1package securityinsight 2 3// Copyright (c) Microsoft Corporation. All rights reserved. 4// Licensed under the MIT License. See License.txt in the project root for license information. 5// 6// Code generated by Microsoft (R) AutoRest Code Generator. 7// Changes may cause incorrect behavior and will be lost if the code is regenerated. 8 9import ( 10 "context" 11 "github.com/Azure/go-autorest/autorest" 12 "github.com/Azure/go-autorest/autorest/azure" 13 "github.com/Azure/go-autorest/autorest/validation" 14 "github.com/Azure/go-autorest/tracing" 15 "net/http" 16) 17 18// ThreatIntelligenceIndicatorClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource 19// provider 20type ThreatIntelligenceIndicatorClient struct { 21 BaseClient 22} 23 24// NewThreatIntelligenceIndicatorClient creates an instance of the ThreatIntelligenceIndicatorClient client. 25func NewThreatIntelligenceIndicatorClient(subscriptionID string) ThreatIntelligenceIndicatorClient { 26 return NewThreatIntelligenceIndicatorClientWithBaseURI(DefaultBaseURI, subscriptionID) 27} 28 29// NewThreatIntelligenceIndicatorClientWithBaseURI creates an instance of the ThreatIntelligenceIndicatorClient client 30// using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign 31// clouds, Azure stack). 32func NewThreatIntelligenceIndicatorClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorClient { 33 return ThreatIntelligenceIndicatorClient{NewWithBaseURI(baseURI, subscriptionID)} 34} 35 36// AppendTags append tags to a threat intelligence indicator. 37// Parameters: 38// resourceGroupName - the name of the resource group within the user's subscription. The name is case 39// insensitive. 40// operationalInsightsResourceProvider - the namespace of workspaces resource provider- 41// Microsoft.OperationalInsights. 42// workspaceName - the name of the workspace. 43// name - threat intelligence indicator name field. 44// threatIntelligenceAppendTags - the threat intelligence append tags request body 45func (client ThreatIntelligenceIndicatorClient) AppendTags(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceAppendTags ThreatIntelligenceAppendTags) (result autorest.Response, err error) { 46 if tracing.IsEnabled() { 47 ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorClient.AppendTags") 48 defer func() { 49 sc := -1 50 if result.Response != nil { 51 sc = result.Response.StatusCode 52 } 53 tracing.EndSpan(ctx, sc, err) 54 }() 55 } 56 if err := validation.Validate([]validation.Validation{ 57 {TargetValue: client.SubscriptionID, 58 Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, 59 {TargetValue: resourceGroupName, 60 Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, 61 {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, 62 {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, 63 {TargetValue: workspaceName, 64 Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, 65 {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { 66 return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorClient", "AppendTags", err.Error()) 67 } 68 69 req, err := client.AppendTagsPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, name, threatIntelligenceAppendTags) 70 if err != nil { 71 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "AppendTags", nil, "Failure preparing request") 72 return 73 } 74 75 resp, err := client.AppendTagsSender(req) 76 if err != nil { 77 result.Response = resp 78 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "AppendTags", resp, "Failure sending request") 79 return 80 } 81 82 result, err = client.AppendTagsResponder(resp) 83 if err != nil { 84 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "AppendTags", resp, "Failure responding to request") 85 return 86 } 87 88 return 89} 90 91// AppendTagsPreparer prepares the AppendTags request. 92func (client ThreatIntelligenceIndicatorClient) AppendTagsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceAppendTags ThreatIntelligenceAppendTags) (*http.Request, error) { 93 pathParameters := map[string]interface{}{ 94 "name": autorest.Encode("path", name), 95 "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), 96 "resourceGroupName": autorest.Encode("path", resourceGroupName), 97 "subscriptionId": autorest.Encode("path", client.SubscriptionID), 98 "workspaceName": autorest.Encode("path", workspaceName), 99 } 100 101 const APIVersion = "2019-01-01-preview" 102 queryParameters := map[string]interface{}{ 103 "api-version": APIVersion, 104 } 105 106 preparer := autorest.CreatePreparer( 107 autorest.AsContentType("application/json; charset=utf-8"), 108 autorest.AsPost(), 109 autorest.WithBaseURL(client.BaseURI), 110 autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags", pathParameters), 111 autorest.WithJSON(threatIntelligenceAppendTags), 112 autorest.WithQueryParameters(queryParameters)) 113 return preparer.Prepare((&http.Request{}).WithContext(ctx)) 114} 115 116// AppendTagsSender sends the AppendTags request. The method will close the 117// http.Response Body if it receives an error. 118func (client ThreatIntelligenceIndicatorClient) AppendTagsSender(req *http.Request) (*http.Response, error) { 119 return client.Send(req, azure.DoRetryWithRegistration(client.Client)) 120} 121 122// AppendTagsResponder handles the response to the AppendTags request. The method always 123// closes the http.Response Body. 124func (client ThreatIntelligenceIndicatorClient) AppendTagsResponder(resp *http.Response) (result autorest.Response, err error) { 125 err = autorest.Respond( 126 resp, 127 azure.WithErrorUnlessStatusCode(http.StatusOK), 128 autorest.ByClosing()) 129 result.Response = resp 130 return 131} 132 133// Create update a threat Intelligence indicator. 134// Parameters: 135// resourceGroupName - the name of the resource group within the user's subscription. The name is case 136// insensitive. 137// operationalInsightsResourceProvider - the namespace of workspaces resource provider- 138// Microsoft.OperationalInsights. 139// workspaceName - the name of the workspace. 140// name - threat intelligence indicator name field. 141// threatIntelligenceProperties - properties of threat intelligence indicators to create and update. 142func (client ThreatIntelligenceIndicatorClient) Create(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody) (result ThreatIntelligenceInformationModel, err error) { 143 if tracing.IsEnabled() { 144 ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorClient.Create") 145 defer func() { 146 sc := -1 147 if result.Response.Response != nil { 148 sc = result.Response.Response.StatusCode 149 } 150 tracing.EndSpan(ctx, sc, err) 151 }() 152 } 153 if err := validation.Validate([]validation.Validation{ 154 {TargetValue: client.SubscriptionID, 155 Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, 156 {TargetValue: resourceGroupName, 157 Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, 158 {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, 159 {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, 160 {TargetValue: workspaceName, 161 Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, 162 {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { 163 return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorClient", "Create", err.Error()) 164 } 165 166 req, err := client.CreatePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, name, threatIntelligenceProperties) 167 if err != nil { 168 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Create", nil, "Failure preparing request") 169 return 170 } 171 172 resp, err := client.CreateSender(req) 173 if err != nil { 174 result.Response = autorest.Response{Response: resp} 175 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Create", resp, "Failure sending request") 176 return 177 } 178 179 result, err = client.CreateResponder(resp) 180 if err != nil { 181 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Create", resp, "Failure responding to request") 182 return 183 } 184 185 return 186} 187 188// CreatePreparer prepares the Create request. 189func (client ThreatIntelligenceIndicatorClient) CreatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody) (*http.Request, error) { 190 pathParameters := map[string]interface{}{ 191 "name": autorest.Encode("path", name), 192 "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), 193 "resourceGroupName": autorest.Encode("path", resourceGroupName), 194 "subscriptionId": autorest.Encode("path", client.SubscriptionID), 195 "workspaceName": autorest.Encode("path", workspaceName), 196 } 197 198 const APIVersion = "2019-01-01-preview" 199 queryParameters := map[string]interface{}{ 200 "api-version": APIVersion, 201 } 202 203 preparer := autorest.CreatePreparer( 204 autorest.AsContentType("application/json; charset=utf-8"), 205 autorest.AsPut(), 206 autorest.WithBaseURL(client.BaseURI), 207 autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", pathParameters), 208 autorest.WithJSON(threatIntelligenceProperties), 209 autorest.WithQueryParameters(queryParameters)) 210 return preparer.Prepare((&http.Request{}).WithContext(ctx)) 211} 212 213// CreateSender sends the Create request. The method will close the 214// http.Response Body if it receives an error. 215func (client ThreatIntelligenceIndicatorClient) CreateSender(req *http.Request) (*http.Response, error) { 216 return client.Send(req, azure.DoRetryWithRegistration(client.Client)) 217} 218 219// CreateResponder handles the response to the Create request. The method always 220// closes the http.Response Body. 221func (client ThreatIntelligenceIndicatorClient) CreateResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error) { 222 err = autorest.Respond( 223 resp, 224 azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), 225 autorest.ByUnmarshallingJSON(&result), 226 autorest.ByClosing()) 227 result.Response = autorest.Response{Response: resp} 228 return 229} 230 231// CreateIndicator create a new threat intelligence indicator. 232// Parameters: 233// resourceGroupName - the name of the resource group within the user's subscription. The name is case 234// insensitive. 235// operationalInsightsResourceProvider - the namespace of workspaces resource provider- 236// Microsoft.OperationalInsights. 237// workspaceName - the name of the workspace. 238// threatIntelligenceProperties - properties of threat intelligence indicators to create and update. 239func (client ThreatIntelligenceIndicatorClient) CreateIndicator(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody) (result ThreatIntelligenceInformationModel, err error) { 240 if tracing.IsEnabled() { 241 ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorClient.CreateIndicator") 242 defer func() { 243 sc := -1 244 if result.Response.Response != nil { 245 sc = result.Response.Response.StatusCode 246 } 247 tracing.EndSpan(ctx, sc, err) 248 }() 249 } 250 if err := validation.Validate([]validation.Validation{ 251 {TargetValue: client.SubscriptionID, 252 Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, 253 {TargetValue: resourceGroupName, 254 Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, 255 {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, 256 {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, 257 {TargetValue: workspaceName, 258 Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, 259 {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { 260 return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorClient", "CreateIndicator", err.Error()) 261 } 262 263 req, err := client.CreateIndicatorPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, threatIntelligenceProperties) 264 if err != nil { 265 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "CreateIndicator", nil, "Failure preparing request") 266 return 267 } 268 269 resp, err := client.CreateIndicatorSender(req) 270 if err != nil { 271 result.Response = autorest.Response{Response: resp} 272 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "CreateIndicator", resp, "Failure sending request") 273 return 274 } 275 276 result, err = client.CreateIndicatorResponder(resp) 277 if err != nil { 278 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "CreateIndicator", resp, "Failure responding to request") 279 return 280 } 281 282 return 283} 284 285// CreateIndicatorPreparer prepares the CreateIndicator request. 286func (client ThreatIntelligenceIndicatorClient) CreateIndicatorPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody) (*http.Request, error) { 287 pathParameters := map[string]interface{}{ 288 "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), 289 "resourceGroupName": autorest.Encode("path", resourceGroupName), 290 "subscriptionId": autorest.Encode("path", client.SubscriptionID), 291 "workspaceName": autorest.Encode("path", workspaceName), 292 } 293 294 const APIVersion = "2019-01-01-preview" 295 queryParameters := map[string]interface{}{ 296 "api-version": APIVersion, 297 } 298 299 preparer := autorest.CreatePreparer( 300 autorest.AsContentType("application/json; charset=utf-8"), 301 autorest.AsPost(), 302 autorest.WithBaseURL(client.BaseURI), 303 autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator", pathParameters), 304 autorest.WithJSON(threatIntelligenceProperties), 305 autorest.WithQueryParameters(queryParameters)) 306 return preparer.Prepare((&http.Request{}).WithContext(ctx)) 307} 308 309// CreateIndicatorSender sends the CreateIndicator request. The method will close the 310// http.Response Body if it receives an error. 311func (client ThreatIntelligenceIndicatorClient) CreateIndicatorSender(req *http.Request) (*http.Response, error) { 312 return client.Send(req, azure.DoRetryWithRegistration(client.Client)) 313} 314 315// CreateIndicatorResponder handles the response to the CreateIndicator request. The method always 316// closes the http.Response Body. 317func (client ThreatIntelligenceIndicatorClient) CreateIndicatorResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error) { 318 err = autorest.Respond( 319 resp, 320 azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), 321 autorest.ByUnmarshallingJSON(&result), 322 autorest.ByClosing()) 323 result.Response = autorest.Response{Response: resp} 324 return 325} 326 327// Delete delete a threat intelligence indicator. 328// Parameters: 329// resourceGroupName - the name of the resource group within the user's subscription. The name is case 330// insensitive. 331// operationalInsightsResourceProvider - the namespace of workspaces resource provider- 332// Microsoft.OperationalInsights. 333// workspaceName - the name of the workspace. 334// name - threat intelligence indicator name field. 335func (client ThreatIntelligenceIndicatorClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (result autorest.Response, err error) { 336 if tracing.IsEnabled() { 337 ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorClient.Delete") 338 defer func() { 339 sc := -1 340 if result.Response != nil { 341 sc = result.Response.StatusCode 342 } 343 tracing.EndSpan(ctx, sc, err) 344 }() 345 } 346 if err := validation.Validate([]validation.Validation{ 347 {TargetValue: client.SubscriptionID, 348 Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, 349 {TargetValue: resourceGroupName, 350 Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, 351 {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, 352 {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, 353 {TargetValue: workspaceName, 354 Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, 355 {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { 356 return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorClient", "Delete", err.Error()) 357 } 358 359 req, err := client.DeletePreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, name) 360 if err != nil { 361 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Delete", nil, "Failure preparing request") 362 return 363 } 364 365 resp, err := client.DeleteSender(req) 366 if err != nil { 367 result.Response = resp 368 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Delete", resp, "Failure sending request") 369 return 370 } 371 372 result, err = client.DeleteResponder(resp) 373 if err != nil { 374 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Delete", resp, "Failure responding to request") 375 return 376 } 377 378 return 379} 380 381// DeletePreparer prepares the Delete request. 382func (client ThreatIntelligenceIndicatorClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (*http.Request, error) { 383 pathParameters := map[string]interface{}{ 384 "name": autorest.Encode("path", name), 385 "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), 386 "resourceGroupName": autorest.Encode("path", resourceGroupName), 387 "subscriptionId": autorest.Encode("path", client.SubscriptionID), 388 "workspaceName": autorest.Encode("path", workspaceName), 389 } 390 391 const APIVersion = "2019-01-01-preview" 392 queryParameters := map[string]interface{}{ 393 "api-version": APIVersion, 394 } 395 396 preparer := autorest.CreatePreparer( 397 autorest.AsDelete(), 398 autorest.WithBaseURL(client.BaseURI), 399 autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", pathParameters), 400 autorest.WithQueryParameters(queryParameters)) 401 return preparer.Prepare((&http.Request{}).WithContext(ctx)) 402} 403 404// DeleteSender sends the Delete request. The method will close the 405// http.Response Body if it receives an error. 406func (client ThreatIntelligenceIndicatorClient) DeleteSender(req *http.Request) (*http.Response, error) { 407 return client.Send(req, azure.DoRetryWithRegistration(client.Client)) 408} 409 410// DeleteResponder handles the response to the Delete request. The method always 411// closes the http.Response Body. 412func (client ThreatIntelligenceIndicatorClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) { 413 err = autorest.Respond( 414 resp, 415 azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), 416 autorest.ByClosing()) 417 result.Response = resp 418 return 419} 420 421// Get view a threat intelligence indicator by name. 422// Parameters: 423// resourceGroupName - the name of the resource group within the user's subscription. The name is case 424// insensitive. 425// operationalInsightsResourceProvider - the namespace of workspaces resource provider- 426// Microsoft.OperationalInsights. 427// workspaceName - the name of the workspace. 428// name - threat intelligence indicator name field. 429func (client ThreatIntelligenceIndicatorClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (result ThreatIntelligenceInformationModel, err error) { 430 if tracing.IsEnabled() { 431 ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorClient.Get") 432 defer func() { 433 sc := -1 434 if result.Response.Response != nil { 435 sc = result.Response.Response.StatusCode 436 } 437 tracing.EndSpan(ctx, sc, err) 438 }() 439 } 440 if err := validation.Validate([]validation.Validation{ 441 {TargetValue: client.SubscriptionID, 442 Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, 443 {TargetValue: resourceGroupName, 444 Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, 445 {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, 446 {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, 447 {TargetValue: workspaceName, 448 Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, 449 {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { 450 return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorClient", "Get", err.Error()) 451 } 452 453 req, err := client.GetPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, name) 454 if err != nil { 455 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Get", nil, "Failure preparing request") 456 return 457 } 458 459 resp, err := client.GetSender(req) 460 if err != nil { 461 result.Response = autorest.Response{Response: resp} 462 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Get", resp, "Failure sending request") 463 return 464 } 465 466 result, err = client.GetResponder(resp) 467 if err != nil { 468 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "Get", resp, "Failure responding to request") 469 return 470 } 471 472 return 473} 474 475// GetPreparer prepares the Get request. 476func (client ThreatIntelligenceIndicatorClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (*http.Request, error) { 477 pathParameters := map[string]interface{}{ 478 "name": autorest.Encode("path", name), 479 "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), 480 "resourceGroupName": autorest.Encode("path", resourceGroupName), 481 "subscriptionId": autorest.Encode("path", client.SubscriptionID), 482 "workspaceName": autorest.Encode("path", workspaceName), 483 } 484 485 const APIVersion = "2019-01-01-preview" 486 queryParameters := map[string]interface{}{ 487 "api-version": APIVersion, 488 } 489 490 preparer := autorest.CreatePreparer( 491 autorest.AsGet(), 492 autorest.WithBaseURL(client.BaseURI), 493 autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", pathParameters), 494 autorest.WithQueryParameters(queryParameters)) 495 return preparer.Prepare((&http.Request{}).WithContext(ctx)) 496} 497 498// GetSender sends the Get request. The method will close the 499// http.Response Body if it receives an error. 500func (client ThreatIntelligenceIndicatorClient) GetSender(req *http.Request) (*http.Response, error) { 501 return client.Send(req, azure.DoRetryWithRegistration(client.Client)) 502} 503 504// GetResponder handles the response to the Get request. The method always 505// closes the http.Response Body. 506func (client ThreatIntelligenceIndicatorClient) GetResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error) { 507 err = autorest.Respond( 508 resp, 509 azure.WithErrorUnlessStatusCode(http.StatusOK), 510 autorest.ByUnmarshallingJSON(&result), 511 autorest.ByClosing()) 512 result.Response = autorest.Response{Response: resp} 513 return 514} 515 516// QueryIndicators query threat intelligence indicators as per filtering criteria. 517// Parameters: 518// resourceGroupName - the name of the resource group within the user's subscription. The name is case 519// insensitive. 520// operationalInsightsResourceProvider - the namespace of workspaces resource provider- 521// Microsoft.OperationalInsights. 522// workspaceName - the name of the workspace. 523// threatIntelligenceFilteringCriteria - filtering criteria for querying threat intelligence indicators. 524func (client ThreatIntelligenceIndicatorClient) QueryIndicators(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceFilteringCriteria ThreatIntelligenceFilteringCriteria) (result ThreatIntelligenceInformationListPage, err error) { 525 if tracing.IsEnabled() { 526 ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorClient.QueryIndicators") 527 defer func() { 528 sc := -1 529 if result.tiil.Response.Response != nil { 530 sc = result.tiil.Response.Response.StatusCode 531 } 532 tracing.EndSpan(ctx, sc, err) 533 }() 534 } 535 if err := validation.Validate([]validation.Validation{ 536 {TargetValue: client.SubscriptionID, 537 Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, 538 {TargetValue: resourceGroupName, 539 Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, 540 {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, 541 {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, 542 {TargetValue: workspaceName, 543 Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, 544 {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { 545 return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorClient", "QueryIndicators", err.Error()) 546 } 547 548 result.fn = client.queryIndicatorsNextResults 549 req, err := client.QueryIndicatorsPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, threatIntelligenceFilteringCriteria) 550 if err != nil { 551 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "QueryIndicators", nil, "Failure preparing request") 552 return 553 } 554 555 resp, err := client.QueryIndicatorsSender(req) 556 if err != nil { 557 result.tiil.Response = autorest.Response{Response: resp} 558 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "QueryIndicators", resp, "Failure sending request") 559 return 560 } 561 562 result.tiil, err = client.QueryIndicatorsResponder(resp) 563 if err != nil { 564 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "QueryIndicators", resp, "Failure responding to request") 565 return 566 } 567 if result.tiil.hasNextLink() && result.tiil.IsEmpty() { 568 err = result.NextWithContext(ctx) 569 return 570 } 571 572 return 573} 574 575// QueryIndicatorsPreparer prepares the QueryIndicators request. 576func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceFilteringCriteria ThreatIntelligenceFilteringCriteria) (*http.Request, error) { 577 pathParameters := map[string]interface{}{ 578 "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), 579 "resourceGroupName": autorest.Encode("path", resourceGroupName), 580 "subscriptionId": autorest.Encode("path", client.SubscriptionID), 581 "workspaceName": autorest.Encode("path", workspaceName), 582 } 583 584 const APIVersion = "2019-01-01-preview" 585 queryParameters := map[string]interface{}{ 586 "api-version": APIVersion, 587 } 588 589 preparer := autorest.CreatePreparer( 590 autorest.AsContentType("application/json; charset=utf-8"), 591 autorest.AsPost(), 592 autorest.WithBaseURL(client.BaseURI), 593 autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators", pathParameters), 594 autorest.WithJSON(threatIntelligenceFilteringCriteria), 595 autorest.WithQueryParameters(queryParameters)) 596 return preparer.Prepare((&http.Request{}).WithContext(ctx)) 597} 598 599// QueryIndicatorsSender sends the QueryIndicators request. The method will close the 600// http.Response Body if it receives an error. 601func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsSender(req *http.Request) (*http.Response, error) { 602 return client.Send(req, azure.DoRetryWithRegistration(client.Client)) 603} 604 605// QueryIndicatorsResponder handles the response to the QueryIndicators request. The method always 606// closes the http.Response Body. 607func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsResponder(resp *http.Response) (result ThreatIntelligenceInformationList, err error) { 608 err = autorest.Respond( 609 resp, 610 azure.WithErrorUnlessStatusCode(http.StatusOK), 611 autorest.ByUnmarshallingJSON(&result), 612 autorest.ByClosing()) 613 result.Response = autorest.Response{Response: resp} 614 return 615} 616 617// queryIndicatorsNextResults retrieves the next set of results, if any. 618func (client ThreatIntelligenceIndicatorClient) queryIndicatorsNextResults(ctx context.Context, lastResults ThreatIntelligenceInformationList) (result ThreatIntelligenceInformationList, err error) { 619 req, err := lastResults.threatIntelligenceInformationListPreparer(ctx) 620 if err != nil { 621 return result, autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "queryIndicatorsNextResults", nil, "Failure preparing next results request") 622 } 623 if req == nil { 624 return 625 } 626 resp, err := client.QueryIndicatorsSender(req) 627 if err != nil { 628 result.Response = autorest.Response{Response: resp} 629 return result, autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "queryIndicatorsNextResults", resp, "Failure sending next results request") 630 } 631 result, err = client.QueryIndicatorsResponder(resp) 632 if err != nil { 633 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "queryIndicatorsNextResults", resp, "Failure responding to next results request") 634 } 635 return 636} 637 638// QueryIndicatorsComplete enumerates all values, automatically crossing page boundaries as required. 639func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceFilteringCriteria ThreatIntelligenceFilteringCriteria) (result ThreatIntelligenceInformationListIterator, err error) { 640 if tracing.IsEnabled() { 641 ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorClient.QueryIndicators") 642 defer func() { 643 sc := -1 644 if result.Response().Response.Response != nil { 645 sc = result.page.Response().Response.Response.StatusCode 646 } 647 tracing.EndSpan(ctx, sc, err) 648 }() 649 } 650 result.page, err = client.QueryIndicators(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, threatIntelligenceFilteringCriteria) 651 return 652} 653 654// ReplaceTags replace tags added to a threat intelligence indicator. 655// Parameters: 656// resourceGroupName - the name of the resource group within the user's subscription. The name is case 657// insensitive. 658// operationalInsightsResourceProvider - the namespace of workspaces resource provider- 659// Microsoft.OperationalInsights. 660// workspaceName - the name of the workspace. 661// name - threat intelligence indicator name field. 662// threatIntelligenceReplaceTags - tags in the threat intelligence indicator to be replaced. 663func (client ThreatIntelligenceIndicatorClient) ReplaceTags(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceReplaceTags ThreatIntelligenceIndicatorModelForRequestBody) (result ThreatIntelligenceInformationModel, err error) { 664 if tracing.IsEnabled() { 665 ctx = tracing.StartSpan(ctx, fqdn+"/ThreatIntelligenceIndicatorClient.ReplaceTags") 666 defer func() { 667 sc := -1 668 if result.Response.Response != nil { 669 sc = result.Response.Response.StatusCode 670 } 671 tracing.EndSpan(ctx, sc, err) 672 }() 673 } 674 if err := validation.Validate([]validation.Validation{ 675 {TargetValue: client.SubscriptionID, 676 Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, 677 {TargetValue: resourceGroupName, 678 Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, 679 {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, 680 {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, 681 {TargetValue: workspaceName, 682 Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, 683 {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { 684 return result, validation.NewError("securityinsight.ThreatIntelligenceIndicatorClient", "ReplaceTags", err.Error()) 685 } 686 687 req, err := client.ReplaceTagsPreparer(ctx, resourceGroupName, operationalInsightsResourceProvider, workspaceName, name, threatIntelligenceReplaceTags) 688 if err != nil { 689 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "ReplaceTags", nil, "Failure preparing request") 690 return 691 } 692 693 resp, err := client.ReplaceTagsSender(req) 694 if err != nil { 695 result.Response = autorest.Response{Response: resp} 696 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "ReplaceTags", resp, "Failure sending request") 697 return 698 } 699 700 result, err = client.ReplaceTagsResponder(resp) 701 if err != nil { 702 err = autorest.NewErrorWithError(err, "securityinsight.ThreatIntelligenceIndicatorClient", "ReplaceTags", resp, "Failure responding to request") 703 return 704 } 705 706 return 707} 708 709// ReplaceTagsPreparer prepares the ReplaceTags request. 710func (client ThreatIntelligenceIndicatorClient) ReplaceTagsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceReplaceTags ThreatIntelligenceIndicatorModelForRequestBody) (*http.Request, error) { 711 pathParameters := map[string]interface{}{ 712 "name": autorest.Encode("path", name), 713 "operationalInsightsResourceProvider": autorest.Encode("path", operationalInsightsResourceProvider), 714 "resourceGroupName": autorest.Encode("path", resourceGroupName), 715 "subscriptionId": autorest.Encode("path", client.SubscriptionID), 716 "workspaceName": autorest.Encode("path", workspaceName), 717 } 718 719 const APIVersion = "2019-01-01-preview" 720 queryParameters := map[string]interface{}{ 721 "api-version": APIVersion, 722 } 723 724 preparer := autorest.CreatePreparer( 725 autorest.AsContentType("application/json; charset=utf-8"), 726 autorest.AsPost(), 727 autorest.WithBaseURL(client.BaseURI), 728 autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags", pathParameters), 729 autorest.WithJSON(threatIntelligenceReplaceTags), 730 autorest.WithQueryParameters(queryParameters)) 731 return preparer.Prepare((&http.Request{}).WithContext(ctx)) 732} 733 734// ReplaceTagsSender sends the ReplaceTags request. The method will close the 735// http.Response Body if it receives an error. 736func (client ThreatIntelligenceIndicatorClient) ReplaceTagsSender(req *http.Request) (*http.Response, error) { 737 return client.Send(req, azure.DoRetryWithRegistration(client.Client)) 738} 739 740// ReplaceTagsResponder handles the response to the ReplaceTags request. The method always 741// closes the http.Response Body. 742func (client ThreatIntelligenceIndicatorClient) ReplaceTagsResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error) { 743 err = autorest.Respond( 744 resp, 745 azure.WithErrorUnlessStatusCode(http.StatusOK), 746 autorest.ByUnmarshallingJSON(&result), 747 autorest.ByClosing()) 748 result.Response = autorest.Response{Response: resp} 749 return 750} 751