1package securityinsight 2 3// Copyright (c) Microsoft Corporation. All rights reserved. 4// Licensed under the MIT License. See License.txt in the project root for license information. 5// 6// Code generated by Microsoft (R) AutoRest Code Generator. 7// Changes may cause incorrect behavior and will be lost if the code is regenerated. 8 9// AlertRuleKind enumerates the values for alert rule kind. 10type AlertRuleKind string 11 12const ( 13 // AlertRuleKindFusion ... 14 AlertRuleKindFusion AlertRuleKind = "Fusion" 15 // AlertRuleKindMicrosoftSecurityIncidentCreation ... 16 AlertRuleKindMicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation" 17 // AlertRuleKindScheduled ... 18 AlertRuleKindScheduled AlertRuleKind = "Scheduled" 19) 20 21// PossibleAlertRuleKindValues returns an array of possible values for the AlertRuleKind const type. 22func PossibleAlertRuleKindValues() []AlertRuleKind { 23 return []AlertRuleKind{AlertRuleKindFusion, AlertRuleKindMicrosoftSecurityIncidentCreation, AlertRuleKindScheduled} 24} 25 26// AlertSeverity enumerates the values for alert severity. 27type AlertSeverity string 28 29const ( 30 // AlertSeverityHigh High severity 31 AlertSeverityHigh AlertSeverity = "High" 32 // AlertSeverityInformational Informational severity 33 AlertSeverityInformational AlertSeverity = "Informational" 34 // AlertSeverityLow Low severity 35 AlertSeverityLow AlertSeverity = "Low" 36 // AlertSeverityMedium Medium severity 37 AlertSeverityMedium AlertSeverity = "Medium" 38) 39 40// PossibleAlertSeverityValues returns an array of possible values for the AlertSeverity const type. 41func PossibleAlertSeverityValues() []AlertSeverity { 42 return []AlertSeverity{AlertSeverityHigh, AlertSeverityInformational, AlertSeverityLow, AlertSeverityMedium} 43} 44 45// AttackTactic enumerates the values for attack tactic. 46type AttackTactic string 47 48const ( 49 // AttackTacticCollection ... 50 AttackTacticCollection AttackTactic = "Collection" 51 // AttackTacticCommandAndControl ... 52 AttackTacticCommandAndControl AttackTactic = "CommandAndControl" 53 // AttackTacticCredentialAccess ... 54 AttackTacticCredentialAccess AttackTactic = "CredentialAccess" 55 // AttackTacticDefenseEvasion ... 56 AttackTacticDefenseEvasion AttackTactic = "DefenseEvasion" 57 // AttackTacticDiscovery ... 58 AttackTacticDiscovery AttackTactic = "Discovery" 59 // AttackTacticExecution ... 60 AttackTacticExecution AttackTactic = "Execution" 61 // AttackTacticExfiltration ... 62 AttackTacticExfiltration AttackTactic = "Exfiltration" 63 // AttackTacticImpact ... 64 AttackTacticImpact AttackTactic = "Impact" 65 // AttackTacticInitialAccess ... 66 AttackTacticInitialAccess AttackTactic = "InitialAccess" 67 // AttackTacticLateralMovement ... 68 AttackTacticLateralMovement AttackTactic = "LateralMovement" 69 // AttackTacticPersistence ... 70 AttackTacticPersistence AttackTactic = "Persistence" 71 // AttackTacticPrivilegeEscalation ... 72 AttackTacticPrivilegeEscalation AttackTactic = "PrivilegeEscalation" 73) 74 75// PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type. 76func PossibleAttackTacticValues() []AttackTactic { 77 return []AttackTactic{AttackTacticCollection, AttackTacticCommandAndControl, AttackTacticCredentialAccess, AttackTacticDefenseEvasion, AttackTacticDiscovery, AttackTacticExecution, AttackTacticExfiltration, AttackTacticImpact, AttackTacticInitialAccess, AttackTacticLateralMovement, AttackTacticPersistence, AttackTacticPrivilegeEscalation} 78} 79 80// CaseSeverity enumerates the values for case severity. 81type CaseSeverity string 82 83const ( 84 // CaseSeverityCritical Critical severity 85 CaseSeverityCritical CaseSeverity = "Critical" 86 // CaseSeverityHigh High severity 87 CaseSeverityHigh CaseSeverity = "High" 88 // CaseSeverityInformational Informational severity 89 CaseSeverityInformational CaseSeverity = "Informational" 90 // CaseSeverityLow Low severity 91 CaseSeverityLow CaseSeverity = "Low" 92 // CaseSeverityMedium Medium severity 93 CaseSeverityMedium CaseSeverity = "Medium" 94) 95 96// PossibleCaseSeverityValues returns an array of possible values for the CaseSeverity const type. 97func PossibleCaseSeverityValues() []CaseSeverity { 98 return []CaseSeverity{CaseSeverityCritical, CaseSeverityHigh, CaseSeverityInformational, CaseSeverityLow, CaseSeverityMedium} 99} 100 101// DataConnectorKind enumerates the values for data connector kind. 102type DataConnectorKind string 103 104const ( 105 // DataConnectorKindAmazonWebServicesCloudTrail ... 106 DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail" 107 // DataConnectorKindAzureActiveDirectory ... 108 DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory" 109 // DataConnectorKindAzureAdvancedThreatProtection ... 110 DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection" 111 // DataConnectorKindAzureSecurityCenter ... 112 DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter" 113 // DataConnectorKindMicrosoftCloudAppSecurity ... 114 DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity" 115 // DataConnectorKindMicrosoftDefenderAdvancedThreatProtection ... 116 DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection" 117 // DataConnectorKindOffice365 ... 118 DataConnectorKindOffice365 DataConnectorKind = "Office365" 119 // DataConnectorKindThreatIntelligence ... 120 DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence" 121) 122 123// PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type. 124func PossibleDataConnectorKindValues() []DataConnectorKind { 125 return []DataConnectorKind{DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindOffice365, DataConnectorKindThreatIntelligence} 126} 127 128// DataTypeState enumerates the values for data type state. 129type DataTypeState string 130 131const ( 132 // DataTypeStateDisabled ... 133 DataTypeStateDisabled DataTypeState = "Disabled" 134 // DataTypeStateEnabled ... 135 DataTypeStateEnabled DataTypeState = "Enabled" 136) 137 138// PossibleDataTypeStateValues returns an array of possible values for the DataTypeState const type. 139func PossibleDataTypeStateValues() []DataTypeState { 140 return []DataTypeState{DataTypeStateDisabled, DataTypeStateEnabled} 141} 142 143// IncidentClassification enumerates the values for incident classification. 144type IncidentClassification string 145 146const ( 147 // IncidentClassificationBenignPositive Incident was benign positive 148 IncidentClassificationBenignPositive IncidentClassification = "BenignPositive" 149 // IncidentClassificationFalsePositive Incident was false positive 150 IncidentClassificationFalsePositive IncidentClassification = "FalsePositive" 151 // IncidentClassificationTruePositive Incident was true positive 152 IncidentClassificationTruePositive IncidentClassification = "TruePositive" 153 // IncidentClassificationUndetermined Incident classification was undetermined 154 IncidentClassificationUndetermined IncidentClassification = "Undetermined" 155) 156 157// PossibleIncidentClassificationValues returns an array of possible values for the IncidentClassification const type. 158func PossibleIncidentClassificationValues() []IncidentClassification { 159 return []IncidentClassification{IncidentClassificationBenignPositive, IncidentClassificationFalsePositive, IncidentClassificationTruePositive, IncidentClassificationUndetermined} 160} 161 162// IncidentClassificationReason enumerates the values for incident classification reason. 163type IncidentClassificationReason string 164 165const ( 166 // IncidentClassificationReasonInaccurateData Classification reason was inaccurate data 167 IncidentClassificationReasonInaccurateData IncidentClassificationReason = "InaccurateData" 168 // IncidentClassificationReasonIncorrectAlertLogic Classification reason was incorrect alert logic 169 IncidentClassificationReasonIncorrectAlertLogic IncidentClassificationReason = "IncorrectAlertLogic" 170 // IncidentClassificationReasonSuspiciousActivity Classification reason was suspicious activity 171 IncidentClassificationReasonSuspiciousActivity IncidentClassificationReason = "SuspiciousActivity" 172 // IncidentClassificationReasonSuspiciousButExpected Classification reason was suspicious but expected 173 IncidentClassificationReasonSuspiciousButExpected IncidentClassificationReason = "SuspiciousButExpected" 174) 175 176// PossibleIncidentClassificationReasonValues returns an array of possible values for the IncidentClassificationReason const type. 177func PossibleIncidentClassificationReasonValues() []IncidentClassificationReason { 178 return []IncidentClassificationReason{IncidentClassificationReasonInaccurateData, IncidentClassificationReasonIncorrectAlertLogic, IncidentClassificationReasonSuspiciousActivity, IncidentClassificationReasonSuspiciousButExpected} 179} 180 181// IncidentLabelType enumerates the values for incident label type. 182type IncidentLabelType string 183 184const ( 185 // IncidentLabelTypeSystem Label automatically created by the system 186 IncidentLabelTypeSystem IncidentLabelType = "System" 187 // IncidentLabelTypeUser Label manually created by a user 188 IncidentLabelTypeUser IncidentLabelType = "User" 189) 190 191// PossibleIncidentLabelTypeValues returns an array of possible values for the IncidentLabelType const type. 192func PossibleIncidentLabelTypeValues() []IncidentLabelType { 193 return []IncidentLabelType{IncidentLabelTypeSystem, IncidentLabelTypeUser} 194} 195 196// IncidentSeverity enumerates the values for incident severity. 197type IncidentSeverity string 198 199const ( 200 // IncidentSeverityHigh High severity 201 IncidentSeverityHigh IncidentSeverity = "High" 202 // IncidentSeverityInformational Informational severity 203 IncidentSeverityInformational IncidentSeverity = "Informational" 204 // IncidentSeverityLow Low severity 205 IncidentSeverityLow IncidentSeverity = "Low" 206 // IncidentSeverityMedium Medium severity 207 IncidentSeverityMedium IncidentSeverity = "Medium" 208) 209 210// PossibleIncidentSeverityValues returns an array of possible values for the IncidentSeverity const type. 211func PossibleIncidentSeverityValues() []IncidentSeverity { 212 return []IncidentSeverity{IncidentSeverityHigh, IncidentSeverityInformational, IncidentSeverityLow, IncidentSeverityMedium} 213} 214 215// IncidentStatus enumerates the values for incident status. 216type IncidentStatus string 217 218const ( 219 // IncidentStatusActive An active incident which is being handled 220 IncidentStatusActive IncidentStatus = "Active" 221 // IncidentStatusClosed A non-active incident 222 IncidentStatusClosed IncidentStatus = "Closed" 223 // IncidentStatusNew An active incident which isn't being handled currently 224 IncidentStatusNew IncidentStatus = "New" 225) 226 227// PossibleIncidentStatusValues returns an array of possible values for the IncidentStatus const type. 228func PossibleIncidentStatusValues() []IncidentStatus { 229 return []IncidentStatus{IncidentStatusActive, IncidentStatusClosed, IncidentStatusNew} 230} 231 232// Kind enumerates the values for kind. 233type Kind string 234 235const ( 236 // KindAlertRule ... 237 KindAlertRule Kind = "AlertRule" 238 // KindFusion ... 239 KindFusion Kind = "Fusion" 240 // KindMicrosoftSecurityIncidentCreation ... 241 KindMicrosoftSecurityIncidentCreation Kind = "MicrosoftSecurityIncidentCreation" 242 // KindScheduled ... 243 KindScheduled Kind = "Scheduled" 244) 245 246// PossibleKindValues returns an array of possible values for the Kind const type. 247func PossibleKindValues() []Kind { 248 return []Kind{KindAlertRule, KindFusion, KindMicrosoftSecurityIncidentCreation, KindScheduled} 249} 250 251// KindBasicAlertRuleTemplate enumerates the values for kind basic alert rule template. 252type KindBasicAlertRuleTemplate string 253 254const ( 255 // KindBasicAlertRuleTemplateKindAlertRuleTemplate ... 256 KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = "AlertRuleTemplate" 257 // KindBasicAlertRuleTemplateKindFusion ... 258 KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = "Fusion" 259 // KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation ... 260 KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation KindBasicAlertRuleTemplate = "MicrosoftSecurityIncidentCreation" 261 // KindBasicAlertRuleTemplateKindScheduled ... 262 KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = "Scheduled" 263) 264 265// PossibleKindBasicAlertRuleTemplateValues returns an array of possible values for the KindBasicAlertRuleTemplate const type. 266func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate { 267 return []KindBasicAlertRuleTemplate{KindBasicAlertRuleTemplateKindAlertRuleTemplate, KindBasicAlertRuleTemplateKindFusion, KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation, KindBasicAlertRuleTemplateKindScheduled} 268} 269 270// KindBasicDataConnector enumerates the values for kind basic data connector. 271type KindBasicDataConnector string 272 273const ( 274 // KindBasicDataConnectorKindAmazonWebServicesCloudTrail ... 275 KindBasicDataConnectorKindAmazonWebServicesCloudTrail KindBasicDataConnector = "AmazonWebServicesCloudTrail" 276 // KindBasicDataConnectorKindAzureActiveDirectory ... 277 KindBasicDataConnectorKindAzureActiveDirectory KindBasicDataConnector = "AzureActiveDirectory" 278 // KindBasicDataConnectorKindAzureAdvancedThreatProtection ... 279 KindBasicDataConnectorKindAzureAdvancedThreatProtection KindBasicDataConnector = "AzureAdvancedThreatProtection" 280 // KindBasicDataConnectorKindAzureSecurityCenter ... 281 KindBasicDataConnectorKindAzureSecurityCenter KindBasicDataConnector = "AzureSecurityCenter" 282 // KindBasicDataConnectorKindDataConnector ... 283 KindBasicDataConnectorKindDataConnector KindBasicDataConnector = "DataConnector" 284 // KindBasicDataConnectorKindMicrosoftCloudAppSecurity ... 285 KindBasicDataConnectorKindMicrosoftCloudAppSecurity KindBasicDataConnector = "MicrosoftCloudAppSecurity" 286 // KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection ... 287 KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = "MicrosoftDefenderAdvancedThreatProtection" 288 // KindBasicDataConnectorKindOffice365 ... 289 KindBasicDataConnectorKindOffice365 KindBasicDataConnector = "Office365" 290 // KindBasicDataConnectorKindThreatIntelligence ... 291 KindBasicDataConnectorKindThreatIntelligence KindBasicDataConnector = "ThreatIntelligence" 292) 293 294// PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type. 295func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector { 296 return []KindBasicDataConnector{KindBasicDataConnectorKindAmazonWebServicesCloudTrail, KindBasicDataConnectorKindAzureActiveDirectory, KindBasicDataConnectorKindAzureAdvancedThreatProtection, KindBasicDataConnectorKindAzureSecurityCenter, KindBasicDataConnectorKindDataConnector, KindBasicDataConnectorKindMicrosoftCloudAppSecurity, KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection, KindBasicDataConnectorKindOffice365, KindBasicDataConnectorKindThreatIntelligence} 297} 298 299// KindBasicSettings enumerates the values for kind basic settings. 300type KindBasicSettings string 301 302const ( 303 // KindBasicSettingsKindSettings ... 304 KindBasicSettingsKindSettings KindBasicSettings = "Settings" 305 // KindBasicSettingsKindToggleSettings ... 306 KindBasicSettingsKindToggleSettings KindBasicSettings = "ToggleSettings" 307 // KindBasicSettingsKindUebaSettings ... 308 KindBasicSettingsKindUebaSettings KindBasicSettings = "UebaSettings" 309) 310 311// PossibleKindBasicSettingsValues returns an array of possible values for the KindBasicSettings const type. 312func PossibleKindBasicSettingsValues() []KindBasicSettings { 313 return []KindBasicSettings{KindBasicSettingsKindSettings, KindBasicSettingsKindToggleSettings, KindBasicSettingsKindUebaSettings} 314} 315 316// LicenseStatus enumerates the values for license status. 317type LicenseStatus string 318 319const ( 320 // LicenseStatusDisabled ... 321 LicenseStatusDisabled LicenseStatus = "Disabled" 322 // LicenseStatusEnabled ... 323 LicenseStatusEnabled LicenseStatus = "Enabled" 324) 325 326// PossibleLicenseStatusValues returns an array of possible values for the LicenseStatus const type. 327func PossibleLicenseStatusValues() []LicenseStatus { 328 return []LicenseStatus{LicenseStatusDisabled, LicenseStatusEnabled} 329} 330 331// MicrosoftSecurityProductName enumerates the values for microsoft security product name. 332type MicrosoftSecurityProductName string 333 334const ( 335 // MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection ... 336 MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection" 337 // MicrosoftSecurityProductNameAzureAdvancedThreatProtection ... 338 MicrosoftSecurityProductNameAzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection" 339 // MicrosoftSecurityProductNameAzureSecurityCenter ... 340 MicrosoftSecurityProductNameAzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center" 341 // MicrosoftSecurityProductNameAzureSecurityCenterforIoT ... 342 MicrosoftSecurityProductNameAzureSecurityCenterforIoT MicrosoftSecurityProductName = "Azure Security Center for IoT" 343 // MicrosoftSecurityProductNameMicrosoftCloudAppSecurity ... 344 MicrosoftSecurityProductNameMicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security" 345) 346 347// PossibleMicrosoftSecurityProductNameValues returns an array of possible values for the MicrosoftSecurityProductName const type. 348func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName { 349 return []MicrosoftSecurityProductName{MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection, MicrosoftSecurityProductNameAzureAdvancedThreatProtection, MicrosoftSecurityProductNameAzureSecurityCenter, MicrosoftSecurityProductNameAzureSecurityCenterforIoT, MicrosoftSecurityProductNameMicrosoftCloudAppSecurity} 350} 351 352// SettingKind enumerates the values for setting kind. 353type SettingKind string 354 355const ( 356 // SettingKindToggleSettings ... 357 SettingKindToggleSettings SettingKind = "ToggleSettings" 358 // SettingKindUebaSettings ... 359 SettingKindUebaSettings SettingKind = "UebaSettings" 360) 361 362// PossibleSettingKindValues returns an array of possible values for the SettingKind const type. 363func PossibleSettingKindValues() []SettingKind { 364 return []SettingKind{SettingKindToggleSettings, SettingKindUebaSettings} 365} 366 367// StatusInMcas enumerates the values for status in mcas. 368type StatusInMcas string 369 370const ( 371 // StatusInMcasDisabled ... 372 StatusInMcasDisabled StatusInMcas = "Disabled" 373 // StatusInMcasEnabled ... 374 StatusInMcasEnabled StatusInMcas = "Enabled" 375) 376 377// PossibleStatusInMcasValues returns an array of possible values for the StatusInMcas const type. 378func PossibleStatusInMcasValues() []StatusInMcas { 379 return []StatusInMcas{StatusInMcasDisabled, StatusInMcasEnabled} 380} 381 382// TemplateStatus enumerates the values for template status. 383type TemplateStatus string 384 385const ( 386 // TemplateStatusAvailable Alert rule template is available. 387 TemplateStatusAvailable TemplateStatus = "Available" 388 // TemplateStatusInstalled Alert rule template installed. and can not use more then once 389 TemplateStatusInstalled TemplateStatus = "Installed" 390 // TemplateStatusNotAvailable Alert rule template is not available 391 TemplateStatusNotAvailable TemplateStatus = "NotAvailable" 392) 393 394// PossibleTemplateStatusValues returns an array of possible values for the TemplateStatus const type. 395func PossibleTemplateStatusValues() []TemplateStatus { 396 return []TemplateStatus{TemplateStatusAvailable, TemplateStatusInstalled, TemplateStatusNotAvailable} 397} 398 399// TriggerOperator enumerates the values for trigger operator. 400type TriggerOperator string 401 402const ( 403 // TriggerOperatorEqual ... 404 TriggerOperatorEqual TriggerOperator = "Equal" 405 // TriggerOperatorGreaterThan ... 406 TriggerOperatorGreaterThan TriggerOperator = "GreaterThan" 407 // TriggerOperatorLessThan ... 408 TriggerOperatorLessThan TriggerOperator = "LessThan" 409 // TriggerOperatorNotEqual ... 410 TriggerOperatorNotEqual TriggerOperator = "NotEqual" 411) 412 413// PossibleTriggerOperatorValues returns an array of possible values for the TriggerOperator const type. 414func PossibleTriggerOperatorValues() []TriggerOperator { 415 return []TriggerOperator{TriggerOperatorEqual, TriggerOperatorGreaterThan, TriggerOperatorLessThan, TriggerOperatorNotEqual} 416} 417