEntityTimelineKindValues returns an array of possible values for the EntityTimelineKind const type. 667func PossibleEntityTimelineKindValues() []EntityTimelineKind { 668 return []EntityTimelineKind{EntityTimelineKindActivity, EntityTimelineKindBookmark, EntityTimelineKindSecurityAlert} 669} 670 671// EntityType enumerates the values for entity type. 672type EntityType string 673 674const ( 675 // EntityTypeAccount Entity represents account in the system. 676 EntityTypeAccount EntityType = "Account" 677 // EntityTypeAzureResource Entity represents azure resource in the system. 678 EntityTypeAzureResource EntityType = "AzureResource" 679 // EntityTypeCloudApplication Entity represents cloud application in the system. 680 EntityTypeCloudApplication EntityType = "CloudApplication" 681 // EntityTypeDNS Entity represents dns in the system. 682 EntityTypeDNS EntityType = "DNS" 683 // EntityTypeFile Entity represents file in the system. 684 EntityTypeFile EntityType = "File" 685 // EntityTypeFileHash Entity represents file hash in the system. 686 EntityTypeFileHash EntityType = "FileHash" 687 // EntityTypeHost Entity represents host in the system. 688 EntityTypeHost EntityType = "Host" 689 // EntityTypeHuntingBookmark Entity represents HuntingBookmark in the system. 690 EntityTypeHuntingBookmark EntityType = "HuntingBookmark" 691 // EntityTypeIoTDevice Entity represents IoT device in the system. 692 EntityTypeIoTDevice EntityType = "IoTDevice" 693 // EntityTypeIP Entity represents ip in the system. 694 EntityTypeIP EntityType = "IP" 695 // EntityTypeMailbox Entity represents mailbox in the system. 696 EntityTypeMailbox EntityType = "Mailbox" 697 // EntityTypeMailCluster Entity represents mail cluster in the system. 698 EntityTypeMailCluster EntityType = "MailCluster" 699 // EntityTypeMailMessage Entity represents mail message in the system. 700 EntityTypeMailMessage EntityType = "MailMessage" 701 // EntityTypeMalware Entity represents malware in the system. 702 EntityTypeMalware EntityType = "Malware" 703 // EntityTypeProcess Entity represents process in the system. 704 EntityTypeProcess EntityType = "Process" 705 // EntityTypeRegistryKey Entity represents registry key in the system. 706 EntityTypeRegistryKey EntityType = "RegistryKey" 707 // EntityTypeRegistryValue Entity represents registry value in the system. 708 EntityTypeRegistryValue EntityType = "RegistryValue" 709 // EntityTypeSecurityAlert Entity represents security alert in the system. 710 EntityTypeSecurityAlert EntityType = "SecurityAlert" 711 // EntityTypeSecurityGroup Entity represents security group in the system. 712 EntityTypeSecurityGroup EntityType = "SecurityGroup" 713 // EntityTypeSubmissionMail Entity represents submission mail in the system. 714 EntityTypeSubmissionMail EntityType = "SubmissionMail" 715 // EntityTypeURL Entity represents url in the system. 716 EntityTypeURL EntityType = "URL" 717) 718 719// PossibleEntityTypeValues returns an array of possible values for the EntityType const type. 720func PossibleEntityTypeValues() []EntityType { 721 return []EntityType{EntityTypeAccount, EntityTypeAzureResource, EntityTypeCloudApplication, EntityTypeDNS, EntityTypeFile, EntityTypeFileHash, EntityTypeHost, EntityTypeHuntingBookmark, EntityTypeIoTDevice, EntityTypeIP, EntityTypeMailbox, EntityTypeMailCluster, EntityTypeMailMessage, EntityTypeMalware, EntityTypeProcess, EntityTypeRegistryKey, EntityTypeRegistryValue, EntityTypeSecurityAlert, EntityTypeSecurityGroup, EntityTypeSubmissionMail, EntityTypeURL} 722} 723 724// EventGroupingAggregationKind enumerates the values for event grouping aggregation kind. 725type EventGroupingAggregationKind string 726 727const ( 728 // EventGroupingAggregationKindAlertPerResult ... 729 EventGroupingAggregationKindAlertPerResult EventGroupingAggregationKind = "AlertPerResult" 730 // EventGroupingAggregationKindSingleAlert ... 731 EventGroupingAggregationKindSingleAlert EventGroupingAggregationKind = "SingleAlert" 732) 733 734// PossibleEventGroupingAggregationKindValues returns an array of possible values for the EventGroupingAggregationKind const type. 735func PossibleEventGroupingAggregationKindValues() []EventGroupingAggregationKind { 736 return []EventGroupingAggregationKind{EventGroupingAggregationKindAlertPerResult, EventGroupingAggregationKindSingleAlert} 737} 738 739// FileHashAlgorithm enumerates the values for file hash algorithm. 740type FileHashAlgorithm string 741 742const ( 743 // FileHashAlgorithmMD5 MD5 hash type 744 FileHashAlgorithmMD5 FileHashAlgorithm = "MD5" 745 // FileHashAlgorithmSHA1 SHA1 hash type 746 FileHashAlgorithmSHA1 FileHashAlgorithm = "SHA1" 747 // FileHashAlgorithmSHA256 SHA256 hash type 748 FileHashAlgorithmSHA256 FileHashAlgorithm = "SHA256" 749 // FileHashAlgorithmSHA256AC SHA256 Authenticode hash type 750 FileHashAlgorithmSHA256AC FileHashAlgorithm = "SHA256AC" 751 // FileHashAlgorithmUnknown Unknown hash algorithm 752 FileHashAlgorithmUnknown FileHashAlgorithm = "Unknown" 753) 754 755// PossibleFileHashAlgorithmValues returns an array of possible values for the FileHashAlgorithm const type. 756func PossibleFileHashAlgorithmValues() []FileHashAlgorithm { 757 return []FileHashAlgorithm{FileHashAlgorithmMD5, FileHashAlgorithmSHA1, FileHashAlgorithmSHA256, FileHashAlgorithmSHA256AC, FileHashAlgorithmUnknown} 758} 759 760// GroupingEntityType enumerates the values for grouping entity type. 761type GroupingEntityType string 762 763const ( 764 // GroupingEntityTypeAccount Account entity 765 GroupingEntityTypeAccount GroupingEntityType = "Account" 766 // GroupingEntityTypeFileHash FileHash entity 767 GroupingEntityTypeFileHash GroupingEntityType = "FileHash" 768 // GroupingEntityTypeHost Host entity 769 GroupingEntityTypeHost GroupingEntityType = "Host" 770 // GroupingEntityTypeIP Ip entity 771 GroupingEntityTypeIP GroupingEntityType = "Ip" 772 // GroupingEntityTypeURL Url entity 773 GroupingEntityTypeURL GroupingEntityType = "Url" 774) 775 776// PossibleGroupingEntityTypeValues returns an array of possible values for the GroupingEntityType const type. 777func PossibleGroupingEntityTypeValues() []GroupingEntityType { 778 return []GroupingEntityType{GroupingEntityTypeAccount, GroupingEntityTypeFileHash, GroupingEntityTypeHost, GroupingEntityTypeIP, GroupingEntityTypeURL} 779} 780 781// IncidentClassification enumerates the values for incident classification. 782type IncidentClassification string 783 784const ( 785 // IncidentClassificationBenignPositive Incident was benign positive 786 IncidentClassificationBenignPositive IncidentClassification = "BenignPositive" 787 // IncidentClassificationFalsePositive Incident was false positive 788 IncidentClassificationFalsePositive IncidentClassification = "FalsePositive" 789 // IncidentClassificationTruePositive Incident was true positive 790 IncidentClassificationTruePositive IncidentClassification = "TruePositive" 791 // IncidentClassificationUndetermined Incident classification was undetermined 792 IncidentClassificationUndetermined IncidentClassification = "Undetermined" 793) 794 795// PossibleIncidentClassificationValues returns an array of possible values for the IncidentClassification const type. 796func PossibleIncidentClassificationValues() []IncidentClassification { 797 return []IncidentClassification{IncidentClassificationBenignPositive, IncidentClassificationFalsePositive, IncidentClassificationTruePositive, IncidentClassificationUndetermined} 798} 799 800// IncidentClassificationReason enumerates the values for incident classification reason. 801type IncidentClassificationReason string 802 803const ( 804 // IncidentClassificationReasonInaccurateData Classification reason was inaccurate data 805 IncidentClassificationReasonInaccurateData IncidentClassificationReason = "InaccurateData" 806 // IncidentClassificationReasonIncorrectAlertLogic Classification reason was incorrect alert logic 807 IncidentClassificationReasonIncorrectAlertLogic IncidentClassificationReason = "IncorrectAlertLogic" 808 // IncidentClassificationReasonSuspiciousActivity Classification reason was suspicious activity 809 IncidentClassificationReasonSuspiciousActivity IncidentClassificationReason = "SuspiciousActivity" 810 // IncidentClassificationReasonSuspiciousButExpected Classification reason was suspicious but expected 811 IncidentClassificationReasonSuspiciousButExpected IncidentClassificationReason = "SuspiciousButExpected" 812) 813 814// PossibleIncidentClassificationReasonValues returns an array of possible values for the IncidentClassificationReason const type. 815func PossibleIncidentClassificationReasonValues() []IncidentClassificationReason { 816 return []IncidentClassificationReason{IncidentClassificationReasonInaccurateData, IncidentClassificationReasonIncorrectAlertLogic, IncidentClassificationReasonSuspiciousActivity, IncidentClassificationReasonSuspiciousButExpected} 817} 818 819// IncidentLabelType enumerates the values for incident label type. 820type IncidentLabelType string 821 822const ( 823 // IncidentLabelTypeSystem Label automatically created by the system 824 IncidentLabelTypeSystem IncidentLabelType = "System" 825 // IncidentLabelTypeUser Label manually created by a user 826 IncidentLabelTypeUser IncidentLabelType = "User" 827) 828 829// PossibleIncidentLabelTypeValues returns an array of possible values for the IncidentLabelType const type. 830func PossibleIncidentLabelTypeValues() []IncidentLabelType { 831 return []IncidentLabelType{IncidentLabelTypeSystem, IncidentLabelTypeUser} 832} 833 834// IncidentSeverity enumerates the values for incident severity. 835type IncidentSeverity string 836 837const ( 838 // IncidentSeverityHigh High severity 839 IncidentSeverityHigh IncidentSeverity = "High" 840 // IncidentSeverityInformational Informational severity 841 IncidentSeverityInformational IncidentSeverity = "Informational" 842 // IncidentSeverityLow Low severity 843 IncidentSeverityLow IncidentSeverity = "Low" 844 // IncidentSeverityMedium Medium severity 845 IncidentSeverityMedium IncidentSeverity = "Medium" 846) 847 848// PossibleIncidentSeverityValues returns an array of possible values for the IncidentSeverity const type. 849func PossibleIncidentSeverityValues() []IncidentSeverity { 850 return []IncidentSeverity{IncidentSeverityHigh, IncidentSeverityInformational, IncidentSeverityLow, IncidentSeverityMedium} 851} 852 853// IncidentStatus enumerates the values for incident status. 854type IncidentStatus string 855 856const ( 857 // IncidentStatusActive An active incident which is being handled 858 IncidentStatusActive IncidentStatus = "Active" 859 // IncidentStatusClosed A non-active incident 860 IncidentStatusClosed IncidentStatus = "Closed" 861 // IncidentStatusNew An active incident which isn't being handled currently 862 IncidentStatusNew IncidentStatus = "New" 863) 864 865// PossibleIncidentStatusValues returns an array of possible values for the IncidentStatus const type. 866func PossibleIncidentStatusValues() []IncidentStatus { 867 return []IncidentStatus{IncidentStatusActive, IncidentStatusClosed, IncidentStatusNew} 868} 869 870// KillChainIntent enumerates the values for kill chain intent. 871type KillChainIntent string 872 873const ( 874 // KillChainIntentCollection Collection consists of techniques used to identify and gather information, 875 // such as sensitive files, from a target network prior to exfiltration. This category also covers 876 // locations on a system or network where the adversary may look for information to exfiltrate. 877 KillChainIntentCollection KillChainIntent = "Collection" 878 // KillChainIntentCommandAndControl The command and control tactic represents how adversaries communicate 879 // with systems under their control within a target network. 880 KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl" 881 // KillChainIntentCredentialAccess Credential access represents techniques resulting in access to or 882 // control over system, domain, or service credentials that are used within an enterprise environment. 883 // Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts 884 // (local system administrator or domain users with administrator access) to use within the network. With 885 // sufficient access within a network, an adversary can create accounts for later use within the 886 // environment. 887 KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess" 888 // KillChainIntentDefenseEvasion Defense evasion consists of techniques an adversary may use to evade 889 // detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques 890 // in other categories that have the added benefit of subverting a particular defense or mitigation. 891 KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion" 892 // KillChainIntentDiscovery Discovery consists of techniques that allow the adversary to gain knowledge 893 // about the system and internal network. When adversaries gain access to a new system, they must orient 894 // themselves to what they now have control of and what benefits operating from that system give to their 895 // current objective or overall goals during the intrusion. The operating system provides many native tools 896 // that aid in this post-compromise information-gathering phase. 897 KillChainIntentDiscovery KillChainIntent = "Discovery" 898 // KillChainIntentExecution The execution tactic represents techniques that result in execution of 899 // adversary-controlled code on a local or remote system. This tactic is often used in conjunction with 900 // lateral movement to expand access to remote systems on a network. 901 KillChainIntentExecution KillChainIntent = "Execution" 902 // KillChainIntentExfiltration Exfiltration refers to techniques and attributes that result or aid in the 903 // adversary removing files and information from a target network. This category also covers locations on a 904 // system or network where the adversary may look for information to exfiltrate. 905 KillChainIntentExfiltration KillChainIntent = "Exfiltration" 906 // KillChainIntentExploitation Exploitation is the stage where an attacker manage to get foothold on the 907 // attacked resource. This stage is applicable not only for compute hosts, but also for resources such as 908 // user accounts, certificates etc. Adversaries will often be able to control the resource after this 909 // stage. 910 KillChainIntentExploitation KillChainIntent = "Exploitation" 911 // KillChainIntentImpact The impact intent primary objective is to directly reduce the availability or 912 // integrity of a system, service, or network; including manipulation of data to impact a business or 913 // operational process. This would often refer to techniques such as ransom-ware, defacement, data 914 // manipulation and others. 915 KillChainIntentImpact KillChainIntent = "Impact" 916 // KillChainIntentLateralMovement Lateral movement consists of techniques that enable an adversary to 917 // access and control remote systems on a network and could, but does not necessarily, include execution of 918 // tools on remote systems. The lateral movement techniques could allow an adversary to gather information 919 // from a system without needing additional tools, such as a remote access tool. An adversary can use 920 // lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, 921 // access to specific information or files, access to additional credentials, or to cause an effect. 922 KillChainIntentLateralMovement KillChainIntent = "LateralMovement" 923 // KillChainIntentPersistence Persistence is any access, action, or configuration change to a system that 924 // gives an adversary a persistent presence on that system. Adversaries will often need to maintain access 925 // to systems through interruptions such as system restarts, loss of credentials, or other failures that 926 // would require a remote access tool to restart or alternate backdoor for them to regain access. 927 KillChainIntentPersistence KillChainIntent = "Persistence" 928 // KillChainIntentPrivilegeEscalation Privilege escalation is the result of actions that allow an adversary 929 // to obtain a higher level of permissions on a system or network. Certain tools or actions require a 930 // higher level of privilege to work and are likely necessary at many points throughout an operation. User 931 // accounts with permissions to access specific systems or perform specific functions necessary for 932 // adversaries to achieve their objective may also be considered an escalation of privilege. 933 KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation" 934 // KillChainIntentProbing Probing could be an attempt to access a certain resource regardless of a 935 // malicious intent or a failed attempt to gain access to a target system to gather information prior to 936 // exploitation. This step is usually detected as an attempt originating from outside the network in 937 // attempt to scan the target system and find a way in. 938 KillChainIntentProbing KillChainIntent = "Probing" 939 // KillChainIntentUnknown The default value. 940 KillChainIntentUnknown KillChainIntent = "Unknown" 941) 942 943// PossibleKillChainIntentValues returns an array of possible values for the KillChainIntent const type. 944func PossibleKillChainIntentValues() []KillChainIntent { 945 return []KillChainIntent{KillChainIntentCollection, KillChainIntentCommandAndControl, KillChainIntentCredentialAccess, KillChainIntentDefenseEvasion, KillChainIntentDiscovery, KillChainIntentExecution, KillChainIntentExfiltration, KillChainIntentExploitation, KillChainIntentImpact, KillChainIntentLateralMovement, KillChainIntentPersistence, KillChainIntentPrivilegeEscalation, KillChainIntentProbing, KillChainIntentUnknown} 946} 947 948// Kind enumerates the values for kind. 949type Kind string 950 951const ( 952 // KindAggregations ... 953 KindAggregations Kind = "Aggregations" 954 // KindCasesAggregation ... 955 KindCasesAggregation Kind = "CasesAggregation" 956) 957 958// PossibleKindValues returns an array of possible values for the Kind const type. 959func PossibleKindValues() []Kind { 960 return []Kind{KindAggregations, KindCasesAggregation} 961} 962 963// KindBasicAlertRule enumerates the values for kind basic alert rule. 964type KindBasicAlertRule string 965 966const ( 967 // KindBasicAlertRuleKindAlertRule ... 968 KindBasicAlertRuleKindAlertRule KindBasicAlertRule = "AlertRule" 969 // KindBasicAlertRuleKindFusion ... 970 KindBasicAlertRuleKindFusion KindBasicAlertRule = "Fusion" 971 // KindBasicAlertRuleKindMicrosoftSecurityIncidentCreation ... 972 KindBasicAlertRuleKindMicrosoftSecurityIncidentCreation KindBasicAlertRule = "MicrosoftSecurityIncidentCreation" 973 // KindBasicAlertRuleKindMLBehaviorAnalytics ... 974 KindBasicAlertRuleKindMLBehaviorAnalytics KindBasicAlertRule = "MLBehaviorAnalytics" 975 // KindBasicAlertRuleKindScheduled ... 976 KindBasicAlertRuleKindScheduled KindBasicAlertRule = "Scheduled" 977 // KindBasicAlertRuleKindThreatIntelligence ... 978 KindBasicAlertRuleKindThreatIntelligence KindBasicAlertRule = "ThreatIntelligence" 979) 980 981// PossibleKindBasicAlertRuleValues returns an array of possible values for the KindBasicAlertRule const type. 982func PossibleKindBasicAlertRuleValues() []KindBasicAlertRule { 983 return []KindBasicAlertRule{KindBasicAlertRuleKindAlertRule, KindBasicAlertRuleKindFusion, KindBasicAlertRuleKindMicrosoftSecurityIncidentCreation, KindBasicAlertRuleKindMLBehaviorAnalytics, KindBasicAlertRuleKindScheduled, KindBasicAlertRuleKindThreatIntelligence} 984} 985 986// KindBasicAlertRuleTemplate enumerates the values for kind basic alert rule template. 987type KindBasicAlertRuleTemplate string 988 989const ( 990 // KindBasicAlertRuleTemplateKindAlertRuleTemplate ... 991 KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = "AlertRuleTemplate" 992 // KindBasicAlertRuleTemplateKindFusion ... 993 KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = "Fusion" 994 // KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation ... 995 KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation KindBasicAlertRuleTemplate = "MicrosoftSecurityIncidentCreation" 996 // KindBasicAlertRuleTemplateKindMLBehaviorAnalytics ... 997 KindBasicAlertRuleTemplateKindMLBehaviorAnalytics KindBasicAlertRuleTemplate = "MLBehaviorAnalytics" 998 // KindBasicAlertRuleTemplateKindScheduled ... 999 KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = "Scheduled" 1000 // KindBasicAlertRuleTemplateKindThreatIntelligence ... 1001 KindBasicAlertRuleTemplateKindThreatIntelligence KindBasicAlertRuleTemplate = "ThreatIntelligence" 1002) 1003 1004// PossibleKindBasicAlertRuleTemplateValues returns an array of possible values for the KindBasicAlertRuleTemplate const type. 1005func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate { 1006 return []KindBasicAlertRuleTemplate{KindBasicAlertRuleTemplateKindAlertRuleTemplate, KindBasicAlertRuleTemplateKindFusion, KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation, KindBasicAlertRuleTemplateKindMLBehaviorAnalytics, KindBasicAlertRuleTemplateKindScheduled, KindBasicAlertRuleTemplateKindThreatIntelligence} 1007} 1008 1009// KindBasicDataConnector enumerates the values for kind basic data connector. 1010type KindBasicDataConnector string 1011 1012const ( 1013 // KindBasicDataConnectorKindAmazonWebServicesCloudTrail ... 1014 KindBasicDataConnectorKindAmazonWebServicesCloudTrail KindBasicDataConnector = "AmazonWebServicesCloudTrail" 1015 // KindBasicDataConnectorKindAzureActiveDirectory ... 1016 KindBasicDataConnectorKindAzureActiveDirectory KindBasicDataConnector = "AzureActiveDirectory" 1017 // KindBasicDataConnectorKindAzureAdvancedThreatProtection ... 1018 KindBasicDataConnectorKindAzureAdvancedThreatProtection KindBasicDataConnector = "AzureAdvancedThreatProtection" 1019 // KindBasicDataConnectorKindAzureSecurityCenter ... 1020 KindBasicDataConnectorKindAzureSecurityCenter KindBasicDataConnector = "AzureSecurityCenter" 1021 // KindBasicDataConnectorKindDataConnector ... 1022 KindBasicDataConnectorKindDataConnector KindBasicDataConnector = "DataConnector" 1023 // KindBasicDataConnectorKindDynamics365 ... 1024 KindBasicDataConnectorKindDynamics365 KindBasicDataConnector = "Dynamics365" 1025 // KindBasicDataConnectorKindMicrosoftCloudAppSecurity ... 1026 KindBasicDataConnectorKindMicrosoftCloudAppSecurity KindBasicDataConnector = "MicrosoftCloudAppSecurity" 1027 // KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection ... 1028 KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = "MicrosoftDefenderAdvancedThreatProtection" 1029 // KindBasicDataConnectorKindMicrosoftThreatIntelligence ... 1030 KindBasicDataConnectorKindMicrosoftThreatIntelligence KindBasicDataConnector = "MicrosoftThreatIntelligence" 1031 // KindBasicDataConnectorKindMicrosoftThreatProtection ... 1032 KindBasicDataConnectorKindMicrosoftThreatProtection KindBasicDataConnector = "MicrosoftThreatProtection" 1033 // KindBasicDataConnectorKindOffice365 ... 1034 KindBasicDataConnectorKindOffice365 KindBasicDataConnector = "Office365" 1035 // KindBasicDataConnectorKindOfficeATP ... 1036 KindBasicDataConnectorKindOfficeATP KindBasicDataConnector = "OfficeATP" 1037 // KindBasicDataConnectorKindThreatIntelligence ... 1038 KindBasicDataConnectorKindThreatIntelligence KindBasicDataConnector = "ThreatIntelligence" 1039 // KindBasicDataConnectorKindThreatIntelligenceTaxii ... 1040 KindBasicDataConnectorKindThreatIntelligenceTaxii KindBasicDataConnector = "ThreatIntelligenceTaxii" 1041) 1042 1043// PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type. 1044func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector { 1045 return []KindBasicDataConnector{KindBasicDataConnectorKindAmazonWebServicesCloudTrail, KindBasicDataConnectorKindAzureActiveDirectory, KindBasicDataConnectorKindAzureAdvancedThreatProtection, KindBasicDataConnectorKindAzureSecurityCenter, KindBasicDataConnectorKindDataConnector, KindBasicDataConnectorKindDynamics365, KindBasicDataConnectorKindMicrosoftCloudAppSecurity, KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection, KindBasicDataConnectorKindMicrosoftThreatIntelligence, KindBasicDataConnectorKindMicrosoftThreatProtection, KindBasicDataConnectorKindOffice365, KindBasicDataConnectorKindOfficeATP, KindBasicDataConnectorKindThreatIntelligence, KindBasicDataConnectorKindThreatIntelligenceTaxii} 1046} 1047 1048// KindBasicDataConnectorsCheckRequirements enumerates the values for kind basic data connectors check 1049// requirements. 1050type KindBasicDataConnectorsCheckRequirements string 1051 1052const ( 1053 // KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail ... 1054 KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail KindBasicDataConnectorsCheckRequirements = "AmazonWebServicesCloudTrail" 1055 // KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory ... 1056 KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory KindBasicDataConnectorsCheckRequirements = "AzureActiveDirectory" 1057 // KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection ... 1058 KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection KindBasicDataConnectorsCheckRequirements = "AzureAdvancedThreatProtection" 1059 // KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter ... 1060 KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter KindBasicDataConnectorsCheckRequirements = "AzureSecurityCenter" 1061 // KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements ... 1062 KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements KindBasicDataConnectorsCheckRequirements = "DataConnectorsCheckRequirements" 1063 // KindBasicDataConnectorsCheckRequirementsKindDynamics365 ... 1064 KindBasicDataConnectorsCheckRequirementsKindDynamics365 KindBasicDataConnectorsCheckRequirements = "Dynamics365" 1065 // KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity ... 1066 KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity KindBasicDataConnectorsCheckRequirements = "MicrosoftCloudAppSecurity" 1067 // KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection ... 1068 KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnectorsCheckRequirements = "MicrosoftDefenderAdvancedThreatProtection" 1069 // KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence ... 1070 KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence KindBasicDataConnectorsCheckRequirements = "MicrosoftThreatIntelligence" 1071 // KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection ... 1072 KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection KindBasicDataConnectorsCheckRequirements = "MicrosoftThreatProtection" 1073 // KindBasicDataConnectorsCheckRequirementsKindOfficeATP ... 1074 KindBasicDataConnectorsCheckRequirementsKindOfficeATP KindBasicDataConnectorsCheckRequirements = "OfficeATP" 1075 // KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence ... 1076 KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence KindBasicDataConnectorsCheckRequirements = "ThreatIntelligence" 1077 // KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii ... 1078 KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii KindBasicDataConnectorsCheckRequirements = "ThreatIntelligenceTaxii" 1079) 1080 1081// PossibleKindBasicDataConnectorsCheckRequirementsValues returns an array of possible values for the KindBasicDataConnectorsCheckRequirements const type. 1082func PossibleKindBasicDataConnectorsCheckRequirementsValues() []KindBasicDataConnectorsCheckRequirements { 1083 return []KindBasicDataConnectorsCheckRequirements{KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail, KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory, KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection, KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter, KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements, KindBasicDataConnectorsCheckRequirementsKindDynamics365, KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity, KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection, KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence, KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection, KindBasicDataConnectorsCheckRequirementsKindOfficeATP, KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence, KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii} 1084} 1085 1086// KindBasicEntity enumerates the values for kind basic entity. 1087type KindBasicEntity string 1088 1089const ( 1090 // KindBasicEntityKindAccount ... 1091 KindBasicEntityKindAccount KindBasicEntity = "Account" 1092 // KindBasicEntityKindAzureResource ... 1093 KindBasicEntityKindAzureResource KindBasicEntity = "AzureResource" 1094 // KindBasicEntityKindBookmark ... 1095 KindBasicEntityKindBookmark KindBasicEntity = "Bookmark" 1096 // KindBasicEntityKindCloudApplication ... 1097 KindBasicEntityKindCloudApplication KindBasicEntity = "CloudApplication" 1098 // KindBasicEntityKindDNSResolution ... 1099 KindBasicEntityKindDNSResolution KindBasicEntity = "DnsResolution" 1100 // KindBasicEntityKindEntity ... 1101 KindBasicEntityKindEntity KindBasicEntity = "Entity" 1102 // KindBasicEntityKindFile ... 1103 KindBasicEntityKindFile KindBasicEntity = "File" 1104 // KindBasicEntityKindFileHash ... 1105 KindBasicEntityKindFileHash KindBasicEntity = "FileHash" 1106 // KindBasicEntityKindHost ... 1107 KindBasicEntityKindHost KindBasicEntity = "Host" 1108 // KindBasicEntityKindIoTDevice ... 1109 KindBasicEntityKindIoTDevice KindBasicEntity = "IoTDevice" 1110 // KindBasicEntityKindIP ... 1111 KindBasicEntityKindIP KindBasicEntity = "Ip" 1112 // KindBasicEntityKindMailbox ... 1113 KindBasicEntityKindMailbox KindBasicEntity = "Mailbox" 1114 // KindBasicEntityKindMailCluster ... 1115 KindBasicEntityKindMailCluster KindBasicEntity = "MailCluster" 1116 // KindBasicEntityKindMailMessage ... 1117 KindBasicEntityKindMailMessage KindBasicEntity = "MailMessage" 1118 // KindBasicEntityKindMalware ... 1119 KindBasicEntityKindMalware KindBasicEntity = "Malware" 1120 // KindBasicEntityKindProcess ... 1121 KindBasicEntityKindProcess KindBasicEntity = "Process" 1122 // KindBasicEntityKindRegistryKey ... 1123 KindBasicEntityKindRegistryKey KindBasicEntity = "RegistryKey" 1124 // KindBasicEntityKindRegistryValue ... 1125 KindBasicEntityKindRegistryValue KindBasicEntity = "RegistryValue" 1126 // KindBasicEntityKindSecurityAlert ... 1127 KindBasicEntityKindSecurityAlert KindBasicEntity = "SecurityAlert" 1128 // KindBasicEntityKindSecurityGroup ... 1129 KindBasicEntityKindSecurityGroup KindBasicEntity = "SecurityGroup" 1130 // KindBasicEntityKindSubmissionMail ... 1131 KindBasicEntityKindSubmissionMail KindBasicEntity = "SubmissionMail" 1132 // KindBasicEntityKindURL ... 1133 KindBasicEntityKindURL KindBasicEntity = "Url" 1134) 1135 1136// PossibleKindBasicEntityValues returns an array of possible values for the KindBasicEntity const type. 1137func PossibleKindBasicEntityValues() []KindBasicEntity { 1138 return []KindBasicEntity{KindBasicEntityKindAccount, KindBasicEntityKindAzureResource, KindBasicEntityKindBookmark, KindBasicEntityKindCloudApplication, KindBasicEntityKindDNSResolution, KindBasicEntityKindEntity, KindBasicEntityKindFile, KindBasicEntityKindFileHash, KindBasicEntityKindHost, KindBasicEntityKindIoTDevice, KindBasicEntityKindIP, KindBasicEntityKindMailbox, KindBasicEntityKindMailCluster, KindBasicEntityKindMailMessage, KindBasicEntityKindMalware, KindBasicEntityKindProcess, KindBasicEntityKindRegistryKey, KindBasicEntityKindRegistryValue, KindBasicEntityKindSecurityAlert, KindBasicEntityKindSecurityGroup, KindBasicEntityKindSubmissionMail, KindBasicEntityKindURL} 1139} 1140 1141// KindBasicEntityQuery enumerates the values for kind basic entity query. 1142type KindBasicEntityQuery string 1143 1144const ( 1145 // KindBasicEntityQueryKindEntityQuery ... 1146 KindBasicEntityQueryKindEntityQuery KindBasicEntityQuery = "EntityQuery" 1147 // KindBasicEntityQueryKindExpansion ... 1148 KindBasicEntityQueryKindExpansion KindBasicEntityQuery = "Expansion" 1149) 1150 1151// PossibleKindBasicEntityQueryValues returns an array of possible values for the KindBasicEntityQuery const type. 1152func PossibleKindBasicEntityQueryValues() []KindBasicEntityQuery { 1153 return []KindBasicEntityQuery{KindBasicEntityQueryKindEntityQuery, KindBasicEntityQueryKindExpansion} 1154} 1155 1156// KindBasicEntityTimelineItem enumerates the values for kind basic entity timeline item. 1157type KindBasicEntityTimelineItem string 1158 1159const ( 1160 // KindBasicEntityTimelineItemKindActivity ... 1161 KindBasicEntityTimelineItemKindActivity KindBasicEntityTimelineItem = "Activity" 1162 // KindBasicEntityTimelineItemKindBookmark ... 1163 KindBasicEntityTimelineItemKindBookmark KindBasicEntityTimelineItem = "Bookmark" 1164 // KindBasicEntityTimelineItemKindEntityTimelineItem ... 1165 KindBasicEntityTimelineItemKindEntityTimelineItem KindBasicEntityTimelineItem = "EntityTimelineItem" 1166 // KindBasicEntityTimelineItemKindSecurityAlert ... 1167 KindBasicEntityTimelineItemKindSecurityAlert KindBasicEntityTimelineItem = "SecurityAlert" 1168) 1169 1170// PossibleKindBasicEntityTimelineItemValues returns an array of possible values for the KindBasicEntityTimelineItem const type. 1171func PossibleKindBasicEntityTimelineItemValues() []KindBasicEntityTimelineItem { 1172 return []KindBasicEntityTimelineItem{KindBasicEntityTimelineItemKindActivity, KindBasicEntityTimelineItemKindBookmark, KindBasicEntityTimelineItemKindEntityTimelineItem, KindBasicEntityTimelineItemKindSecurityAlert} 1173} 1174 1175// KindBasicSettings enumerates the values for kind basic settings. 1176type KindBasicSettings string 1177 1178const ( 1179 // KindBasicSettingsKindEntityAnalytics ... 1180 KindBasicSettingsKindEntityAnalytics KindBasicSettings = "EntityAnalytics" 1181 // KindBasicSettingsKindEyesOn ... 1182 KindBasicSettingsKindEyesOn KindBasicSettings = "EyesOn" 1183 // KindBasicSettingsKindIPSyncer ... 1184 KindBasicSettingsKindIPSyncer KindBasicSettings = "IPSyncer" 1185 // KindBasicSettingsKindSettings ... 1186 KindBasicSettingsKindSettings KindBasicSettings = "Settings" 1187 // KindBasicSettingsKindUeba ... 1188 KindBasicSettingsKindUeba KindBasicSettings = "Ueba" 1189) 1190 1191// PossibleKindBasicSettingsValues returns an array of possible values for the KindBasicSettings const type. 1192func PossibleKindBasicSettingsValues() []KindBasicSettings { 1193 return []KindBasicSettings{KindBasicSettingsKindEntityAnalytics, KindBasicSettingsKindEyesOn, KindBasicSettingsKindIPSyncer, KindBasicSettingsKindSettings, KindBasicSettingsKindUeba} 1194} 1195 1196// KindBasicThreatIntelligenceInformation enumerates the values for kind basic threat intelligence information. 1197type KindBasicThreatIntelligenceInformation string 1198 1199const ( 1200 // KindBasicThreatIntelligenceInformationKindIndicator ... 1201 KindBasicThreatIntelligenceInformationKindIndicator KindBasicThreatIntelligenceInformation = "indicator" 1202 // KindBasicThreatIntelligenceInformationKindThreatIntelligenceInformation ... 1203 KindBasicThreatIntelligenceInformationKindThreatIntelligenceInformation KindBasicThreatIntelligenceInformation = "ThreatIntelligenceInformation" 1204) 1205 1206// PossibleKindBasicThreatIntelligenceInformationValues returns an array of possible values for the KindBasicThreatIntelligenceInformation const type. 1207func PossibleKindBasicThreatIntelligenceInformationValues() []KindBasicThreatIntelligenceInformation { 1208 return []KindBasicThreatIntelligenceInformation{KindBasicThreatIntelligenceInformationKindIndicator, KindBasicThreatIntelligenceInformationKindThreatIntelligenceInformation} 1209} 1210 1211// MicrosoftSecurityProductName enumerates the values for microsoft security product name. 1212type MicrosoftSecurityProductName string 1213 1214const ( 1215 // MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection ... 1216 MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection" 1217 // MicrosoftSecurityProductNameAzureAdvancedThreatProtection ... 1218 MicrosoftSecurityProductNameAzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection" 1219 // MicrosoftSecurityProductNameAzureSecurityCenter ... 1220 MicrosoftSecurityProductNameAzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center" 1221 // MicrosoftSecurityProductNameAzureSecurityCenterforIoT ... 1222 MicrosoftSecurityProductNameAzureSecurityCenterforIoT MicrosoftSecurityProductName = "Azure Security Center for IoT" 1223 // MicrosoftSecurityProductNameMicrosoftCloudAppSecurity ... 1224 MicrosoftSecurityProductNameMicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security" 1225 // MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection ... 1226 MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection MicrosoftSecurityProductName = "Microsoft Defender Advanced Threat Protection" 1227 // MicrosoftSecurityProductNameOffice365AdvancedThreatProtection ... 1228 MicrosoftSecurityProductNameOffice365AdvancedThreatProtection MicrosoftSecurityProductName = "Office 365 Advanced Threat Protection" 1229) 1230 1231// PossibleMicrosoftSecurityProductNameValues returns an array of possible values for the MicrosoftSecurityProductName const type. 1232func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName { 1233 return []MicrosoftSecurityProductName{MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection, MicrosoftSecurityProductNameAzureAdvancedThreatProtection, MicrosoftSecurityProductNameAzureSecurityCenter, MicrosoftSecurityProductNameAzureSecurityCenterforIoT, MicrosoftSecurityProductNameMicrosoftCloudAppSecurity, MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection, MicrosoftSecurityProductNameOffice365AdvancedThreatProtection} 1234} 1235 1236// OSFamily enumerates the values for os family. 1237type OSFamily string 1238 1239const ( 1240 // OSFamilyAndroid Host with Android operating system. 1241 OSFamilyAndroid OSFamily = "Android" 1242 // OSFamilyIOS Host with IOS operating system. 1243 OSFamilyIOS OSFamily = "IOS" 1244 // OSFamilyLinux Host with Linux operating system. 1245 OSFamilyLinux OSFamily = "Linux" 1246 // OSFamilyUnknown Host with Unknown operating system. 1247 OSFamilyUnknown OSFamily = "Unknown" 1248 // OSFamilyWindows Host with Windows operating system. 1249 OSFamilyWindows OSFamily = "Windows" 1250) 1251 1252// PossibleOSFamilyValues returns an array of possible values for the OSFamily const type. 1253func PossibleOSFamilyValues() []OSFamily { 1254 return []OSFamily{OSFamilyAndroid, OSFamilyIOS, OSFamilyLinux, OSFamilyUnknown, OSFamilyWindows} 1255} 1256 1257// OutputType enumerates the values for output type. 1258type OutputType string 1259 1260const ( 1261 // OutputTypeDate ... 1262 OutputTypeDate OutputType = "Date" 1263 // OutputTypeEntity ... 1264 OutputTypeEntity OutputType = "Entity" 1265 // OutputTypeNumber ... 1266 OutputTypeNumber OutputType = "Number" 1267 // OutputTypeString ... 1268 OutputTypeString OutputType = "String" 1269) 1270 1271// PossibleOutputTypeValues returns an array of possible values for the OutputType const type. 1272func PossibleOutputTypeValues() []OutputType { 1273 return []OutputType{OutputTypeDate, OutputTypeEntity, OutputTypeNumber, OutputTypeString} 1274} 1275 1276// PollingFrequency enumerates the values for polling frequency. 1277type PollingFrequency string 1278 1279const ( 1280 // PollingFrequencyOnceADay Once a day 1281 PollingFrequencyOnceADay PollingFrequency = "OnceADay" 1282 // PollingFrequencyOnceAMinute Once a minute 1283 PollingFrequencyOnceAMinute PollingFrequency = "OnceAMinute" 1284 // PollingFrequencyOnceAnHour Once an hour 1285 PollingFrequencyOnceAnHour PollingFrequency = "OnceAnHour" 1286) 1287 1288// PossiblePollingFrequencyValues returns an array of possible values for the PollingFrequency const type. 1289func PossiblePollingFrequencyValues() []PollingFrequency { 1290 return []PollingFrequency{PollingFrequencyOnceADay, PollingFrequencyOnceAMinute, PollingFrequencyOnceAnHour} 1291} 1292 1293// RegistryHive enumerates the values for registry hive. 1294type RegistryHive string 1295 1296const ( 1297 // RegistryHiveHKEYA HKEY_A 1298 RegistryHiveHKEYA RegistryHive = "HKEY_A" 1299 // RegistryHiveHKEYCLASSESROOT HKEY_CLASSES_ROOT 1300 RegistryHiveHKEYCLASSESROOT RegistryHive = "HKEY_CLASSES_ROOT" 1301 // RegistryHiveHKEYCURRENTCONFIG HKEY_CURRENT_CONFIG 1302 RegistryHiveHKEYCURRENTCONFIG RegistryHive = "HKEY_CURRENT_CONFIG" 1303 // RegistryHiveHKEYCURRENTUSER HKEY_CURRENT_USER 1304 RegistryHiveHKEYCURRENTUSER RegistryHive = "HKEY_CURRENT_USER" 1305 // RegistryHiveHKEYCURRENTUSERLOCALSETTINGS HKEY_CURRENT_USER_LOCAL_SETTINGS 1306 RegistryHiveHKEYCURRENTUSERLOCALSETTINGS RegistryHive = "HKEY_CURRENT_USER_LOCAL_SETTINGS" 1307 // RegistryHiveHKEYLOCALMACHINE HKEY_LOCAL_MACHINE 1308 RegistryHiveHKEYLOCALMACHINE RegistryHive = "HKEY_LOCAL_MACHINE" 1309 // RegistryHiveHKEYPERFORMANCEDATA HKEY_PERFORMANCE_DATA 1310 RegistryHiveHKEYPERFORMANCEDATA RegistryHive = "HKEY_PERFORMANCE_DATA" 1311 // RegistryHiveHKEYPERFORMANCENLSTEXT HKEY_PERFORMANCE_NLSTEXT 1312 RegistryHiveHKEYPERFORMANCENLSTEXT RegistryHive = "HKEY_PERFORMANCE_NLSTEXT" 1313 // RegistryHiveHKEYPERFORMANCETEXT HKEY_PERFORMANCE_TEXT 1314 RegistryHiveHKEYPERFORMANCETEXT RegistryHive = "HKEY_PERFORMANCE_TEXT" 1315 // RegistryHiveHKEYUSERS HKEY_USERS 1316 RegistryHiveHKEYUSERS RegistryHive = "HKEY_USERS" 1317) 1318 1319// PossibleRegistryHiveValues returns an array of possible values for the RegistryHive const type. 1320func PossibleRegistryHiveValues() []RegistryHive { 1321 return []RegistryHive{RegistryHiveHKEYA, RegistryHiveHKEYCLASSESROOT, RegistryHiveHKEYCURRENTCONFIG, RegistryHiveHKEYCURRENTUSER, RegistryHiveHKEYCURRENTUSERLOCALSETTINGS, RegistryHiveHKEYLOCALMACHINE, RegistryHiveHKEYPERFORMANCEDATA, RegistryHiveHKEYPERFORMANCENLSTEXT, RegistryHiveHKEYPERFORMANCETEXT, RegistryHiveHKEYUSERS} 1322} 1323 1324// RegistryValueKind enumerates the values for registry value kind. 1325type RegistryValueKind string 1326 1327const ( 1328 // RegistryValueKindBinary Binary value type 1329 RegistryValueKindBinary RegistryValueKind = "Binary" 1330 // RegistryValueKindDWord DWord value type 1331 RegistryValueKindDWord RegistryValueKind = "DWord" 1332 // RegistryValueKindExpandString ExpandString value type 1333 RegistryValueKindExpandString RegistryValueKind = "ExpandString" 1334 // RegistryValueKindMultiString MultiString value type 1335 RegistryValueKindMultiString RegistryValueKind = "MultiString" 1336 // RegistryValueKindNone None 1337 RegistryValueKindNone RegistryValueKind = "None" 1338 // RegistryValueKindQWord QWord value type 1339 RegistryValueKindQWord RegistryValueKind = "QWord" 1340 // RegistryValueKindString String value type 1341 RegistryValueKindString RegistryValueKind = "String" 1342 // RegistryValueKindUnknown Unknown value type 1343 RegistryValueKindUnknown RegistryValueKind = "Unknown" 1344) 1345 1346// PossibleRegistryValueKindValues returns an array of possible values for the RegistryValueKind const type. 1347func PossibleRegistryValueKindValues() []RegistryValueKind { 1348 return []RegistryValueKind{RegistryValueKindBinary, RegistryValueKindDWord, RegistryValueKindExpandString, RegistryValueKindMultiString, RegistryValueKindNone, RegistryValueKindQWord, RegistryValueKindString, RegistryValueKindUnknown} 1349} 1350 1351// RelationNodeKind enumerates the values for relation node kind. 1352type RelationNodeKind string 1353 1354const ( 1355 // RelationNodeKindBookmark Bookmark node part of the relation 1356 RelationNodeKindBookmark RelationNodeKind = "Bookmark" 1357 // RelationNodeKindCase Case node part of the relation 1358 RelationNodeKindCase RelationNodeKind = "Case" 1359) 1360 1361// PossibleRelationNodeKindValues returns an array of possible values for the RelationNodeKind const type. 1362func PossibleRelationNodeKindValues() []RelationNodeKind { 1363 return []RelationNodeKind{RelationNodeKindBookmark, RelationNodeKindCase} 1364} 1365 1366// RelationTypes enumerates the values for relation types. 1367type RelationTypes string 1368 1369const ( 1370 // RelationTypesCasesToBookmarks Relations between cases and bookmarks 1371 RelationTypesCasesToBookmarks RelationTypes = "CasesToBookmarks" 1372) 1373 1374// PossibleRelationTypesValues returns an array of possible values for the RelationTypes const type. 1375func PossibleRelationTypesValues() []RelationTypes { 1376 return []RelationTypes{RelationTypesCasesToBookmarks} 1377} 1378 1379// SettingKind enumerates the values for setting kind. 1380type SettingKind string 1381 1382const ( 1383 // SettingKindEntityAnalytics ... 1384 SettingKindEntityAnalytics SettingKind = "EntityAnalytics" 1385 // SettingKindEyesOn ... 1386 SettingKindEyesOn SettingKind = "EyesOn" 1387 // SettingKindUeba ... 1388 SettingKindUeba SettingKind = "Ueba" 1389) 1390 1391// PossibleSettingKindValues returns an array of possible values for the SettingKind const type. 1392func PossibleSettingKindValues() []SettingKind { 1393 return []SettingKind{SettingKindEntityAnalytics, SettingKindEyesOn, SettingKindUeba} 1394} 1395 1396// Source enumerates the values for source. 1397type Source string 1398 1399const ( 1400 // SourceLocalfile ... 1401 SourceLocalfile Source = "Local file" 1402 // SourceRemotestorage ... 1403 SourceRemotestorage Source = "Remote storage" 1404) 1405 1406// PossibleSourceValues returns an array of possible values for the Source const type. 1407func PossibleSourceValues() []Source { 1408 return []Source{SourceLocalfile, SourceRemotestorage} 1409} 1410 1411// TemplateStatus enumerates the values for template status. 1412type TemplateStatus string 1413 1414const ( 1415 // TemplateStatusAvailable Alert rule template is available. 1416 TemplateStatusAvailable TemplateStatus = "Available" 1417 // TemplateStatusInstalled Alert rule template installed. and can not use more then once 1418 TemplateStatusInstalled TemplateStatus = "Installed" 1419 // TemplateStatusNotAvailable Alert rule template is not available 1420 TemplateStatusNotAvailable TemplateStatus = "NotAvailable" 1421) 1422 1423// PossibleTemplateStatusValues returns an array of possible values for the TemplateStatus const type. 1424func PossibleTemplateStatusValues() []TemplateStatus { 1425 return []TemplateStatus{TemplateStatusAvailable, TemplateStatusInstalled, TemplateStatusNotAvailable} 1426} 1427 1428// ThreatIntelligenceResourceKind enumerates the values for threat intelligence resource kind. 1429type ThreatIntelligenceResourceKind string 1430 1431const ( 1432 // ThreatIntelligenceResourceKindIndicator Entity represents threat intelligence indicator in the system. 1433 ThreatIntelligenceResourceKindIndicator ThreatIntelligenceResourceKind = "indicator" 1434) 1435 1436// PossibleThreatIntelligenceResourceKindValues returns an array of possible values for the ThreatIntelligenceResourceKind const type. 1437func PossibleThreatIntelligenceResourceKindValues() []ThreatIntelligenceResourceKind { 1438 return []ThreatIntelligenceResourceKind{ThreatIntelligenceResourceKindIndicator} 1439} 1440 1441// ThreatIntelligenceSortingCriteria enumerates the values for threat intelligence sorting criteria. 1442type ThreatIntelligenceSortingCriteria string 1443 1444const ( 1445 // ThreatIntelligenceSortingCriteriaAscending ... 1446 ThreatIntelligenceSortingCriteriaAscending ThreatIntelligenceSortingCriteria = "ascending" 1447 // ThreatIntelligenceSortingCriteriaDescending ... 1448 ThreatIntelligenceSortingCriteriaDescending ThreatIntelligenceSortingCriteria = "descending" 1449 // ThreatIntelligenceSortingCriteriaUnsorted ... 1450 ThreatIntelligenceSortingCriteriaUnsorted ThreatIntelligenceSortingCriteria = "unsorted" 1451) 1452 1453// PossibleThreatIntelligenceSortingCriteriaValues returns an array of possible values for the ThreatIntelligenceSortingCriteria const type. 1454func PossibleThreatIntelligenceSortingCriteriaValues() []ThreatIntelligenceSortingCriteria { 1455 return []ThreatIntelligenceSortingCriteria{ThreatIntelligenceSortingCriteriaAscending, ThreatIntelligenceSortingCriteriaDescending, ThreatIntelligenceSortingCriteriaUnsorted} 1456} 1457 1458// TriggerOperator enumerates the values for trigger operator. 1459type TriggerOperator string 1460 1461const ( 1462 // TriggerOperatorEqual ... 1463 TriggerOperatorEqual TriggerOperator = "Equal" 1464 // TriggerOperatorGreaterThan ... 1465 TriggerOperatorGreaterThan TriggerOperator = "GreaterThan" 1466 // TriggerOperatorLessThan ... 1467 TriggerOperatorLessThan TriggerOperator = "LessThan" 1468 // TriggerOperatorNotEqual ... 1469 TriggerOperatorNotEqual TriggerOperator = "NotEqual" 1470) 1471 1472// PossibleTriggerOperatorValues returns an array of possible values for the TriggerOperator const type. 1473func PossibleTriggerOperatorValues() []TriggerOperator { 1474 return []TriggerOperator{TriggerOperatorEqual, TriggerOperatorGreaterThan, TriggerOperatorLessThan, TriggerOperatorNotEqual} 1475} 1476 1477// UebaDataSources enumerates the values for ueba data sources. 1478type UebaDataSources string 1479 1480const ( 1481 // UebaDataSourcesAuditLogs ... 1482 UebaDataSourcesAuditLogs UebaDataSources = "AuditLogs" 1483 // UebaDataSourcesAzureActivity ... 1484 UebaDataSourcesAzureActivity UebaDataSources = "AzureActivity" 1485 // UebaDataSourcesSecurityEvent ... 1486 UebaDataSourcesSecurityEvent UebaDataSources = "SecurityEvent" 1487 // UebaDataSourcesSigninLogs ... 1488 UebaDataSourcesSigninLogs UebaDataSources = "SigninLogs" 1489) 1490 1491// PossibleUebaDataSourcesValues returns an array of possible values for the UebaDataSources const type. 1492func PossibleUebaDataSourcesValues() []UebaDataSources { 1493 return []UebaDataSources{UebaDataSourcesAuditLogs, UebaDataSourcesAzureActivity, UebaDataSourcesSecurityEvent, UebaDataSourcesSigninLogs} 1494} 1495