package securityinsight // Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT License. See License.txt in the project root for license information. // // Code generated by Microsoft (R) AutoRest Code Generator. // Changes may cause incorrect behavior and will be lost if the code is regenerated. // ActionType enumerates the values for action type. type ActionType string const ( // ActionTypeModifyProperties Modify an object's properties ActionTypeModifyProperties ActionType = "ModifyProperties" // ActionTypeRunPlaybook Run a playbook on an object ActionTypeRunPlaybook ActionType = "RunPlaybook" ) // PossibleActionTypeValues returns an array of possible values for the ActionType const type. func PossibleActionTypeValues() []ActionType { return []ActionType{ActionTypeModifyProperties, ActionTypeRunPlaybook} } // ActionTypeBasicAutomationRuleAction enumerates the values for action type basic automation rule action. type ActionTypeBasicAutomationRuleAction string const ( // ActionTypeBasicAutomationRuleActionActionTypeAutomationRuleAction ... ActionTypeBasicAutomationRuleActionActionTypeAutomationRuleAction ActionTypeBasicAutomationRuleAction = "AutomationRuleAction" // ActionTypeBasicAutomationRuleActionActionTypeModifyProperties ... ActionTypeBasicAutomationRuleActionActionTypeModifyProperties ActionTypeBasicAutomationRuleAction = "ModifyProperties" // ActionTypeBasicAutomationRuleActionActionTypeRunPlaybook ... ActionTypeBasicAutomationRuleActionActionTypeRunPlaybook ActionTypeBasicAutomationRuleAction = "RunPlaybook" ) // PossibleActionTypeBasicAutomationRuleActionValues returns an array of possible values for the ActionTypeBasicAutomationRuleAction const type. func PossibleActionTypeBasicAutomationRuleActionValues() []ActionTypeBasicAutomationRuleAction { return []ActionTypeBasicAutomationRuleAction{ActionTypeBasicAutomationRuleActionActionTypeAutomationRuleAction, ActionTypeBasicAutomationRuleActionActionTypeModifyProperties, ActionTypeBasicAutomationRuleActionActionTypeRunPlaybook} } // AlertDetail enumerates the values for alert detail. type AlertDetail string const ( // AlertDetailDisplayName Alert display name AlertDetailDisplayName AlertDetail = "DisplayName" // AlertDetailSeverity Alert severity AlertDetailSeverity AlertDetail = "Severity" ) // PossibleAlertDetailValues returns an array of possible values for the AlertDetail const type. func PossibleAlertDetailValues() []AlertDetail { return []AlertDetail{AlertDetailDisplayName, AlertDetailSeverity} } // AlertProperty enumerates the values for alert property. type AlertProperty string const ( // AlertPropertyAlertLink Alert's link AlertPropertyAlertLink AlertProperty = "AlertLink" // AlertPropertyConfidenceLevel Confidence level property AlertPropertyConfidenceLevel AlertProperty = "ConfidenceLevel" // AlertPropertyConfidenceScore Confidence score AlertPropertyConfidenceScore AlertProperty = "ConfidenceScore" // AlertPropertyExtendedLinks Extended links to the alert AlertPropertyExtendedLinks AlertProperty = "ExtendedLinks" // AlertPropertyProductComponentName Product component name alert property AlertPropertyProductComponentName AlertProperty = "ProductComponentName" // AlertPropertyProductName Product name alert property AlertPropertyProductName AlertProperty = "ProductName" // AlertPropertyProviderName Provider name alert property AlertPropertyProviderName AlertProperty = "ProviderName" // AlertPropertyRemediationSteps Remediation steps alert property AlertPropertyRemediationSteps AlertProperty = "RemediationSteps" // AlertPropertyTechniques Techniques alert property AlertPropertyTechniques AlertProperty = "Techniques" ) // PossibleAlertPropertyValues returns an array of possible values for the AlertProperty const type. func PossibleAlertPropertyValues() []AlertProperty { return []AlertProperty{AlertPropertyAlertLink, AlertPropertyConfidenceLevel, AlertPropertyConfidenceScore, AlertPropertyExtendedLinks, AlertPropertyProductComponentName, AlertPropertyProductName, AlertPropertyProviderName, AlertPropertyRemediationSteps, AlertPropertyTechniques} } // AlertRuleKind enumerates the values for alert rule kind. type AlertRuleKind string const ( // AlertRuleKindFusion ... AlertRuleKindFusion AlertRuleKind = "Fusion" // AlertRuleKindMLBehaviorAnalytics ... AlertRuleKindMLBehaviorAnalytics AlertRuleKind = "MLBehaviorAnalytics" // AlertRuleKindMicrosoftSecurityIncidentCreation ... AlertRuleKindMicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation" // AlertRuleKindNRT ... AlertRuleKindNRT AlertRuleKind = "NRT" // AlertRuleKindScheduled ... AlertRuleKindScheduled AlertRuleKind = "Scheduled" // AlertRuleKindThreatIntelligence ... AlertRuleKindThreatIntelligence AlertRuleKind = "ThreatIntelligence" ) // PossibleAlertRuleKindValues returns an array of possible values for the AlertRuleKind const type. func PossibleAlertRuleKindValues() []AlertRuleKind { return []AlertRuleKind{AlertRuleKindFusion, AlertRuleKindMLBehaviorAnalytics, AlertRuleKindMicrosoftSecurityIncidentCreation, AlertRuleKindNRT, AlertRuleKindScheduled, AlertRuleKindThreatIntelligence} } // AlertSeverity enumerates the values for alert severity. type AlertSeverity string const ( // AlertSeverityHigh High severity AlertSeverityHigh AlertSeverity = "High" // AlertSeverityInformational Informational severity AlertSeverityInformational AlertSeverity = "Informational" // AlertSeverityLow Low severity AlertSeverityLow AlertSeverity = "Low" // AlertSeverityMedium Medium severity AlertSeverityMedium AlertSeverity = "Medium" ) // PossibleAlertSeverityValues returns an array of possible values for the AlertSeverity const type. func PossibleAlertSeverityValues() []AlertSeverity { return []AlertSeverity{AlertSeverityHigh, AlertSeverityInformational, AlertSeverityLow, AlertSeverityMedium} } // AlertStatus enumerates the values for alert status. type AlertStatus string const ( // AlertStatusDismissed Alert dismissed as false positive AlertStatusDismissed AlertStatus = "Dismissed" // AlertStatusInProgress Alert is being handled AlertStatusInProgress AlertStatus = "InProgress" // AlertStatusNew New alert AlertStatusNew AlertStatus = "New" // AlertStatusResolved Alert closed after handling AlertStatusResolved AlertStatus = "Resolved" // AlertStatusUnknown Unknown value AlertStatusUnknown AlertStatus = "Unknown" ) // PossibleAlertStatusValues returns an array of possible values for the AlertStatus const type. func PossibleAlertStatusValues() []AlertStatus { return []AlertStatus{AlertStatusDismissed, AlertStatusInProgress, AlertStatusNew, AlertStatusResolved, AlertStatusUnknown} } // AntispamMailDirection enumerates the values for antispam mail direction. type AntispamMailDirection string const ( // AntispamMailDirectionInbound Inbound AntispamMailDirectionInbound AntispamMailDirection = "Inbound" // AntispamMailDirectionIntraorg Intraorg AntispamMailDirectionIntraorg AntispamMailDirection = "Intraorg" // AntispamMailDirectionOutbound Outbound AntispamMailDirectionOutbound AntispamMailDirection = "Outbound" // AntispamMailDirectionUnknown Unknown AntispamMailDirectionUnknown AntispamMailDirection = "Unknown" ) // PossibleAntispamMailDirectionValues returns an array of possible values for the AntispamMailDirection const type. func PossibleAntispamMailDirectionValues() []AntispamMailDirection { return []AntispamMailDirection{AntispamMailDirectionInbound, AntispamMailDirectionIntraorg, AntispamMailDirectionOutbound, AntispamMailDirectionUnknown} } // AttackTactic enumerates the values for attack tactic. type AttackTactic string const ( // AttackTacticCollection ... AttackTacticCollection AttackTactic = "Collection" // AttackTacticCommandAndControl ... AttackTacticCommandAndControl AttackTactic = "CommandAndControl" // AttackTacticCredentialAccess ... AttackTacticCredentialAccess AttackTactic = "CredentialAccess" // AttackTacticDefenseEvasion ... AttackTacticDefenseEvasion AttackTactic = "DefenseEvasion" // AttackTacticDiscovery ... AttackTacticDiscovery AttackTactic = "Discovery" // AttackTacticExecution ... AttackTacticExecution AttackTactic = "Execution" // AttackTacticExfiltration ... AttackTacticExfiltration AttackTactic = "Exfiltration" // AttackTacticImpact ... AttackTacticImpact AttackTactic = "Impact" // AttackTacticImpairProcessControl ... AttackTacticImpairProcessControl AttackTactic = "ImpairProcessControl" // AttackTacticInhibitResponseFunction ... AttackTacticInhibitResponseFunction AttackTactic = "InhibitResponseFunction" // AttackTacticInitialAccess ... AttackTacticInitialAccess AttackTactic = "InitialAccess" // AttackTacticLateralMovement ... AttackTacticLateralMovement AttackTactic = "LateralMovement" // AttackTacticPersistence ... AttackTacticPersistence AttackTactic = "Persistence" // AttackTacticPreAttack ... AttackTacticPreAttack AttackTactic = "PreAttack" // AttackTacticPrivilegeEscalation ... AttackTacticPrivilegeEscalation AttackTactic = "PrivilegeEscalation" // AttackTacticReconnaissance ... AttackTacticReconnaissance AttackTactic = "Reconnaissance" // AttackTacticResourceDevelopment ... AttackTacticResourceDevelopment AttackTactic = "ResourceDevelopment" ) // PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type. func PossibleAttackTacticValues() []AttackTactic { return []AttackTactic{AttackTacticCollection, AttackTacticCommandAndControl, AttackTacticCredentialAccess, AttackTacticDefenseEvasion, AttackTacticDiscovery, AttackTacticExecution, AttackTacticExfiltration, AttackTacticImpact, AttackTacticImpairProcessControl, AttackTacticInhibitResponseFunction, AttackTacticInitialAccess, AttackTacticLateralMovement, AttackTacticPersistence, AttackTacticPreAttack, AttackTacticPrivilegeEscalation, AttackTacticReconnaissance, AttackTacticResourceDevelopment} } // AutomationRuleBooleanConditionSupportedOperator enumerates the values for automation rule boolean condition // supported operator. type AutomationRuleBooleanConditionSupportedOperator string const ( // AutomationRuleBooleanConditionSupportedOperatorAnd Evaluates as true if all the item conditions are // evaluated as true AutomationRuleBooleanConditionSupportedOperatorAnd AutomationRuleBooleanConditionSupportedOperator = "And" // AutomationRuleBooleanConditionSupportedOperatorOr Evaluates as true if at least one of the item // conditions are evaluated as true AutomationRuleBooleanConditionSupportedOperatorOr AutomationRuleBooleanConditionSupportedOperator = "Or" ) // PossibleAutomationRuleBooleanConditionSupportedOperatorValues returns an array of possible values for the AutomationRuleBooleanConditionSupportedOperator const type. func PossibleAutomationRuleBooleanConditionSupportedOperatorValues() []AutomationRuleBooleanConditionSupportedOperator { return []AutomationRuleBooleanConditionSupportedOperator{AutomationRuleBooleanConditionSupportedOperatorAnd, AutomationRuleBooleanConditionSupportedOperatorOr} } // AutomationRulePropertyArrayChangedConditionSupportedArrayType enumerates the values for automation rule // property array changed condition supported array type. type AutomationRulePropertyArrayChangedConditionSupportedArrayType string const ( // AutomationRulePropertyArrayChangedConditionSupportedArrayTypeAlerts Evaluate the condition on the alerts AutomationRulePropertyArrayChangedConditionSupportedArrayTypeAlerts AutomationRulePropertyArrayChangedConditionSupportedArrayType = "Alerts" // AutomationRulePropertyArrayChangedConditionSupportedArrayTypeComments Evaluate the condition on the // comments AutomationRulePropertyArrayChangedConditionSupportedArrayTypeComments AutomationRulePropertyArrayChangedConditionSupportedArrayType = "Comments" // AutomationRulePropertyArrayChangedConditionSupportedArrayTypeLabels Evaluate the condition on the labels AutomationRulePropertyArrayChangedConditionSupportedArrayTypeLabels AutomationRulePropertyArrayChangedConditionSupportedArrayType = "Labels" // AutomationRulePropertyArrayChangedConditionSupportedArrayTypeTactics Evaluate the condition on the // tactics AutomationRulePropertyArrayChangedConditionSupportedArrayTypeTactics AutomationRulePropertyArrayChangedConditionSupportedArrayType = "Tactics" ) // PossibleAutomationRulePropertyArrayChangedConditionSupportedArrayTypeValues returns an array of possible values for the AutomationRulePropertyArrayChangedConditionSupportedArrayType const type. func PossibleAutomationRulePropertyArrayChangedConditionSupportedArrayTypeValues() []AutomationRulePropertyArrayChangedConditionSupportedArrayType { return []AutomationRulePropertyArrayChangedConditionSupportedArrayType{AutomationRulePropertyArrayChangedConditionSupportedArrayTypeAlerts, AutomationRulePropertyArrayChangedConditionSupportedArrayTypeComments, AutomationRulePropertyArrayChangedConditionSupportedArrayTypeLabels, AutomationRulePropertyArrayChangedConditionSupportedArrayTypeTactics} } // AutomationRulePropertyArrayChangedConditionSupportedChangeType enumerates the values for automation rule // property array changed condition supported change type. type AutomationRulePropertyArrayChangedConditionSupportedChangeType string const ( // AutomationRulePropertyArrayChangedConditionSupportedChangeTypeAdded Evaluate the condition on items // added to the array AutomationRulePropertyArrayChangedConditionSupportedChangeTypeAdded AutomationRulePropertyArrayChangedConditionSupportedChangeType = "Added" ) // PossibleAutomationRulePropertyArrayChangedConditionSupportedChangeTypeValues returns an array of possible values for the AutomationRulePropertyArrayChangedConditionSupportedChangeType const type. func PossibleAutomationRulePropertyArrayChangedConditionSupportedChangeTypeValues() []AutomationRulePropertyArrayChangedConditionSupportedChangeType { return []AutomationRulePropertyArrayChangedConditionSupportedChangeType{AutomationRulePropertyArrayChangedConditionSupportedChangeTypeAdded} } // AutomationRulePropertyArrayConditionSupportedArrayConditionType enumerates the values for automation rule // property array condition supported array condition type. type AutomationRulePropertyArrayConditionSupportedArrayConditionType string const ( // AutomationRulePropertyArrayConditionSupportedArrayConditionTypeAnyItem Evaluate the condition as true if // any item fulfills it AutomationRulePropertyArrayConditionSupportedArrayConditionTypeAnyItem AutomationRulePropertyArrayConditionSupportedArrayConditionType = "AnyItem" ) // PossibleAutomationRulePropertyArrayConditionSupportedArrayConditionTypeValues returns an array of possible values for the AutomationRulePropertyArrayConditionSupportedArrayConditionType const type. func PossibleAutomationRulePropertyArrayConditionSupportedArrayConditionTypeValues() []AutomationRulePropertyArrayConditionSupportedArrayConditionType { return []AutomationRulePropertyArrayConditionSupportedArrayConditionType{AutomationRulePropertyArrayConditionSupportedArrayConditionTypeAnyItem} } // AutomationRulePropertyArrayConditionSupportedArrayType enumerates the values for automation rule property // array condition supported array type. type AutomationRulePropertyArrayConditionSupportedArrayType string const ( // AutomationRulePropertyArrayConditionSupportedArrayTypeCustomDetailValues Evaluate the condition on a // custom detail's values AutomationRulePropertyArrayConditionSupportedArrayTypeCustomDetailValues AutomationRulePropertyArrayConditionSupportedArrayType = "CustomDetailValues" // AutomationRulePropertyArrayConditionSupportedArrayTypeCustomDetails Evaluate the condition on the custom // detail keys AutomationRulePropertyArrayConditionSupportedArrayTypeCustomDetails AutomationRulePropertyArrayConditionSupportedArrayType = "CustomDetails" ) // PossibleAutomationRulePropertyArrayConditionSupportedArrayTypeValues returns an array of possible values for the AutomationRulePropertyArrayConditionSupportedArrayType const type. func PossibleAutomationRulePropertyArrayConditionSupportedArrayTypeValues() []AutomationRulePropertyArrayConditionSupportedArrayType { return []AutomationRulePropertyArrayConditionSupportedArrayType{AutomationRulePropertyArrayConditionSupportedArrayTypeCustomDetailValues, AutomationRulePropertyArrayConditionSupportedArrayTypeCustomDetails} } // AutomationRulePropertyChangedConditionSupportedChangedType enumerates the values for automation rule // property changed condition supported changed type. type AutomationRulePropertyChangedConditionSupportedChangedType string const ( // AutomationRulePropertyChangedConditionSupportedChangedTypeChangedFrom Evaluate the condition on the // previous value of the property AutomationRulePropertyChangedConditionSupportedChangedTypeChangedFrom AutomationRulePropertyChangedConditionSupportedChangedType = "ChangedFrom" // AutomationRulePropertyChangedConditionSupportedChangedTypeChangedTo Evaluate the condition on the // updated value of the property AutomationRulePropertyChangedConditionSupportedChangedTypeChangedTo AutomationRulePropertyChangedConditionSupportedChangedType = "ChangedTo" ) // PossibleAutomationRulePropertyChangedConditionSupportedChangedTypeValues returns an array of possible values for the AutomationRulePropertyChangedConditionSupportedChangedType const type. func PossibleAutomationRulePropertyChangedConditionSupportedChangedTypeValues() []AutomationRulePropertyChangedConditionSupportedChangedType { return []AutomationRulePropertyChangedConditionSupportedChangedType{AutomationRulePropertyChangedConditionSupportedChangedTypeChangedFrom, AutomationRulePropertyChangedConditionSupportedChangedTypeChangedTo} } // AutomationRulePropertyChangedConditionSupportedPropertyType enumerates the values for automation rule // property changed condition supported property type. type AutomationRulePropertyChangedConditionSupportedPropertyType string const ( // AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentOwner Evaluate the condition on the // incident owner AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentOwner AutomationRulePropertyChangedConditionSupportedPropertyType = "IncidentOwner" // AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentSeverity Evaluate the condition on // the incident severity AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentSeverity AutomationRulePropertyChangedConditionSupportedPropertyType = "IncidentSeverity" // AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentStatus Evaluate the condition on the // incident status AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentStatus AutomationRulePropertyChangedConditionSupportedPropertyType = "IncidentStatus" ) // PossibleAutomationRulePropertyChangedConditionSupportedPropertyTypeValues returns an array of possible values for the AutomationRulePropertyChangedConditionSupportedPropertyType const type. func PossibleAutomationRulePropertyChangedConditionSupportedPropertyTypeValues() []AutomationRulePropertyChangedConditionSupportedPropertyType { return []AutomationRulePropertyChangedConditionSupportedPropertyType{AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentOwner, AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentSeverity, AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentStatus} } // AutomationRulePropertyConditionSupportedOperator enumerates the values for automation rule property // condition supported operator. type AutomationRulePropertyConditionSupportedOperator string const ( // AutomationRulePropertyConditionSupportedOperatorContains Evaluates if the property contains at least one // of the condition values AutomationRulePropertyConditionSupportedOperatorContains AutomationRulePropertyConditionSupportedOperator = "Contains" // AutomationRulePropertyConditionSupportedOperatorEndsWith Evaluates if the property ends with any of the // condition values AutomationRulePropertyConditionSupportedOperatorEndsWith AutomationRulePropertyConditionSupportedOperator = "EndsWith" // AutomationRulePropertyConditionSupportedOperatorEquals Evaluates if the property equals at least one of // the condition values AutomationRulePropertyConditionSupportedOperatorEquals AutomationRulePropertyConditionSupportedOperator = "Equals" // AutomationRulePropertyConditionSupportedOperatorNotContains Evaluates if the property does not contain // any of the condition values AutomationRulePropertyConditionSupportedOperatorNotContains AutomationRulePropertyConditionSupportedOperator = "NotContains" // AutomationRulePropertyConditionSupportedOperatorNotEndsWith Evaluates if the property does not end with // any of the condition values AutomationRulePropertyConditionSupportedOperatorNotEndsWith AutomationRulePropertyConditionSupportedOperator = "NotEndsWith" // AutomationRulePropertyConditionSupportedOperatorNotEquals Evaluates if the property does not equal any // of the condition values AutomationRulePropertyConditionSupportedOperatorNotEquals AutomationRulePropertyConditionSupportedOperator = "NotEquals" // AutomationRulePropertyConditionSupportedOperatorNotStartsWith Evaluates if the property does not start // with any of the condition values AutomationRulePropertyConditionSupportedOperatorNotStartsWith AutomationRulePropertyConditionSupportedOperator = "NotStartsWith" // AutomationRulePropertyConditionSupportedOperatorStartsWith Evaluates if the property starts with any of // the condition values AutomationRulePropertyConditionSupportedOperatorStartsWith AutomationRulePropertyConditionSupportedOperator = "StartsWith" ) // PossibleAutomationRulePropertyConditionSupportedOperatorValues returns an array of possible values for the AutomationRulePropertyConditionSupportedOperator const type. func PossibleAutomationRulePropertyConditionSupportedOperatorValues() []AutomationRulePropertyConditionSupportedOperator { return []AutomationRulePropertyConditionSupportedOperator{AutomationRulePropertyConditionSupportedOperatorContains, AutomationRulePropertyConditionSupportedOperatorEndsWith, AutomationRulePropertyConditionSupportedOperatorEquals, AutomationRulePropertyConditionSupportedOperatorNotContains, AutomationRulePropertyConditionSupportedOperatorNotEndsWith, AutomationRulePropertyConditionSupportedOperatorNotEquals, AutomationRulePropertyConditionSupportedOperatorNotStartsWith, AutomationRulePropertyConditionSupportedOperatorStartsWith} } // AutomationRulePropertyConditionSupportedProperty enumerates the values for automation rule property // condition supported property. type AutomationRulePropertyConditionSupportedProperty string const ( // AutomationRulePropertyConditionSupportedPropertyAccountAadTenantID The account Azure Active Directory // tenant id AutomationRulePropertyConditionSupportedPropertyAccountAadTenantID AutomationRulePropertyConditionSupportedProperty = "AccountAadTenantId" // AutomationRulePropertyConditionSupportedPropertyAccountAadUserID The account Azure Active Directory user // id AutomationRulePropertyConditionSupportedPropertyAccountAadUserID AutomationRulePropertyConditionSupportedProperty = "AccountAadUserId" // AutomationRulePropertyConditionSupportedPropertyAccountNTDomain The account NetBIOS domain name AutomationRulePropertyConditionSupportedPropertyAccountNTDomain AutomationRulePropertyConditionSupportedProperty = "AccountNTDomain" // AutomationRulePropertyConditionSupportedPropertyAccountName The account name AutomationRulePropertyConditionSupportedPropertyAccountName AutomationRulePropertyConditionSupportedProperty = "AccountName" // AutomationRulePropertyConditionSupportedPropertyAccountObjectGUID The account unique identifier AutomationRulePropertyConditionSupportedPropertyAccountObjectGUID AutomationRulePropertyConditionSupportedProperty = "AccountObjectGuid" // AutomationRulePropertyConditionSupportedPropertyAccountPUID The account Azure Active Directory Passport // User ID AutomationRulePropertyConditionSupportedPropertyAccountPUID AutomationRulePropertyConditionSupportedProperty = "AccountPUID" // AutomationRulePropertyConditionSupportedPropertyAccountSid The account security identifier AutomationRulePropertyConditionSupportedPropertyAccountSid AutomationRulePropertyConditionSupportedProperty = "AccountSid" // AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix The account user principal name suffix AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix AutomationRulePropertyConditionSupportedProperty = "AccountUPNSuffix" // AutomationRulePropertyConditionSupportedPropertyAlertAnalyticRuleIds The analytic rule ids of the alert AutomationRulePropertyConditionSupportedPropertyAlertAnalyticRuleIds AutomationRulePropertyConditionSupportedProperty = "AlertAnalyticRuleIds" // AutomationRulePropertyConditionSupportedPropertyAlertProductNames The name of the product of the alert AutomationRulePropertyConditionSupportedPropertyAlertProductNames AutomationRulePropertyConditionSupportedProperty = "AlertProductNames" // AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceID The Azure resource id AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceID AutomationRulePropertyConditionSupportedProperty = "AzureResourceResourceId" // AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionID The Azure resource // subscription id AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionID AutomationRulePropertyConditionSupportedProperty = "AzureResourceSubscriptionId" // AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppID The cloud application identifier AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppID AutomationRulePropertyConditionSupportedProperty = "CloudApplicationAppId" // AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName The cloud application name AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName AutomationRulePropertyConditionSupportedProperty = "CloudApplicationAppName" // AutomationRulePropertyConditionSupportedPropertyDNSDomainName The dns record domain name AutomationRulePropertyConditionSupportedPropertyDNSDomainName AutomationRulePropertyConditionSupportedProperty = "DNSDomainName" // AutomationRulePropertyConditionSupportedPropertyFileDirectory The file directory full path AutomationRulePropertyConditionSupportedPropertyFileDirectory AutomationRulePropertyConditionSupportedProperty = "FileDirectory" // AutomationRulePropertyConditionSupportedPropertyFileHashValue The file hash value AutomationRulePropertyConditionSupportedPropertyFileHashValue AutomationRulePropertyConditionSupportedProperty = "FileHashValue" // AutomationRulePropertyConditionSupportedPropertyFileName The file name without path AutomationRulePropertyConditionSupportedPropertyFileName AutomationRulePropertyConditionSupportedProperty = "FileName" // AutomationRulePropertyConditionSupportedPropertyHostAzureID The host Azure resource id AutomationRulePropertyConditionSupportedPropertyHostAzureID AutomationRulePropertyConditionSupportedProperty = "HostAzureID" // AutomationRulePropertyConditionSupportedPropertyHostNTDomain The host NT domain AutomationRulePropertyConditionSupportedPropertyHostNTDomain AutomationRulePropertyConditionSupportedProperty = "HostNTDomain" // AutomationRulePropertyConditionSupportedPropertyHostName The host name without domain AutomationRulePropertyConditionSupportedPropertyHostName AutomationRulePropertyConditionSupportedProperty = "HostName" // AutomationRulePropertyConditionSupportedPropertyHostNetBiosName The host NetBIOS name AutomationRulePropertyConditionSupportedPropertyHostNetBiosName AutomationRulePropertyConditionSupportedProperty = "HostNetBiosName" // AutomationRulePropertyConditionSupportedPropertyHostOSVersion The host operating system AutomationRulePropertyConditionSupportedPropertyHostOSVersion AutomationRulePropertyConditionSupportedProperty = "HostOSVersion" // AutomationRulePropertyConditionSupportedPropertyIPAddress The IP address AutomationRulePropertyConditionSupportedPropertyIPAddress AutomationRulePropertyConditionSupportedProperty = "IPAddress" // AutomationRulePropertyConditionSupportedPropertyIncidentCustomDetailsKey The incident custom detail key AutomationRulePropertyConditionSupportedPropertyIncidentCustomDetailsKey AutomationRulePropertyConditionSupportedProperty = "IncidentCustomDetailsKey" // AutomationRulePropertyConditionSupportedPropertyIncidentCustomDetailsValue The incident custom detail // value AutomationRulePropertyConditionSupportedPropertyIncidentCustomDetailsValue AutomationRulePropertyConditionSupportedProperty = "IncidentCustomDetailsValue" // AutomationRulePropertyConditionSupportedPropertyIncidentDescription The description of the incident AutomationRulePropertyConditionSupportedPropertyIncidentDescription AutomationRulePropertyConditionSupportedProperty = "IncidentDescription" // AutomationRulePropertyConditionSupportedPropertyIncidentLabel The labels of the incident AutomationRulePropertyConditionSupportedPropertyIncidentLabel AutomationRulePropertyConditionSupportedProperty = "IncidentLabel" // AutomationRulePropertyConditionSupportedPropertyIncidentProviderName The provider name of the incident AutomationRulePropertyConditionSupportedPropertyIncidentProviderName AutomationRulePropertyConditionSupportedProperty = "IncidentProviderName" // AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIds The related Analytic rule // ids of the incident AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIds AutomationRulePropertyConditionSupportedProperty = "IncidentRelatedAnalyticRuleIds" // AutomationRulePropertyConditionSupportedPropertyIncidentSeverity The severity of the incident AutomationRulePropertyConditionSupportedPropertyIncidentSeverity AutomationRulePropertyConditionSupportedProperty = "IncidentSeverity" // AutomationRulePropertyConditionSupportedPropertyIncidentStatus The status of the incident AutomationRulePropertyConditionSupportedPropertyIncidentStatus AutomationRulePropertyConditionSupportedProperty = "IncidentStatus" // AutomationRulePropertyConditionSupportedPropertyIncidentTactics The tactics of the incident AutomationRulePropertyConditionSupportedPropertyIncidentTactics AutomationRulePropertyConditionSupportedProperty = "IncidentTactics" // AutomationRulePropertyConditionSupportedPropertyIncidentTitle The title of the incident AutomationRulePropertyConditionSupportedPropertyIncidentTitle AutomationRulePropertyConditionSupportedProperty = "IncidentTitle" // AutomationRulePropertyConditionSupportedPropertyIncidentUpdatedBySource The update source of the // incident AutomationRulePropertyConditionSupportedPropertyIncidentUpdatedBySource AutomationRulePropertyConditionSupportedProperty = "IncidentUpdatedBySource" // AutomationRulePropertyConditionSupportedPropertyIoTDeviceID "The IoT device id AutomationRulePropertyConditionSupportedPropertyIoTDeviceID AutomationRulePropertyConditionSupportedProperty = "IoTDeviceId" // AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel The IoT device model AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel AutomationRulePropertyConditionSupportedProperty = "IoTDeviceModel" // AutomationRulePropertyConditionSupportedPropertyIoTDeviceName The IoT device name AutomationRulePropertyConditionSupportedPropertyIoTDeviceName AutomationRulePropertyConditionSupportedProperty = "IoTDeviceName" // AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem The IoT device operating system AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem AutomationRulePropertyConditionSupportedProperty = "IoTDeviceOperatingSystem" // AutomationRulePropertyConditionSupportedPropertyIoTDeviceType The IoT device type AutomationRulePropertyConditionSupportedPropertyIoTDeviceType AutomationRulePropertyConditionSupportedProperty = "IoTDeviceType" // AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor The IoT device vendor AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor AutomationRulePropertyConditionSupportedProperty = "IoTDeviceVendor" // AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction The mail message delivery // action AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction AutomationRulePropertyConditionSupportedProperty = "MailMessageDeliveryAction" // AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation The mail message delivery // location AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation AutomationRulePropertyConditionSupportedProperty = "MailMessageDeliveryLocation" // AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender The mail message P1 sender AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender AutomationRulePropertyConditionSupportedProperty = "MailMessageP1Sender" // AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender The mail message P2 sender AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender AutomationRulePropertyConditionSupportedProperty = "MailMessageP2Sender" // AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient The mail message recipient AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient AutomationRulePropertyConditionSupportedProperty = "MailMessageRecipient" // AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP The mail message sender IP address AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP AutomationRulePropertyConditionSupportedProperty = "MailMessageSenderIP" // AutomationRulePropertyConditionSupportedPropertyMailMessageSubject The mail message subject AutomationRulePropertyConditionSupportedPropertyMailMessageSubject AutomationRulePropertyConditionSupportedProperty = "MailMessageSubject" // AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName The mailbox display name AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName AutomationRulePropertyConditionSupportedProperty = "MailboxDisplayName" // AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress The mailbox primary address AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress AutomationRulePropertyConditionSupportedProperty = "MailboxPrimaryAddress" // AutomationRulePropertyConditionSupportedPropertyMailboxUPN The mailbox user principal name AutomationRulePropertyConditionSupportedPropertyMailboxUPN AutomationRulePropertyConditionSupportedProperty = "MailboxUPN" // AutomationRulePropertyConditionSupportedPropertyMalwareCategory The malware category AutomationRulePropertyConditionSupportedPropertyMalwareCategory AutomationRulePropertyConditionSupportedProperty = "MalwareCategory" // AutomationRulePropertyConditionSupportedPropertyMalwareName The malware name AutomationRulePropertyConditionSupportedPropertyMalwareName AutomationRulePropertyConditionSupportedProperty = "MalwareName" // AutomationRulePropertyConditionSupportedPropertyProcessCommandLine The process execution command line AutomationRulePropertyConditionSupportedPropertyProcessCommandLine AutomationRulePropertyConditionSupportedProperty = "ProcessCommandLine" // AutomationRulePropertyConditionSupportedPropertyProcessID The process id AutomationRulePropertyConditionSupportedPropertyProcessID AutomationRulePropertyConditionSupportedProperty = "ProcessId" // AutomationRulePropertyConditionSupportedPropertyRegistryKey The registry key path AutomationRulePropertyConditionSupportedPropertyRegistryKey AutomationRulePropertyConditionSupportedProperty = "RegistryKey" // AutomationRulePropertyConditionSupportedPropertyRegistryValueData The registry key value in string // formatted representation AutomationRulePropertyConditionSupportedPropertyRegistryValueData AutomationRulePropertyConditionSupportedProperty = "RegistryValueData" // AutomationRulePropertyConditionSupportedPropertyURL The url AutomationRulePropertyConditionSupportedPropertyURL AutomationRulePropertyConditionSupportedProperty = "Url" ) // PossibleAutomationRulePropertyConditionSupportedPropertyValues returns an array of possible values for the AutomationRulePropertyConditionSupportedProperty const type. func PossibleAutomationRulePropertyConditionSupportedPropertyValues() []AutomationRulePropertyConditionSupportedProperty { return []AutomationRulePropertyConditionSupportedProperty{AutomationRulePropertyConditionSupportedPropertyAccountAadTenantID, AutomationRulePropertyConditionSupportedPropertyAccountAadUserID, AutomationRulePropertyConditionSupportedPropertyAccountNTDomain, AutomationRulePropertyConditionSupportedPropertyAccountName, AutomationRulePropertyConditionSupportedPropertyAccountObjectGUID, AutomationRulePropertyConditionSupportedPropertyAccountPUID, AutomationRulePropertyConditionSupportedPropertyAccountSid, AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix, AutomationRulePropertyConditionSupportedPropertyAlertAnalyticRuleIds, AutomationRulePropertyConditionSupportedPropertyAlertProductNames, AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceID, AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionID, AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppID, AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName, AutomationRulePropertyConditionSupportedPropertyDNSDomainName, AutomationRulePropertyConditionSupportedPropertyFileDirectory, AutomationRulePropertyConditionSupportedPropertyFileHashValue, AutomationRulePropertyConditionSupportedPropertyFileName, AutomationRulePropertyConditionSupportedPropertyHostAzureID, AutomationRulePropertyConditionSupportedPropertyHostNTDomain, AutomationRulePropertyConditionSupportedPropertyHostName, AutomationRulePropertyConditionSupportedPropertyHostNetBiosName, AutomationRulePropertyConditionSupportedPropertyHostOSVersion, AutomationRulePropertyConditionSupportedPropertyIPAddress, AutomationRulePropertyConditionSupportedPropertyIncidentCustomDetailsKey, AutomationRulePropertyConditionSupportedPropertyIncidentCustomDetailsValue, AutomationRulePropertyConditionSupportedPropertyIncidentDescription, AutomationRulePropertyConditionSupportedPropertyIncidentLabel, AutomationRulePropertyConditionSupportedPropertyIncidentProviderName, AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIds, AutomationRulePropertyConditionSupportedPropertyIncidentSeverity, AutomationRulePropertyConditionSupportedPropertyIncidentStatus, AutomationRulePropertyConditionSupportedPropertyIncidentTactics, AutomationRulePropertyConditionSupportedPropertyIncidentTitle, AutomationRulePropertyConditionSupportedPropertyIncidentUpdatedBySource, AutomationRulePropertyConditionSupportedPropertyIoTDeviceID, AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel, AutomationRulePropertyConditionSupportedPropertyIoTDeviceName, AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem, AutomationRulePropertyConditionSupportedPropertyIoTDeviceType, AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor, AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction, AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation, AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender, AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender, AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient, AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP, AutomationRulePropertyConditionSupportedPropertyMailMessageSubject, AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName, AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress, AutomationRulePropertyConditionSupportedPropertyMailboxUPN, AutomationRulePropertyConditionSupportedPropertyMalwareCategory, AutomationRulePropertyConditionSupportedPropertyMalwareName, AutomationRulePropertyConditionSupportedPropertyProcessCommandLine, AutomationRulePropertyConditionSupportedPropertyProcessID, AutomationRulePropertyConditionSupportedPropertyRegistryKey, AutomationRulePropertyConditionSupportedPropertyRegistryValueData, AutomationRulePropertyConditionSupportedPropertyURL} } // ConditionType enumerates the values for condition type. type ConditionType string const ( // ConditionTypeBoolean Apply a boolean operator (e.g AND, OR) to conditions ConditionTypeBoolean ConditionType = "Boolean" // ConditionTypeProperty Evaluate an object property value ConditionTypeProperty ConditionType = "Property" // ConditionTypePropertyArray Evaluate an object array property value ConditionTypePropertyArray ConditionType = "PropertyArray" // ConditionTypePropertyArrayChanged Evaluate an object array property changed value ConditionTypePropertyArrayChanged ConditionType = "PropertyArrayChanged" // ConditionTypePropertyChanged Evaluate an object property changed value ConditionTypePropertyChanged ConditionType = "PropertyChanged" ) // PossibleConditionTypeValues returns an array of possible values for the ConditionType const type. func PossibleConditionTypeValues() []ConditionType { return []ConditionType{ConditionTypeBoolean, ConditionTypeProperty, ConditionTypePropertyArray, ConditionTypePropertyArrayChanged, ConditionTypePropertyChanged} } // ConditionTypeBasicAutomationRuleCondition enumerates the values for condition type basic automation rule // condition. type ConditionTypeBasicAutomationRuleCondition string const ( // ConditionTypeBasicAutomationRuleConditionConditionTypeAutomationRuleCondition ... ConditionTypeBasicAutomationRuleConditionConditionTypeAutomationRuleCondition ConditionTypeBasicAutomationRuleCondition = "AutomationRuleCondition" // ConditionTypeBasicAutomationRuleConditionConditionTypeBoolean ... ConditionTypeBasicAutomationRuleConditionConditionTypeBoolean ConditionTypeBasicAutomationRuleCondition = "Boolean" // ConditionTypeBasicAutomationRuleConditionConditionTypeProperty ... ConditionTypeBasicAutomationRuleConditionConditionTypeProperty ConditionTypeBasicAutomationRuleCondition = "Property" // ConditionTypeBasicAutomationRuleConditionConditionTypePropertyArray ... ConditionTypeBasicAutomationRuleConditionConditionTypePropertyArray ConditionTypeBasicAutomationRuleCondition = "PropertyArray" // ConditionTypeBasicAutomationRuleConditionConditionTypePropertyArrayChanged ... ConditionTypeBasicAutomationRuleConditionConditionTypePropertyArrayChanged ConditionTypeBasicAutomationRuleCondition = "PropertyArrayChanged" // ConditionTypeBasicAutomationRuleConditionConditionTypePropertyChanged ... ConditionTypeBasicAutomationRuleConditionConditionTypePropertyChanged ConditionTypeBasicAutomationRuleCondition = "PropertyChanged" ) // PossibleConditionTypeBasicAutomationRuleConditionValues returns an array of possible values for the ConditionTypeBasicAutomationRuleCondition const type. func PossibleConditionTypeBasicAutomationRuleConditionValues() []ConditionTypeBasicAutomationRuleCondition { return []ConditionTypeBasicAutomationRuleCondition{ConditionTypeBasicAutomationRuleConditionConditionTypeAutomationRuleCondition, ConditionTypeBasicAutomationRuleConditionConditionTypeBoolean, ConditionTypeBasicAutomationRuleConditionConditionTypeProperty, ConditionTypeBasicAutomationRuleConditionConditionTypePropertyArray, ConditionTypeBasicAutomationRuleConditionConditionTypePropertyArrayChanged, ConditionTypeBasicAutomationRuleConditionConditionTypePropertyChanged} } // ConfidenceLevel enumerates the values for confidence level. type ConfidenceLevel string const ( // ConfidenceLevelHigh High confidence that the alert is true positive malicious ConfidenceLevelHigh ConfidenceLevel = "High" // ConfidenceLevelLow Low confidence, meaning we have some doubts this is indeed malicious or part of an // attack ConfidenceLevelLow ConfidenceLevel = "Low" // ConfidenceLevelUnknown Unknown confidence, the is the default value ConfidenceLevelUnknown ConfidenceLevel = "Unknown" ) // PossibleConfidenceLevelValues returns an array of possible values for the ConfidenceLevel const type. func PossibleConfidenceLevelValues() []ConfidenceLevel { return []ConfidenceLevel{ConfidenceLevelHigh, ConfidenceLevelLow, ConfidenceLevelUnknown} } // ConfidenceScoreStatus enumerates the values for confidence score status. type ConfidenceScoreStatus string const ( // ConfidenceScoreStatusFinal Final score was calculated and available ConfidenceScoreStatusFinal ConfidenceScoreStatus = "Final" // ConfidenceScoreStatusInProcess No score was set yet and calculation is in progress ConfidenceScoreStatusInProcess ConfidenceScoreStatus = "InProcess" // ConfidenceScoreStatusNotApplicable Score will not be calculated for this alert as it is not supported by // virtual analyst ConfidenceScoreStatusNotApplicable ConfidenceScoreStatus = "NotApplicable" // ConfidenceScoreStatusNotFinal Score is calculated and shown as part of the alert, but may be updated // again at a later time following the processing of additional data ConfidenceScoreStatusNotFinal ConfidenceScoreStatus = "NotFinal" ) // PossibleConfidenceScoreStatusValues returns an array of possible values for the ConfidenceScoreStatus const type. func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus { return []ConfidenceScoreStatus{ConfidenceScoreStatusFinal, ConfidenceScoreStatusInProcess, ConfidenceScoreStatusNotApplicable, ConfidenceScoreStatusNotFinal} } // ConnectAuthKind enumerates the values for connect auth kind. type ConnectAuthKind string const ( // ConnectAuthKindAPIKey ... ConnectAuthKindAPIKey ConnectAuthKind = "APIKey" // ConnectAuthKindBasic ... ConnectAuthKindBasic ConnectAuthKind = "Basic" // ConnectAuthKindOAuth2 ... ConnectAuthKindOAuth2 ConnectAuthKind = "OAuth2" ) // PossibleConnectAuthKindValues returns an array of possible values for the ConnectAuthKind const type. func PossibleConnectAuthKindValues() []ConnectAuthKind { return []ConnectAuthKind{ConnectAuthKindAPIKey, ConnectAuthKindBasic, ConnectAuthKindOAuth2} } // ConnectivityType enumerates the values for connectivity type. type ConnectivityType string const ( // ConnectivityTypeIsConnectedQuery ... ConnectivityTypeIsConnectedQuery ConnectivityType = "IsConnectedQuery" ) // PossibleConnectivityTypeValues returns an array of possible values for the ConnectivityType const type. func PossibleConnectivityTypeValues() []ConnectivityType { return []ConnectivityType{ConnectivityTypeIsConnectedQuery} } // ContentType enumerates the values for content type. type ContentType string const ( // ContentTypeAnalyticRule ... ContentTypeAnalyticRule ContentType = "AnalyticRule" // ContentTypeWorkbook ... ContentTypeWorkbook ContentType = "Workbook" ) // PossibleContentTypeValues returns an array of possible values for the ContentType const type. func PossibleContentTypeValues() []ContentType { return []ContentType{ContentTypeAnalyticRule, ContentTypeWorkbook} } // CreatedByType enumerates the values for created by type. type CreatedByType string const ( // CreatedByTypeApplication ... CreatedByTypeApplication CreatedByType = "Application" // CreatedByTypeKey ... CreatedByTypeKey CreatedByType = "Key" // CreatedByTypeManagedIdentity ... CreatedByTypeManagedIdentity CreatedByType = "ManagedIdentity" // CreatedByTypeUser ... CreatedByTypeUser CreatedByType = "User" ) // PossibleCreatedByTypeValues returns an array of possible values for the CreatedByType const type. func PossibleCreatedByTypeValues() []CreatedByType { return []CreatedByType{CreatedByTypeApplication, CreatedByTypeKey, CreatedByTypeManagedIdentity, CreatedByTypeUser} } // CustomEntityQueryKind enumerates the values for custom entity query kind. type CustomEntityQueryKind string const ( // CustomEntityQueryKindActivity ... CustomEntityQueryKindActivity CustomEntityQueryKind = "Activity" ) // PossibleCustomEntityQueryKindValues returns an array of possible values for the CustomEntityQueryKind const type. func PossibleCustomEntityQueryKindValues() []CustomEntityQueryKind { return []CustomEntityQueryKind{CustomEntityQueryKindActivity} } // DataConnectorAuthorizationState enumerates the values for data connector authorization state. type DataConnectorAuthorizationState string const ( // DataConnectorAuthorizationStateInvalid ... DataConnectorAuthorizationStateInvalid DataConnectorAuthorizationState = "Invalid" // DataConnectorAuthorizationStateValid ... DataConnectorAuthorizationStateValid DataConnectorAuthorizationState = "Valid" ) // PossibleDataConnectorAuthorizationStateValues returns an array of possible values for the DataConnectorAuthorizationState const type. func PossibleDataConnectorAuthorizationStateValues() []DataConnectorAuthorizationState { return []DataConnectorAuthorizationState{DataConnectorAuthorizationStateInvalid, DataConnectorAuthorizationStateValid} } // DataConnectorKind enumerates the values for data connector kind. type DataConnectorKind string const ( // DataConnectorKindAPIPolling ... DataConnectorKindAPIPolling DataConnectorKind = "APIPolling" // DataConnectorKindAmazonWebServicesCloudTrail ... DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail" // DataConnectorKindAmazonWebServicesS3 ... DataConnectorKindAmazonWebServicesS3 DataConnectorKind = "AmazonWebServicesS3" // DataConnectorKindAzureActiveDirectory ... DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory" // DataConnectorKindAzureAdvancedThreatProtection ... DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection" // DataConnectorKindAzureSecurityCenter ... DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter" // DataConnectorKindDynamics365 ... DataConnectorKindDynamics365 DataConnectorKind = "Dynamics365" // DataConnectorKindGenericUI ... DataConnectorKindGenericUI DataConnectorKind = "GenericUI" // DataConnectorKindIOT ... DataConnectorKindIOT DataConnectorKind = "IOT" // DataConnectorKindMicrosoftCloudAppSecurity ... DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity" // DataConnectorKindMicrosoftDefenderAdvancedThreatProtection ... DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection" // DataConnectorKindMicrosoftThreatIntelligence ... DataConnectorKindMicrosoftThreatIntelligence DataConnectorKind = "MicrosoftThreatIntelligence" // DataConnectorKindMicrosoftThreatProtection ... DataConnectorKindMicrosoftThreatProtection DataConnectorKind = "MicrosoftThreatProtection" // DataConnectorKindOffice365 ... DataConnectorKindOffice365 DataConnectorKind = "Office365" // DataConnectorKindOffice365Project ... DataConnectorKindOffice365Project DataConnectorKind = "Office365Project" // DataConnectorKindOfficeATP ... DataConnectorKindOfficeATP DataConnectorKind = "OfficeATP" // DataConnectorKindOfficeIRM ... DataConnectorKindOfficeIRM DataConnectorKind = "OfficeIRM" // DataConnectorKindOfficePowerBI ... DataConnectorKindOfficePowerBI DataConnectorKind = "OfficePowerBI" // DataConnectorKindThreatIntelligence ... DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence" // DataConnectorKindThreatIntelligenceTaxii ... DataConnectorKindThreatIntelligenceTaxii DataConnectorKind = "ThreatIntelligenceTaxii" ) // PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type. func PossibleDataConnectorKindValues() []DataConnectorKind { return []DataConnectorKind{DataConnectorKindAPIPolling, DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAmazonWebServicesS3, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindDynamics365, DataConnectorKindGenericUI, DataConnectorKindIOT, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindMicrosoftThreatIntelligence, DataConnectorKindMicrosoftThreatProtection, DataConnectorKindOffice365, DataConnectorKindOffice365Project, DataConnectorKindOfficeATP, DataConnectorKindOfficeIRM, DataConnectorKindOfficePowerBI, DataConnectorKindThreatIntelligence, DataConnectorKindThreatIntelligenceTaxii} } // DataConnectorLicenseState enumerates the values for data connector license state. type DataConnectorLicenseState string const ( // DataConnectorLicenseStateInvalid ... DataConnectorLicenseStateInvalid DataConnectorLicenseState = "Invalid" // DataConnectorLicenseStateUnknown ... DataConnectorLicenseStateUnknown DataConnectorLicenseState = "Unknown" // DataConnectorLicenseStateValid ... DataConnectorLicenseStateValid DataConnectorLicenseState = "Valid" ) // PossibleDataConnectorLicenseStateValues returns an array of possible values for the DataConnectorLicenseState const type. func PossibleDataConnectorLicenseStateValues() []DataConnectorLicenseState { return []DataConnectorLicenseState{DataConnectorLicenseStateInvalid, DataConnectorLicenseStateUnknown, DataConnectorLicenseStateValid} } // DataTypeState enumerates the values for data type state. type DataTypeState string const ( // DataTypeStateDisabled ... DataTypeStateDisabled DataTypeState = "Disabled" // DataTypeStateEnabled ... DataTypeStateEnabled DataTypeState = "Enabled" ) // PossibleDataTypeStateValues returns an array of possible values for the DataTypeState const type. func PossibleDataTypeStateValues() []DataTypeState { return []DataTypeState{DataTypeStateDisabled, DataTypeStateEnabled} } // DeleteStatus enumerates the values for delete status. type DeleteStatus string const ( // DeleteStatusDeleted The file was deleted. DeleteStatusDeleted DeleteStatus = "Deleted" // DeleteStatusNotDeleted The file was not deleted. DeleteStatusNotDeleted DeleteStatus = "NotDeleted" // DeleteStatusUnspecified Unspecified DeleteStatusUnspecified DeleteStatus = "Unspecified" ) // PossibleDeleteStatusValues returns an array of possible values for the DeleteStatus const type. func PossibleDeleteStatusValues() []DeleteStatus { return []DeleteStatus{DeleteStatusDeleted, DeleteStatusNotDeleted, DeleteStatusUnspecified} } // DeliveryAction enumerates the values for delivery action. type DeliveryAction string const ( // DeliveryActionBlocked Blocked DeliveryActionBlocked DeliveryAction = "Blocked" // DeliveryActionDelivered Delivered DeliveryActionDelivered DeliveryAction = "Delivered" // DeliveryActionDeliveredAsSpam DeliveredAsSpam DeliveryActionDeliveredAsSpam DeliveryAction = "DeliveredAsSpam" // DeliveryActionReplaced Replaced DeliveryActionReplaced DeliveryAction = "Replaced" // DeliveryActionUnknown Unknown DeliveryActionUnknown DeliveryAction = "Unknown" ) // PossibleDeliveryActionValues returns an array of possible values for the DeliveryAction const type. func PossibleDeliveryActionValues() []DeliveryAction { return []DeliveryAction{DeliveryActionBlocked, DeliveryActionDelivered, DeliveryActionDeliveredAsSpam, DeliveryActionReplaced, DeliveryActionUnknown} } // DeliveryLocation enumerates the values for delivery location. type DeliveryLocation string const ( // DeliveryLocationDeletedFolder DeletedFolder DeliveryLocationDeletedFolder DeliveryLocation = "DeletedFolder" // DeliveryLocationDropped Dropped DeliveryLocationDropped DeliveryLocation = "Dropped" // DeliveryLocationExternal External DeliveryLocationExternal DeliveryLocation = "External" // DeliveryLocationFailed Failed DeliveryLocationFailed DeliveryLocation = "Failed" // DeliveryLocationForwarded Forwarded DeliveryLocationForwarded DeliveryLocation = "Forwarded" // DeliveryLocationInbox Inbox DeliveryLocationInbox DeliveryLocation = "Inbox" // DeliveryLocationJunkFolder JunkFolder DeliveryLocationJunkFolder DeliveryLocation = "JunkFolder" // DeliveryLocationQuarantine Quarantine DeliveryLocationQuarantine DeliveryLocation = "Quarantine" // DeliveryLocationUnknown Unknown DeliveryLocationUnknown DeliveryLocation = "Unknown" ) // PossibleDeliveryLocationValues returns an array of possible values for the DeliveryLocation const type. func PossibleDeliveryLocationValues() []DeliveryLocation { return []DeliveryLocation{DeliveryLocationDeletedFolder, DeliveryLocationDropped, DeliveryLocationExternal, DeliveryLocationFailed, DeliveryLocationForwarded, DeliveryLocationInbox, DeliveryLocationJunkFolder, DeliveryLocationQuarantine, DeliveryLocationUnknown} } // DeploymentFetchStatus enumerates the values for deployment fetch status. type DeploymentFetchStatus string const ( // DeploymentFetchStatusNotFound ... DeploymentFetchStatusNotFound DeploymentFetchStatus = "NotFound" // DeploymentFetchStatusSuccess ... DeploymentFetchStatusSuccess DeploymentFetchStatus = "Success" // DeploymentFetchStatusUnauthorized ... DeploymentFetchStatusUnauthorized DeploymentFetchStatus = "Unauthorized" ) // PossibleDeploymentFetchStatusValues returns an array of possible values for the DeploymentFetchStatus const type. func PossibleDeploymentFetchStatusValues() []DeploymentFetchStatus { return []DeploymentFetchStatus{DeploymentFetchStatusNotFound, DeploymentFetchStatusSuccess, DeploymentFetchStatusUnauthorized} } // DeploymentResult enumerates the values for deployment result. type DeploymentResult string const ( // DeploymentResultCanceled ... DeploymentResultCanceled DeploymentResult = "Canceled" // DeploymentResultFailed ... DeploymentResultFailed DeploymentResult = "Failed" // DeploymentResultSuccess ... DeploymentResultSuccess DeploymentResult = "Success" ) // PossibleDeploymentResultValues returns an array of possible values for the DeploymentResult const type. func PossibleDeploymentResultValues() []DeploymentResult { return []DeploymentResult{DeploymentResultCanceled, DeploymentResultFailed, DeploymentResultSuccess} } // DeploymentState enumerates the values for deployment state. type DeploymentState string const ( // DeploymentStateCanceling ... DeploymentStateCanceling DeploymentState = "Canceling" // DeploymentStateCompleted ... DeploymentStateCompleted DeploymentState = "Completed" // DeploymentStateInProgress ... DeploymentStateInProgress DeploymentState = "In_Progress" // DeploymentStateQueued ... DeploymentStateQueued DeploymentState = "Queued" ) // PossibleDeploymentStateValues returns an array of possible values for the DeploymentState const type. func PossibleDeploymentStateValues() []DeploymentState { return []DeploymentState{DeploymentStateCanceling, DeploymentStateCompleted, DeploymentStateInProgress, DeploymentStateQueued} } // DeviceImportance enumerates the values for device importance. type DeviceImportance string const ( // DeviceImportanceHigh High DeviceImportanceHigh DeviceImportance = "High" // DeviceImportanceLow Low DeviceImportanceLow DeviceImportance = "Low" // DeviceImportanceNormal Normal DeviceImportanceNormal DeviceImportance = "Normal" // DeviceImportanceUnknown Unknown - Default value DeviceImportanceUnknown DeviceImportance = "Unknown" ) // PossibleDeviceImportanceValues returns an array of possible values for the DeviceImportance const type. func PossibleDeviceImportanceValues() []DeviceImportance { return []DeviceImportance{DeviceImportanceHigh, DeviceImportanceLow, DeviceImportanceNormal, DeviceImportanceUnknown} } // ElevationToken enumerates the values for elevation token. type ElevationToken string const ( // ElevationTokenDefault Default elevation token ElevationTokenDefault ElevationToken = "Default" // ElevationTokenFull Full elevation token ElevationTokenFull ElevationToken = "Full" // ElevationTokenLimited Limited elevation token ElevationTokenLimited ElevationToken = "Limited" ) // PossibleElevationTokenValues returns an array of possible values for the ElevationToken const type. func PossibleElevationTokenValues() []ElevationToken { return []ElevationToken{ElevationTokenDefault, ElevationTokenFull, ElevationTokenLimited} } // EntityKind enumerates the values for entity kind. type EntityKind string const ( // EntityKindAccount Entity represents account in the system. EntityKindAccount EntityKind = "Account" // EntityKindAzureResource Entity represents azure resource in the system. EntityKindAzureResource EntityKind = "AzureResource" // EntityKindBookmark Entity represents bookmark in the system. EntityKindBookmark EntityKind = "Bookmark" // EntityKindCloudApplication Entity represents cloud application in the system. EntityKindCloudApplication EntityKind = "CloudApplication" // EntityKindDNSResolution Entity represents dns resolution in the system. EntityKindDNSResolution EntityKind = "DnsResolution" // EntityKindFile Entity represents file in the system. EntityKindFile EntityKind = "File" // EntityKindFileHash Entity represents file hash in the system. EntityKindFileHash EntityKind = "FileHash" // EntityKindHost Entity represents host in the system. EntityKindHost EntityKind = "Host" // EntityKindIP Entity represents ip in the system. EntityKindIP EntityKind = "Ip" // EntityKindIoTDevice Entity represents IoT device in the system. EntityKindIoTDevice EntityKind = "IoTDevice" // EntityKindMailCluster Entity represents mail cluster in the system. EntityKindMailCluster EntityKind = "MailCluster" // EntityKindMailMessage Entity represents mail message in the system. EntityKindMailMessage EntityKind = "MailMessage" // EntityKindMailbox Entity represents mailbox in the system. EntityKindMailbox EntityKind = "Mailbox" // EntityKindMalware Entity represents malware in the system. EntityKindMalware EntityKind = "Malware" // EntityKindNic Entity represents network interface in the system. EntityKindNic EntityKind = "Nic" // EntityKindProcess Entity represents process in the system. EntityKindProcess EntityKind = "Process" // EntityKindRegistryKey Entity represents registry key in the system. EntityKindRegistryKey EntityKind = "RegistryKey" // EntityKindRegistryValue Entity represents registry value in the system. EntityKindRegistryValue EntityKind = "RegistryValue" // EntityKindSecurityAlert Entity represents security alert in the system. EntityKindSecurityAlert EntityKind = "SecurityAlert" // EntityKindSecurityGroup Entity represents security group in the system. EntityKindSecurityGroup EntityKind = "SecurityGroup" // EntityKindSubmissionMail Entity represents submission mail in the system. EntityKindSubmissionMail EntityKind = "SubmissionMail" // EntityKindURL Entity represents url in the system. EntityKindURL EntityKind = "Url" ) // PossibleEntityKindValues returns an array of possible values for the EntityKind const type. func PossibleEntityKindValues() []EntityKind { return []EntityKind{EntityKindAccount, EntityKindAzureResource, EntityKindBookmark, EntityKindCloudApplication, EntityKindDNSResolution, EntityKindFile, EntityKindFileHash, EntityKindHost, EntityKindIP, EntityKindIoTDevice, EntityKindMailCluster, EntityKindMailMessage, EntityKindMailbox, EntityKindMalware, EntityKindNic, EntityKindProcess, EntityKindRegistryKey, EntityKindRegistryValue, EntityKindSecurityAlert, EntityKindSecurityGroup, EntityKindSubmissionMail, EntityKindURL} } // EntityMappingType enumerates the values for entity mapping type. type EntityMappingType string const ( // EntityMappingTypeAccount User account entity type EntityMappingTypeAccount EntityMappingType = "Account" // EntityMappingTypeAzureResource Azure resource entity type EntityMappingTypeAzureResource EntityMappingType = "AzureResource" // EntityMappingTypeCloudApplication Cloud app entity type EntityMappingTypeCloudApplication EntityMappingType = "CloudApplication" // EntityMappingTypeDNS DNS entity type EntityMappingTypeDNS EntityMappingType = "DNS" // EntityMappingTypeFile System file entity type EntityMappingTypeFile EntityMappingType = "File" // EntityMappingTypeFileHash File-hash entity type EntityMappingTypeFileHash EntityMappingType = "FileHash" // EntityMappingTypeHost Host entity type EntityMappingTypeHost EntityMappingType = "Host" // EntityMappingTypeIP IP address entity type EntityMappingTypeIP EntityMappingType = "IP" // EntityMappingTypeMailCluster Mail cluster entity type EntityMappingTypeMailCluster EntityMappingType = "MailCluster" // EntityMappingTypeMailMessage Mail message entity type EntityMappingTypeMailMessage EntityMappingType = "MailMessage" // EntityMappingTypeMailbox Mailbox entity type EntityMappingTypeMailbox EntityMappingType = "Mailbox" // EntityMappingTypeMalware Malware entity type EntityMappingTypeMalware EntityMappingType = "Malware" // EntityMappingTypeProcess Process entity type EntityMappingTypeProcess EntityMappingType = "Process" // EntityMappingTypeRegistryKey Registry key entity type EntityMappingTypeRegistryKey EntityMappingType = "RegistryKey" // EntityMappingTypeRegistryValue Registry value entity type EntityMappingTypeRegistryValue EntityMappingType = "RegistryValue" // EntityMappingTypeSecurityGroup Security group entity type EntityMappingTypeSecurityGroup EntityMappingType = "SecurityGroup" // EntityMappingTypeSubmissionMail Submission mail entity type EntityMappingTypeSubmissionMail EntityMappingType = "SubmissionMail" // EntityMappingTypeURL URL entity type EntityMappingTypeURL EntityMappingType = "URL" ) // PossibleEntityMappingTypeValues returns an array of possible values for the EntityMappingType const type. func PossibleEntityMappingTypeValues() []EntityMappingType { return []EntityMappingType{EntityMappingTypeAccount, EntityMappingTypeAzureResource, EntityMappingTypeCloudApplication, EntityMappingTypeDNS, EntityMappingTypeFile, EntityMappingTypeFileHash, EntityMappingTypeHost, EntityMappingTypeIP, EntityMappingTypeMailCluster, EntityMappingTypeMailMessage, EntityMappingTypeMailbox, EntityMappingTypeMalware, EntityMappingTypeProcess, EntityMappingTypeRegistryKey, EntityMappingTypeRegistryValue, EntityMappingTypeSecurityGroup, EntityMappingTypeSubmissionMail, EntityMappingTypeURL} } // EntityProviders enumerates the values for entity providers. type EntityProviders string const ( // EntityProvidersActiveDirectory ... EntityProvidersActiveDirectory EntityProviders = "ActiveDirectory" // EntityProvidersAzureActiveDirectory ... EntityProvidersAzureActiveDirectory EntityProviders = "AzureActiveDirectory" ) // PossibleEntityProvidersValues returns an array of possible values for the EntityProviders const type. func PossibleEntityProvidersValues() []EntityProviders { return []EntityProviders{EntityProvidersActiveDirectory, EntityProvidersAzureActiveDirectory} } // EntityQueryKind enumerates the values for entity query kind. type EntityQueryKind string const ( // EntityQueryKindActivity ... EntityQueryKindActivity EntityQueryKind = "Activity" // EntityQueryKindExpansion ... EntityQueryKindExpansion EntityQueryKind = "Expansion" // EntityQueryKindInsight ... EntityQueryKindInsight EntityQueryKind = "Insight" ) // PossibleEntityQueryKindValues returns an array of possible values for the EntityQueryKind const type. func PossibleEntityQueryKindValues() []EntityQueryKind { return []EntityQueryKind{EntityQueryKindActivity, EntityQueryKindExpansion, EntityQueryKindInsight} } // EntityQueryTemplateKind enumerates the values for entity query template kind. type EntityQueryTemplateKind string const ( // EntityQueryTemplateKindActivity ... EntityQueryTemplateKindActivity EntityQueryTemplateKind = "Activity" ) // PossibleEntityQueryTemplateKindValues returns an array of possible values for the EntityQueryTemplateKind const type. func PossibleEntityQueryTemplateKindValues() []EntityQueryTemplateKind { return []EntityQueryTemplateKind{EntityQueryTemplateKindActivity} } // EntityTimelineKind enumerates the values for entity timeline kind. type EntityTimelineKind string const ( // EntityTimelineKindActivity activity EntityTimelineKindActivity EntityTimelineKind = "Activity" // EntityTimelineKindAnomaly anomaly EntityTimelineKindAnomaly EntityTimelineKind = "Anomaly" // EntityTimelineKindBookmark bookmarks EntityTimelineKindBookmark EntityTimelineKind = "Bookmark" // EntityTimelineKindSecurityAlert security alerts EntityTimelineKindSecurityAlert EntityTimelineKind = "SecurityAlert" ) // PossibleEntityTimelineKindValues returns an array of possible values for the EntityTimelineKind const type. func PossibleEntityTimelineKindValues() []EntityTimelineKind { return []EntityTimelineKind{EntityTimelineKindActivity, EntityTimelineKindAnomaly, EntityTimelineKindBookmark, EntityTimelineKindSecurityAlert} } // EntityType enumerates the values for entity type. type EntityType string const ( // EntityTypeAccount Entity represents account in the system. EntityTypeAccount EntityType = "Account" // EntityTypeAzureResource Entity represents azure resource in the system. EntityTypeAzureResource EntityType = "AzureResource" // EntityTypeCloudApplication Entity represents cloud application in the system. EntityTypeCloudApplication EntityType = "CloudApplication" // EntityTypeDNS Entity represents dns in the system. EntityTypeDNS EntityType = "DNS" // EntityTypeFile Entity represents file in the system. EntityTypeFile EntityType = "File" // EntityTypeFileHash Entity represents file hash in the system. EntityTypeFileHash EntityType = "FileHash" // EntityTypeHost Entity represents host in the system. EntityTypeHost EntityType = "Host" // EntityTypeHuntingBookmark Entity represents HuntingBookmark in the system. EntityTypeHuntingBookmark EntityType = "HuntingBookmark" // EntityTypeIP Entity represents ip in the system. EntityTypeIP EntityType = "IP" // EntityTypeIoTDevice Entity represents IoT device in the system. EntityTypeIoTDevice EntityType = "IoTDevice" // EntityTypeMailCluster Entity represents mail cluster in the system. EntityTypeMailCluster EntityType = "MailCluster" // EntityTypeMailMessage Entity represents mail message in the system. EntityTypeMailMessage EntityType = "MailMessage" // EntityTypeMailbox Entity represents mailbox in the system. EntityTypeMailbox EntityType = "Mailbox" // EntityTypeMalware Entity represents malware in the system. EntityTypeMalware EntityType = "Malware" // EntityTypeNic Entity represents network interface in the system. EntityTypeNic EntityType = "Nic" // EntityTypeProcess Entity represents process in the system. EntityTypeProcess EntityType = "Process" // EntityTypeRegistryKey Entity represents registry key in the system. EntityTypeRegistryKey EntityType = "RegistryKey" // EntityTypeRegistryValue Entity represents registry value in the system. EntityTypeRegistryValue EntityType = "RegistryValue" // EntityTypeSecurityAlert Entity represents security alert in the system. EntityTypeSecurityAlert EntityType = "SecurityAlert" // EntityTypeSecurityGroup Entity represents security group in the system. EntityTypeSecurityGroup EntityType = "SecurityGroup" // EntityTypeSubmissionMail Entity represents submission mail in the system. EntityTypeSubmissionMail EntityType = "SubmissionMail" // EntityTypeURL Entity represents url in the system. EntityTypeURL EntityType = "URL" ) // PossibleEntityTypeValues returns an array of possible values for the EntityType const type. func PossibleEntityTypeValues() []EntityType { return []EntityType{EntityTypeAccount, EntityTypeAzureResource, EntityTypeCloudApplication, EntityTypeDNS, EntityTypeFile, EntityTypeFileHash, EntityTypeHost, EntityTypeHuntingBookmark, EntityTypeIP, EntityTypeIoTDevice, EntityTypeMailCluster, EntityTypeMailMessage, EntityTypeMailbox, EntityTypeMalware, EntityTypeNic, EntityTypeProcess, EntityTypeRegistryKey, EntityTypeRegistryValue, EntityTypeSecurityAlert, EntityTypeSecurityGroup, EntityTypeSubmissionMail, EntityTypeURL} } // EventGroupingAggregationKind enumerates the values for event grouping aggregation kind. type EventGroupingAggregationKind string const ( // EventGroupingAggregationKindAlertPerResult ... EventGroupingAggregationKindAlertPerResult EventGroupingAggregationKind = "AlertPerResult" // EventGroupingAggregationKindSingleAlert ... EventGroupingAggregationKindSingleAlert EventGroupingAggregationKind = "SingleAlert" ) // PossibleEventGroupingAggregationKindValues returns an array of possible values for the EventGroupingAggregationKind const type. func PossibleEventGroupingAggregationKindValues() []EventGroupingAggregationKind { return []EventGroupingAggregationKind{EventGroupingAggregationKindAlertPerResult, EventGroupingAggregationKindSingleAlert} } // FileFormat enumerates the values for file format. type FileFormat string const ( // FileFormatCSV A CSV file. FileFormatCSV FileFormat = "CSV" // FileFormatJSON A JSON file. FileFormatJSON FileFormat = "JSON" // FileFormatUnspecified A file of other format. FileFormatUnspecified FileFormat = "Unspecified" ) // PossibleFileFormatValues returns an array of possible values for the FileFormat const type. func PossibleFileFormatValues() []FileFormat { return []FileFormat{FileFormatCSV, FileFormatJSON, FileFormatUnspecified} } // FileHashAlgorithm enumerates the values for file hash algorithm. type FileHashAlgorithm string const ( // FileHashAlgorithmMD5 MD5 hash type FileHashAlgorithmMD5 FileHashAlgorithm = "MD5" // FileHashAlgorithmSHA1 SHA1 hash type FileHashAlgorithmSHA1 FileHashAlgorithm = "SHA1" // FileHashAlgorithmSHA256 SHA256 hash type FileHashAlgorithmSHA256 FileHashAlgorithm = "SHA256" // FileHashAlgorithmSHA256AC SHA256 Authenticode hash type FileHashAlgorithmSHA256AC FileHashAlgorithm = "SHA256AC" // FileHashAlgorithmUnknown Unknown hash algorithm FileHashAlgorithmUnknown FileHashAlgorithm = "Unknown" ) // PossibleFileHashAlgorithmValues returns an array of possible values for the FileHashAlgorithm const type. func PossibleFileHashAlgorithmValues() []FileHashAlgorithm { return []FileHashAlgorithm{FileHashAlgorithmMD5, FileHashAlgorithmSHA1, FileHashAlgorithmSHA256, FileHashAlgorithmSHA256AC, FileHashAlgorithmUnknown} } // FileImportContentType enumerates the values for file import content type. type FileImportContentType string const ( // FileImportContentTypeBasicIndicator File containing records with the core fields of an indicator, plus // the observables to construct the STIX pattern. FileImportContentTypeBasicIndicator FileImportContentType = "BasicIndicator" // FileImportContentTypeStixIndicator File containing STIX indicators. FileImportContentTypeStixIndicator FileImportContentType = "StixIndicator" // FileImportContentTypeUnspecified File containing other records. FileImportContentTypeUnspecified FileImportContentType = "Unspecified" ) // PossibleFileImportContentTypeValues returns an array of possible values for the FileImportContentType const type. func PossibleFileImportContentTypeValues() []FileImportContentType { return []FileImportContentType{FileImportContentTypeBasicIndicator, FileImportContentTypeStixIndicator, FileImportContentTypeUnspecified} } // FileImportState enumerates the values for file import state. type FileImportState string const ( // FileImportStateFatalError A fatal error has occurred while ingesting the file. FileImportStateFatalError FileImportState = "FatalError" // FileImportStateInProgress The file ingestion is in progress. FileImportStateInProgress FileImportState = "InProgress" // FileImportStateIngested The file has been ingested. FileImportStateIngested FileImportState = "Ingested" // FileImportStateIngestedWithErrors The file has been ingested with errors. FileImportStateIngestedWithErrors FileImportState = "IngestedWithErrors" // FileImportStateInvalid The file is invalid. FileImportStateInvalid FileImportState = "Invalid" // FileImportStateUnspecified Unspecified state. FileImportStateUnspecified FileImportState = "Unspecified" // FileImportStateWaitingForUpload Waiting for the file to be uploaded. FileImportStateWaitingForUpload FileImportState = "WaitingForUpload" ) // PossibleFileImportStateValues returns an array of possible values for the FileImportState const type. func PossibleFileImportStateValues() []FileImportState { return []FileImportState{FileImportStateFatalError, FileImportStateInProgress, FileImportStateIngested, FileImportStateIngestedWithErrors, FileImportStateInvalid, FileImportStateUnspecified, FileImportStateWaitingForUpload} } // IncidentClassification enumerates the values for incident classification. type IncidentClassification string const ( // IncidentClassificationBenignPositive Incident was benign positive IncidentClassificationBenignPositive IncidentClassification = "BenignPositive" // IncidentClassificationFalsePositive Incident was false positive IncidentClassificationFalsePositive IncidentClassification = "FalsePositive" // IncidentClassificationTruePositive Incident was true positive IncidentClassificationTruePositive IncidentClassification = "TruePositive" // IncidentClassificationUndetermined Incident classification was undetermined IncidentClassificationUndetermined IncidentClassification = "Undetermined" ) // PossibleIncidentClassificationValues returns an array of possible values for the IncidentClassification const type. func PossibleIncidentClassificationValues() []IncidentClassification { return []IncidentClassification{IncidentClassificationBenignPositive, IncidentClassificationFalsePositive, IncidentClassificationTruePositive, IncidentClassificationUndetermined} } // IncidentClassificationReason enumerates the values for incident classification reason. type IncidentClassificationReason string const ( // IncidentClassificationReasonInaccurateData Classification reason was inaccurate data IncidentClassificationReasonInaccurateData IncidentClassificationReason = "InaccurateData" // IncidentClassificationReasonIncorrectAlertLogic Classification reason was incorrect alert logic IncidentClassificationReasonIncorrectAlertLogic IncidentClassificationReason = "IncorrectAlertLogic" // IncidentClassificationReasonSuspiciousActivity Classification reason was suspicious activity IncidentClassificationReasonSuspiciousActivity IncidentClassificationReason = "SuspiciousActivity" // IncidentClassificationReasonSuspiciousButExpected Classification reason was suspicious but expected IncidentClassificationReasonSuspiciousButExpected IncidentClassificationReason = "SuspiciousButExpected" ) // PossibleIncidentClassificationReasonValues returns an array of possible values for the IncidentClassificationReason const type. func PossibleIncidentClassificationReasonValues() []IncidentClassificationReason { return []IncidentClassificationReason{IncidentClassificationReasonInaccurateData, IncidentClassificationReasonIncorrectAlertLogic, IncidentClassificationReasonSuspiciousActivity, IncidentClassificationReasonSuspiciousButExpected} } // IncidentLabelType enumerates the values for incident label type. type IncidentLabelType string const ( // IncidentLabelTypeAutoAssigned Label automatically created by the system IncidentLabelTypeAutoAssigned IncidentLabelType = "AutoAssigned" // IncidentLabelTypeUser Label manually created by a user IncidentLabelTypeUser IncidentLabelType = "User" ) // PossibleIncidentLabelTypeValues returns an array of possible values for the IncidentLabelType const type. func PossibleIncidentLabelTypeValues() []IncidentLabelType { return []IncidentLabelType{IncidentLabelTypeAutoAssigned, IncidentLabelTypeUser} } // IncidentSeverity enumerates the values for incident severity. type IncidentSeverity string const ( // IncidentSeverityHigh High severity IncidentSeverityHigh IncidentSeverity = "High" // IncidentSeverityInformational Informational severity IncidentSeverityInformational IncidentSeverity = "Informational" // IncidentSeverityLow Low severity IncidentSeverityLow IncidentSeverity = "Low" // IncidentSeverityMedium Medium severity IncidentSeverityMedium IncidentSeverity = "Medium" ) // PossibleIncidentSeverityValues returns an array of possible values for the IncidentSeverity const type. func PossibleIncidentSeverityValues() []IncidentSeverity { return []IncidentSeverity{IncidentSeverityHigh, IncidentSeverityInformational, IncidentSeverityLow, IncidentSeverityMedium} } // IncidentStatus enumerates the values for incident status. type IncidentStatus string const ( // IncidentStatusActive An active incident which is being handled IncidentStatusActive IncidentStatus = "Active" // IncidentStatusClosed A non-active incident IncidentStatusClosed IncidentStatus = "Closed" // IncidentStatusNew An active incident which isn't being handled currently IncidentStatusNew IncidentStatus = "New" ) // PossibleIncidentStatusValues returns an array of possible values for the IncidentStatus const type. func PossibleIncidentStatusValues() []IncidentStatus { return []IncidentStatus{IncidentStatusActive, IncidentStatusClosed, IncidentStatusNew} } // IngestionMode enumerates the values for ingestion mode. type IngestionMode string const ( // IngestionModeIngestAnyValidRecords Valid records should still be ingested when invalid records are // detected. IngestionModeIngestAnyValidRecords IngestionMode = "IngestAnyValidRecords" // IngestionModeIngestOnlyIfAllAreValid No records should be ingested when invalid records are detected. IngestionModeIngestOnlyIfAllAreValid IngestionMode = "IngestOnlyIfAllAreValid" // IngestionModeUnspecified Unspecified IngestionModeUnspecified IngestionMode = "Unspecified" ) // PossibleIngestionModeValues returns an array of possible values for the IngestionMode const type. func PossibleIngestionModeValues() []IngestionMode { return []IngestionMode{IngestionModeIngestAnyValidRecords, IngestionModeIngestOnlyIfAllAreValid, IngestionModeUnspecified} } // KillChainIntent enumerates the values for kill chain intent. type KillChainIntent string const ( // KillChainIntentCollection Collection consists of techniques used to identify and gather information, // such as sensitive files, from a target network prior to exfiltration. This category also covers // locations on a system or network where the adversary may look for information to exfiltrate. KillChainIntentCollection KillChainIntent = "Collection" // KillChainIntentCommandAndControl The command and control tactic represents how adversaries communicate // with systems under their control within a target network. KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl" // KillChainIntentCredentialAccess Credential access represents techniques resulting in access to or // control over system, domain, or service credentials that are used within an enterprise environment. // Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts // (local system administrator or domain users with administrator access) to use within the network. With // sufficient access within a network, an adversary can create accounts for later use within the // environment. KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess" // KillChainIntentDefenseEvasion Defense evasion consists of techniques an adversary may use to evade // detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques // in other categories that have the added benefit of subverting a particular defense or mitigation. KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion" // KillChainIntentDiscovery Discovery consists of techniques that allow the adversary to gain knowledge // about the system and internal network. When adversaries gain access to a new system, they must orient // themselves to what they now have control of and what benefits operating from that system give to their // current objective or overall goals during the intrusion. The operating system provides many native tools // that aid in this post-compromise information-gathering phase. KillChainIntentDiscovery KillChainIntent = "Discovery" // KillChainIntentExecution The execution tactic represents techniques that result in execution of // adversary-controlled code on a local or remote system. This tactic is often used in conjunction with // lateral movement to expand access to remote systems on a network. KillChainIntentExecution KillChainIntent = "Execution" // KillChainIntentExfiltration Exfiltration refers to techniques and attributes that result or aid in the // adversary removing files and information from a target network. This category also covers locations on a // system or network where the adversary may look for information to exfiltrate. KillChainIntentExfiltration KillChainIntent = "Exfiltration" // KillChainIntentExploitation Exploitation is the stage where an attacker manage to get foothold on the // attacked resource. This stage is applicable not only for compute hosts, but also for resources such as // user accounts, certificates etc. Adversaries will often be able to control the resource after this // stage. KillChainIntentExploitation KillChainIntent = "Exploitation" // KillChainIntentImpact The impact intent primary objective is to directly reduce the availability or // integrity of a system, service, or network; including manipulation of data to impact a business or // operational process. This would often refer to techniques such as ransom-ware, defacement, data // manipulation and others. KillChainIntentImpact KillChainIntent = "Impact" // KillChainIntentLateralMovement Lateral movement consists of techniques that enable an adversary to // access and control remote systems on a network and could, but does not necessarily, include execution of // tools on remote systems. The lateral movement techniques could allow an adversary to gather information // from a system without needing additional tools, such as a remote access tool. An adversary can use // lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, // access to specific information or files, access to additional credentials, or to cause an effect. KillChainIntentLateralMovement KillChainIntent = "LateralMovement" // KillChainIntentPersistence Persistence is any access, action, or configuration change to a system that // gives an adversary a persistent presence on that system. Adversaries will often need to maintain access // to systems through interruptions such as system restarts, loss of credentials, or other failures that // would require a remote access tool to restart or alternate backdoor for them to regain access. KillChainIntentPersistence KillChainIntent = "Persistence" // KillChainIntentPrivilegeEscalation Privilege escalation is the result of actions that allow an adversary // to obtain a higher level of permissions on a system or network. Certain tools or actions require a // higher level of privilege to work and are likely necessary at many points throughout an operation. User // accounts with permissions to access specific systems or perform specific functions necessary for // adversaries to achieve their objective may also be considered an escalation of privilege. KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation" // KillChainIntentProbing Probing could be an attempt to access a certain resource regardless of a // malicious intent or a failed attempt to gain access to a target system to gather information prior to // exploitation. This step is usually detected as an attempt originating from outside the network in // attempt to scan the target system and find a way in. KillChainIntentProbing KillChainIntent = "Probing" // KillChainIntentUnknown The default value. KillChainIntentUnknown KillChainIntent = "Unknown" ) // PossibleKillChainIntentValues returns an array of possible values for the KillChainIntent const type. func PossibleKillChainIntentValues() []KillChainIntent { return []KillChainIntent{KillChainIntentCollection, KillChainIntentCommandAndControl, KillChainIntentCredentialAccess, KillChainIntentDefenseEvasion, KillChainIntentDiscovery, KillChainIntentExecution, KillChainIntentExfiltration, KillChainIntentExploitation, KillChainIntentImpact, KillChainIntentLateralMovement, KillChainIntentPersistence, KillChainIntentPrivilegeEscalation, KillChainIntentProbing, KillChainIntentUnknown} } // Kind enumerates the values for kind. type Kind string const ( // KindAnalyticsRule ... KindAnalyticsRule Kind = "AnalyticsRule" // KindAnalyticsRuleTemplate ... KindAnalyticsRuleTemplate Kind = "AnalyticsRuleTemplate" // KindAutomationRule ... KindAutomationRule Kind = "AutomationRule" // KindAzureFunction ... KindAzureFunction Kind = "AzureFunction" // KindDataConnector ... KindDataConnector Kind = "DataConnector" // KindDataType ... KindDataType Kind = "DataType" // KindHuntingQuery ... KindHuntingQuery Kind = "HuntingQuery" // KindInvestigationQuery ... KindInvestigationQuery Kind = "InvestigationQuery" // KindLogicAppsCustomConnector ... KindLogicAppsCustomConnector Kind = "LogicAppsCustomConnector" // KindParser ... KindParser Kind = "Parser" // KindPlaybook ... KindPlaybook Kind = "Playbook" // KindPlaybookTemplate ... KindPlaybookTemplate Kind = "PlaybookTemplate" // KindSolution ... KindSolution Kind = "Solution" // KindWatchlist ... KindWatchlist Kind = "Watchlist" // KindWatchlistTemplate ... KindWatchlistTemplate Kind = "WatchlistTemplate" // KindWorkbook ... KindWorkbook Kind = "Workbook" // KindWorkbookTemplate ... KindWorkbookTemplate Kind = "WorkbookTemplate" ) // PossibleKindValues returns an array of possible values for the Kind const type. func PossibleKindValues() []Kind { return []Kind{KindAnalyticsRule, KindAnalyticsRuleTemplate, KindAutomationRule, KindAzureFunction, KindDataConnector, KindDataType, KindHuntingQuery, KindInvestigationQuery, KindLogicAppsCustomConnector, KindParser, KindPlaybook, KindPlaybookTemplate, KindSolution, KindWatchlist, KindWatchlistTemplate, KindWorkbook, KindWorkbookTemplate} } // KindBasicAlertRule enumerates the values for kind basic alert rule. type KindBasicAlertRule string const ( // KindBasicAlertRuleKindAlertRule ... KindBasicAlertRuleKindAlertRule KindBasicAlertRule = "AlertRule" // KindBasicAlertRuleKindFusion ... KindBasicAlertRuleKindFusion KindBasicAlertRule = "Fusion" // KindBasicAlertRuleKindMLBehaviorAnalytics ... KindBasicAlertRuleKindMLBehaviorAnalytics KindBasicAlertRule = "MLBehaviorAnalytics" // KindBasicAlertRuleKindMicrosoftSecurityIncidentCreation ... KindBasicAlertRuleKindMicrosoftSecurityIncidentCreation KindBasicAlertRule = "MicrosoftSecurityIncidentCreation" // KindBasicAlertRuleKindNRT ... KindBasicAlertRuleKindNRT KindBasicAlertRule = "NRT" // KindBasicAlertRuleKindScheduled ... KindBasicAlertRuleKindScheduled KindBasicAlertRule = "Scheduled" // KindBasicAlertRuleKindThreatIntelligence ... KindBasicAlertRuleKindThreatIntelligence KindBasicAlertRule = "ThreatIntelligence" ) // PossibleKindBasicAlertRuleValues returns an array of possible values for the KindBasicAlertRule const type. func PossibleKindBasicAlertRuleValues() []KindBasicAlertRule { return []KindBasicAlertRule{KindBasicAlertRuleKindAlertRule, KindBasicAlertRuleKindFusion, KindBasicAlertRuleKindMLBehaviorAnalytics, KindBasicAlertRuleKindMicrosoftSecurityIncidentCreation, KindBasicAlertRuleKindNRT, KindBasicAlertRuleKindScheduled, KindBasicAlertRuleKindThreatIntelligence} } // KindBasicAlertRuleTemplate enumerates the values for kind basic alert rule template. type KindBasicAlertRuleTemplate string const ( // KindBasicAlertRuleTemplateKindAlertRuleTemplate ... KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = "AlertRuleTemplate" // KindBasicAlertRuleTemplateKindFusion ... KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = "Fusion" // KindBasicAlertRuleTemplateKindMLBehaviorAnalytics ... KindBasicAlertRuleTemplateKindMLBehaviorAnalytics KindBasicAlertRuleTemplate = "MLBehaviorAnalytics" // KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation ... KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation KindBasicAlertRuleTemplate = "MicrosoftSecurityIncidentCreation" // KindBasicAlertRuleTemplateKindNRT ... KindBasicAlertRuleTemplateKindNRT KindBasicAlertRuleTemplate = "NRT" // KindBasicAlertRuleTemplateKindScheduled ... KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = "Scheduled" // KindBasicAlertRuleTemplateKindThreatIntelligence ... KindBasicAlertRuleTemplateKindThreatIntelligence KindBasicAlertRuleTemplate = "ThreatIntelligence" ) // PossibleKindBasicAlertRuleTemplateValues returns an array of possible values for the KindBasicAlertRuleTemplate const type. func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate { return []KindBasicAlertRuleTemplate{KindBasicAlertRuleTemplateKindAlertRuleTemplate, KindBasicAlertRuleTemplateKindFusion, KindBasicAlertRuleTemplateKindMLBehaviorAnalytics, KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation, KindBasicAlertRuleTemplateKindNRT, KindBasicAlertRuleTemplateKindScheduled, KindBasicAlertRuleTemplateKindThreatIntelligence} } // KindBasicCustomEntityQuery enumerates the values for kind basic custom entity query. type KindBasicCustomEntityQuery string const ( // KindBasicCustomEntityQueryKindActivity ... KindBasicCustomEntityQueryKindActivity KindBasicCustomEntityQuery = "Activity" // KindBasicCustomEntityQueryKindCustomEntityQuery ... KindBasicCustomEntityQueryKindCustomEntityQuery KindBasicCustomEntityQuery = "CustomEntityQuery" ) // PossibleKindBasicCustomEntityQueryValues returns an array of possible values for the KindBasicCustomEntityQuery const type. func PossibleKindBasicCustomEntityQueryValues() []KindBasicCustomEntityQuery { return []KindBasicCustomEntityQuery{KindBasicCustomEntityQueryKindActivity, KindBasicCustomEntityQueryKindCustomEntityQuery} } // KindBasicDataConnector enumerates the values for kind basic data connector. type KindBasicDataConnector string const ( // KindBasicDataConnectorKindAPIPolling ... KindBasicDataConnectorKindAPIPolling KindBasicDataConnector = "APIPolling" // KindBasicDataConnectorKindAmazonWebServicesCloudTrail ... KindBasicDataConnectorKindAmazonWebServicesCloudTrail KindBasicDataConnector = "AmazonWebServicesCloudTrail" // KindBasicDataConnectorKindAmazonWebServicesS3 ... KindBasicDataConnectorKindAmazonWebServicesS3 KindBasicDataConnector = "AmazonWebServicesS3" // KindBasicDataConnectorKindAzureActiveDirectory ... KindBasicDataConnectorKindAzureActiveDirectory KindBasicDataConnector = "AzureActiveDirectory" // KindBasicDataConnectorKindAzureAdvancedThreatProtection ... KindBasicDataConnectorKindAzureAdvancedThreatProtection KindBasicDataConnector = "AzureAdvancedThreatProtection" // KindBasicDataConnectorKindAzureSecurityCenter ... KindBasicDataConnectorKindAzureSecurityCenter KindBasicDataConnector = "AzureSecurityCenter" // KindBasicDataConnectorKindDataConnector ... KindBasicDataConnectorKindDataConnector KindBasicDataConnector = "DataConnector" // KindBasicDataConnectorKindDynamics365 ... KindBasicDataConnectorKindDynamics365 KindBasicDataConnector = "Dynamics365" // KindBasicDataConnectorKindGenericUI ... KindBasicDataConnectorKindGenericUI KindBasicDataConnector = "GenericUI" // KindBasicDataConnectorKindIOT ... KindBasicDataConnectorKindIOT KindBasicDataConnector = "IOT" // KindBasicDataConnectorKindMicrosoftCloudAppSecurity ... KindBasicDataConnectorKindMicrosoftCloudAppSecurity KindBasicDataConnector = "MicrosoftCloudAppSecurity" // KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection ... KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = "MicrosoftDefenderAdvancedThreatProtection" // KindBasicDataConnectorKindMicrosoftThreatIntelligence ... KindBasicDataConnectorKindMicrosoftThreatIntelligence KindBasicDataConnector = "MicrosoftThreatIntelligence" // KindBasicDataConnectorKindMicrosoftThreatProtection ... KindBasicDataConnectorKindMicrosoftThreatProtection KindBasicDataConnector = "MicrosoftThreatProtection" // KindBasicDataConnectorKindOffice365 ... KindBasicDataConnectorKindOffice365 KindBasicDataConnector = "Office365" // KindBasicDataConnectorKindOffice365Project ... KindBasicDataConnectorKindOffice365Project KindBasicDataConnector = "Office365Project" // KindBasicDataConnectorKindOfficeATP ... KindBasicDataConnectorKindOfficeATP KindBasicDataConnector = "OfficeATP" // KindBasicDataConnectorKindOfficeIRM ... KindBasicDataConnectorKindOfficeIRM KindBasicDataConnector = "OfficeIRM" // KindBasicDataConnectorKindOfficePowerBI ... KindBasicDataConnectorKindOfficePowerBI KindBasicDataConnector = "OfficePowerBI" // KindBasicDataConnectorKindThreatIntelligence ... KindBasicDataConnectorKindThreatIntelligence KindBasicDataConnector = "ThreatIntelligence" // KindBasicDataConnectorKindThreatIntelligenceTaxii ... KindBasicDataConnectorKindThreatIntelligenceTaxii KindBasicDataConnector = "ThreatIntelligenceTaxii" ) // PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type. func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector { return []KindBasicDataConnector{KindBasicDataConnectorKindAPIPolling, KindBasicDataConnectorKindAmazonWebServicesCloudTrail, KindBasicDataConnectorKindAmazonWebServicesS3, KindBasicDataConnectorKindAzureActiveDirectory, KindBasicDataConnectorKindAzureAdvancedThreatProtection, KindBasicDataConnectorKindAzureSecurityCenter, KindBasicDataConnectorKindDataConnector, KindBasicDataConnectorKindDynamics365, KindBasicDataConnectorKindGenericUI, KindBasicDataConnectorKindIOT, KindBasicDataConnectorKindMicrosoftCloudAppSecurity, KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection, KindBasicDataConnectorKindMicrosoftThreatIntelligence, KindBasicDataConnectorKindMicrosoftThreatProtection, KindBasicDataConnectorKindOffice365, KindBasicDataConnectorKindOffice365Project, KindBasicDataConnectorKindOfficeATP, KindBasicDataConnectorKindOfficeIRM, KindBasicDataConnectorKindOfficePowerBI, KindBasicDataConnectorKindThreatIntelligence, KindBasicDataConnectorKindThreatIntelligenceTaxii} } // KindBasicDataConnectorsCheckRequirements enumerates the values for kind basic data connectors check // requirements. type KindBasicDataConnectorsCheckRequirements string const ( // KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail ... KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail KindBasicDataConnectorsCheckRequirements = "AmazonWebServicesCloudTrail" // KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesS3 ... KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesS3 KindBasicDataConnectorsCheckRequirements = "AmazonWebServicesS3" // KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory ... KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory KindBasicDataConnectorsCheckRequirements = "AzureActiveDirectory" // KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection ... KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection KindBasicDataConnectorsCheckRequirements = "AzureAdvancedThreatProtection" // KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter ... KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter KindBasicDataConnectorsCheckRequirements = "AzureSecurityCenter" // KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements ... KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements KindBasicDataConnectorsCheckRequirements = "DataConnectorsCheckRequirements" // KindBasicDataConnectorsCheckRequirementsKindDynamics365 ... KindBasicDataConnectorsCheckRequirementsKindDynamics365 KindBasicDataConnectorsCheckRequirements = "Dynamics365" // KindBasicDataConnectorsCheckRequirementsKindIOT ... KindBasicDataConnectorsCheckRequirementsKindIOT KindBasicDataConnectorsCheckRequirements = "IOT" // KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity ... KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity KindBasicDataConnectorsCheckRequirements = "MicrosoftCloudAppSecurity" // KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection ... KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnectorsCheckRequirements = "MicrosoftDefenderAdvancedThreatProtection" // KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence ... KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence KindBasicDataConnectorsCheckRequirements = "MicrosoftThreatIntelligence" // KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection ... KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection KindBasicDataConnectorsCheckRequirements = "MicrosoftThreatProtection" // KindBasicDataConnectorsCheckRequirementsKindOffice365Project ... KindBasicDataConnectorsCheckRequirementsKindOffice365Project KindBasicDataConnectorsCheckRequirements = "Office365Project" // KindBasicDataConnectorsCheckRequirementsKindOfficeATP ... KindBasicDataConnectorsCheckRequirementsKindOfficeATP KindBasicDataConnectorsCheckRequirements = "OfficeATP" // KindBasicDataConnectorsCheckRequirementsKindOfficeIRM ... KindBasicDataConnectorsCheckRequirementsKindOfficeIRM KindBasicDataConnectorsCheckRequirements = "OfficeIRM" // KindBasicDataConnectorsCheckRequirementsKindOfficePowerBI ... KindBasicDataConnectorsCheckRequirementsKindOfficePowerBI KindBasicDataConnectorsCheckRequirements = "OfficePowerBI" // KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence ... KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence KindBasicDataConnectorsCheckRequirements = "ThreatIntelligence" // KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii ... KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii KindBasicDataConnectorsCheckRequirements = "ThreatIntelligenceTaxii" ) // PossibleKindBasicDataConnectorsCheckRequirementsValues returns an array of possible values for the KindBasicDataConnectorsCheckRequirements const type. func PossibleKindBasicDataConnectorsCheckRequirementsValues() []KindBasicDataConnectorsCheckRequirements { return []KindBasicDataConnectorsCheckRequirements{KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail, KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesS3, KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory, KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection, KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter, KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements, KindBasicDataConnectorsCheckRequirementsKindDynamics365, KindBasicDataConnectorsCheckRequirementsKindIOT, KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity, KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection, KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatIntelligence, KindBasicDataConnectorsCheckRequirementsKindMicrosoftThreatProtection, KindBasicDataConnectorsCheckRequirementsKindOffice365Project, KindBasicDataConnectorsCheckRequirementsKindOfficeATP, KindBasicDataConnectorsCheckRequirementsKindOfficeIRM, KindBasicDataConnectorsCheckRequirementsKindOfficePowerBI, KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence, KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii} } // KindBasicEntity enumerates the values for kind basic entity. type KindBasicEntity string const ( // KindBasicEntityKindAccount ... KindBasicEntityKindAccount KindBasicEntity = "Account" // KindBasicEntityKindAzureResource ... KindBasicEntityKindAzureResource KindBasicEntity = "AzureResource" // KindBasicEntityKindBookmark ... KindBasicEntityKindBookmark KindBasicEntity = "Bookmark" // KindBasicEntityKindCloudApplication ... KindBasicEntityKindCloudApplication KindBasicEntity = "CloudApplication" // KindBasicEntityKindDNSResolution ... KindBasicEntityKindDNSResolution KindBasicEntity = "DnsResolution" // KindBasicEntityKindEntity ... KindBasicEntityKindEntity KindBasicEntity = "Entity" // KindBasicEntityKindFile ... KindBasicEntityKindFile KindBasicEntity = "File" // KindBasicEntityKindFileHash ... KindBasicEntityKindFileHash KindBasicEntity = "FileHash" // KindBasicEntityKindHost ... KindBasicEntityKindHost KindBasicEntity = "Host" // KindBasicEntityKindIP ... KindBasicEntityKindIP KindBasicEntity = "Ip" // KindBasicEntityKindIoTDevice ... KindBasicEntityKindIoTDevice KindBasicEntity = "IoTDevice" // KindBasicEntityKindMailCluster ... KindBasicEntityKindMailCluster KindBasicEntity = "MailCluster" // KindBasicEntityKindMailMessage ... KindBasicEntityKindMailMessage KindBasicEntity = "MailMessage" // KindBasicEntityKindMailbox ... KindBasicEntityKindMailbox KindBasicEntity = "Mailbox" // KindBasicEntityKindMalware ... KindBasicEntityKindMalware KindBasicEntity = "Malware" // KindBasicEntityKindNic ... KindBasicEntityKindNic KindBasicEntity = "Nic" // KindBasicEntityKindProcess ... KindBasicEntityKindProcess KindBasicEntity = "Process" // KindBasicEntityKindRegistryKey ... KindBasicEntityKindRegistryKey KindBasicEntity = "RegistryKey" // KindBasicEntityKindRegistryValue ... KindBasicEntityKindRegistryValue KindBasicEntity = "RegistryValue" // KindBasicEntityKindSecurityAlert ... KindBasicEntityKindSecurityAlert KindBasicEntity = "SecurityAlert" // KindBasicEntityKindSecurityGroup ... KindBasicEntityKindSecurityGroup KindBasicEntity = "SecurityGroup" // KindBasicEntityKindSubmissionMail ... KindBasicEntityKindSubmissionMail KindBasicEntity = "SubmissionMail" // KindBasicEntityKindURL ... KindBasicEntityKindURL KindBasicEntity = "Url" ) // PossibleKindBasicEntityValues returns an array of possible values for the KindBasicEntity const type. func PossibleKindBasicEntityValues() []KindBasicEntity { return []KindBasicEntity{KindBasicEntityKindAccount, KindBasicEntityKindAzureResource, KindBasicEntityKindBookmark, KindBasicEntityKindCloudApplication, KindBasicEntityKindDNSResolution, KindBasicEntityKindEntity, KindBasicEntityKindFile, KindBasicEntityKindFileHash, KindBasicEntityKindHost, KindBasicEntityKindIP, KindBasicEntityKindIoTDevice, KindBasicEntityKindMailCluster, KindBasicEntityKindMailMessage, KindBasicEntityKindMailbox, KindBasicEntityKindMalware, KindBasicEntityKindNic, KindBasicEntityKindProcess, KindBasicEntityKindRegistryKey, KindBasicEntityKindRegistryValue, KindBasicEntityKindSecurityAlert, KindBasicEntityKindSecurityGroup, KindBasicEntityKindSubmissionMail, KindBasicEntityKindURL} } // KindBasicEntityQuery enumerates the values for kind basic entity query. type KindBasicEntityQuery string const ( // KindBasicEntityQueryKindActivity ... KindBasicEntityQueryKindActivity KindBasicEntityQuery = "Activity" // KindBasicEntityQueryKindEntityQuery ... KindBasicEntityQueryKindEntityQuery KindBasicEntityQuery = "EntityQuery" // KindBasicEntityQueryKindExpansion ... KindBasicEntityQueryKindExpansion KindBasicEntityQuery = "Expansion" ) // PossibleKindBasicEntityQueryValues returns an array of possible values for the KindBasicEntityQuery const type. func PossibleKindBasicEntityQueryValues() []KindBasicEntityQuery { return []KindBasicEntityQuery{KindBasicEntityQueryKindActivity, KindBasicEntityQueryKindEntityQuery, KindBasicEntityQueryKindExpansion} } // KindBasicEntityQueryItem enumerates the values for kind basic entity query item. type KindBasicEntityQueryItem string const ( // KindBasicEntityQueryItemKindEntityQueryItem ... KindBasicEntityQueryItemKindEntityQueryItem KindBasicEntityQueryItem = "EntityQueryItem" // KindBasicEntityQueryItemKindInsight ... KindBasicEntityQueryItemKindInsight KindBasicEntityQueryItem = "Insight" ) // PossibleKindBasicEntityQueryItemValues returns an array of possible values for the KindBasicEntityQueryItem const type. func PossibleKindBasicEntityQueryItemValues() []KindBasicEntityQueryItem { return []KindBasicEntityQueryItem{KindBasicEntityQueryItemKindEntityQueryItem, KindBasicEntityQueryItemKindInsight} } // KindBasicEntityQueryTemplate enumerates the values for kind basic entity query template. type KindBasicEntityQueryTemplate string const ( // KindBasicEntityQueryTemplateKindActivity ... KindBasicEntityQueryTemplateKindActivity KindBasicEntityQueryTemplate = "Activity" // KindBasicEntityQueryTemplateKindEntityQueryTemplate ... KindBasicEntityQueryTemplateKindEntityQueryTemplate KindBasicEntityQueryTemplate = "EntityQueryTemplate" ) // PossibleKindBasicEntityQueryTemplateValues returns an array of possible values for the KindBasicEntityQueryTemplate const type. func PossibleKindBasicEntityQueryTemplateValues() []KindBasicEntityQueryTemplate { return []KindBasicEntityQueryTemplate{KindBasicEntityQueryTemplateKindActivity, KindBasicEntityQueryTemplateKindEntityQueryTemplate} } // KindBasicEntityTimelineItem enumerates the values for kind basic entity timeline item. type KindBasicEntityTimelineItem string const ( // KindBasicEntityTimelineItemKindActivity ... KindBasicEntityTimelineItemKindActivity KindBasicEntityTimelineItem = "Activity" // KindBasicEntityTimelineItemKindAnomaly ... KindBasicEntityTimelineItemKindAnomaly KindBasicEntityTimelineItem = "Anomaly" // KindBasicEntityTimelineItemKindBookmark ... KindBasicEntityTimelineItemKindBookmark KindBasicEntityTimelineItem = "Bookmark" // KindBasicEntityTimelineItemKindEntityTimelineItem ... KindBasicEntityTimelineItemKindEntityTimelineItem KindBasicEntityTimelineItem = "EntityTimelineItem" // KindBasicEntityTimelineItemKindSecurityAlert ... KindBasicEntityTimelineItemKindSecurityAlert KindBasicEntityTimelineItem = "SecurityAlert" ) // PossibleKindBasicEntityTimelineItemValues returns an array of possible values for the KindBasicEntityTimelineItem const type. func PossibleKindBasicEntityTimelineItemValues() []KindBasicEntityTimelineItem { return []KindBasicEntityTimelineItem{KindBasicEntityTimelineItemKindActivity, KindBasicEntityTimelineItemKindAnomaly, KindBasicEntityTimelineItemKindBookmark, KindBasicEntityTimelineItemKindEntityTimelineItem, KindBasicEntityTimelineItemKindSecurityAlert} } // KindBasicSecurityMLAnalyticsSetting enumerates the values for kind basic security ml analytics setting. type KindBasicSecurityMLAnalyticsSetting string const ( // KindBasicSecurityMLAnalyticsSettingKindAnomaly ... KindBasicSecurityMLAnalyticsSettingKindAnomaly KindBasicSecurityMLAnalyticsSetting = "Anomaly" // KindBasicSecurityMLAnalyticsSettingKindSecurityMLAnalyticsSetting ... KindBasicSecurityMLAnalyticsSettingKindSecurityMLAnalyticsSetting KindBasicSecurityMLAnalyticsSetting = "SecurityMLAnalyticsSetting" ) // PossibleKindBasicSecurityMLAnalyticsSettingValues returns an array of possible values for the KindBasicSecurityMLAnalyticsSetting const type. func PossibleKindBasicSecurityMLAnalyticsSettingValues() []KindBasicSecurityMLAnalyticsSetting { return []KindBasicSecurityMLAnalyticsSetting{KindBasicSecurityMLAnalyticsSettingKindAnomaly, KindBasicSecurityMLAnalyticsSettingKindSecurityMLAnalyticsSetting} } // KindBasicSettings enumerates the values for kind basic settings. type KindBasicSettings string const ( // KindBasicSettingsKindAnomalies ... KindBasicSettingsKindAnomalies KindBasicSettings = "Anomalies" // KindBasicSettingsKindEntityAnalytics ... KindBasicSettingsKindEntityAnalytics KindBasicSettings = "EntityAnalytics" // KindBasicSettingsKindEyesOn ... KindBasicSettingsKindEyesOn KindBasicSettings = "EyesOn" // KindBasicSettingsKindSettings ... KindBasicSettingsKindSettings KindBasicSettings = "Settings" // KindBasicSettingsKindUeba ... KindBasicSettingsKindUeba KindBasicSettings = "Ueba" ) // PossibleKindBasicSettingsValues returns an array of possible values for the KindBasicSettings const type. func PossibleKindBasicSettingsValues() []KindBasicSettings { return []KindBasicSettings{KindBasicSettingsKindAnomalies, KindBasicSettingsKindEntityAnalytics, KindBasicSettingsKindEyesOn, KindBasicSettingsKindSettings, KindBasicSettingsKindUeba} } // KindBasicThreatIntelligenceInformation enumerates the values for kind basic threat intelligence information. type KindBasicThreatIntelligenceInformation string const ( // KindBasicThreatIntelligenceInformationKindIndicator ... KindBasicThreatIntelligenceInformationKindIndicator KindBasicThreatIntelligenceInformation = "indicator" // KindBasicThreatIntelligenceInformationKindThreatIntelligenceInformation ... KindBasicThreatIntelligenceInformationKindThreatIntelligenceInformation KindBasicThreatIntelligenceInformation = "ThreatIntelligenceInformation" ) // PossibleKindBasicThreatIntelligenceInformationValues returns an array of possible values for the KindBasicThreatIntelligenceInformation const type. func PossibleKindBasicThreatIntelligenceInformationValues() []KindBasicThreatIntelligenceInformation { return []KindBasicThreatIntelligenceInformation{KindBasicThreatIntelligenceInformationKindIndicator, KindBasicThreatIntelligenceInformationKindThreatIntelligenceInformation} } // MatchingMethod enumerates the values for matching method. type MatchingMethod string const ( // MatchingMethodAllEntities Grouping alerts into a single incident if all the entities match MatchingMethodAllEntities MatchingMethod = "AllEntities" // MatchingMethodAnyAlert Grouping any alerts triggered by this rule into a single incident MatchingMethodAnyAlert MatchingMethod = "AnyAlert" // MatchingMethodSelected Grouping alerts into a single incident if the selected entities, custom details // and alert details match MatchingMethodSelected MatchingMethod = "Selected" ) // PossibleMatchingMethodValues returns an array of possible values for the MatchingMethod const type. func PossibleMatchingMethodValues() []MatchingMethod { return []MatchingMethod{MatchingMethodAllEntities, MatchingMethodAnyAlert, MatchingMethodSelected} } // MicrosoftSecurityProductName enumerates the values for microsoft security product name. type MicrosoftSecurityProductName string const ( // MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection ... MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection" // MicrosoftSecurityProductNameAzureAdvancedThreatProtection ... MicrosoftSecurityProductNameAzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection" // MicrosoftSecurityProductNameAzureSecurityCenter ... MicrosoftSecurityProductNameAzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center" // MicrosoftSecurityProductNameAzureSecurityCenterforIoT ... MicrosoftSecurityProductNameAzureSecurityCenterforIoT MicrosoftSecurityProductName = "Azure Security Center for IoT" // MicrosoftSecurityProductNameMicrosoftCloudAppSecurity ... MicrosoftSecurityProductNameMicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security" // MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection ... MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection MicrosoftSecurityProductName = "Microsoft Defender Advanced Threat Protection" // MicrosoftSecurityProductNameOffice365AdvancedThreatProtection ... MicrosoftSecurityProductNameOffice365AdvancedThreatProtection MicrosoftSecurityProductName = "Office 365 Advanced Threat Protection" ) // PossibleMicrosoftSecurityProductNameValues returns an array of possible values for the MicrosoftSecurityProductName const type. func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName { return []MicrosoftSecurityProductName{MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection, MicrosoftSecurityProductNameAzureAdvancedThreatProtection, MicrosoftSecurityProductNameAzureSecurityCenter, MicrosoftSecurityProductNameAzureSecurityCenterforIoT, MicrosoftSecurityProductNameMicrosoftCloudAppSecurity, MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection, MicrosoftSecurityProductNameOffice365AdvancedThreatProtection} } // OSFamily enumerates the values for os family. type OSFamily string const ( // OSFamilyAndroid Host with Android operating system. OSFamilyAndroid OSFamily = "Android" // OSFamilyIOS Host with IOS operating system. OSFamilyIOS OSFamily = "IOS" // OSFamilyLinux Host with Linux operating system. OSFamilyLinux OSFamily = "Linux" // OSFamilyUnknown Host with Unknown operating system. OSFamilyUnknown OSFamily = "Unknown" // OSFamilyWindows Host with Windows operating system. OSFamilyWindows OSFamily = "Windows" ) // PossibleOSFamilyValues returns an array of possible values for the OSFamily const type. func PossibleOSFamilyValues() []OSFamily { return []OSFamily{OSFamilyAndroid, OSFamilyIOS, OSFamilyLinux, OSFamilyUnknown, OSFamilyWindows} } // Operator enumerates the values for operator. type Operator string const ( // OperatorAND ... OperatorAND Operator = "AND" // OperatorOR ... OperatorOR Operator = "OR" ) // PossibleOperatorValues returns an array of possible values for the Operator const type. func PossibleOperatorValues() []Operator { return []Operator{OperatorAND, OperatorOR} } // OutputType enumerates the values for output type. type OutputType string const ( // OutputTypeDate ... OutputTypeDate OutputType = "Date" // OutputTypeEntity ... OutputTypeEntity OutputType = "Entity" // OutputTypeNumber ... OutputTypeNumber OutputType = "Number" // OutputTypeString ... OutputTypeString OutputType = "String" ) // PossibleOutputTypeValues returns an array of possible values for the OutputType const type. func PossibleOutputTypeValues() []OutputType { return []OutputType{OutputTypeDate, OutputTypeEntity, OutputTypeNumber, OutputTypeString} } // OwnerType enumerates the values for owner type. type OwnerType string const ( // OwnerTypeGroup The incident owner type is an AAD group OwnerTypeGroup OwnerType = "Group" // OwnerTypeUnknown The incident owner type is unknown OwnerTypeUnknown OwnerType = "Unknown" // OwnerTypeUser The incident owner type is an AAD user OwnerTypeUser OwnerType = "User" ) // PossibleOwnerTypeValues returns an array of possible values for the OwnerType const type. func PossibleOwnerTypeValues() []OwnerType { return []OwnerType{OwnerTypeGroup, OwnerTypeUnknown, OwnerTypeUser} } // PermissionProviderScope enumerates the values for permission provider scope. type PermissionProviderScope string const ( // PermissionProviderScopeResourceGroup ... PermissionProviderScopeResourceGroup PermissionProviderScope = "ResourceGroup" // PermissionProviderScopeSubscription ... PermissionProviderScopeSubscription PermissionProviderScope = "Subscription" // PermissionProviderScopeWorkspace ... PermissionProviderScopeWorkspace PermissionProviderScope = "Workspace" ) // PossiblePermissionProviderScopeValues returns an array of possible values for the PermissionProviderScope const type. func PossiblePermissionProviderScopeValues() []PermissionProviderScope { return []PermissionProviderScope{PermissionProviderScopeResourceGroup, PermissionProviderScopeSubscription, PermissionProviderScopeWorkspace} } // PollingFrequency enumerates the values for polling frequency. type PollingFrequency string const ( // PollingFrequencyOnceADay Once a day PollingFrequencyOnceADay PollingFrequency = "OnceADay" // PollingFrequencyOnceAMinute Once a minute PollingFrequencyOnceAMinute PollingFrequency = "OnceAMinute" // PollingFrequencyOnceAnHour Once an hour PollingFrequencyOnceAnHour PollingFrequency = "OnceAnHour" ) // PossiblePollingFrequencyValues returns an array of possible values for the PollingFrequency const type. func PossiblePollingFrequencyValues() []PollingFrequency { return []PollingFrequency{PollingFrequencyOnceADay, PollingFrequencyOnceAMinute, PollingFrequencyOnceAnHour} } // ProviderName enumerates the values for provider name. type ProviderName string const ( // ProviderNameMicrosoftAuthorizationpolicyAssignments ... ProviderNameMicrosoftAuthorizationpolicyAssignments ProviderName = "Microsoft.Authorization/policyAssignments" // ProviderNameMicrosoftOperationalInsightssolutions ... ProviderNameMicrosoftOperationalInsightssolutions ProviderName = "Microsoft.OperationalInsights/solutions" // ProviderNameMicrosoftOperationalInsightsworkspaces ... ProviderNameMicrosoftOperationalInsightsworkspaces ProviderName = "Microsoft.OperationalInsights/workspaces" // ProviderNameMicrosoftOperationalInsightsworkspacesdatasources ... ProviderNameMicrosoftOperationalInsightsworkspacesdatasources ProviderName = "Microsoft.OperationalInsights/workspaces/datasources" // ProviderNameMicrosoftOperationalInsightsworkspacessharedKeys ... ProviderNameMicrosoftOperationalInsightsworkspacessharedKeys ProviderName = "Microsoft.OperationalInsights/workspaces/sharedKeys" // ProviderNameMicrosoftaadiamdiagnosticSettings ... ProviderNameMicrosoftaadiamdiagnosticSettings ProviderName = "microsoft.aadiam/diagnosticSettings" ) // PossibleProviderNameValues returns an array of possible values for the ProviderName const type. func PossibleProviderNameValues() []ProviderName { return []ProviderName{ProviderNameMicrosoftAuthorizationpolicyAssignments, ProviderNameMicrosoftOperationalInsightssolutions, ProviderNameMicrosoftOperationalInsightsworkspaces, ProviderNameMicrosoftOperationalInsightsworkspacesdatasources, ProviderNameMicrosoftOperationalInsightsworkspacessharedKeys, ProviderNameMicrosoftaadiamdiagnosticSettings} } // RegistryHive enumerates the values for registry hive. type RegistryHive string const ( // RegistryHiveHKEYA HKEY_A RegistryHiveHKEYA RegistryHive = "HKEY_A" // RegistryHiveHKEYCLASSESROOT HKEY_CLASSES_ROOT RegistryHiveHKEYCLASSESROOT RegistryHive = "HKEY_CLASSES_ROOT" // RegistryHiveHKEYCURRENTCONFIG HKEY_CURRENT_CONFIG RegistryHiveHKEYCURRENTCONFIG RegistryHive = "HKEY_CURRENT_CONFIG" // RegistryHiveHKEYCURRENTUSER HKEY_CURRENT_USER RegistryHiveHKEYCURRENTUSER RegistryHive = "HKEY_CURRENT_USER" // RegistryHiveHKEYCURRENTUSERLOCALSETTINGS HKEY_CURRENT_USER_LOCAL_SETTINGS RegistryHiveHKEYCURRENTUSERLOCALSETTINGS RegistryHive = "HKEY_CURRENT_USER_LOCAL_SETTINGS" // RegistryHiveHKEYLOCALMACHINE HKEY_LOCAL_MACHINE RegistryHiveHKEYLOCALMACHINE RegistryHive = "HKEY_LOCAL_MACHINE" // RegistryHiveHKEYPERFORMANCEDATA HKEY_PERFORMANCE_DATA RegistryHiveHKEYPERFORMANCEDATA RegistryHive = "HKEY_PERFORMANCE_DATA" // RegistryHiveHKEYPERFORMANCENLSTEXT HKEY_PERFORMANCE_NLSTEXT RegistryHiveHKEYPERFORMANCENLSTEXT RegistryHive = "HKEY_PERFORMANCE_NLSTEXT" // RegistryHiveHKEYPERFORMANCETEXT HKEY_PERFORMANCE_TEXT RegistryHiveHKEYPERFORMANCETEXT RegistryHive = "HKEY_PERFORMANCE_TEXT" // RegistryHiveHKEYUSERS HKEY_USERS RegistryHiveHKEYUSERS RegistryHive = "HKEY_USERS" ) // PossibleRegistryHiveValues returns an array of possible values for the RegistryHive const type. func PossibleRegistryHiveValues() []RegistryHive { return []RegistryHive{RegistryHiveHKEYA, RegistryHiveHKEYCLASSESROOT, RegistryHiveHKEYCURRENTCONFIG, RegistryHiveHKEYCURRENTUSER, RegistryHiveHKEYCURRENTUSERLOCALSETTINGS, RegistryHiveHKEYLOCALMACHINE, RegistryHiveHKEYPERFORMANCEDATA, RegistryHiveHKEYPERFORMANCENLSTEXT, RegistryHiveHKEYPERFORMANCETEXT, RegistryHiveHKEYUSERS} } // RegistryValueKind enumerates the values for registry value kind. type RegistryValueKind string const ( // RegistryValueKindBinary Binary value type RegistryValueKindBinary RegistryValueKind = "Binary" // RegistryValueKindDWord DWord value type RegistryValueKindDWord RegistryValueKind = "DWord" // RegistryValueKindExpandString ExpandString value type RegistryValueKindExpandString RegistryValueKind = "ExpandString" // RegistryValueKindMultiString MultiString value type RegistryValueKindMultiString RegistryValueKind = "MultiString" // RegistryValueKindNone None RegistryValueKindNone RegistryValueKind = "None" // RegistryValueKindQWord QWord value type RegistryValueKindQWord RegistryValueKind = "QWord" // RegistryValueKindString String value type RegistryValueKindString RegistryValueKind = "String" // RegistryValueKindUnknown Unknown value type RegistryValueKindUnknown RegistryValueKind = "Unknown" ) // PossibleRegistryValueKindValues returns an array of possible values for the RegistryValueKind const type. func PossibleRegistryValueKindValues() []RegistryValueKind { return []RegistryValueKind{RegistryValueKindBinary, RegistryValueKindDWord, RegistryValueKindExpandString, RegistryValueKindMultiString, RegistryValueKindNone, RegistryValueKindQWord, RegistryValueKindString, RegistryValueKindUnknown} } // RepoType enumerates the values for repo type. type RepoType string const ( // RepoTypeDevOps ... RepoTypeDevOps RepoType = "DevOps" // RepoTypeGithub ... RepoTypeGithub RepoType = "Github" ) // PossibleRepoTypeValues returns an array of possible values for the RepoType const type. func PossibleRepoTypeValues() []RepoType { return []RepoType{RepoTypeDevOps, RepoTypeGithub} } // ResourceIdentityType enumerates the values for resource identity type. type ResourceIdentityType string const ( // ResourceIdentityTypeSystemAssigned ... ResourceIdentityTypeSystemAssigned ResourceIdentityType = "SystemAssigned" ) // PossibleResourceIdentityTypeValues returns an array of possible values for the ResourceIdentityType const type. func PossibleResourceIdentityTypeValues() []ResourceIdentityType { return []ResourceIdentityType{ResourceIdentityTypeSystemAssigned} } // SecurityMLAnalyticsSettingsKind enumerates the values for security ml analytics settings kind. type SecurityMLAnalyticsSettingsKind string const ( // SecurityMLAnalyticsSettingsKindAnomaly ... SecurityMLAnalyticsSettingsKindAnomaly SecurityMLAnalyticsSettingsKind = "Anomaly" ) // PossibleSecurityMLAnalyticsSettingsKindValues returns an array of possible values for the SecurityMLAnalyticsSettingsKind const type. func PossibleSecurityMLAnalyticsSettingsKindValues() []SecurityMLAnalyticsSettingsKind { return []SecurityMLAnalyticsSettingsKind{SecurityMLAnalyticsSettingsKindAnomaly} } // SettingType enumerates the values for setting type. type SettingType string const ( // SettingTypeCopyableLabel ... SettingTypeCopyableLabel SettingType = "CopyableLabel" // SettingTypeInfoMessage ... SettingTypeInfoMessage SettingType = "InfoMessage" // SettingTypeInstructionStepsGroup ... SettingTypeInstructionStepsGroup SettingType = "InstructionStepsGroup" ) // PossibleSettingTypeValues returns an array of possible values for the SettingType const type. func PossibleSettingTypeValues() []SettingType { return []SettingType{SettingTypeCopyableLabel, SettingTypeInfoMessage, SettingTypeInstructionStepsGroup} } // SettingsStatus enumerates the values for settings status. type SettingsStatus string const ( // SettingsStatusFlighting Anomaly settings status in Flighting mode SettingsStatusFlighting SettingsStatus = "Flighting" // SettingsStatusProduction Anomaly settings status in Production mode SettingsStatusProduction SettingsStatus = "Production" ) // PossibleSettingsStatusValues returns an array of possible values for the SettingsStatus const type. func PossibleSettingsStatusValues() []SettingsStatus { return []SettingsStatus{SettingsStatusFlighting, SettingsStatusProduction} } // SkuTier enumerates the values for sku tier. type SkuTier string const ( // SkuTierBasic ... SkuTierBasic SkuTier = "Basic" // SkuTierFree ... SkuTierFree SkuTier = "Free" // SkuTierPremium ... SkuTierPremium SkuTier = "Premium" // SkuTierStandard ... SkuTierStandard SkuTier = "Standard" ) // PossibleSkuTierValues returns an array of possible values for the SkuTier const type. func PossibleSkuTierValues() []SkuTier { return []SkuTier{SkuTierBasic, SkuTierFree, SkuTierPremium, SkuTierStandard} } // SourceKind enumerates the values for source kind. type SourceKind string const ( // SourceKindCommunity ... SourceKindCommunity SourceKind = "Community" // SourceKindLocalWorkspace ... SourceKindLocalWorkspace SourceKind = "LocalWorkspace" // SourceKindSolution ... SourceKindSolution SourceKind = "Solution" // SourceKindSourceRepository ... SourceKindSourceRepository SourceKind = "SourceRepository" ) // PossibleSourceKindValues returns an array of possible values for the SourceKind const type. func PossibleSourceKindValues() []SourceKind { return []SourceKind{SourceKindCommunity, SourceKindLocalWorkspace, SourceKindSolution, SourceKindSourceRepository} } // SourceType enumerates the values for source type. type SourceType string const ( // SourceTypeLocalfile ... SourceTypeLocalfile SourceType = "Local file" // SourceTypeRemotestorage ... SourceTypeRemotestorage SourceType = "Remote storage" ) // PossibleSourceTypeValues returns an array of possible values for the SourceType const type. func PossibleSourceTypeValues() []SourceType { return []SourceType{SourceTypeLocalfile, SourceTypeRemotestorage} } // SupportTier enumerates the values for support tier. type SupportTier string const ( // SupportTierCommunity ... SupportTierCommunity SupportTier = "Community" // SupportTierMicrosoft ... SupportTierMicrosoft SupportTier = "Microsoft" // SupportTierPartner ... SupportTierPartner SupportTier = "Partner" ) // PossibleSupportTierValues returns an array of possible values for the SupportTier const type. func PossibleSupportTierValues() []SupportTier { return []SupportTier{SupportTierCommunity, SupportTierMicrosoft, SupportTierPartner} } // TemplateStatus enumerates the values for template status. type TemplateStatus string const ( // TemplateStatusAvailable Alert rule template is available. TemplateStatusAvailable TemplateStatus = "Available" // TemplateStatusInstalled Alert rule template installed. and can not use more then once TemplateStatusInstalled TemplateStatus = "Installed" // TemplateStatusNotAvailable Alert rule template is not available TemplateStatusNotAvailable TemplateStatus = "NotAvailable" ) // PossibleTemplateStatusValues returns an array of possible values for the TemplateStatus const type. func PossibleTemplateStatusValues() []TemplateStatus { return []TemplateStatus{TemplateStatusAvailable, TemplateStatusInstalled, TemplateStatusNotAvailable} } // ThreatIntelligenceResourceKindEnum enumerates the values for threat intelligence resource kind enum. type ThreatIntelligenceResourceKindEnum string const ( // ThreatIntelligenceResourceKindEnumIndicator Entity represents threat intelligence indicator in the // system. ThreatIntelligenceResourceKindEnumIndicator ThreatIntelligenceResourceKindEnum = "indicator" ) // PossibleThreatIntelligenceResourceKindEnumValues returns an array of possible values for the ThreatIntelligenceResourceKindEnum const type. func PossibleThreatIntelligenceResourceKindEnumValues() []ThreatIntelligenceResourceKindEnum { return []ThreatIntelligenceResourceKindEnum{ThreatIntelligenceResourceKindEnumIndicator} } // ThreatIntelligenceSortingCriteriaEnum enumerates the values for threat intelligence sorting criteria enum. type ThreatIntelligenceSortingCriteriaEnum string const ( // ThreatIntelligenceSortingCriteriaEnumAscending ... ThreatIntelligenceSortingCriteriaEnumAscending ThreatIntelligenceSortingCriteriaEnum = "ascending" // ThreatIntelligenceSortingCriteriaEnumDescending ... ThreatIntelligenceSortingCriteriaEnumDescending ThreatIntelligenceSortingCriteriaEnum = "descending" // ThreatIntelligenceSortingCriteriaEnumUnsorted ... ThreatIntelligenceSortingCriteriaEnumUnsorted ThreatIntelligenceSortingCriteriaEnum = "unsorted" ) // PossibleThreatIntelligenceSortingCriteriaEnumValues returns an array of possible values for the ThreatIntelligenceSortingCriteriaEnum const type. func PossibleThreatIntelligenceSortingCriteriaEnumValues() []ThreatIntelligenceSortingCriteriaEnum { return []ThreatIntelligenceSortingCriteriaEnum{ThreatIntelligenceSortingCriteriaEnumAscending, ThreatIntelligenceSortingCriteriaEnumDescending, ThreatIntelligenceSortingCriteriaEnumUnsorted} } // TriggerOperator enumerates the values for trigger operator. type TriggerOperator string const ( // TriggerOperatorEqual ... TriggerOperatorEqual TriggerOperator = "Equal" // TriggerOperatorGreaterThan ... TriggerOperatorGreaterThan TriggerOperator = "GreaterThan" // TriggerOperatorLessThan ... TriggerOperatorLessThan TriggerOperator = "LessThan" // TriggerOperatorNotEqual ... TriggerOperatorNotEqual TriggerOperator = "NotEqual" ) // PossibleTriggerOperatorValues returns an array of possible values for the TriggerOperator const type. func PossibleTriggerOperatorValues() []TriggerOperator { return []TriggerOperator{TriggerOperatorEqual, TriggerOperatorGreaterThan, TriggerOperatorLessThan, TriggerOperatorNotEqual} } // TriggersOn enumerates the values for triggers on. type TriggersOn string const ( // TriggersOnAlerts Trigger on Alerts TriggersOnAlerts TriggersOn = "Alerts" // TriggersOnIncidents Trigger on Incidents TriggersOnIncidents TriggersOn = "Incidents" ) // PossibleTriggersOnValues returns an array of possible values for the TriggersOn const type. func PossibleTriggersOnValues() []TriggersOn { return []TriggersOn{TriggersOnAlerts, TriggersOnIncidents} } // TriggersWhen enumerates the values for triggers when. type TriggersWhen string const ( // TriggersWhenCreated Trigger on created objects TriggersWhenCreated TriggersWhen = "Created" // TriggersWhenUpdated Trigger on updated objects TriggersWhenUpdated TriggersWhen = "Updated" ) // PossibleTriggersWhenValues returns an array of possible values for the TriggersWhen const type. func PossibleTriggersWhenValues() []TriggersWhen { return []TriggersWhen{TriggersWhenCreated, TriggersWhenUpdated} } // UebaDataSources enumerates the values for ueba data sources. type UebaDataSources string const ( // UebaDataSourcesAuditLogs ... UebaDataSourcesAuditLogs UebaDataSources = "AuditLogs" // UebaDataSourcesAzureActivity ... UebaDataSourcesAzureActivity UebaDataSources = "AzureActivity" // UebaDataSourcesSecurityEvent ... UebaDataSourcesSecurityEvent UebaDataSources = "SecurityEvent" // UebaDataSourcesSigninLogs ... UebaDataSourcesSigninLogs UebaDataSources = "SigninLogs" ) // PossibleUebaDataSourcesValues returns an array of possible values for the UebaDataSources const type. func PossibleUebaDataSourcesValues() []UebaDataSources { return []UebaDataSources{UebaDataSourcesAuditLogs, UebaDataSourcesAzureActivity, UebaDataSourcesSecurityEvent, UebaDataSourcesSigninLogs} } // VersionType enumerates the values for version type. type VersionType string const ( // VersionTypeV1 ... VersionTypeV1 VersionType = "V1" // VersionTypeV2 ... VersionTypeV2 VersionType = "V2" ) // PossibleVersionTypeValues returns an array of possible values for the VersionType const type. func PossibleVersionTypeValues() []VersionType { return []VersionType{VersionTypeV1, VersionTypeV2} }