Package-level declarations
Types
Link copied to clipboard
The Activity query definitions
Link copied to clipboard
Link copied to clipboard
data class AlertsDataTypeOfDataConnectorResponse(val alerts: DataConnectorDataTypeCommonResponse? = null)
Alerts data type for data connectors.
Link copied to clipboard
data class AutomationRuleModifyPropertiesActionResponse(val actionConfiguration: AutomationRuleModifyPropertiesActionResponseActionConfiguration, val actionType: String, val order: Int)
Describes an automation rule action to modify an object's properties
Link copied to clipboard
data class AutomationRuleModifyPropertiesActionResponseActionConfiguration(val classification: String? = null, val classificationComment: String? = null, val classificationReason: String? = null, val labels: List<IncidentLabelResponse>? = null, val owner: IncidentOwnerInfoResponse? = null, val severity: String? = null, val status: String? = null)
The configuration of the modify properties automation rule action
Link copied to clipboard
data class AutomationRulePropertyValuesConditionResponse(val conditionProperties: AutomationRulePropertyValuesConditionResponseConditionProperties, val conditionType: String)
Describes an automation rule condition that evaluates a property's value
Link copied to clipboard
data class AutomationRulePropertyValuesConditionResponseConditionProperties(val operator: String? = null, val propertyName: String? = null, val propertyValues: List<String>? = null)
The configuration of the automation rule condition
Link copied to clipboard
data class AutomationRuleRunPlaybookActionResponse(val actionConfiguration: AutomationRuleRunPlaybookActionResponseActionConfiguration, val actionType: String, val order: Int)
Describes an automation rule action to run a playbook
Link copied to clipboard
data class AutomationRuleRunPlaybookActionResponseActionConfiguration(val logicAppResourceId: String? = null, val tenantId: String? = null)
The configuration of the run playbook automation rule action
Link copied to clipboard
data class AutomationRuleTriggeringLogicResponse(val conditions: List<AutomationRulePropertyValuesConditionResponse>? = null, val expirationTimeUtc: String? = null, val isEnabled: Boolean, val triggersOn: String, val triggersWhen: String)
Describes automation rule triggering logic
Link copied to clipboard
data class AwsCloudTrailDataConnectorDataTypesResponse(val logs: AwsCloudTrailDataConnectorDataTypesResponseLogs? = null)
The available data types for Amazon Web Services CloudTrail data connector.
Link copied to clipboard
Logs data type.
Link copied to clipboard
data class BookmarkTimelineItemResponse(val azureResourceId: String, val createdBy: UserInfoResponse? = null, val displayName: String? = null, val endTimeUtc: String? = null, val eventTime: String? = null, val kind: String, val labels: List<String>? = null, val notes: String? = null, val startTimeUtc: String? = null)
Represents bookmark timeline item.
Link copied to clipboard
data class ClientInfoResponse(val email: String? = null, val name: String? = null, val objectId: String? = null, val userPrincipalName: String? = null)
Information on the client (user or application) that made some action
Link copied to clipboard
The mapping of content type to a repo path.
Link copied to clipboard
Common field for data type in data connectors.
Link copied to clipboard
data class EntityInsightItemResponse(val chartQueryResults: List<InsightsTableResultResponse>? = null, val queryId: String? = null, val queryTimeInterval: EntityInsightItemResponseQueryTimeInterval? = null, val tableQueryResults: InsightsTableResultResponse? = null)
Entity insight Item.
Link copied to clipboard
data class EntityInsightItemResponseQueryTimeInterval(val endTime: String? = null, val startTime: String? = null)
The Time interval that the query actually executed on.
Link copied to clipboard
data class GetAADDataConnectorResult(val dataTypes: AlertsDataTypeOfDataConnectorResponse? = null, val etag: String? = null, val id: String, val kind: String, val name: String, val tenantId: String? = null, val type: String)
Represents AAD (Azure Active Directory) data connector.
Link copied to clipboard
data class GetAATPDataConnectorResult(val dataTypes: AlertsDataTypeOfDataConnectorResponse? = null, val etag: String? = null, val id: String, val kind: String, val name: String, val tenantId: String? = null, val type: String)
Represents AATP (Azure Advanced Threat Protection) data connector.
Link copied to clipboard
Link copied to clipboard
data class GetActivityCustomEntityQueryResult(val content: String? = null, val createdTimeUtc: String, val description: String? = null, val enabled: Boolean? = null, val entitiesFilter: Map<String, List<String>>? = null, val etag: String? = null, val id: String, val inputEntityType: String? = null, val kind: String, val lastModifiedTimeUtc: String, val name: String, val queryDefinitions: ActivityEntityQueriesPropertiesResponseQueryDefinitions? = null, val requiredInputFieldsSets: List<List<String>>? = null, val systemData: SystemDataResponse, val templateName: String? = null, val title: String? = null, val type: String)
Represents Activity entity query.
Link copied to clipboard
data class GetAnomaliesResult(val etag: String? = null, val id: String, val isEnabled: Boolean, val kind: String, val name: String, val systemData: SystemDataResponse, val type: String)
Settings with single toggle.
Link copied to clipboard
data class GetAnomalySecurityMLAnalyticsSettingsResult(val anomalySettingsVersion: Int? = null, val anomalyVersion: String, val customizableObservations: Any? = null, val description: String? = null, val displayName: String, val enabled: Boolean, val etag: String? = null, val frequency: String, val id: String, val isDefaultSettings: Boolean, val kind: String, val lastModifiedUtc: String, val name: String, val requiredDataConnectors: List<SecurityMLAnalyticsSettingsDataSourceResponse>? = null, val settingsDefinitionId: String? = null, val settingsStatus: String, val systemData: SystemDataResponse, val tactics: List<String>? = null, val techniques: List<String>? = null, val type: String)
Represents Anomaly Security ML Analytics Settings
Link copied to clipboard
data class GetASCDataConnectorResult(val dataTypes: AlertsDataTypeOfDataConnectorResponse? = null, val etag: String? = null, val id: String, val kind: String, val name: String, val subscriptionId: String? = null, val type: String)
Represents ASC (Azure Security Center) data connector.
Link copied to clipboard
data class GetAutomationRuleResult(val actions: List<Either<AutomationRuleModifyPropertiesActionResponse, AutomationRuleRunPlaybookActionResponse>>, val createdBy: ClientInfoResponse, val createdTimeUtc: String, val displayName: String, val etag: String? = null, val id: String, val lastModifiedBy: ClientInfoResponse, val lastModifiedTimeUtc: String, val name: String, val order: Int, val triggeringLogic: AutomationRuleTriggeringLogicResponse, val type: String)
Represents an automation rule.
Link copied to clipboard
data class GetAwsCloudTrailDataConnectorResult(val awsRoleArn: String? = null, val dataTypes: AwsCloudTrailDataConnectorDataTypesResponse? = null, val etag: String? = null, val id: String, val kind: String, val name: String, val type: String)
Represents Amazon Web Services CloudTrail data connector.
Link copied to clipboard
Link copied to clipboard
data class GetBookmarkResult(val created: String? = null, val createdBy: UserInfoResponse? = null, val displayName: String, val etag: String? = null, val eventTime: String? = null, val id: String, val incidentInfo: IncidentInfoResponse? = null, val labels: List<String>? = null, val name: String, val notes: String? = null, val query: String, val queryEndTime: String? = null, val queryResult: String? = null, val queryStartTime: String? = null, val type: String, val updated: String? = null, val updatedBy: UserInfoResponse? = null)
Represents a bookmark in Azure Security Insights.
Link copied to clipboard
data class GetEntitiesGetTimelineResult(val metaData: TimelineResultsMetadataResponse? = null, val value: List<Any>? = null)
The entity timeline result operation response.
Link copied to clipboard
data class GetEntityAnalyticsResult(val etag: String? = null, val id: String, val isEnabled: Boolean, val kind: String, val name: String, val systemData: SystemDataResponse, val type: String)
Settings with single toggle.
Link copied to clipboard
data class GetEntityInsightsResult(val metaData: GetInsightsResultsMetadataResponse? = null, val value: List<EntityInsightItemResponse>? = null)
The Get Insights result operation response.
Link copied to clipboard
data class GetEyesOnResult(val etag: String? = null, val id: String, val isEnabled: Boolean, val kind: String, val name: String, val systemData: SystemDataResponse, val type: String)
Settings with single toggle.
Link copied to clipboard
data class GetFusionAlertRuleResult(val alertRuleTemplateName: String, val description: String, val displayName: String, val enabled: Boolean, val etag: String? = null, val id: String, val kind: String, val lastModifiedUtc: String, val name: String, val severity: String, val tactics: List<String>, val type: String)
Represents Fusion alert rule.
Link copied to clipboard
data class GetIncidentCommentResult(val author: ClientInfoResponse, val createdTimeUtc: String, val etag: String? = null, val id: String, val lastModifiedTimeUtc: String, val message: String, val name: String, val systemData: SystemDataResponse, val type: String)
Represents an incident comment
Link copied to clipboard
data class GetIncidentRelationResult(val etag: String? = null, val id: String, val name: String, val relatedResourceId: String, val relatedResourceKind: String, val relatedResourceName: String, val relatedResourceType: String, val systemData: SystemDataResponse, val type: String)
Represents a relation between two resources
Link copied to clipboard
data class GetIncidentResult(val additionalData: IncidentAdditionalDataResponse, val classification: String? = null, val classificationComment: String? = null, val classificationReason: String? = null, val createdTimeUtc: String, val description: String? = null, val etag: String? = null, val firstActivityTimeUtc: String? = null, val id: String, val incidentNumber: Int, val incidentUrl: String, val labels: List<IncidentLabelResponse>? = null, val lastActivityTimeUtc: String? = null, val lastModifiedTimeUtc: String, val name: String, val owner: IncidentOwnerInfoResponse? = null, val relatedAnalyticRuleIds: List<String>, val severity: String, val status: String, val title: String, val type: String)
Represents an incident in Azure Security Insights.
Link copied to clipboard
data class GetInsightsErrorResponse(val errorMessage: String, val kind: String, val queryId: String? = null)
GetInsights Query Errors.
Link copied to clipboard
data class GetInsightsResultsMetadataResponse(val errors: List<GetInsightsErrorResponse>? = null, val totalCount: Int)
Get Insights result metadata.
Link copied to clipboard
data class GetMCASDataConnectorResult(val dataTypes: MCASDataConnectorDataTypesResponse? = null, val etag: String? = null, val id: String, val kind: String, val name: String, val tenantId: String? = null, val type: String)
Represents MCAS (Microsoft Cloud App Security) data connector.
Link copied to clipboard
data class GetMDATPDataConnectorResult(val dataTypes: AlertsDataTypeOfDataConnectorResponse? = null, val etag: String? = null, val id: String, val kind: String, val name: String, val tenantId: String? = null, val type: String)
Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.
Link copied to clipboard
data class GetMetadataResult(val author: MetadataAuthorResponse? = null, val categories: MetadataCategoriesResponse? = null, val contentId: String? = null, val dependencies: MetadataDependenciesResponse? = null, val etag: String? = null, val firstPublishDate: String? = null, val id: String, val kind: String, val lastPublishDate: String? = null, val name: String, val parentId: String, val providers: List<String>? = null, val source: MetadataSourceResponse? = null, val support: MetadataSupportResponse? = null, val systemData: SystemDataResponse, val type: String, val version: String? = null)
Metadata resource definition.
Link copied to clipboard
data class GetMicrosoftSecurityIncidentCreationAlertRuleResult(val alertRuleTemplateName: String? = null, val description: String? = null, val displayName: String, val displayNamesExcludeFilter: List<String>? = null, val displayNamesFilter: List<String>? = null, val enabled: Boolean, val etag: String? = null, val id: String, val kind: String, val lastModifiedUtc: String, val name: String, val productFilter: String, val severitiesFilter: List<String>? = null, val type: String)
Represents MicrosoftSecurityIncidentCreation rule.
Link copied to clipboard
data class GetOfficeDataConnectorResult(val dataTypes: OfficeDataConnectorDataTypesResponse? = null, val etag: String? = null, val id: String, val kind: String, val name: String, val tenantId: String? = null, val type: String)
Represents office data connector.
Link copied to clipboard
data class GetScheduledAlertRuleResult(val alertRuleTemplateName: String? = null, val description: String? = null, val displayName: String, val enabled: Boolean, val etag: String? = null, val id: String, val kind: String, val lastModifiedUtc: String, val name: String, val query: String, val queryFrequency: String, val queryPeriod: String, val severity: String, val suppressionDuration: String, val suppressionEnabled: Boolean, val tactics: List<String>? = null, val triggerOperator: String, val triggerThreshold: Int, val type: String)
Represents scheduled alert rule.
Link copied to clipboard
data class GetSentinelOnboardingStateResult(val customerManagedKey: Boolean? = null, val etag: String? = null, val id: String, val name: String, val systemData: SystemDataResponse, val type: String)
Sentinel onboarding state
Link copied to clipboard
data class GetSourceControlResult(val contentTypes: List<String>, val createdAt: String? = null, val createdBy: String? = null, val createdByType: String? = null, val description: String? = null, val displayName: String, val etag: String? = null, val id: String, val lastModifiedAt: String? = null, val lastModifiedBy: String? = null, val lastModifiedByType: String? = null, val name: String, val repoType: String, val repository: RepositoryResponse, val systemData: SystemDataResponse, val type: String)
Represents a SourceControl in Azure Security Insights.
Link copied to clipboard
Link copied to clipboard
data class GetTIDataConnectorResult(val dataTypes: TIDataConnectorDataTypesResponse? = null, val etag: String? = null, val id: String, val kind: String, val name: String, val tenantId: String? = null, val tipLookbackPeriod: String? = null, val type: String)
Represents threat intelligence data connector.
Link copied to clipboard
data class GetUebaResult(val dataSources: List<String>? = null, val etag: String? = null, val id: String, val kind: String, val name: String, val systemData: SystemDataResponse, val type: String)
Settings with single toggle.
Link copied to clipboard
data class GetWatchlistItemResult(val created: String? = null, val createdBy: WatchlistUserInfoResponse? = null, val entityMapping: Any? = null, val etag: String? = null, val id: String, val isDeleted: Boolean? = null, val itemsKeyValue: Any, val name: String, val systemData: SystemDataResponse, val tenantId: String? = null, val type: String, val updated: String? = null, val updatedBy: WatchlistUserInfoResponse? = null, val watchlistItemId: String? = null, val watchlistItemType: String? = null)
Represents a Watchlist item in Azure Security Insights.
Link copied to clipboard
data class GetWatchlistResult(val contentType: String? = null, val created: String? = null, val createdBy: WatchlistUserInfoResponse? = null, val defaultDuration: String? = null, val description: String? = null, val displayName: String, val etag: String? = null, val id: String, val isDeleted: Boolean? = null, val itemsSearchKey: String, val labels: List<String>? = null, val name: String, val numberOfLinesToSkip: Int? = null, val provider: String, val rawContent: String? = null, val source: String, val systemData: SystemDataResponse, val tenantId: String? = null, val type: String, val updated: String? = null, val updatedBy: WatchlistUserInfoResponse? = null, val uploadStatus: String? = null, val watchlistAlias: String? = null, val watchlistId: String? = null, val watchlistItemsCount: Int? = null, val watchlistType: String? = null)
Represents a Watchlist in Azure Security Insights.
Link copied to clipboard
Link copied to clipboard
data class IncidentInfoResponse(val incidentId: String? = null, val relationName: String? = null, val severity: String? = null, val title: String? = null)
Describes related incident information for the bookmark
Link copied to clipboard
Represents an incident label
Link copied to clipboard
data class IncidentOwnerInfoResponse(val assignedTo: String? = null, val email: String? = null, val objectId: String? = null, val userPrincipalName: String? = null)
Information on the user an incident is assigned to
Link copied to clipboard
data class InsightsTableResultResponse(val columns: List<InsightsTableResultResponseColumns>? = null, val rows: List<List<String>>? = null)
Query results for table insights query.
Link copied to clipboard
Link copied to clipboard
List all the source controls.
Link copied to clipboard
data class MCASDataConnectorDataTypesResponse(val alerts: DataConnectorDataTypeCommonResponse? = null, val discoveryLogs: DataConnectorDataTypeCommonResponse? = null)
The available data types for MCAS (Microsoft Cloud App Security) data connector.
Link copied to clipboard
data class MetadataAuthorResponse(val email: String? = null, val link: String? = null, val name: String? = null)
Publisher or creator of the content item.
Link copied to clipboard
data class MetadataCategoriesResponse(val domains: List<String>? = null, val verticals: List<String>? = null)
ies for the solution content item
Link copied to clipboard
data class MetadataDependenciesResponse(val contentId: String? = null, val criteria: List<MetadataDependenciesResponse>? = null, val kind: String? = null, val name: String? = null, val operator: String? = null, val version: String? = null)
Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.
Link copied to clipboard
data class MetadataSourceResponse(val kind: String, val name: String? = null, val sourceId: String? = null)
The original source of the content item, where it comes from.
Link copied to clipboard
data class MetadataSupportResponse(val email: String? = null, val link: String? = null, val name: String? = null, val tier: String)
Support information for the content item.
Link copied to clipboard
data class OfficeDataConnectorDataTypesResponse(val exchange: OfficeDataConnectorDataTypesResponseExchange? = null, val sharePoint: OfficeDataConnectorDataTypesResponseSharePoint? = null, val teams: OfficeDataConnectorDataTypesResponseTeams? = null)
The available data types for office data connector.
Link copied to clipboard
Exchange data type connection.
Link copied to clipboard
SharePoint data type connection.
Link copied to clipboard
Teams data type connection.
Link copied to clipboard
data class RepoResponse(val branches: List<String>? = null, val fullName: String? = null, val url: String? = null)
Represents a repository.
Link copied to clipboard
data class RepositoryResponse(val branch: String? = null, val deploymentLogsUrl: String? = null, val displayUrl: String? = null, val pathMapping: List<ContentPathMapResponse>? = null, val url: String? = null)
metadata of a repository.
Link copied to clipboard
data class SecurityAlertTimelineItemResponse(val alertType: String, val azureResourceId: String, val description: String? = null, val displayName: String, val endTimeUtc: String, val kind: String, val productName: String? = null, val severity: String, val startTimeUtc: String, val timeGenerated: String)
Represents security alert timeline item.
Link copied to clipboard
data class SecurityMLAnalyticsSettingsDataSourceResponse(val connectorId: String? = null, val dataTypes: List<String>? = null)
security ml analytics settings data sources
Link copied to clipboard
data class SystemDataResponse(val createdAt: String? = null, val createdBy: String? = null, val createdByType: String? = null, val lastModifiedAt: String? = null, val lastModifiedBy: String? = null, val lastModifiedByType: String? = null)
Metadata pertaining to creation and last modification of the resource.
Link copied to clipboard
data class TIDataConnectorDataTypesResponse(val indicators: TIDataConnectorDataTypesResponseIndicators? = null)
The available data types for TI (Threat Intelligence) data connector.
Link copied to clipboard
Data type for indicators connection.
Link copied to clipboard
timeline aggregation information per kind
Link copied to clipboard
data class TimelineErrorResponse(val errorMessage: String, val kind: String, val queryId: String? = null)
Timeline Query Errors.
Link copied to clipboard
data class TimelineResultsMetadataResponse(val aggregations: List<TimelineAggregationResponse>, val errors: List<TimelineErrorResponse>? = null, val totalCount: Int)
Expansion result metadata.
Link copied to clipboard
User information that made some action
Link copied to clipboard
data class WatchlistUserInfoResponse(val email: String, val name: String, val objectId: String? = null)
User information that made some action