Package-level declarations
Types
Link copied to clipboard
The Activity query definitions
Link copied to clipboard
Link copied to clipboard
data class AddIncidentTaskActionPropertiesResponse(val description: String? = null, val title: String)
Describes an automation rule action to add a task to an incident.
Link copied to clipboard
data class AgentSystemResponse(val systemDisplayName: String? = null, val systemResourceName: String? = null)
Describes the configuration of a system inside the agent.
Link copied to clipboard
data class AlertDetailsOverrideResponse(val alertDescriptionFormat: String? = null, val alertDisplayNameFormat: String? = null, val alertDynamicProperties: List<AlertPropertyMappingResponse>? = null, val alertSeverityColumnName: String? = null, val alertTacticsColumnName: String? = null)
Settings for how to dynamically override alert static details
Link copied to clipboard
data class AlertPropertyMappingResponse(val alertProperty: String? = null, val value: String? = null)
A single alert property mapping to override
Link copied to clipboard
data class AlertsDataTypeOfDataConnectorResponse(val alerts: DataConnectorDataTypeCommonResponse? = null)
Alerts data type for data connectors.
Link copied to clipboard
data class AnomalyTimelineItemResponse(val azureResourceId: String, val description: String? = null, val displayName: String, val endTimeUtc: String, val intent: String? = null, val kind: String, val productName: String? = null, val reasons: List<String>? = null, val startTimeUtc: String, val techniques: List<String>? = null, val timeGenerated: String, val vendor: String? = null)
Represents anomaly timeline item.
Link copied to clipboard
data class ApiKeyAuthModelResponse(val apiKey: String, val apiKeyIdentifier: String? = null, val apiKeyName: String, val isApiKeyInPostPayload: Boolean? = null, val type: String)
Model for authentication with the API Key. Will result in additional header on the request (default behavior) to the remote server: 'ApiKeyName: ApiKeyIdentifier ApiKey'. If 'IsApiKeyInPostPayload' is true it will send it in the body of the request and not the header.
Link copied to clipboard
An entity describing a content item.
Link copied to clipboard
data class AutomationRuleAddIncidentTaskActionResponse(val actionConfiguration: AddIncidentTaskActionPropertiesResponse? = null, val actionType: String, val order: Int)
Describes an automation rule action to add a task to an incident
Link copied to clipboard
data class AutomationRuleBooleanConditionResponse(val innerConditions: List<Any>? = null, val operator: String? = null)
Describes an automation rule condition with boolean operators.
Link copied to clipboard
data class AutomationRuleModifyPropertiesActionResponse(val actionConfiguration: IncidentPropertiesActionResponse? = null, val actionType: String, val order: Int)
Describes an automation rule action to modify an object's properties
Link copied to clipboard
data class AutomationRulePropertyArrayChangedValuesConditionResponse(val arrayType: String? = null, val changeType: String? = null)
Link copied to clipboard
data class AutomationRulePropertyArrayValuesConditionResponse(val arrayConditionType: String? = null, val arrayType: String? = null, val itemConditions: List<Any>? = null)
Describes an automation rule condition on array properties.
Link copied to clipboard
Link copied to clipboard
data class AutomationRulePropertyValuesConditionResponse(val operator: String? = null, val propertyName: String? = null, val propertyValues: List<String>? = null)
Link copied to clipboard
data class AutomationRuleRunPlaybookActionResponse(val actionConfiguration: PlaybookActionPropertiesResponse? = null, val actionType: String, val order: Int)
Describes an automation rule action to run a playbook
Link copied to clipboard
Link copied to clipboard
data class AWSAuthModelResponse(val externalId: String? = null, val roleArn: String, val type: String)
Model for API authentication with AWS.
Link copied to clipboard
data class AwsCloudTrailDataConnectorDataTypesResponse(val logs: AwsCloudTrailDataConnectorDataTypesResponseLogs? = null)
The available data types for Amazon Web Services CloudTrail data connector.
Link copied to clipboard
Logs data type.
Link copied to clipboard
data class AzureDevOpsResourceInfoResponse(val pipelineId: String? = null, val serviceConnectionId: String? = null)
Resources created in Azure DevOps repository.
Link copied to clipboard
Model for API authentication with basic flow - user name + password.
Link copied to clipboard
data class BookmarkTimelineItemResponse(val azureResourceId: String, val createdBy: UserInfoResponse? = null, val displayName: String? = null, val endTimeUtc: String? = null, val eventTime: String? = null, val kind: String, val labels: List<String>? = null, val notes: String? = null, val startTimeUtc: String? = null)
Represents bookmark timeline item.
Link copied to clipboard
data class BooleanConditionPropertiesResponse(val conditionProperties: AutomationRuleBooleanConditionResponse? = null, val conditionType: String)
Describes an automation rule condition that applies a boolean operator (e.g AND, OR) to conditions
Link copied to clipboard
data class CcpResponseConfigResponse(val compressionAlgo: String? = null, val convertChildPropertiesToArray: Boolean? = null, val csvDelimiter: String? = null, val csvEscape: String? = null, val eventsJsonPaths: List<String>, val format: String? = null, val hasCsvBoundary: Boolean? = null, val hasCsvHeader: Boolean? = null, val isGzipCompressed: Boolean? = null, val successStatusJsonPath: String? = null, val successStatusValue: String? = null)
A custom response configuration for a rule.
Link copied to clipboard
data class ClientInfoResponse(val email: String? = null, val name: String? = null, val objectId: String? = null, val userPrincipalName: String? = null)
Information on the client (user or application) that made some action
Link copied to clipboard
The criteria by which we determine whether the connector is connected or not. For Example, use a KQL query to check if the expected data type is flowing).
Link copied to clipboard
The data type which is created by the connector, including a query indicated when was the last time that data type was received in the workspace.
Link copied to clipboard
data class ConnectorDefinitionsAvailabilityResponse(val isPreview: Boolean? = null, val status: Int? = null)
The exposure status of the connector to the customers.
Link copied to clipboard
data class ConnectorDefinitionsPermissionsResponse(val customs: List<CustomPermissionDetailsResponse>? = null, val licenses: List<String>? = null, val resourceProvider: List<ConnectorDefinitionsResourceProviderResponse>? = null, val tenant: List<String>? = null)
The required Permissions for the connector.
Link copied to clipboard
data class ConnectorDefinitionsResourceProviderResponse(val permissionsDisplayText: String, val provider: String, val providerDisplayName: String, val requiredPermissions: ResourceProviderRequiredPermissionsResponse, val scope: String)
The resource provider details include the required permissions for the user to create connections. The user should have the required permissions(Read\Write, ..) in the specified scope ProviderPermissionsScope against the specified resource provider.
Link copied to clipboard
The mapping of content type to a repo path.
Link copied to clipboard
data class CustomizableConnectionsConfigResponse(val templateSpecName: String, val templateSpecVersion: String)
The UiConfig for 'Customizable' connector definition kind.
Link copied to clipboard
data class CustomizableConnectorUiConfigResponse(val availability: ConnectorDefinitionsAvailabilityResponse? = null, val connectivityCriteria: List<ConnectivityCriterionResponse>, val dataTypes: List<ConnectorDataTypeResponse>, val descriptionMarkdown: String, val graphQueries: List<GraphQueryResponse>, val id: String? = null, val instructionSteps: List<InstructionStepResponse>, val isConnectivityCriteriasMatchSome: Boolean? = null, val logo: String? = null, val permissions: ConnectorDefinitionsPermissionsResponse, val publisher: String, val title: String)
The UiConfig for 'Customizable' connector definition kind.
Link copied to clipboard
The Custom permissions required for the connector.
Link copied to clipboard
Common field for data type in data connectors.
Link copied to clipboard
data class DCRConfigurationResponse(val dataCollectionEndpoint: String, val dataCollectionRuleImmutableId: String, val streamName: String)
The configuration of the destination of the data.
Link copied to clipboard
data class DeploymentInfoResponse(val deployment: DeploymentResponse? = null, val deploymentFetchStatus: String? = null, val message: String? = null)
Information regarding a deployment.
Link copied to clipboard
Link copied to clipboard
data class EnrichmentDomainWhoisContactResponse(val city: String? = null, val country: String? = null, val email: String? = null, val fax: String? = null, val name: String? = null, val org: String? = null, val phone: String? = null, val postal: String? = null, val state: String? = null, val street: List<String>? = null)
An individual contact associated with this domain
Link copied to clipboard
data class EnrichmentDomainWhoisContactsResponse(val admin: EnrichmentDomainWhoisContactResponse? = null, val billing: EnrichmentDomainWhoisContactResponse? = null, val registrant: EnrichmentDomainWhoisContactResponse? = null, val tech: EnrichmentDomainWhoisContactResponse? = null)
The set of contacts associated with this domain
Link copied to clipboard
data class EnrichmentDomainWhoisDetailsResponse(val contacts: EnrichmentDomainWhoisContactsResponse? = null, val nameServers: List<String>? = null, val registrar: EnrichmentDomainWhoisRegistrarDetailsResponse? = null, val statuses: List<String>? = null)
The whois record for a given domain
Link copied to clipboard
Link copied to clipboard
data class EntityInsightItemResponse(val chartQueryResults: List<InsightsTableResultResponse>? = null, val queryId: String? = null, val queryTimeInterval: EntityInsightItemResponseQueryTimeInterval? = null, val tableQueryResults: InsightsTableResultResponse? = null)
Entity insight Item.
Link copied to clipboard
data class EntityInsightItemResponseQueryTimeInterval(val endTime: String? = null, val startTime: String? = null)
The Time interval that the query actually executed on.
Link copied to clipboard
data class EntityMappingResponse(val entityType: String? = null, val fieldMappings: List<FieldMappingResponse>? = null)
Single entity mapping for the alert rule
Link copied to clipboard
Event grouping settings property bag.
Link copied to clipboard
A single field mapping of the mapped entity
Link copied to clipboard
Link copied to clipboard
data class GCPAuthModelResponse(val projectNumber: String, val serviceAccountEmail: String, val type: String, val workloadIdentityProviderId: String)
Model for API authentication for all GCP kind connectors.
Link copied to clipboard
Link copied to clipboard
data class GetAADDataConnectorResult(val azureApiVersion: String, val dataTypes: AlertsDataTypeOfDataConnectorResponse? = null, val etag: String? = null, val id: String, val kind: String, val name: String, val systemData: SystemDataResponse, val tenantId: String? = null, val type: String)
Represents AAD (Azure Active Directory) data connector.
Link copied to clipboard
data class GetAATPDataConnectorResult(val azureApiVersion: String, val dataTypes: AlertsDataTypeOfDataConnectorResponse? = null, val etag: String? = null, val id: String, val kind: String, val name: String, val systemData: SystemDataResponse, val tenantId: String? = null, val type: String)
Represents AATP (Azure Advanced Threat Protection) data connector.
Link copied to clipboard
data class GetActionResult(val azureApiVersion: String, val etag: String? = null, val id: String, val logicAppResourceId: String, val name: String, val systemData: SystemDataResponse, val type: String, val workflowId: String? = null)
Action for alert rule.
Link copied to clipboard
data class GetActivityCustomEntityQueryResult(val azureApiVersion: String, val content: String? = null, val createdTimeUtc: String, val description: String? = null, val enabled: Boolean? = null, val entitiesFilter: Map<String, List<String>>? = null, val etag: String? = null, val id: String, val inputEntityType: String? = null, val kind: String, val lastModifiedTimeUtc: String, val name: String, val queryDefinitions: ActivityEntityQueriesPropertiesResponseQueryDefinitions? = null, val requiredInputFieldsSets: List<List<String>>? = null, val systemData: SystemDataResponse, val templateName: String? = null, val title: String? = null, val type: String)
Represents Activity entity query.
Link copied to clipboard
data class GetAnomaliesResult(val azureApiVersion: String, val etag: String? = null, val id: String, val isEnabled: Boolean, val kind: String, val name: String, val systemData: SystemDataResponse, val type: String)
Settings with single toggle.
Link copied to clipboard
data class GetAnomalySecurityMLAnalyticsSettingsResult(val anomalySettingsVersion: Int? = null, val anomalyVersion: String, val azureApiVersion: String, val customizableObservations: Any? = null, val description: String? = null, val displayName: String, val enabled: Boolean, val etag: String? = null, val frequency: String, val id: String, val isDefaultSettings: Boolean, val kind: String, val lastModifiedUtc: String, val name: String, val requiredDataConnectors: List<SecurityMLAnalyticsSettingsDataSourceResponse>? = null, val settingsDefinitionId: String? = null, val settingsStatus: String, val systemData: SystemDataResponse, val tactics: List<String>? = null, val techniques: List<String>? = null, val type: String)
Represents Anomaly Security ML Analytics Settings
Link copied to clipboard
data class GetASCDataConnectorResult(val azureApiVersion: String, val dataTypes: AlertsDataTypeOfDataConnectorResponse? = null, val etag: String? = null, val id: String, val kind: String, val name: String, val subscriptionId: String? = null, val systemData: SystemDataResponse, val type: String)
Represents ASC (Azure Security Center) data connector.
Link copied to clipboard
data class GetAutomationRuleResult(val actions: List<Any>, val azureApiVersion: String, val createdBy: ClientInfoResponse, val createdTimeUtc: String, val displayName: String, val etag: String? = null, val id: String, val lastModifiedBy: ClientInfoResponse, val lastModifiedTimeUtc: String, val name: String, val order: Int, val systemData: SystemDataResponse, val triggeringLogic: AutomationRuleTriggeringLogicResponse, val type: String)
Link copied to clipboard
data class GetAwsCloudTrailDataConnectorResult(val awsRoleArn: String? = null, val azureApiVersion: String, val dataTypes: AwsCloudTrailDataConnectorDataTypesResponse? = null, val etag: String? = null, val id: String, val kind: String, val name: String, val systemData: SystemDataResponse, val type: String)
Represents Amazon Web Services CloudTrail data connector.
Link copied to clipboard
data class GetBookmarkRelationResult(val azureApiVersion: String, val etag: String? = null, val id: String, val name: String, val relatedResourceId: String, val relatedResourceKind: String, val relatedResourceName: String, val relatedResourceType: String, val systemData: SystemDataResponse, val type: String)
Represents a relation between two resources
Link copied to clipboard
data class GetBookmarkResult(val azureApiVersion: String, val created: String? = null, val createdBy: UserInfoResponse? = null, val displayName: String, val etag: String? = null, val eventTime: String? = null, val id: String, val incidentInfo: IncidentInfoResponse? = null, val labels: List<String>? = null, val name: String, val notes: String? = null, val query: String, val queryEndTime: String? = null, val queryResult: String? = null, val queryStartTime: String? = null, val systemData: SystemDataResponse, val type: String, val updated: String? = null, val updatedBy: UserInfoResponse? = null)
Represents a bookmark in Azure Security Insights.
Link copied to clipboard
data class GetBusinessApplicationAgentResult(val agentSystems: List<AgentSystemResponse>, val azureApiVersion: String, val configuration: SapAgentConfigurationResponse, val displayName: String, val etag: String? = null, val id: String, val lastModifiedTimeUtc: String, val name: String, val systemData: SystemDataResponse, val type: String)
Describes the configuration of a Business Application Agent.
Link copied to clipboard
data class GetContentPackageResult(val author: MetadataAuthorResponse? = null, val azureApiVersion: String, val categories: MetadataCategoriesResponse? = null, val contentId: String, val contentKind: String, val contentProductId: String, val contentSchemaVersion: String? = null, val dependencies: MetadataDependenciesResponse? = null, val description: String? = null, val displayName: String, val etag: String? = null, val firstPublishDate: String? = null, val icon: String? = null, val id: String, val isDeprecated: String? = null, val isFeatured: String? = null, val isNew: String? = null, val isPreview: String? = null, val lastPublishDate: String? = null, val name: String, val providers: List<String>? = null, val publisherDisplayName: String? = null, val source: MetadataSourceResponse? = null, val support: MetadataSupportResponse? = null, val systemData: SystemDataResponse, val threatAnalysisTactics: List<String>? = null, val threatAnalysisTechniques: List<String>? = null, val type: String, val version: String)
Represents a Package in Azure Security Insights.
Link copied to clipboard
data class GetContentTemplateResult(val author: MetadataAuthorResponse? = null, val azureApiVersion: String, val categories: MetadataCategoriesResponse? = null, val contentId: String, val contentKind: String, val contentProductId: String, val contentSchemaVersion: String? = null, val customVersion: String? = null, val dependantTemplates: List<TemplatePropertiesResponse>, val dependencies: MetadataDependenciesResponse? = null, val displayName: String, val etag: String? = null, val firstPublishDate: String? = null, val icon: String? = null, val id: String, val isDeprecated: String, val lastPublishDate: String? = null, val mainTemplate: Any? = null, val name: String, val packageId: String, val packageKind: String? = null, val packageName: String? = null, val packageVersion: String, val previewImages: List<String>? = null, val previewImagesDark: List<String>? = null, val providers: List<String>? = null, val source: MetadataSourceResponse, val support: MetadataSupportResponse? = null, val systemData: SystemDataResponse, val threatAnalysisTactics: List<String>? = null, val threatAnalysisTechniques: List<String>? = null, val type: String, val version: String)
Template resource definition.
Link copied to clipboard
data class GetCustomizableConnectorDefinitionResult(val azureApiVersion: String, val connectionsConfig: CustomizableConnectionsConfigResponse? = null, val connectorUiConfig: CustomizableConnectorUiConfigResponse, val createdTimeUtc: String? = null, val etag: String? = null, val id: String, val kind: String, val lastModifiedUtc: String? = null, val name: String, val systemData: SystemDataResponse, val type: String)
Connector definition for kind 'Customizable'.
Link copied to clipboard
data class GetEntitiesGetTimelineResult(val metaData: TimelineResultsMetadataResponse? = null, val value: List<Any>? = null)
The entity timeline result operation response.
Link copied to clipboard
data class GetEntityAnalyticsResult(val azureApiVersion: String, val entityProviders: List<String>? = null, val etag: String? = null, val id: String, val kind: String, val name: String, val systemData: SystemDataResponse, val type: String)
Settings with single toggle.
Link copied to clipboard
data class GetEntityInsightsResult(val metaData: GetInsightsResultsMetadataResponse? = null, val value: List<EntityInsightItemResponse>? = null)
The Get Insights result operation response.
Link copied to clipboard
data class GetEyesOnResult(val azureApiVersion: String, val etag: String? = null, val id: String, val isEnabled: Boolean, val kind: String, val name: String, val systemData: SystemDataResponse, val type: String)
Settings with single toggle.
Link copied to clipboard
data class GetFileImportResult(val azureApiVersion: String, val contentType: String, val createdTimeUTC: String, val errorFile: FileMetadataResponse, val errorsPreview: List<ValidationErrorResponse>, val filesValidUntilTimeUTC: String, val id: String, val importFile: FileMetadataResponse, val importValidUntilTimeUTC: String, val ingestedRecordCount: Int, val ingestionMode: String, val name: String, val source: String, val state: String, val systemData: SystemDataResponse, val totalRecordCount: Int, val type: String, val validRecordCount: Int)
Represents a file import in Azure Security Insights.
Link copied to clipboard
data class GetFusionAlertRuleResult(val alertRuleTemplateName: String, val azureApiVersion: String, val description: String, val displayName: String, val enabled: Boolean, val etag: String? = null, val id: String, val kind: String, val lastModifiedUtc: String, val name: String, val severity: String, val systemData: SystemDataResponse, val tactics: List<String>, val techniques: List<String>, val type: String)
Represents Fusion alert rule.
Link copied to clipboard
data class GetHuntCommentResult(val azureApiVersion: String, val etag: String? = null, val id: String, val message: String, val name: String, val systemData: SystemDataResponse, val type: String)
Represents a Hunt Comment in Azure Security Insights
Link copied to clipboard
data class GetHuntRelationResult(val azureApiVersion: String, val etag: String? = null, val id: String, val labels: List<String>? = null, val name: String, val relatedResourceId: String, val relatedResourceKind: String, val relatedResourceName: String, val relationType: String, val systemData: SystemDataResponse, val type: String)
Represents a Hunt Relation in Azure Security Insights.
Link copied to clipboard
data class GetHuntResult(val attackTactics: List<String>? = null, val attackTechniques: List<String>? = null, val azureApiVersion: String, val description: String, val displayName: String, val etag: String? = null, val hypothesisStatus: String? = null, val id: String, val labels: List<String>? = null, val name: String, val owner: HuntOwnerResponse? = null, val status: String? = null, val systemData: SystemDataResponse, val type: String)
Represents a Hunt in Azure Security Insights.
Link copied to clipboard
data class GetIncidentCommentResult(val author: ClientInfoResponse, val azureApiVersion: String, val createdTimeUtc: String, val etag: String? = null, val id: String, val lastModifiedTimeUtc: String, val message: String, val name: String, val systemData: SystemDataResponse, val type: String)
Represents an incident comment
Link copied to clipboard
data class GetIncidentRelationResult(val azureApiVersion: String, val etag: String? = null, val id: String, val name: String, val relatedResourceId: String, val relatedResourceKind: String, val relatedResourceName: String, val relatedResourceType: String, val systemData: SystemDataResponse, val type: String)
Represents a relation between two resources
Link copied to clipboard
data class GetIncidentResult(val additionalData: IncidentAdditionalDataResponse, val azureApiVersion: String, val classification: String? = null, val classificationComment: String? = null, val classificationReason: String? = null, val createdTimeUtc: String, val description: String? = null, val etag: String? = null, val firstActivityTimeUtc: String? = null, val id: String, val incidentNumber: Int, val incidentUrl: String, val labels: List<IncidentLabelResponse>? = null, val lastActivityTimeUtc: String? = null, val lastModifiedTimeUtc: String, val name: String, val owner: IncidentOwnerInfoResponse? = null, val providerIncidentId: String, val providerName: String, val relatedAnalyticRuleIds: List<String>, val severity: String, val status: String, val systemData: SystemDataResponse, val title: String, val type: String)
Represents an incident in Azure Security Insights.
Link copied to clipboard
data class GetIncidentTaskResult(val azureApiVersion: String, val createdBy: ClientInfoResponse? = null, val createdTimeUtc: String, val description: String? = null, val etag: String? = null, val id: String, val lastModifiedBy: ClientInfoResponse? = null, val lastModifiedTimeUtc: String, val name: String, val status: String, val systemData: SystemDataResponse, val title: String, val type: String)
Describes incident task properties
Link copied to clipboard
data class GetInsightsErrorKindResponse(val errorMessage: String, val kind: String, val queryId: String? = null)
GetInsights Query Errors.
Link copied to clipboard
data class GetInsightsResultsMetadataResponse(val errors: List<GetInsightsErrorKindResponse>? = null, val totalCount: Int)
Get Insights result metadata.
Link copied to clipboard
data class GetMCASDataConnectorResult(val azureApiVersion: String, val dataTypes: MCASDataConnectorDataTypesResponse? = null, val etag: String? = null, val id: String, val kind: String, val name: String, val systemData: SystemDataResponse, val tenantId: String? = null, val type: String)
Represents MCAS (Microsoft Cloud App Security) data connector.
Link copied to clipboard
data class GetMDATPDataConnectorResult(val azureApiVersion: String, val dataTypes: AlertsDataTypeOfDataConnectorResponse? = null, val etag: String? = null, val id: String, val kind: String, val name: String, val systemData: SystemDataResponse, val tenantId: String? = null, val type: String)
Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.
Link copied to clipboard
data class GetMetadataResult(val author: MetadataAuthorResponse? = null, val azureApiVersion: String, val categories: MetadataCategoriesResponse? = null, val contentId: String? = null, val contentSchemaVersion: String? = null, val customVersion: String? = null, val dependencies: MetadataDependenciesResponse? = null, val etag: String? = null, val firstPublishDate: String? = null, val icon: String? = null, val id: String, val kind: String, val lastPublishDate: String? = null, val name: String, val parentId: String, val previewImages: List<String>? = null, val previewImagesDark: List<String>? = null, val providers: List<String>? = null, val source: MetadataSourceResponse? = null, val support: MetadataSupportResponse? = null, val systemData: SystemDataResponse, val threatAnalysisTactics: List<String>? = null, val threatAnalysisTechniques: List<String>? = null, val type: String, val version: String? = null)
Metadata resource definition.
Link copied to clipboard
data class GetMicrosoftSecurityIncidentCreationAlertRuleResult(val alertRuleTemplateName: String? = null, val azureApiVersion: String, val description: String? = null, val displayName: String, val displayNamesExcludeFilter: List<String>? = null, val displayNamesFilter: List<String>? = null, val enabled: Boolean, val etag: String? = null, val id: String, val kind: String, val lastModifiedUtc: String, val name: String, val productFilter: String, val severitiesFilter: List<String>? = null, val systemData: SystemDataResponse, val type: String)
Represents MicrosoftSecurityIncidentCreation rule.
Link copied to clipboard
data class GetMSTIDataConnectorResult(val azureApiVersion: String, val dataTypes: MSTIDataConnectorDataTypesResponse, val etag: String? = null, val id: String, val kind: String, val name: String, val systemData: SystemDataResponse, val tenantId: String? = null, val type: String)
Represents Microsoft Threat Intelligence data connector.
Link copied to clipboard
data class GetOfficeDataConnectorResult(val azureApiVersion: String, val dataTypes: OfficeDataConnectorDataTypesResponse? = null, val etag: String? = null, val id: String, val kind: String, val name: String, val systemData: SystemDataResponse, val tenantId: String? = null, val type: String)
Represents office data connector.
Link copied to clipboard
data class GetPremiumMicrosoftDefenderForThreatIntelligenceResult(val azureApiVersion: String, val dataTypes: PremiumMdtiDataConnectorDataTypesResponse, val etag: String? = null, val id: String, val kind: String, val lookbackPeriod: String, val name: String, val requiredSKUsPresent: Boolean? = null, val systemData: SystemDataResponse, val tenantId: String? = null, val type: String)
Represents Premium Microsoft Defender for Threat Intelligence data connector.
Link copied to clipboard
data class GetRestApiPollerDataConnectorResult(val addOnAttributes: Map<String, String>? = null, val auth: Any, val azureApiVersion: String, val connectorDefinitionName: String, val dataType: String? = null, val dcrConfig: DCRConfigurationResponse? = null, val etag: String? = null, val id: String, val isActive: Boolean? = null, val kind: String, val name: String, val paging: RestApiPollerRequestPagingConfigResponse? = null, val request: RestApiPollerRequestConfigResponse, val response: CcpResponseConfigResponse? = null, val systemData: SystemDataResponse, val type: String)
Represents Rest Api Poller data connector.
Link copied to clipboard
data class GetScheduledAlertRuleResult(val alertDetailsOverride: AlertDetailsOverrideResponse? = null, val alertRuleTemplateName: String? = null, val azureApiVersion: String, val customDetails: Map<String, String>? = null, val description: String? = null, val displayName: String, val enabled: Boolean, val entityMappings: List<EntityMappingResponse>? = null, val etag: String? = null, val eventGroupingSettings: EventGroupingSettingsResponse? = null, val id: String, val incidentConfiguration: IncidentConfigurationResponse? = null, val kind: String, val lastModifiedUtc: String, val name: String, val query: String, val queryFrequency: String, val queryPeriod: String, val severity: String, val suppressionDuration: String, val suppressionEnabled: Boolean, val systemData: SystemDataResponse, val tactics: List<String>? = null, val techniques: List<String>? = null, val templateVersion: String? = null, val triggerOperator: String, val triggerThreshold: Int, val type: String)
Represents scheduled alert rule.
Link copied to clipboard
data class GetSentinelOnboardingStateResult(val azureApiVersion: String, val customerManagedKey: Boolean? = null, val etag: String? = null, val id: String, val name: String, val systemData: SystemDataResponse, val type: String)
Sentinel onboarding state
Link copied to clipboard
data class GetSourceControlResult(val azureApiVersion: String, val contentTypes: List<String>, val description: String? = null, val displayName: String, val etag: String? = null, val id: String, val lastDeploymentInfo: DeploymentInfoResponse? = null, val name: String, val repoType: String, val repository: RepositoryResponse, val repositoryResourceInfo: RepositoryResourceInfoResponse? = null, val systemData: SystemDataResponse, val type: String, val version: String? = null)
Represents a SourceControl in Azure Security Insights.
Link copied to clipboard
data class GetSystemResult(val azureApiVersion: String, val configuration: SapSystemsConfigurationResponse, val displayName: String, val etag: String? = null, val id: String, val lastModifiedTimeUtc: String, val name: String, val status: String? = null, val systemData: SystemDataResponse, val type: String)
Describes the system within the agent.
Link copied to clipboard
data class GetThreatIntelligenceIndicatorResult(val azureApiVersion: String, val etag: String? = null, val id: String, val kind: String, val name: String, val systemData: SystemDataResponse, val type: String)
Threat intelligence information object.
Link copied to clipboard
data class GetTIDataConnectorResult(val azureApiVersion: String, val dataTypes: TIDataConnectorDataTypesResponse? = null, val etag: String? = null, val id: String, val kind: String, val name: String, val systemData: SystemDataResponse, val tenantId: String? = null, val tipLookbackPeriod: String? = null, val type: String)
Represents threat intelligence data connector.
Link copied to clipboard
data class GetUebaResult(val azureApiVersion: String, val dataSources: List<String>? = null, val etag: String? = null, val id: String, val kind: String, val name: String, val systemData: SystemDataResponse, val type: String)
Settings with single toggle.
Link copied to clipboard
data class GetWatchlistItemResult(val azureApiVersion: String, val created: String? = null, val createdBy: WatchlistUserInfoResponse? = null, val entityMapping: Any? = null, val etag: String? = null, val id: String, val isDeleted: Boolean? = null, val itemsKeyValue: Any, val name: String, val systemData: SystemDataResponse, val tenantId: String? = null, val type: String, val updated: String? = null, val updatedBy: WatchlistUserInfoResponse? = null, val watchlistItemId: String? = null, val watchlistItemType: String? = null)
Represents a Watchlist Item in Azure Security Insights.
Link copied to clipboard
data class GetWatchlistResult(val azureApiVersion: String, val contentType: String? = null, val created: String? = null, val createdBy: WatchlistUserInfoResponse? = null, val defaultDuration: String? = null, val description: String? = null, val displayName: String, val etag: String? = null, val id: String, val isDeleted: Boolean? = null, val itemsSearchKey: String, val labels: List<String>? = null, val name: String, val numberOfLinesToSkip: Int? = null, val provider: String, val provisioningState: String, val rawContent: String? = null, val source: String? = null, val sourceType: String? = null, val systemData: SystemDataResponse, val tenantId: String? = null, val type: String, val updated: String? = null, val updatedBy: WatchlistUserInfoResponse? = null, val uploadStatus: String? = null, val watchlistAlias: String? = null, val watchlistId: String? = null, val watchlistType: String? = null)
Represents a Watchlist in Azure Security Insights.
Link copied to clipboard
data class GetWorkspaceManagerAssignmentResult(val azureApiVersion: String, val etag: String, val id: String, val items: List<AssignmentItemResponse>, val lastJobEndTime: String, val lastJobProvisioningState: String, val name: String, val systemData: SystemDataResponse, val targetResourceName: String, val type: String)
The workspace manager assignment
Link copied to clipboard
data class GetWorkspaceManagerConfigurationResult(val azureApiVersion: String, val etag: String, val id: String, val mode: String, val name: String, val systemData: SystemDataResponse, val type: String)
The workspace manager configuration
Link copied to clipboard
data class GetWorkspaceManagerGroupResult(val azureApiVersion: String, val description: String? = null, val displayName: String, val etag: String, val id: String, val memberResourceNames: List<String>, val name: String, val systemData: SystemDataResponse, val type: String)
The workspace manager group
Link copied to clipboard
data class GetWorkspaceManagerMemberResult(val azureApiVersion: String, val etag: String, val id: String, val name: String, val systemData: SystemDataResponse, val targetWorkspaceResourceId: String, val targetWorkspaceTenantId: String, val type: String)
The workspace manager member
Link copied to clipboard
Model for API authentication for GitHub. For this authentication first we need to approve the Router app (Microsoft Security DevOps) to access the GitHub account, Then we only need the InstallationId to get the access token from https://api.github.com/app/installations/{installId}/access_tokens.
Link copied to clipboard
Resources created in GitHub repository.
Link copied to clipboard
The graph query to show the volume of data arriving into the workspace over time.
Link copied to clipboard
data class GroupingConfigurationResponse(val enabled: Boolean, val groupByAlertDetails: List<String>? = null, val groupByCustomDetails: List<String>? = null, val groupByEntities: List<String>? = null, val lookbackDuration: String, val matchingMethod: String, val reopenClosedIncident: Boolean)
Grouping configuration property bag.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
data class IncidentConfigurationResponse(val createIncident: Boolean, val groupingConfiguration: GroupingConfigurationResponse? = null)
Incident Configuration property bag.
Link copied to clipboard
data class IncidentInfoResponse(val incidentId: String? = null, val relationName: String? = null, val severity: String? = null, val title: String? = null)
Describes related incident information for the bookmark
Link copied to clipboard
Represents an incident label
Link copied to clipboard
Link copied to clipboard
data class IncidentPropertiesActionResponse(val classification: String? = null, val classificationComment: String? = null, val classificationReason: String? = null, val labels: List<IncidentLabelResponse>? = null, val owner: IncidentOwnerInfoResponse? = null, val severity: String? = null, val status: String? = null)
Link copied to clipboard
data class InsightsTableResultResponse(val columns: List<InsightsTableResultResponseColumns>? = null, val rows: List<List<String>>? = null)
Query results for table insights query.
Link copied to clipboard
Link copied to clipboard
Instruction step details, to be displayed in the Instructions steps section in the connector's page in Sentinel Portal.
Link copied to clipboard
data class InstructionStepResponse(val description: String? = null, val innerSteps: List<InstructionStepResponse>? = null, val instructions: List<InstructionStepDetailsResponse>? = null, val title: String? = null)
Instruction steps to enable the connector.
Link copied to clipboard
data class JwtAuthModelResponse(val headers: Map<String, String>? = null, val isCredentialsInHeaders: Boolean? = null, val isJsonRequest: Boolean? = null, val password: Map<String, String>, val queryParameters: Map<String, String>? = null, val requestTimeoutInSeconds: Int? = null, val tokenEndpoint: String, val type: String, val userName: Map<String, String>)
Model for API authentication with JWT. Simple exchange between user name + password to access token.
Link copied to clipboard
data class ListGeodataByIpResult(val asn: String? = null, val carrier: String? = null, val city: String? = null, val cityConfidenceFactor: Int? = null, val continent: String? = null, val country: String? = null, val countryConfidenceFactor: Int? = null, val ipAddr: String? = null, val ipRoutingType: String? = null, val latitude: String? = null, val longitude: String? = null, val organization: String? = null, val organizationType: String? = null, val region: String? = null, val state: String? = null, val stateCode: String? = null, val stateConfidenceFactor: Int? = null)
Geodata information for a given IP address
Link copied to clipboard
List all the source controls.
Link copied to clipboard
data class ListSystemActionsResult(val nextLink: String? = null, val value: List<Either<LockUserActionResponse, UnlockUserActionResponse>>)
List all actions for a system to perform.
Link copied to clipboard
data class ListWhoisByDomainResult(val created: String? = null, val domain: String? = null, val expires: String? = null, val parsedWhois: EnrichmentDomainWhoisDetailsResponse? = null, val server: String? = null, val updated: String? = null)
Whois information for a given domain and associated metadata
Link copied to clipboard
data class LockUserActionResponse(val failureReason: String? = null, val kind: String, val user: String? = null)
Represents lock user action.
Link copied to clipboard
Link copied to clipboard
data class MCASDataConnectorDataTypesResponse(val alerts: DataConnectorDataTypeCommonResponse? = null, val discoveryLogs: DataConnectorDataTypeCommonResponse? = null)
The available data types for MCAS (Microsoft Cloud App Security) data connector.
Link copied to clipboard
data class MetadataAuthorResponse(val email: String? = null, val link: String? = null, val name: String? = null)
Publisher or creator of the content item.
Link copied to clipboard
data class MetadataCategoriesResponse(val domains: List<String>? = null, val verticals: List<String>? = null)
ies for the solution content item
Link copied to clipboard
data class MetadataDependenciesResponse(val contentId: String? = null, val criteria: List<MetadataDependenciesResponse>? = null, val kind: String? = null, val name: String? = null, val operator: String? = null, val version: String? = null)
Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.
Link copied to clipboard
data class MetadataSourceResponse(val kind: String, val name: String? = null, val sourceId: String? = null)
The original source of the content item, where it comes from.
Link copied to clipboard
data class MetadataSupportResponse(val email: String? = null, val link: String? = null, val name: String? = null, val tier: String)
Support information for the content item.
Link copied to clipboard
data class MSTIDataConnectorDataTypesResponse(val microsoftEmergingThreatFeed: MSTIDataConnectorDataTypesResponseMicrosoftEmergingThreatFeed)
The available data types for Microsoft Threat Intelligence data connector.
Link copied to clipboard
data class MSTIDataConnectorDataTypesResponseMicrosoftEmergingThreatFeed(val lookbackPeriod: String, val state: String? = null)
Data type for Microsoft Threat Intelligence data connector.
Link copied to clipboard
Model for API authentication with no authentication method - public API.
Link copied to clipboard
data class OAuthModelResponse(val accessTokenPrepend: String? = null, val authorizationCode: String? = null, val authorizationEndpoint: String? = null, val authorizationEndpointHeaders: Map<String, String>? = null, val authorizationEndpointQueryParameters: Map<String, String>? = null, val clientId: String, val clientSecret: String, val grantType: String, val isCredentialsInHeaders: Boolean? = null, val isJwtBearerFlow: Boolean? = null, val redirectUri: String? = null, val scope: String? = null, val tokenEndpoint: String, val tokenEndpointHeaders: Map<String, String>? = null, val tokenEndpointQueryParameters: Map<String, String>? = null, val type: String)
Model for API authentication with OAuth2.
Link copied to clipboard
data class OfficeDataConnectorDataTypesResponse(val exchange: OfficeDataConnectorDataTypesResponseExchange? = null, val sharePoint: OfficeDataConnectorDataTypesResponseSharePoint? = null, val teams: OfficeDataConnectorDataTypesResponseTeams? = null)
The available data types for office data connector.
Link copied to clipboard
Exchange data type connection.
Link copied to clipboard
SharePoint data type connection.
Link copied to clipboard
Teams data type connection.
Link copied to clipboard
Link copied to clipboard
data class PlaybookActionPropertiesResponse(val logicAppResourceId: String, val tenantId: String? = null)
Link copied to clipboard
data class PremiumMdtiDataConnectorDataTypesResponse(val connector: PremiumMdtiDataConnectorDataTypesResponseConnector)
The available data types for Premium Microsoft Defender for Threat Intelligence data connector.
Link copied to clipboard
Data type for Premium Microsoft Defender for Threat Intelligence data connector.
Link copied to clipboard
data class PropertyArrayChangedConditionPropertiesResponse(val conditionProperties: AutomationRulePropertyArrayChangedValuesConditionResponse? = null, val conditionType: String)
Describes an automation rule condition that evaluates an array property's value change
Link copied to clipboard
data class PropertyArrayConditionPropertiesResponse(val conditionProperties: AutomationRulePropertyArrayValuesConditionResponse? = null, val conditionType: String)
Describes an automation rule condition that evaluates an array property's value
Link copied to clipboard
data class PropertyChangedConditionPropertiesResponse(val conditionProperties: AutomationRulePropertyValuesChangedConditionResponse? = null, val conditionType: String)
Describes an automation rule condition that evaluates a property's value change
Link copied to clipboard
data class PropertyConditionPropertiesResponse(val conditionProperties: AutomationRulePropertyValuesConditionResponse? = null, val conditionType: String)
Describes an automation rule condition that evaluates a property's value
Link copied to clipboard
Link copied to clipboard
data class RepositoryResourceInfoResponse(val azureDevOpsResourceInfo: AzureDevOpsResourceInfoResponse? = null, val gitHubResourceInfo: GitHubResourceInfoResponse? = null, val webhook: WebhookResponse? = null)
Resources created in user's repository for the source-control.
Link copied to clipboard
data class RepositoryResponse(val branch: String? = null, val deploymentLogsUrl: String? = null, val displayUrl: String? = null, val pathMapping: List<ContentPathMapResponse>? = null, val url: String? = null)
metadata of a repository.
Link copied to clipboard
data class ResourceProviderRequiredPermissionsResponse(val action: Boolean? = null, val delete: Boolean? = null, val read: Boolean? = null, val write: Boolean? = null)
Required permissions for the connector resource provider that define in ResourceProviders. For more information about the permissions see
Link copied to clipboard
data class RestApiPollerRequestConfigResponse(val apiEndpoint: String, val endTimeAttributeName: String? = null, val headers: Map<String, String>? = null, val httpMethod: String? = null, val isPostPayloadJson: Boolean? = null, val queryParameters: Any? = null, val queryParametersTemplate: String? = null, val queryTimeFormat: String? = null, val queryTimeIntervalAttributeName: String? = null, val queryTimeIntervalDelimiter: String? = null, val queryTimeIntervalPrepend: String? = null, val queryWindowInMin: Int? = null, val rateLimitQPS: Int? = null, val retryCount: Int? = null, val startTimeAttributeName: String? = null, val timeoutInSeconds: Int? = null)
The request configuration.
Link copied to clipboard
data class RestApiPollerRequestPagingConfigResponse(val pageSize: Int? = null, val pageSizeParameterName: String? = null, val pagingType: String)
The request paging configuration.
Link copied to clipboard
data class RfcConnectorResponse(val abapServerHost: String? = null, val authenticationType: String? = null, val client: String, val codePage: String? = null, val group: String? = null, val messageServerHost: String? = null, val messageServerService: String? = null, val sncQop: String? = null, val systemId: String, val systemNumber: String, val type: String)
Describes the Rfc connector.
Link copied to clipboard
data class SapAgentConfigurationResponse(val agentContainerName: String? = null, val keyVaultAuthenticationMode: String? = null, val keyVaultResourceId: String? = null, val sdkPath: String? = null, val secretSource: String? = null, val sncPath: String? = null, val type: String)
Describes the configuration of a SAP Docker agent.
Link copied to clipboard
Link copied to clipboard
data class SapSystemsConfigurationResponse(val azureResourceId: String? = null, val connector: Either<RfcConnectorResponse, SapControlConnectorResponse>, val logs: List<LogResponse>? = null, val type: String)
Describes the SAP configuration.
Link copied to clipboard
data class SecurityAlertTimelineItemResponse(val alertType: String, val azureResourceId: String, val description: String? = null, val displayName: String, val endTimeUtc: String, val intent: String, val kind: String, val productName: String? = null, val severity: String, val startTimeUtc: String, val techniques: List<String>? = null, val timeGenerated: String)
Represents security alert timeline item.
Link copied to clipboard
data class SecurityMLAnalyticsSettingsDataSourceResponse(val connectorId: String? = null, val dataTypes: List<String>? = null)
security ml analytics settings data sources
Link copied to clipboard
data class SessionAuthModelResponse(val headers: Map<String, String>? = null, val isPostPayloadJson: Boolean? = null, val password: Map<String, String>, val queryParameters: Any? = null, val sessionIdName: String? = null, val sessionLoginRequestUri: String? = null, val sessionTimeoutInMinutes: Int? = null, val type: String, val userName: Map<String, String>)
Model for API authentication with session cookie.
Link copied to clipboard
data class SystemDataResponse(val createdAt: String? = null, val createdBy: String? = null, val createdByType: String? = null, val lastModifiedAt: String? = null, val lastModifiedBy: String? = null, val lastModifiedByType: String? = null)
Metadata pertaining to creation and last modification of the resource.
Link copied to clipboard
data class TemplatePropertiesResponse(val author: MetadataAuthorResponse? = null, val categories: MetadataCategoriesResponse? = null, val contentId: String, val contentKind: String, val contentProductId: String, val contentSchemaVersion: String? = null, val customVersion: String? = null, val dependantTemplates: List<TemplatePropertiesResponse>, val dependencies: MetadataDependenciesResponse? = null, val displayName: String, val firstPublishDate: String? = null, val icon: String? = null, val isDeprecated: String, val lastPublishDate: String? = null, val mainTemplate: Any? = null, val packageId: String, val packageKind: String? = null, val packageName: String? = null, val packageVersion: String, val previewImages: List<String>? = null, val previewImagesDark: List<String>? = null, val providers: List<String>? = null, val source: MetadataSourceResponse, val support: MetadataSupportResponse? = null, val threatAnalysisTactics: List<String>? = null, val threatAnalysisTechniques: List<String>? = null, val version: String)
Template property bag.
Link copied to clipboard
data class TIDataConnectorDataTypesResponse(val indicators: TIDataConnectorDataTypesResponseIndicators? = null)
The available data types for TI (Threat Intelligence) data connector.
Link copied to clipboard
Data type for indicators connection.
Link copied to clipboard
timeline aggregation information per kind
Link copied to clipboard
data class TimelineErrorResponse(val errorMessage: String, val kind: String, val queryId: String? = null)
Timeline Query Errors.
Link copied to clipboard
data class TimelineResultsMetadataResponse(val aggregations: List<TimelineAggregationResponse>, val errors: List<TimelineErrorResponse>? = null, val totalCount: Int)
Expansion result metadata.
Link copied to clipboard
data class UnlockUserActionResponse(val failureReason: String? = null, val kind: String, val user: String? = null)
Represents an unlock user action.
Link copied to clipboard
User information that made some action
Link copied to clipboard
Describes an error encountered in the file during validation.
Link copied to clipboard
data class WatchlistUserInfoResponse(val email: String, val name: String, val objectId: String? = null)
User information that made some action
Link copied to clipboard
data class WebhookResponse(val rotateWebhookSecret: Boolean? = null, val webhookId: String? = null, val webhookSecretUpdateTime: String? = null, val webhookUrl: String? = null)
Detail about the webhook object.