diff --git a/src/securityinsight/azext_sentinel/azext_metadata.json b/src/securityinsight/azext_sentinel/azext_metadata.json index 7b33e2426b0..cfc30c747c7 100644 --- a/src/securityinsight/azext_sentinel/azext_metadata.json +++ b/src/securityinsight/azext_sentinel/azext_metadata.json @@ -1,3 +1,4 @@ { - "azext.minCliCoreVersion": "2.11.0" + "azext.isExperimental": true, + "azext.minCliCoreVersion": "2.15.0" } \ No newline at end of file diff --git a/src/securityinsight/azext_sentinel/generated/_client_factory.py b/src/securityinsight/azext_sentinel/generated/_client_factory.py index 6868ae4601c..249c6f708ac 100644 --- a/src/securityinsight/azext_sentinel/generated/_client_factory.py +++ b/src/securityinsight/azext_sentinel/generated/_client_factory.py @@ -11,34 +11,34 @@ def cf_sentinel_cl(cli_ctx, *_): from azure.cli.core.commands.client_factory import get_mgmt_service_client - from ..vendored_sdks.securityinsight import SecurityInsights + from azext_sentinel.vendored_sdks.securityinsight import SecurityInsights return get_mgmt_service_client(cli_ctx, SecurityInsights) def cf_alert_rule(cli_ctx, *_): - return cf_sentinel_cl(cli_ctx).alert_rule + return cf_sentinel_cl(cli_ctx).alert_rules def cf_action(cli_ctx, *_): - return cf_sentinel_cl(cli_ctx).action + return cf_sentinel_cl(cli_ctx).actions def cf_alert_rule_template(cli_ctx, *_): - return cf_sentinel_cl(cli_ctx).alert_rule_template + return cf_sentinel_cl(cli_ctx).alert_rule_templates def cf_bookmark(cli_ctx, *_): - return cf_sentinel_cl(cli_ctx).bookmark + return cf_sentinel_cl(cli_ctx).bookmarks def cf_data_connector(cli_ctx, *_): - return cf_sentinel_cl(cli_ctx).data_connector + return cf_sentinel_cl(cli_ctx).data_connectors def cf_incident(cli_ctx, *_): - return cf_sentinel_cl(cli_ctx).incident + return cf_sentinel_cl(cli_ctx).incidents def cf_incident_comment(cli_ctx, *_): - return cf_sentinel_cl(cli_ctx).incident_comment + return cf_sentinel_cl(cli_ctx).incident_comments diff --git a/src/securityinsight/azext_sentinel/generated/_help.py b/src/securityinsight/azext_sentinel/generated/_help.py index 9a401f619f3..cef1f601d99 100644 --- a/src/securityinsight/azext_sentinel/generated/_help.py +++ b/src/securityinsight/azext_sentinel/generated/_help.py @@ -14,7 +14,7 @@ helps['sentinel alert-rule'] = """ type: group - short-summary: sentinel alert-rule + short-summary: Manage alert rule with sentinel """ helps['sentinel alert-rule list'] = """ @@ -30,15 +30,23 @@ type: command short-summary: "Gets the alert rule." examples: - - name: Get an alert rule. + - name: Get a Fusion alert rule. text: |- az sentinel alert-rule show --resource-group "myRg" --rule-id "myFirstFusionRule" --workspace-name \ "myWorkspace" + - name: Get a MicrosoftSecurityIncidentCreation rule. + text: |- + az sentinel alert-rule show --resource-group "myRg" --rule-id "microsoftSecurityIncidentCreationRuleExam\ +ple" --workspace-name "myWorkspace" + - name: Get a Scheduled alert rule. + text: |- + az sentinel alert-rule show --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ +--workspace-name "myWorkspace" """ helps['sentinel alert-rule create'] = """ type: command - short-summary: "Creates or updates the action of alert rule. And Create the alert rule." + short-summary: "Create the alert rule." parameters: - name: --fusion-alert-rule short-summary: "Represents Fusion alert rule." @@ -90,32 +98,25 @@ kind: Required. The alert rule kind etag: Etag of the azure resource examples: - - name: Creates or updates an action of alert rule. - text: |- - az sentinel alert-rule create --etag "{etag}" \ ---logic-app-resource-id "/subscriptions/{subs}/resourceGroups/myRg/providers/Microsoft.Lo\ -gic/workflows/MyAlerts" --trigger-uri "https://xxx.northcentralus.logic.azure.com:443/workflows/xxx/triggers/\ -manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" \ ---action-id "{action-id}" --resource-group "myRg" --rule-id "{rule-id}" --workspace-name "myWorkspace" - name: Creates or updates a Fusion alert rule. text: |- - az sentinel alert-rule create --fusion-alert-rule etag="{etag}" \ -alert-rule-template-name="{name}" enabled=true --resource-group "myRg" --rule-id \ + az sentinel alert-rule create --fusion-alert-rule etag="3d00c3ca-0000-0100-0000-5d42d5010000" \ +alert-rule-template-name="f71aba3d-28fb-450b-b192-4e76a83015c8" enabled=true --resource-group "myRg" --rule-id \ "myFirstFusionRule" --workspace-name "myWorkspace" - name: Creates or updates a MicrosoftSecurityIncidentCreation rule. text: |- az sentinel alert-rule create --microsoft-security-incident-creation-alert-rule \ -etag="{etag}" product-filter="Microsoft Cloud App Security" display-name="testing \ +etag="\\"260097e0-0000-0d00-0000-5d6fa88f0000\\"" product-filter="Microsoft Cloud App Security" display-name="testing \ displayname" enabled=true --resource-group "myRg" --rule-id "microsoftSecurityIncidentCreationRuleExample" \ --workspace-name "myWorkspace" - name: Creates or updates a Scheduled alert rule. text: |- - az sentinel alert-rule create --scheduled-alert-rule etag="{etag}" \ + az sentinel alert-rule create --scheduled-alert-rule etag="\\"0300bf09-0000-0000-0000-5c37296e0000\\"" \ query="ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden" \ query-frequency="PT1H" query-period="P2DT1H30M" severity="High" trigger-operator="GreaterThan" trigger-threshold=0 \ description="" display-name="Rule2" enabled=true suppression-duration="PT1H" suppression-enabled=false \ -tactics="Persistence" tactics="LateralMovement" --resource-group "myRg" --rule-id "{rule-id}" \ ---workspace-name "myWorkspace" +tactics="Persistence" tactics="LateralMovement" --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5\ +" --workspace-name "myWorkspace" """ helps['sentinel alert-rule update'] = """ @@ -175,46 +176,71 @@ helps['sentinel alert-rule delete'] = """ type: command - short-summary: "Delete the action of alert rule. And Delete the alert rule." + short-summary: "Delete the alert rule." examples: - - name: Delete an action of alert rule. - text: |- - az sentinel alert-rule delete --action-id "{action-id}" --resource-group \ -"myRg" --rule-id "{rule-id}" --workspace-name "myWorkspace" - name: Delete an alert rule. text: |- - az sentinel alert-rule delete --resource-group "myRg" --rule-id "{rule-id}" \ + az sentinel alert-rule delete --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ +--workspace-name "myWorkspace" +""" + +helps['sentinel action'] = """ + type: group + short-summary: Manage action with sentinel +""" + +helps['sentinel action list'] = """ + type: command + short-summary: "Gets all actions of alert rule." + examples: + - name: Get all actions of alert rule. + text: |- + az sentinel action list --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ --workspace-name "myWorkspace" """ -helps['sentinel alert-rule get-action'] = """ +helps['sentinel action show'] = """ type: command short-summary: "Gets the action of alert rule." examples: - name: Get an action of alert rule. text: |- - az sentinel alert-rule get-action --action-id "{action-id}" --resource-group \ -"myRg" --rule-id "{rule-id}" --workspace-name "myWorkspace" + az sentinel action show --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" \ +--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" """ -helps['sentinel action'] = """ - type: group - short-summary: sentinel action +helps['sentinel action create'] = """ + type: command + short-summary: "Create the action of alert rule." + examples: + - name: Creates or updates an action of alert rule. + text: |- + az sentinel action create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --logic-app-resource-id \ +"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" \ +--trigger-uri "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/m\ +anual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" --action-id \ +"912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ +--workspace-name "myWorkspace" """ -helps['sentinel action list'] = """ +helps['sentinel action update'] = """ type: command - short-summary: "Gets all actions of alert rule." + short-summary: "Update the action of alert rule." +""" + +helps['sentinel action delete'] = """ + type: command + short-summary: "Delete the action of alert rule." examples: - - name: Get all actions of alert rule. + - name: Delete an action of alert rule. text: |- - az sentinel action list --resource-group "myRg" --rule-id "{rule-id}" \ ---workspace-name "myWorkspace" + az sentinel action delete --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" \ +--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" """ helps['sentinel alert-rule-template'] = """ type: group - short-summary: sentinel alert-rule-template + short-summary: Manage alert rule template with sentinel """ helps['sentinel alert-rule-template list'] = """ @@ -232,13 +258,13 @@ examples: - name: Get alert rule template by Id. text: |- - az sentinel alert-rule-template show --alert-rule-template-id "{id}" \ + az sentinel alert-rule-template show --alert-rule-template-id "65360bb0-8986-4ade-a89d-af3cf44d28aa" \ --resource-group "myRg" --workspace-name "myWorkspace" """ helps['sentinel bookmark'] = """ type: group - short-summary: sentinel bookmark + short-summary: Manage bookmark with sentinel """ helps['sentinel bookmark list'] = """ @@ -256,7 +282,7 @@ examples: - name: Get a bookmark. text: |- - az sentinel bookmark show --bookmark-id "{id}" --resource-group "myRg" \ + az sentinel bookmark show --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ --workspace-name "myWorkspace" """ @@ -269,18 +295,19 @@ long-summary: | Usage: --incident-info incident-id=XX severity=XX title=XX relation-name=XX - incident-id: Required. Incident Id - severity: Required. The severity of the incident - title: Required. The title of the incident - relation-name: Required. Relation Name + incident-id: Incident Id + severity: The severity of the incident + title: The title of the incident + relation-name: Relation Name examples: - name: Creates or updates a bookmark. text: |- - az sentinel bookmark create --etag "{etag}" --created \ -"2019-01-01T13:15:30Z" --display-name "My bookmark" --labels "Tag1" --labels "Tag2" --notes "Found a suspicious \ -activity" -q "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)" --query-result "Security \ -Event query result" --updated "2019-01-01T13:15:30Z" --bookmark-id "{id}" \ ---resource-group "myRg" --workspace-name "myWorkspace" + az sentinel bookmark create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --created \ +"2019-01-01T13:15:30Z" --user-info-object-id "2046feea-040d-4a46-9e2b-91c2941bfa70" --display-name "My bookmark" \ +--labels "Tag1" "Tag2" --notes "Found a suspicious activity" --query "SecurityEvent | where TimeGenerated > ago(1d) \ +and TimeGenerated < ago(2d)" --query-result "Security Event query result" --updated "2019-01-01T13:15:30Z" --object-id \ +"2046feea-040d-4a46-9e2b-91c2941bfa70" --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ +--workspace-name "myWorkspace" """ helps['sentinel bookmark update'] = """ @@ -292,10 +319,10 @@ long-summary: | Usage: --incident-info incident-id=XX severity=XX title=XX relation-name=XX - incident-id: Required. Incident Id - severity: Required. The severity of the incident - title: Required. The title of the incident - relation-name: Required. Relation Name + incident-id: Incident Id + severity: The severity of the incident + title: The title of the incident + relation-name: Relation Name """ helps['sentinel bookmark delete'] = """ @@ -304,13 +331,13 @@ examples: - name: Delete a bookmark. text: |- - az sentinel bookmark delete --bookmark-id "{id}" --resource-group \ + az sentinel bookmark delete --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group \ "myRg" --workspace-name "myWorkspace" """ helps['sentinel data-connector'] = """ type: group - short-summary: sentinel data-connector + short-summary: Manage data connector with sentinel """ helps['sentinel data-connector list'] = """ @@ -326,10 +353,38 @@ type: command short-summary: "Gets a data connector." examples: - - name: Get a data connector. + - name: Get a ASC data connector. text: |- - az sentinel data-connector show --data-connector-id "{id}" --resource-group "myRg" \ - --workspace-name "myWorkspace" + az sentinel data-connector show --data-connector-id "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get a MCAS data connector. + text: |- + az sentinel data-connector show --data-connector-id "b96d014d-b5c2-4a01-9aba-a8058f629d42" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get a MDATP data connector + text: |- + az sentinel data-connector show --data-connector-id "06b3ccb8-1384-4bcc-aec7-852f6d57161b" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get a TI data connector. + text: |- + az sentinel data-connector show --data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get an AAD data connector. + text: |- + az sentinel data-connector show --data-connector-id "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get an AATP data connector. + text: |- + az sentinel data-connector show --data-connector-id "07e42cb3-e658-4e90-801c-efa0f29d3d44" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get an AwsCloudTrail data connector. + text: |- + az sentinel data-connector show --data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" \ +--resource-group "myRg" --workspace-name "myWorkspace" + - name: Get an Office365 data connector. + text: |- + az sentinel data-connector show --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ +--resource-group "myRg" --workspace-name "myWorkspace" """ helps['sentinel data-connector create'] = """ @@ -375,12 +430,13 @@ - name: --mcas-data-connector short-summary: "Represents MCAS (Microsoft Cloud App Security) data connector." long-summary: | - Usage: --mcas-data-connector tenant-id=XX state-data-types-alerts-state=XX state-data-types-discovery-logs-\ -state=XX kind=XX etag=XX + Usage: --mcas-data-connector tenant-id=XX state-properties-data-types-alerts-state=XX \ +state-properties-data-types-discovery-logs-state=XX kind=XX etag=XX tenant-id: The tenant id to connect to, and get the data from. - state-data-types-alerts-state: Describe whether this data type connection is enabled or not. - state-data-types-discovery-logs-state: Describe whether this data type connection is enabled or not. + state-properties-data-types-alerts-state: Describe whether this data type connection is enabled or not. + state-properties-data-types-discovery-logs-state: Describe whether this data type connection is enabled or \ +not. kind: Required. The data connector kind etag: Etag of the azure resource - name: --mdatp-data-connector @@ -392,31 +448,40 @@ state: Describe whether this data type connection is enabled or not. kind: Required. The data connector kind etag: Etag of the azure resource - - name: --office-data-connector - short-summary: "Represents office data connector." + - name: --ti-data-connector + short-summary: "Represents threat intelligence data connector." long-summary: | - Usage: --office-data-connector tenant-id=XX state-data-types-share-point-state=XX \ -state-data-types-exchange-state=XX kind=XX etag=XX + Usage: --ti-data-connector tenant-id=XX tip-lookback-period=XX state=XX kind=XX etag=XX tenant-id: The tenant id to connect to, and get the data from. - state-data-types-share-point-state: Describe whether this data type connection is enabled or not. - state-data-types-exchange-state: Describe whether this data type connection is enabled or not. + tip-lookback-period: The lookback period for the feed to be imported. + state: Describe whether this data type connection is enabled or not. kind: Required. The data connector kind etag: Etag of the azure resource - - name: --ti-data-connector - short-summary: "Represents threat intelligence data connector." + - name: --office-data-connector + short-summary: "Represents office data connector." long-summary: | - Usage: --ti-data-connector tenant-id=XX state=XX kind=XX etag=XX + Usage: --office-data-connector tenant-id=XX state-properties-data-types-teams-state=XX \ +state-properties-data-types-share-point-state=XX state-properties-data-types-exchange-state=XX kind=XX etag=XX tenant-id: The tenant id to connect to, and get the data from. - state: Describe whether this data type connection is enabled or not. + state-properties-data-types-teams-state: Describe whether this data type connection is enabled or not. + state-properties-data-types-share-point-state: Describe whether this data type connection is enabled or \ +not. + state-properties-data-types-exchange-state: Describe whether this data type connection is enabled or not. kind: Required. The data connector kind etag: Etag of the azure resource examples: - name: Creates or updates an Office365 data connector. text: |- - az sentinel data-connector create --office-data-connector etag="{etag}" \ - tenant-id="{tenant-id}" --data-connector-id "{id}" --resource-group "myRg" --workspace-name "myWorkspace" + az sentinel data-connector create --office-data-connector etag="\\"0300bf09-0000-0000-0000-5c37296e0000\ +\\"" tenant-id="2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" state-properties-data-types-exchange-state="Enabled" \ +--data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace" + - name: Creates or updates an Threat Intelligence Platform data connector. + text: |- + az sentinel data-connector create --ti-data-connector tenant-id="06b3ccb8-1384-4bcc-aec7-852f6d57161b" \ +tip-lookback-period="2020-01-01T13:00:30.123Z" state="Enabled" --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab\ +5" --resource-group "myRg" --workspace-name "myWorkspace" """ helps['sentinel data-connector update'] = """ @@ -462,12 +527,13 @@ - name: --mcas-data-connector short-summary: "Represents MCAS (Microsoft Cloud App Security) data connector." long-summary: | - Usage: --mcas-data-connector tenant-id=XX state-data-types-alerts-state=XX state-data-types-discovery-logs-\ -state=XX kind=XX etag=XX + Usage: --mcas-data-connector tenant-id=XX state-properties-data-types-alerts-state=XX \ +state-properties-data-types-discovery-logs-state=XX kind=XX etag=XX tenant-id: The tenant id to connect to, and get the data from. - state-data-types-alerts-state: Describe whether this data type connection is enabled or not. - state-data-types-discovery-logs-state: Describe whether this data type connection is enabled or not. + state-properties-data-types-alerts-state: Describe whether this data type connection is enabled or not. + state-properties-data-types-discovery-logs-state: Describe whether this data type connection is enabled or \ +not. kind: Required. The data connector kind etag: Etag of the azure resource - name: --mdatp-data-connector @@ -479,24 +545,27 @@ state: Describe whether this data type connection is enabled or not. kind: Required. The data connector kind etag: Etag of the azure resource - - name: --office-data-connector - short-summary: "Represents office data connector." + - name: --ti-data-connector + short-summary: "Represents threat intelligence data connector." long-summary: | - Usage: --office-data-connector tenant-id=XX state-data-types-share-point-state=XX \ -state-data-types-exchange-state=XX kind=XX etag=XX + Usage: --ti-data-connector tenant-id=XX tip-lookback-period=XX state=XX kind=XX etag=XX tenant-id: The tenant id to connect to, and get the data from. - state-data-types-share-point-state: Describe whether this data type connection is enabled or not. - state-data-types-exchange-state: Describe whether this data type connection is enabled or not. + tip-lookback-period: The lookback period for the feed to be imported. + state: Describe whether this data type connection is enabled or not. kind: Required. The data connector kind etag: Etag of the azure resource - - name: --ti-data-connector - short-summary: "Represents threat intelligence data connector." + - name: --office-data-connector + short-summary: "Represents office data connector." long-summary: | - Usage: --ti-data-connector tenant-id=XX state=XX kind=XX etag=XX + Usage: --office-data-connector tenant-id=XX state-properties-data-types-teams-state=XX \ +state-properties-data-types-share-point-state=XX state-properties-data-types-exchange-state=XX kind=XX etag=XX tenant-id: The tenant id to connect to, and get the data from. - state: Describe whether this data type connection is enabled or not. + state-properties-data-types-teams-state: Describe whether this data type connection is enabled or not. + state-properties-data-types-share-point-state: Describe whether this data type connection is enabled or \ +not. + state-properties-data-types-exchange-state: Describe whether this data type connection is enabled or not. kind: Required. The data connector kind etag: Etag of the azure resource """ @@ -505,15 +574,15 @@ type: command short-summary: "Delete the data connector." examples: - - name: Delete a data connector. + - name: Delete an Office365 data connector. text: |- - az sentinel data-connector delete --data-connector-id "{id}" --resource-group "myRg" \ - --workspace-name "myWorkspace" + az sentinel data-connector delete --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ +--resource-group "myRg" --workspace-name "myWorkspace" """ helps['sentinel incident'] = """ type: group - short-summary: sentinel incident + short-summary: Manage incident with sentinel """ helps['sentinel incident list'] = """ @@ -532,7 +601,8 @@ examples: - name: Get an incident. text: |- - az sentinel incident show --incident-id "{id}" --resource-group "myRg" --workspace-name "myWorkspace" + az sentinel incident show --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ +--workspace-name "myWorkspace" """ helps['sentinel incident create'] = """ @@ -559,11 +629,11 @@ examples: - name: Creates or updates an incident. text: |- - az sentinel incident create --etag "{etag}" --description "This is \ + az sentinel incident create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --description "This is \ a demo incident" --classification "FalsePositive" --classification-comment "Not a malicious activity" \ --classification-reason "IncorrectAlertLogic" --first-activity-time-utc "2019-01-01T13:00:30Z" \ ---last-activity-time-utc "2019-01-01T13:05:30Z" --owner object-id="{oid}" --severity \ -"High" --status "Closed" --title "My incident" --incident-id "{id}" --resource-group \ +--last-activity-time-utc "2019-01-01T13:05:30Z" --owner object-id="2046feea-040d-4a46-9e2b-91c2941bfa70" --severity \ +"High" --status "Closed" --title "My incident" --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group \ "myRg" --workspace-name "myWorkspace" """ @@ -596,13 +666,13 @@ examples: - name: Delete an incident. text: |- - az sentinel incident delete --incident-id "{id}" --resource-group \ + az sentinel incident delete --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group \ "myRg" --workspace-name "myWorkspace" """ helps['sentinel incident-comment'] = """ type: group - short-summary: sentinel incident-comment + short-summary: Manage incident comment with sentinel """ helps['sentinel incident-comment list'] = """ @@ -611,7 +681,7 @@ examples: - name: Get all incident comments. text: |- - az sentinel incident-comment list --incident-id "{id}" --resource-group \ + az sentinel incident-comment list --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group \ "myRg" --workspace-name "myWorkspace" """ @@ -621,8 +691,8 @@ examples: - name: Get an incident comment. text: |- - az sentinel incident-comment show --incident-comment-id "{comment-id}" \ ---incident-id "{id}" --resource-group "myRg" --workspace-name "myWorkspace" + az sentinel incident-comment show --incident-comment-id "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" \ +--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace" """ helps['sentinel incident-comment create'] = """ @@ -632,6 +702,6 @@ - name: Creates an incident comment. text: |- az sentinel incident-comment create --message "Some message" --incident-comment-id \ -"4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" --incident-id "{id}" --resource-group "myRg" \ +"4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ --workspace-name "myWorkspace" """ diff --git a/src/securityinsight/azext_sentinel/generated/_params.py b/src/securityinsight/azext_sentinel/generated/_params.py index 8cf66c08483..d18496c4462 100644 --- a/src/securityinsight/azext_sentinel/generated/_params.py +++ b/src/securityinsight/azext_sentinel/generated/_params.py @@ -25,8 +25,8 @@ AddAwsCloudTrailDataConnector, AddMcasDataConnector, AddMdatpDataConnector, - AddOfficeDataConnector, AddTiDataConnector, + AddOfficeDataConnector, AddLabels, AddOwner ) @@ -47,47 +47,67 @@ def load_arguments(self, _): c.argument('resource_group_name', resource_group_name_type) c.argument('workspace_name', type=str, help='The name of the workspace.') c.argument('rule_id', type=str, help='Alert rule ID') - c.argument('action_id', type=str, help='Action ID') - c.argument('etag', type=str, help='Etag of the azure resource') - c.argument('logic_app_resource_id', type=str, help='Logic App Resource Id, /subscriptions/{my-subscription}/res' - 'ourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.') - c.argument('trigger_uri', type=str, help='Logic App Callback URL for this specific workflow.') - c.argument('fusion_alert_rule', action=AddFusionAlertRule, nargs='*', help='Represents Fusion alert rule.', + c.argument('fusion_alert_rule', action=AddFusionAlertRule, nargs='+', help='Represents Fusion alert rule.', arg_group='AlertRule') c.argument('microsoft_security_incident_creation_alert_rule', - action=AddMicrosoftSecurityIncidentCreationAlertRule, nargs='*', help='Represents ' + action=AddMicrosoftSecurityIncidentCreationAlertRule, nargs='+', help='Represents ' 'MicrosoftSecurityIncidentCreation rule.', arg_group='AlertRule') - c.argument('scheduled_alert_rule', action=AddScheduledAlertRule, nargs='*', help='Represents scheduled alert ' + c.argument('scheduled_alert_rule', action=AddScheduledAlertRule, nargs='+', help='Represents scheduled alert ' 'rule.', arg_group='AlertRule') with self.argument_context('sentinel alert-rule update') as c: c.argument('resource_group_name', resource_group_name_type) c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') c.argument('rule_id', type=str, help='Alert rule ID', id_part='child_name_1') - c.argument('fusion_alert_rule', action=AddFusionAlertRule, nargs='*', help='Represents Fusion alert rule.', + c.argument('fusion_alert_rule', action=AddFusionAlertRule, nargs='+', help='Represents Fusion alert rule.', arg_group='AlertRule') c.argument('microsoft_security_incident_creation_alert_rule', - action=AddMicrosoftSecurityIncidentCreationAlertRule, nargs='*', help='Represents ' + action=AddMicrosoftSecurityIncidentCreationAlertRule, nargs='+', help='Represents ' 'MicrosoftSecurityIncidentCreation rule.', arg_group='AlertRule') - c.argument('scheduled_alert_rule', action=AddScheduledAlertRule, nargs='*', help='Represents scheduled alert ' + c.argument('scheduled_alert_rule', action=AddScheduledAlertRule, nargs='+', help='Represents scheduled alert ' 'rule.', arg_group='AlertRule') with self.argument_context('sentinel alert-rule delete') as c: c.argument('resource_group_name', resource_group_name_type) c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') c.argument('rule_id', type=str, help='Alert rule ID', id_part='child_name_1') - c.argument('action_id', type=str, help='Action ID', id_part='child_name_2') - with self.argument_context('sentinel alert-rule get-action') as c: + with self.argument_context('sentinel action list') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.') + c.argument('rule_id', type=str, help='Alert rule ID') + + with self.argument_context('sentinel action show') as c: c.argument('resource_group_name', resource_group_name_type) c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') c.argument('rule_id', type=str, help='Alert rule ID', id_part='child_name_1') c.argument('action_id', type=str, help='Action ID', id_part='child_name_2') - with self.argument_context('sentinel action list') as c: + with self.argument_context('sentinel action create') as c: c.argument('resource_group_name', resource_group_name_type) c.argument('workspace_name', type=str, help='The name of the workspace.') c.argument('rule_id', type=str, help='Alert rule ID') + c.argument('action_id', type=str, help='Action ID') + c.argument('etag', type=str, help='Etag of the azure resource') + c.argument('logic_app_resource_id', type=str, help='Logic App Resource Id, /subscriptions/{my-subscription}/res' + 'ourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.') + c.argument('trigger_uri', type=str, help='Logic App Callback URL for this specific workflow.') + + with self.argument_context('sentinel action update') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') + c.argument('rule_id', type=str, help='Alert rule ID', id_part='child_name_1') + c.argument('action_id', type=str, help='Action ID', id_part='child_name_2') + c.argument('etag', type=str, help='Etag of the azure resource') + c.argument('logic_app_resource_id', type=str, help='Logic App Resource Id, /subscriptions/{my-subscription}/res' + 'ourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.') + c.argument('trigger_uri', type=str, help='Logic App Callback URL for this specific workflow.') + + with self.argument_context('sentinel action delete') as c: + c.argument('resource_group_name', resource_group_name_type) + c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') + c.argument('rule_id', type=str, help='Alert rule ID', id_part='child_name_1') + c.argument('action_id', type=str, help='Action ID', id_part='child_name_2') with self.argument_context('sentinel alert-rule-template list') as c: c.argument('resource_group_name', resource_group_name_type) @@ -114,14 +134,18 @@ def load_arguments(self, _): c.argument('etag', type=str, help='Etag of the azure resource') c.argument('created', help='The time the bookmark was created') c.argument('display_name', type=str, help='The display name of the bookmark') - c.argument('labels', nargs='*', help='List of labels relevant to this bookmark') + c.argument('labels', nargs='+', help='List of labels relevant to this bookmark') c.argument('notes', type=str, help='The notes of the bookmark') - c.argument('query_content', options_list=['-q'], type=str, help='The query of the bookmark.') + c.argument('query', type=str, help='The query of the bookmark.') c.argument('query_result', type=str, help='The query result of the bookmark.') c.argument('updated', help='The last time the bookmark was updated') - c.argument('incident_info', action=AddIncidentInfo, nargs='*', help='Describes an incident that relates to ' + c.argument('event_time', help='The bookmark event time') + c.argument('query_start_time', help='The start time for the query') + c.argument('query_end_time', help='The end time for the query') + c.argument('incident_info', action=AddIncidentInfo, nargs='+', help='Describes an incident that relates to ' 'bookmark') - c.argument('updated_by_object_id', help='The object id of the user.') + c.argument('object_id', help='The object id of the user.', arg_group='Updated By') + c.argument('user_info_object_id', help='The object id of the user.', arg_group='Created By') with self.argument_context('sentinel bookmark update') as c: c.argument('resource_group_name', resource_group_name_type) @@ -130,14 +154,19 @@ def load_arguments(self, _): c.argument('etag', type=str, help='Etag of the azure resource') c.argument('created', help='The time the bookmark was created') c.argument('display_name', type=str, help='The display name of the bookmark') - c.argument('labels', nargs='*', help='List of labels relevant to this bookmark') + c.argument('labels', nargs='+', help='List of labels relevant to this bookmark') c.argument('notes', type=str, help='The notes of the bookmark') - c.argument('query_content', options_list=['-q'], type=str, help='The query of the bookmark.') + c.argument('query', type=str, help='The query of the bookmark.') c.argument('query_result', type=str, help='The query result of the bookmark.') c.argument('updated', help='The last time the bookmark was updated') - c.argument('incident_info', action=AddIncidentInfo, nargs='*', help='Describes an incident that relates to ' + c.argument('event_time', help='The bookmark event time') + c.argument('query_start_time', help='The start time for the query') + c.argument('query_end_time', help='The end time for the query') + c.argument('incident_info', action=AddIncidentInfo, nargs='+', help='Describes an incident that relates to ' 'bookmark') - c.argument('updated_by_object_id', help='The object id of the user.') + c.argument('object_id', help='The object id of the user.', arg_group='Updated By') + c.argument('user_info_object_id', help='The object id of the user.', arg_group='Created By') + c.ignore('bookmark') with self.argument_context('sentinel bookmark delete') as c: c.argument('resource_group_name', resource_group_name_type) @@ -157,43 +186,43 @@ def load_arguments(self, _): c.argument('resource_group_name', resource_group_name_type) c.argument('workspace_name', type=str, help='The name of the workspace.') c.argument('data_connector_id', type=str, help='Connector ID') - c.argument('aad_data_connector', action=AddAadDataConnector, nargs='*', help='Represents AAD (Azure Active ' + c.argument('aad_data_connector', action=AddAadDataConnector, nargs='+', help='Represents AAD (Azure Active ' 'Directory) data connector.', arg_group='DataConnector') - c.argument('aatp_data_connector', action=AddAatpDataConnector, nargs='*', help='Represents AATP (Azure ' + c.argument('aatp_data_connector', action=AddAatpDataConnector, nargs='+', help='Represents AATP (Azure ' 'Advanced Threat Protection) data connector.', arg_group='DataConnector') - c.argument('asc_data_connector', action=AddAscDataConnector, nargs='*', help='Represents ASC (Azure Security ' + c.argument('asc_data_connector', action=AddAscDataConnector, nargs='+', help='Represents ASC (Azure Security ' 'Center) data connector.', arg_group='DataConnector') - c.argument('aws_cloud_trail_data_connector', action=AddAwsCloudTrailDataConnector, nargs='*', help='Represents ' + c.argument('aws_cloud_trail_data_connector', action=AddAwsCloudTrailDataConnector, nargs='+', help='Represents ' 'Amazon Web Services CloudTrail data connector.', arg_group='DataConnector') - c.argument('mcas_data_connector', action=AddMcasDataConnector, nargs='*', help='Represents MCAS (Microsoft ' + c.argument('mcas_data_connector', action=AddMcasDataConnector, nargs='+', help='Represents MCAS (Microsoft ' 'Cloud App Security) data connector.', arg_group='DataConnector') - c.argument('mdatp_data_connector', action=AddMdatpDataConnector, nargs='*', help='Represents MDATP (Microsoft ' + c.argument('mdatp_data_connector', action=AddMdatpDataConnector, nargs='+', help='Represents MDATP (Microsoft ' 'Defender Advanced Threat Protection) data connector.', arg_group='DataConnector') - c.argument('office_data_connector', action=AddOfficeDataConnector, nargs='*', help='Represents office data ' - 'connector.', arg_group='DataConnector') - c.argument('ti_data_connector', action=AddTiDataConnector, nargs='*', help='Represents threat intelligence ' + c.argument('ti_data_connector', action=AddTiDataConnector, nargs='+', help='Represents threat intelligence ' 'data connector.', arg_group='DataConnector') + c.argument('office_data_connector', action=AddOfficeDataConnector, nargs='+', help='Represents office data ' + 'connector.', arg_group='DataConnector') with self.argument_context('sentinel data-connector update') as c: c.argument('resource_group_name', resource_group_name_type) c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') c.argument('data_connector_id', type=str, help='Connector ID', id_part='child_name_1') - c.argument('aad_data_connector', action=AddAadDataConnector, nargs='*', help='Represents AAD (Azure Active ' + c.argument('aad_data_connector', action=AddAadDataConnector, nargs='+', help='Represents AAD (Azure Active ' 'Directory) data connector.', arg_group='DataConnector') - c.argument('aatp_data_connector', action=AddAatpDataConnector, nargs='*', help='Represents AATP (Azure ' + c.argument('aatp_data_connector', action=AddAatpDataConnector, nargs='+', help='Represents AATP (Azure ' 'Advanced Threat Protection) data connector.', arg_group='DataConnector') - c.argument('asc_data_connector', action=AddAscDataConnector, nargs='*', help='Represents ASC (Azure Security ' + c.argument('asc_data_connector', action=AddAscDataConnector, nargs='+', help='Represents ASC (Azure Security ' 'Center) data connector.', arg_group='DataConnector') - c.argument('aws_cloud_trail_data_connector', action=AddAwsCloudTrailDataConnector, nargs='*', help='Represents ' + c.argument('aws_cloud_trail_data_connector', action=AddAwsCloudTrailDataConnector, nargs='+', help='Represents ' 'Amazon Web Services CloudTrail data connector.', arg_group='DataConnector') - c.argument('mcas_data_connector', action=AddMcasDataConnector, nargs='*', help='Represents MCAS (Microsoft ' + c.argument('mcas_data_connector', action=AddMcasDataConnector, nargs='+', help='Represents MCAS (Microsoft ' 'Cloud App Security) data connector.', arg_group='DataConnector') - c.argument('mdatp_data_connector', action=AddMdatpDataConnector, nargs='*', help='Represents MDATP (Microsoft ' + c.argument('mdatp_data_connector', action=AddMdatpDataConnector, nargs='+', help='Represents MDATP (Microsoft ' 'Defender Advanced Threat Protection) data connector.', arg_group='DataConnector') - c.argument('office_data_connector', action=AddOfficeDataConnector, nargs='*', help='Represents office data ' - 'connector.', arg_group='DataConnector') - c.argument('ti_data_connector', action=AddTiDataConnector, nargs='*', help='Represents threat intelligence ' + c.argument('ti_data_connector', action=AddTiDataConnector, nargs='+', help='Represents threat intelligence ' 'data connector.', arg_group='DataConnector') + c.argument('office_data_connector', action=AddOfficeDataConnector, nargs='+', help='Represents office data ' + 'connector.', arg_group='DataConnector') with self.argument_context('sentinel data-connector delete') as c: c.argument('resource_group_name', resource_group_name_type) @@ -222,18 +251,18 @@ def load_arguments(self, _): c.argument('workspace_name', type=str, help='The name of the workspace.') c.argument('incident_id', type=str, help='Incident ID') c.argument('etag', type=str, help='Etag of the azure resource') - c.argument('classification', arg_type=get_enum_type(['Undetermined', 'TruePositive', 'BenignPositive', '' + c.argument('classification', arg_type=get_enum_type(['Undetermined', 'TruePositive', 'BenignPositive', 'FalsePositive']), help='The reason the incident was ' 'closed') c.argument('classification_comment', type=str, help='Describes the reason the incident was closed') - c.argument('classification_reason', arg_type=get_enum_type(['SuspiciousActivity', 'SuspiciousButExpected', '' - 'IncorrectAlertLogic', 'InaccurateData']), help='' - 'The classification reason the incident was closed with') + c.argument('classification_reason', arg_type=get_enum_type(['SuspiciousActivity', 'SuspiciousButExpected', + 'IncorrectAlertLogic', 'InaccurateData']), + help='The classification reason the incident was closed with') c.argument('description', type=str, help='The description of the incident') c.argument('first_activity_time_utc', help='The time of the first activity in the incident') - c.argument('labels', action=AddLabels, nargs='*', help='List of labels relevant to this incident') + c.argument('labels', action=AddLabels, nargs='+', help='List of labels relevant to this incident') c.argument('last_activity_time_utc', help='The time of the last activity in the incident') - c.argument('owner', action=AddOwner, nargs='*', help='Describes a user that the incident is assigned to') + c.argument('owner', action=AddOwner, nargs='+', help='Describes a user that the incident is assigned to') c.argument('severity', arg_type=get_enum_type(['High', 'Medium', 'Low', 'Informational']), help='The severity ' 'of the incident') c.argument('status', arg_type=get_enum_type(['New', 'Active', 'Closed']), help='The status of the incident') @@ -244,22 +273,23 @@ def load_arguments(self, _): c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name') c.argument('incident_id', type=str, help='Incident ID', id_part='child_name_1') c.argument('etag', type=str, help='Etag of the azure resource') - c.argument('classification', arg_type=get_enum_type(['Undetermined', 'TruePositive', 'BenignPositive', '' + c.argument('classification', arg_type=get_enum_type(['Undetermined', 'TruePositive', 'BenignPositive', 'FalsePositive']), help='The reason the incident was ' 'closed') c.argument('classification_comment', type=str, help='Describes the reason the incident was closed') - c.argument('classification_reason', arg_type=get_enum_type(['SuspiciousActivity', 'SuspiciousButExpected', '' - 'IncorrectAlertLogic', 'InaccurateData']), help='' - 'The classification reason the incident was closed with') + c.argument('classification_reason', arg_type=get_enum_type(['SuspiciousActivity', 'SuspiciousButExpected', + 'IncorrectAlertLogic', 'InaccurateData']), + help='The classification reason the incident was closed with') c.argument('description', type=str, help='The description of the incident') c.argument('first_activity_time_utc', help='The time of the first activity in the incident') - c.argument('labels', action=AddLabels, nargs='*', help='List of labels relevant to this incident') + c.argument('labels', action=AddLabels, nargs='+', help='List of labels relevant to this incident') c.argument('last_activity_time_utc', help='The time of the last activity in the incident') - c.argument('owner', action=AddOwner, nargs='*', help='Describes a user that the incident is assigned to') + c.argument('owner', action=AddOwner, nargs='+', help='Describes a user that the incident is assigned to') c.argument('severity', arg_type=get_enum_type(['High', 'Medium', 'Low', 'Informational']), help='The severity ' 'of the incident') c.argument('status', arg_type=get_enum_type(['New', 'Active', 'Closed']), help='The status of the incident') c.argument('title', type=str, help='The title of the incident') + c.ignore('incident') with self.argument_context('sentinel incident delete') as c: c.argument('resource_group_name', resource_group_name_type) diff --git a/src/securityinsight/azext_sentinel/generated/action.py b/src/securityinsight/azext_sentinel/generated/action.py index 6fa9f30cb9b..9704eb71f08 100644 --- a/src/securityinsight/azext_sentinel/generated/action.py +++ b/src/securityinsight/azext_sentinel/generated/action.py @@ -37,6 +37,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['enabled'] = v[0] elif kl == 'etag': d['etag'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter fusion_alert_rule. All possible keys are: ' + 'alert-rule-template-name, enabled, etag'.format(k)) d['kind'] = 'Fusion' return d @@ -76,6 +79,11 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['enabled'] = v[0] elif kl == 'etag': d['etag'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter microsoft_security_incident_creation_alert' + '_rule. All possible keys are: display-names-filter, display-names-exclude-filter, ' + 'product-filter, severities-filter, alert-rule-template-name, description, ' + 'display-name, enabled, etag'.format(k)) d['kind'] = 'MicrosoftSecurityIncidentCreation' return d @@ -125,6 +133,11 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['tactics'] = v elif kl == 'etag': d['etag'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter scheduled_alert_rule. All possible keys ' + 'are: query, query-frequency, query-period, severity, trigger-operator, ' + 'trigger-threshold, alert-rule-template-name, description, display-name, enabled, ' + 'suppression-duration, suppression-enabled, tactics, etag'.format(k)) d['kind'] = 'Scheduled' return d @@ -154,6 +167,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['title'] = v[0] elif kl == 'relation-name': d['relation_name'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter incident_info. All possible keys are: ' + 'incident-id, severity, title, relation-name'.format(k)) return d @@ -180,6 +196,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['state'] = v[0] elif kl == 'etag': d['etag'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter aad_data_connector. All possible keys ' + 'are: tenant-id, state, etag'.format(k)) d['kind'] = 'AzureActiveDirectory' return d @@ -207,6 +226,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['state'] = v[0] elif kl == 'etag': d['etag'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter aatp_data_connector. All possible keys ' + 'are: tenant-id, state, etag'.format(k)) d['kind'] = 'AzureAdvancedThreatProtection' return d @@ -234,6 +256,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['state'] = v[0] elif kl == 'etag': d['etag'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter asc_data_connector. All possible keys ' + 'are: subscription-id, state, etag'.format(k)) d['kind'] = 'AzureSecurityCenter' return d @@ -261,6 +286,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['state'] = v[0] elif kl == 'etag': d['etag'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter aws_cloud_trail_data_connector. All ' + 'possible keys are: aws-role-arn, state, etag'.format(k)) d['kind'] = 'AmazonWebServicesCloudTrail' return d @@ -284,12 +312,16 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use v = properties[k] if kl == 'tenant-id': d['tenant_id'] = v[0] - elif kl == 'state-data-types-alerts-state': - d['state_data_types_alerts_state'] = v[0] - elif kl == 'state-data-types-discovery-logs-state': - d['state_data_types_discovery_logs_state'] = v[0] + elif kl == 'state-properties-data-types-alerts-state': + d['undefined'] = v[0] + elif kl == 'state-properties-data-types-discovery-logs-state': + d['state'] = v[0] elif kl == 'etag': d['etag'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter mcas_data_connector. All possible keys ' + 'are: tenant-id, state-properties-data-types-alerts-state, ' + 'state-properties-data-types-discovery-logs-state, etag'.format(k)) d['kind'] = 'MicrosoftCloudAppSecurity' return d @@ -317,14 +349,17 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['state'] = v[0] elif kl == 'etag': d['etag'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter mdatp_data_connector. All possible keys ' + 'are: tenant-id, state, etag'.format(k)) d['kind'] = 'MicrosoftDefenderAdvancedThreatProtection' return d -class AddOfficeDataConnector(argparse.Action): +class AddTiDataConnector(argparse.Action): def __call__(self, parser, namespace, values, option_string=None): action = self.get_action(values, option_string) - namespace.office_data_connector = action + namespace.ti_data_connector = action def get_action(self, values, option_string): # pylint: disable=no-self-use try: @@ -334,32 +369,29 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use properties = dict(properties) except ValueError: raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string)) - d = { - 'dataTypes': { - 'sharePoint': {'state': 'Disabled'}, - 'exchange': {'state': 'Disabled'} - } - } + d = {} for k in properties: kl = k.lower() v = properties[k] if kl == 'tenant-id': - d['tenantId'] = v[0] - elif kl == 'sharepoint-enabled': - d['dataTypes']['sharePoint']['state'] = 'Enabled' - elif kl == 'exchange-enabled': - d['dataTypes']['exchange']['state'] = 'Enabled' + d['tenant_id'] = v[0] + elif kl == 'tip-lookback-period': + d['tip_lookback_period'] = v[0] + elif kl == 'state': + d['state'] = v[0] elif kl == 'etag': d['etag'] = v[0] - d['kind'] = 'Office365' - print(d) + else: + raise CLIError('Unsupported Key {} is provided for parameter ti_data_connector. All possible keys are: ' + 'tenant-id, tip-lookback-period, state, etag'.format(k)) + d['kind'] = 'ThreatIntelligence' return d -class AddTiDataConnector(argparse.Action): +class AddOfficeDataConnector(argparse.Action): def __call__(self, parser, namespace, values, option_string=None): action = self.get_action(values, option_string) - namespace.ti_data_connector = action + namespace.office_data_connector = action def get_action(self, values, option_string): # pylint: disable=no-self-use try: @@ -375,11 +407,20 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use v = properties[k] if kl == 'tenant-id': d['tenant_id'] = v[0] - elif kl == 'state': + elif kl == 'state-properties-data-types-teams-state': + d['state'] = v[0] + elif kl == 'state-properties-data-types-share-point-state': + d['state'] = v[0] + elif kl == 'state-properties-data-types-exchange-state': d['state'] = v[0] elif kl == 'etag': d['etag'] = v[0] - d['kind'] = 'ThreatIntelligence' + else: + raise CLIError('Unsupported Key {} is provided for parameter office_data_connector. All possible keys ' + 'are: tenant-id, state-properties-data-types-teams-state, ' + 'state-properties-data-types-share-point-state, state-properties-data-types-exchange-sta' + 'te, etag'.format(k)) + d['kind'] = 'Office365' return d @@ -402,6 +443,9 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use v = properties[k] if kl == 'label-name': d['label_name'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter labels. All possible keys are: label-name' + .format(k)) return d @@ -430,4 +474,7 @@ def get_action(self, values, option_string): # pylint: disable=no-self-use d['object_id'] = v[0] elif kl == 'user-principal-name': d['user_principal_name'] = v[0] + else: + raise CLIError('Unsupported Key {} is provided for parameter owner. All possible keys are: email, ' + 'assigned-to, object-id, user-principal-name'.format(k)) return d diff --git a/src/securityinsight/azext_sentinel/generated/commands.py b/src/securityinsight/azext_sentinel/generated/commands.py index f8dac3f83d6..efbccf98472 100644 --- a/src/securityinsight/azext_sentinel/generated/commands.py +++ b/src/securityinsight/azext_sentinel/generated/commands.py @@ -17,84 +17,85 @@ def load_command_table(self, _): from azext_sentinel.generated._client_factory import cf_alert_rule sentinel_alert_rule = CliCommandType( - operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._alert_rule_operations#AlertRuleOperat' - 'ions.{}', + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._alert_rules_operations#AlertRulesOper' + 'ations.{}', client_factory=cf_alert_rule) - with self.command_group('sentinel alert-rule', sentinel_alert_rule, client_factory=cf_alert_rule, - is_experimental=True) as g: + with self.command_group('sentinel alert-rule', sentinel_alert_rule, client_factory=cf_alert_rule) as g: g.custom_command('list', 'sentinel_alert_rule_list') g.custom_show_command('show', 'sentinel_alert_rule_show') g.custom_command('create', 'sentinel_alert_rule_create') - g.generic_update_command('update', setter_arg_name='alert_rule', - custom_func_name='sentinel_alert_rule_update') + g.custom_command('update', 'sentinel_alert_rule_update') g.custom_command('delete', 'sentinel_alert_rule_delete', confirmation=True) - g.custom_command('get-action', 'sentinel_alert_rule_get_action') from azext_sentinel.generated._client_factory import cf_action sentinel_action = CliCommandType( - operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._action_operations#ActionOperations.{}' - '', + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._actions_operations#ActionsOperations.' + '{}', client_factory=cf_action) - with self.command_group('sentinel action', sentinel_action, client_factory=cf_action, is_experimental=True) as g: + with self.command_group('sentinel action', sentinel_action, client_factory=cf_action) as g: g.custom_command('list', 'sentinel_action_list') + g.custom_show_command('show', 'sentinel_action_show') + g.custom_command('create', 'sentinel_action_create') + g.custom_command('update', 'sentinel_action_update') + g.custom_command('delete', 'sentinel_action_delete', confirmation=True) from azext_sentinel.generated._client_factory import cf_alert_rule_template sentinel_alert_rule_template = CliCommandType( - operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._alert_rule_template_operations#AlertR' - 'uleTemplateOperations.{}', + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._alert_rule_templates_operations#Alert' + 'RuleTemplatesOperations.{}', client_factory=cf_alert_rule_template) with self.command_group('sentinel alert-rule-template', sentinel_alert_rule_template, - client_factory=cf_alert_rule_template, is_experimental=True) as g: + client_factory=cf_alert_rule_template) as g: g.custom_command('list', 'sentinel_alert_rule_template_list') g.custom_show_command('show', 'sentinel_alert_rule_template_show') from azext_sentinel.generated._client_factory import cf_bookmark sentinel_bookmark = CliCommandType( - operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._bookmark_operations#BookmarkOperation' - 's.{}', + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._bookmarks_operations#BookmarksOperati' + 'ons.{}', client_factory=cf_bookmark) - with self.command_group('sentinel bookmark', sentinel_bookmark, client_factory=cf_bookmark, - is_experimental=True) as g: + with self.command_group('sentinel bookmark', sentinel_bookmark, client_factory=cf_bookmark) as g: g.custom_command('list', 'sentinel_bookmark_list') g.custom_show_command('show', 'sentinel_bookmark_show') g.custom_command('create', 'sentinel_bookmark_create') - g.custom_command('update', 'sentinel_bookmark_update') + g.generic_update_command('update', setter_arg_name='bookmark', custom_func_name='sentinel_bookmark_update') g.custom_command('delete', 'sentinel_bookmark_delete', confirmation=True) from azext_sentinel.generated._client_factory import cf_data_connector sentinel_data_connector = CliCommandType( - operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._data_connector_operations#DataConnect' - 'orOperations.{}', + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._data_connectors_operations#DataConnec' + 'torsOperations.{}', client_factory=cf_data_connector) - with self.command_group('sentinel data-connector', sentinel_data_connector, client_factory=cf_data_connector, - is_experimental=True) as g: + with self.command_group('sentinel data-connector', sentinel_data_connector, + client_factory=cf_data_connector) as g: g.custom_command('list', 'sentinel_data_connector_list') g.custom_show_command('show', 'sentinel_data_connector_show') g.custom_command('create', 'sentinel_data_connector_create') - g.generic_update_command('update', setter_arg_name='data_connector', custom_func_name='' - 'sentinel_data_connector_update') + g.custom_command('update', 'sentinel_data_connector_update') g.custom_command('delete', 'sentinel_data_connector_delete', confirmation=True) from azext_sentinel.generated._client_factory import cf_incident sentinel_incident = CliCommandType( - operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._incident_operations#IncidentOperation' - 's.{}', + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._incidents_operations#IncidentsOperati' + 'ons.{}', client_factory=cf_incident) - with self.command_group('sentinel incident', sentinel_incident, client_factory=cf_incident, - is_experimental=True) as g: + with self.command_group('sentinel incident', sentinel_incident, client_factory=cf_incident) as g: g.custom_command('list', 'sentinel_incident_list') g.custom_show_command('show', 'sentinel_incident_show') g.custom_command('create', 'sentinel_incident_create') - g.custom_command('update', 'sentinel_incident_update') + g.generic_update_command('update', setter_arg_name='incident', custom_func_name='sentinel_incident_update') g.custom_command('delete', 'sentinel_incident_delete', confirmation=True) from azext_sentinel.generated._client_factory import cf_incident_comment sentinel_incident_comment = CliCommandType( - operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._incident_comment_operations#IncidentC' - 'ommentOperations.{}', + operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._incident_comments_operations#Incident' + 'CommentsOperations.{}', client_factory=cf_incident_comment) - with self.command_group('sentinel incident-comment', sentinel_incident_comment, client_factory=cf_incident_comment, - is_experimental=True) as g: + with self.command_group('sentinel incident-comment', sentinel_incident_comment, + client_factory=cf_incident_comment) as g: g.custom_command('list', 'sentinel_incident_comment_list') g.custom_show_command('show', 'sentinel_incident_comment_show') g.custom_command('create', 'sentinel_incident_comment_create') + + with self.command_group('sentinel', is_experimental=True): + pass diff --git a/src/securityinsight/azext_sentinel/generated/custom.py b/src/securityinsight/azext_sentinel/generated/custom.py index f0bd94de342..329d432d3af 100644 --- a/src/securityinsight/azext_sentinel/generated/custom.py +++ b/src/securityinsight/azext_sentinel/generated/custom.py @@ -33,10 +33,6 @@ def sentinel_alert_rule_create(client, resource_group_name, workspace_name, rule_id, - action_id=None, - etag=None, - logic_app_resource_id=None, - trigger_uri=None, fusion_alert_rule=None, microsoft_security_incident_creation_alert_rule=None, scheduled_alert_rule=None): @@ -50,57 +46,52 @@ def sentinel_alert_rule_create(client, if len(all_alert_rule) > 1: raise CLIError('at most one of fusion_alert_rule, microsoft_security_incident_creation_alert_rule, ' 'scheduled_alert_rule is needed for alert_rule!') + if len(all_alert_rule) != 1: + raise CLIError('alert_rule is required. but none of fusion_alert_rule, microsoft_security_incident_creation_ale' + 'rt_rule, scheduled_alert_rule is provided!') alert_rule = all_alert_rule[0] if len(all_alert_rule) == 1 else None - if resource_group_name and workspace_name is not None and rule_id is not None and action_id is not None: - return client.create_or_update_action(resource_group_name=resource_group_name, - workspace_name=workspace_name, - rule_id=rule_id, - action_id=action_id, - etag=etag, - logic_app_resource_id=logic_app_resource_id, - trigger_uri=trigger_uri) return client.create_or_update(resource_group_name=resource_group_name, workspace_name=workspace_name, rule_id=rule_id, alert_rule=alert_rule) -def sentinel_alert_rule_update(instance, +def sentinel_alert_rule_update(client, resource_group_name, workspace_name, rule_id, fusion_alert_rule=None, microsoft_security_incident_creation_alert_rule=None, scheduled_alert_rule=None): - return instance + all_alert_rule = [] + if fusion_alert_rule is not None: + all_alert_rule.append(fusion_alert_rule) + if microsoft_security_incident_creation_alert_rule is not None: + all_alert_rule.append(microsoft_security_incident_creation_alert_rule) + if scheduled_alert_rule is not None: + all_alert_rule.append(scheduled_alert_rule) + if len(all_alert_rule) > 1: + raise CLIError('at most one of fusion_alert_rule, microsoft_security_incident_creation_alert_rule, ' + 'scheduled_alert_rule is needed for alert_rule!') + if len(all_alert_rule) != 1: + raise CLIError('alert_rule is required. but none of fusion_alert_rule, microsoft_security_incident_creation_ale' + 'rt_rule, scheduled_alert_rule is provided!') + alert_rule = all_alert_rule[0] if len(all_alert_rule) == 1 else None + return client.create_or_update(resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + alert_rule=alert_rule) def sentinel_alert_rule_delete(client, resource_group_name, workspace_name, - rule_id, - action_id=None): - if resource_group_name and workspace_name is not None and rule_id is not None and action_id is not None: - return client.delete_action(resource_group_name=resource_group_name, - workspace_name=workspace_name, - rule_id=rule_id, - action_id=action_id) + rule_id): return client.delete(resource_group_name=resource_group_name, workspace_name=workspace_name, rule_id=rule_id) -def sentinel_alert_rule_get_action(client, - resource_group_name, - workspace_name, - rule_id, - action_id): - return client.get_action(resource_group_name=resource_group_name, - workspace_name=workspace_name, - rule_id=rule_id, - action_id=action_id) - - def sentinel_action_list(client, resource_group_name, workspace_name, @@ -110,6 +101,66 @@ def sentinel_action_list(client, rule_id=rule_id) +def sentinel_action_show(client, + resource_group_name, + workspace_name, + rule_id, + action_id): + return client.get(resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + action_id=action_id) + + +def sentinel_action_create(client, + resource_group_name, + workspace_name, + rule_id, + action_id, + etag=None, + logic_app_resource_id=None, + trigger_uri=None): + action = {} + action['etag'] = etag + action['logic_app_resource_id'] = logic_app_resource_id + action['trigger_uri'] = trigger_uri + return client.create_or_update(resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + action_id=action_id, + action=action) + + +def sentinel_action_update(client, + resource_group_name, + workspace_name, + rule_id, + action_id, + etag=None, + logic_app_resource_id=None, + trigger_uri=None): + action = {} + action['etag'] = etag + action['logic_app_resource_id'] = logic_app_resource_id + action['trigger_uri'] = trigger_uri + return client.create_or_update(resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + action_id=action_id, + action=action) + + +def sentinel_action_delete(client, + resource_group_name, + workspace_name, + rule_id, + action_id): + return client.delete(resource_group_name=resource_group_name, + workspace_name=workspace_name, + rule_id=rule_id, + action_id=action_id) + + def sentinel_alert_rule_template_list(client, resource_group_name, workspace_name): @@ -151,27 +202,39 @@ def sentinel_bookmark_create(client, display_name=None, labels=None, notes=None, - query_content=None, + query=None, query_result=None, updated=None, + event_time=None, + query_start_time=None, + query_end_time=None, incident_info=None, - updated_by_object_id=None): + object_id=None, + user_info_object_id=None): + bookmark = {} + bookmark['etag'] = etag + bookmark['created'] = created + bookmark['display_name'] = display_name + bookmark['labels'] = labels + bookmark['notes'] = notes + bookmark['query'] = query + bookmark['query_result'] = query_result + bookmark['updated'] = updated + bookmark['event_time'] = event_time + bookmark['query_start_time'] = query_start_time + bookmark['query_end_time'] = query_end_time + bookmark['incident_info'] = incident_info + bookmark['updated_by'] = {} + bookmark['updated_by']['object_id'] = object_id + bookmark['created_by'] = {} + bookmark['created_by']['object_id'] = user_info_object_id return client.create_or_update(resource_group_name=resource_group_name, workspace_name=workspace_name, bookmark_id=bookmark_id, - etag=etag, - created=created, - display_name=display_name, - labels=labels, - notes=notes, - query=query_content, - query_result=query_result, - updated=updated, - incident_info=incident_info, - object_id=updated_by_object_id) - - -def sentinel_bookmark_update(client, + bookmark=bookmark) + + +def sentinel_bookmark_update(instance, resource_group_name, workspace_name, bookmark_id, @@ -180,24 +243,44 @@ def sentinel_bookmark_update(client, display_name=None, labels=None, notes=None, - query_content=None, + query=None, query_result=None, updated=None, + event_time=None, + query_start_time=None, + query_end_time=None, incident_info=None, - updated_by_object_id=None): - return client.create_or_update(resource_group_name=resource_group_name, - workspace_name=workspace_name, - bookmark_id=bookmark_id, - etag=etag, - created=created, - display_name=display_name, - labels=labels, - notes=notes, - query=query_content, - query_result=query_result, - updated=updated, - incident_info=incident_info, - object_id=updated_by_object_id) + object_id=None, + user_info_object_id=None): + if etag is not None: + instance.etag = etag + if created is not None: + instance.created = created + if display_name is not None: + instance.display_name = display_name + if labels is not None: + instance.labels = labels + if notes is not None: + instance.notes = notes + if query is not None: + instance.query = query + if query_result is not None: + instance.query_result = query_result + if updated is not None: + instance.updated = updated + if event_time is not None: + instance.event_time = event_time + if query_start_time is not None: + instance.query_start_time = query_start_time + if query_end_time is not None: + instance.query_end_time = query_end_time + if incident_info is not None: + instance.incident_info = incident_info + if object_id is not None: + instance.updated_by.object_id = object_id + if user_info_object_id is not None: + instance.created_by.object_id = user_info_object_id + return instance def sentinel_bookmark_delete(client, @@ -235,8 +318,8 @@ def sentinel_data_connector_create(client, aws_cloud_trail_data_connector=None, mcas_data_connector=None, mdatp_data_connector=None, - office_data_connector=None, - ti_data_connector=None): + ti_data_connector=None, + office_data_connector=None): all_data_connector = [] if aad_data_connector is not None: all_data_connector.append(aad_data_connector) @@ -250,18 +333,18 @@ def sentinel_data_connector_create(client, all_data_connector.append(mcas_data_connector) if mdatp_data_connector is not None: all_data_connector.append(mdatp_data_connector) - if office_data_connector is not None: - all_data_connector.append(office_data_connector) if ti_data_connector is not None: all_data_connector.append(ti_data_connector) + if office_data_connector is not None: + all_data_connector.append(office_data_connector) if len(all_data_connector) > 1: raise CLIError('at most one of aad_data_connector, aatp_data_connector, asc_data_connector, ' - 'aws_cloud_trail_data_connector, mcas_data_connector, mdatp_data_connector, ' - 'office_data_connector, ti_data_connector is needed for data_connector!') + 'aws_cloud_trail_data_connector, mcas_data_connector, mdatp_data_connector, ti_data_connector, ' + 'office_data_connector is needed for data_connector!') if len(all_data_connector) != 1: raise CLIError('data_connector is required. but none of aad_data_connector, aatp_data_connector, ' 'asc_data_connector, aws_cloud_trail_data_connector, mcas_data_connector, mdatp_data_connector, ' - 'office_data_connector, ti_data_connector is provided!') + 'ti_data_connector, office_data_connector is provided!') data_connector = all_data_connector[0] if len(all_data_connector) == 1 else None return client.create_or_update(resource_group_name=resource_group_name, workspace_name=workspace_name, @@ -269,7 +352,7 @@ def sentinel_data_connector_create(client, data_connector=data_connector) -def sentinel_data_connector_update(instance, +def sentinel_data_connector_update(client, resource_group_name, workspace_name, data_connector_id, @@ -279,9 +362,38 @@ def sentinel_data_connector_update(instance, aws_cloud_trail_data_connector=None, mcas_data_connector=None, mdatp_data_connector=None, - office_data_connector=None, - ti_data_connector=None): - return instance + ti_data_connector=None, + office_data_connector=None): + all_data_connector = [] + if aad_data_connector is not None: + all_data_connector.append(aad_data_connector) + if aatp_data_connector is not None: + all_data_connector.append(aatp_data_connector) + if asc_data_connector is not None: + all_data_connector.append(asc_data_connector) + if aws_cloud_trail_data_connector is not None: + all_data_connector.append(aws_cloud_trail_data_connector) + if mcas_data_connector is not None: + all_data_connector.append(mcas_data_connector) + if mdatp_data_connector is not None: + all_data_connector.append(mdatp_data_connector) + if ti_data_connector is not None: + all_data_connector.append(ti_data_connector) + if office_data_connector is not None: + all_data_connector.append(office_data_connector) + if len(all_data_connector) > 1: + raise CLIError('at most one of aad_data_connector, aatp_data_connector, asc_data_connector, ' + 'aws_cloud_trail_data_connector, mcas_data_connector, mdatp_data_connector, ti_data_connector, ' + 'office_data_connector is needed for data_connector!') + if len(all_data_connector) != 1: + raise CLIError('data_connector is required. but none of aad_data_connector, aatp_data_connector, ' + 'asc_data_connector, aws_cloud_trail_data_connector, mcas_data_connector, mdatp_data_connector, ' + 'ti_data_connector, office_data_connector is provided!') + data_connector = all_data_connector[0] if len(all_data_connector) == 1 else None + return client.create_or_update(resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_id=data_connector_id, + data_connector=data_connector) def sentinel_data_connector_delete(client, @@ -333,24 +445,26 @@ def sentinel_incident_create(client, severity=None, status=None, title=None): + incident = {} + incident['etag'] = etag + incident['classification'] = classification + incident['classification_comment'] = classification_comment + incident['classification_reason'] = classification_reason + incident['description'] = description + incident['first_activity_time_utc'] = first_activity_time_utc + incident['labels'] = labels + incident['last_activity_time_utc'] = last_activity_time_utc + incident['owner'] = owner + incident['severity'] = severity + incident['status'] = status + incident['title'] = title return client.create_or_update(resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, - etag=etag, - classification=classification, - classification_comment=classification_comment, - classification_reason=classification_reason, - description=description, - first_activity_time_utc=first_activity_time_utc, - labels=labels, - last_activity_time_utc=last_activity_time_utc, - owner=owner, - severity=severity, - status=status, - title=title) - - -def sentinel_incident_update(client, + incident=incident) + + +def sentinel_incident_update(instance, resource_group_name, workspace_name, incident_id, @@ -366,21 +480,31 @@ def sentinel_incident_update(client, severity=None, status=None, title=None): - return client.create_or_update(resource_group_name=resource_group_name, - workspace_name=workspace_name, - incident_id=incident_id, - etag=etag, - classification=classification, - classification_comment=classification_comment, - classification_reason=classification_reason, - description=description, - first_activity_time_utc=first_activity_time_utc, - labels=labels, - last_activity_time_utc=last_activity_time_utc, - owner=owner, - severity=severity, - status=status, - title=title) + if etag is not None: + instance.etag = etag + if classification is not None: + instance.classification = classification + if classification_comment is not None: + instance.classification_comment = classification_comment + if classification_reason is not None: + instance.classification_reason = classification_reason + if description is not None: + instance.description = description + if first_activity_time_utc is not None: + instance.first_activity_time_utc = first_activity_time_utc + if labels is not None: + instance.labels = labels + if last_activity_time_utc is not None: + instance.last_activity_time_utc = last_activity_time_utc + if owner is not None: + instance.owner = owner + if severity is not None: + instance.severity = severity + if status is not None: + instance.status = status + if title is not None: + instance.title = title + return instance def sentinel_incident_delete(client, @@ -426,8 +550,10 @@ def sentinel_incident_comment_create(client, incident_id, incident_comment_id, message=None): + incident_comment = {} + incident_comment['message'] = message return client.create_comment(resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, incident_comment_id=incident_comment_id, - message=message) + incident_comment=incident_comment) diff --git a/src/securityinsight/azext_sentinel/tests/__init__.py b/src/securityinsight/azext_sentinel/tests/__init__.py index 50e0627daff..70488e93851 100644 --- a/src/securityinsight/azext_sentinel/tests/__init__.py +++ b/src/securityinsight/azext_sentinel/tests/__init__.py @@ -31,8 +31,8 @@ def try_manual(func): def import_manual_function(origin_func): from importlib import import_module - decorated_path = inspect.getfile(origin_func) - module_path = __path__[0] + decorated_path = inspect.getfile(origin_func).lower() + module_path = __path__[0].lower() if not decorated_path.startswith(module_path): raise Exception("Decorator can only be used in submodules!") manual_path = os.path.join( @@ -46,7 +46,6 @@ def import_manual_function(origin_func): def get_func_to_call(): func_to_call = func try: - func_to_call = import_manual_function(func) func_to_call = import_manual_function(func) logger.info("Found manual override for %s(...)", func.__name__) except (ImportError, AttributeError): @@ -66,6 +65,9 @@ def wrapper(*args, **kwargs): ret = func_to_call(*args, **kwargs) except (AssertionError, AzureError, CliTestError, CliExecutionError, SystemExit, JMESPathCheckAssertionError) as e: + use_exception_cache = os.getenv("TEST_EXCEPTION_CACHE") + if use_exception_cache is None or use_exception_cache.lower() != "true": + raise test_map[func.__name__]["end_dt"] = dt.datetime.utcnow() test_map[func.__name__]["result"] = FAILED test_map[func.__name__]["error_message"] = str(e).replace("\r\n", " ").replace("\n", " ")[:500] diff --git a/src/securityinsight/gen.zip b/src/securityinsight/azext_sentinel/tests/latest/example_steps.py similarity index 66% rename from src/securityinsight/gen.zip rename to src/securityinsight/azext_sentinel/tests/latest/example_steps.py index a6dbc93f1dd..39ea285bdb1 100644 Binary files a/src/securityinsight/gen.zip and b/src/securityinsight/azext_sentinel/tests/latest/example_steps.py differ diff --git a/src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario.py b/src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario.py index 24904409004..37a01817bd4 100644 --- a/src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario.py +++ b/src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario.py @@ -10,11 +10,54 @@ import os from azure.cli.testsdk import ScenarioTest -from .. import try_manual, raise_if, calc_coverage from azure.cli.testsdk import ResourceGroupPreparer from azure_devtools.scenario_tests import AllowLargeResponse +from .example_steps import step_action_create +from .example_steps import step_action_list +from .example_steps import step_action_show +from .example_steps import step_action_delete +from .example_steps import step_alert_rule_create +from .example_steps import step_alert_rule_create2 +from .example_steps import step_alert_rule_create3 +from .example_steps import step_alert_rule_show +from .example_steps import step_alert_rule_show2 +from .example_steps import step_alert_rule_show3 +from .example_steps import step_alert_rule_list +from .example_steps import step_alert_rule_delete +from .example_steps import step_alert_rule_template_show +from .example_steps import step_alert_rule_template_list +from .example_steps import step_bookmark_create +from .example_steps import step_bookmark_show +from .example_steps import step_bookmark_list +from .example_steps import step_bookmark_delete +from .example_steps import step_data_connector_create +from .example_steps import step_data_connector_create2 +from .example_steps import step_data_connector_show +from .example_steps import step_data_connector_show2 +from .example_steps import step_data_connector_show3 +from .example_steps import step_data_connector_show4 +from .example_steps import step_data_connector_list +from .example_steps import step_data_connector_show5 +from .example_steps import step_data_connector_show6 +from .example_steps import step_data_connector_show7 +from .example_steps import step_data_connector_show8 +from .example_steps import step_data_connector_delete +from .example_steps import step_incident_comment_create +from .example_steps import step_incident_comment_list +from .example_steps import step_incident_comment_show +from .example_steps import step_incident_create +from .example_steps import step_incident_list +from .example_steps import step_incident_show +from .example_steps import step_incident_delete +from .. import ( + try_manual, + raise_if, + calc_coverage +) + + TEST_DIR = os.path.abspath(os.path.join(os.path.abspath(__file__), '..')) @@ -253,3 +296,77 @@ def test_sentinel(self, rg): calc_coverage(__file__) raise_if() +# Env setup_scenario +@try_manual +def setup_scenario(test, rg): + pass + + +# Env cleanup_scenario +@try_manual +def cleanup_scenario(test, rg): + pass + + +# Testcase: Scenario +@try_manual +def call_scenario(test, rg): + setup_scenario(test, rg) + step_action_create(test, rg, checks=[]) + step_action_list(test, rg, checks=[]) + step_action_show(test, rg, checks=[]) + step_action_delete(test, rg, checks=[]) + step_alert_rule_create(test, rg, checks=[]) + step_alert_rule_create2(test, rg, checks=[]) + step_alert_rule_create3(test, rg, checks=[]) + step_alert_rule_show(test, rg, checks=[]) + step_alert_rule_show2(test, rg, checks=[]) + step_alert_rule_show3(test, rg, checks=[]) + step_alert_rule_list(test, rg, checks=[]) + step_alert_rule_delete(test, rg, checks=[]) + step_alert_rule_template_show(test, rg, checks=[]) + step_alert_rule_template_list(test, rg, checks=[]) + step_bookmark_create(test, rg, checks=[]) + step_bookmark_show(test, rg, checks=[]) + step_bookmark_list(test, rg, checks=[]) + step_bookmark_delete(test, rg, checks=[]) + step_data_connector_create(test, rg, checks=[]) + step_data_connector_create2(test, rg, checks=[]) + step_data_connector_show(test, rg, checks=[]) + step_data_connector_show2(test, rg, checks=[]) + step_data_connector_show3(test, rg, checks=[]) + step_data_connector_show4(test, rg, checks=[]) + step_data_connector_list(test, rg, checks=[]) + step_data_connector_show5(test, rg, checks=[]) + step_data_connector_show6(test, rg, checks=[]) + step_data_connector_show7(test, rg, checks=[]) + step_data_connector_show8(test, rg, checks=[]) + step_data_connector_delete(test, rg, checks=[]) + step_incident_comment_create(test, rg, checks=[]) + step_incident_comment_list(test, rg, checks=[]) + step_incident_comment_show(test, rg, checks=[]) + step_incident_create(test, rg, checks=[]) + step_incident_list(test, rg, checks=[]) + step_incident_show(test, rg, checks=[]) + step_incident_delete(test, rg, checks=[]) + cleanup_scenario(test, rg) + + +# Test class for Scenario +@try_manual +class SentinelScenarioTest(ScenarioTest): + + def __init__(self, *args, **kwargs): + super(SentinelScenarioTest, self).__init__(*args, **kwargs) + self.kwargs.update({ + 'subscription_id': self.get_subscription_id() + }) + + + + @ResourceGroupPreparer(name_prefix='clitestsentinel_myRg'[:7], key='rg', parameter_name='rg') + def test_sentinel_Scenario(self, rg): + call_scenario(self, rg) + calc_coverage(__file__) + raise_if() + diff --git a/src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario_coverage.md b/src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario_coverage.md deleted file mode 100644 index cb712843009..00000000000 --- a/src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario_coverage.md +++ /dev/null @@ -1,2 +0,0 @@ -|Scenario|Result|ErrorMessage|ErrorStack|ErrorNormalized|StartDt|EndDt| -Coverage: 0/0 diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_security_insights.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_security_insights.py index 3f1b4e49c01..67034a56ac0 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_security_insights.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_security_insights.py @@ -18,36 +18,36 @@ from azure.core.credentials import TokenCredential from ._configuration import SecurityInsightsConfiguration -from .operations import OperationOperations -from .operations import AlertRuleOperations -from .operations import ActionOperations -from .operations import AlertRuleTemplateOperations -from .operations import BookmarkOperations -from .operations import DataConnectorOperations -from .operations import IncidentOperations -from .operations import IncidentCommentOperations +from .operations import AlertRulesOperations +from .operations import ActionsOperations +from .operations import AlertRuleTemplatesOperations +from .operations import BookmarksOperations +from .operations import DataConnectorsOperations +from .operations import Operations +from .operations import IncidentsOperations +from .operations import IncidentCommentsOperations from . import models class SecurityInsights(object): """API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider. - :ivar operation: OperationOperations operations - :vartype operation: security_insights.operations.OperationOperations - :ivar alert_rule: AlertRuleOperations operations - :vartype alert_rule: security_insights.operations.AlertRuleOperations - :ivar action: ActionOperations operations - :vartype action: security_insights.operations.ActionOperations - :ivar alert_rule_template: AlertRuleTemplateOperations operations - :vartype alert_rule_template: security_insights.operations.AlertRuleTemplateOperations - :ivar bookmark: BookmarkOperations operations - :vartype bookmark: security_insights.operations.BookmarkOperations - :ivar data_connector: DataConnectorOperations operations - :vartype data_connector: security_insights.operations.DataConnectorOperations - :ivar incident: IncidentOperations operations - :vartype incident: security_insights.operations.IncidentOperations - :ivar incident_comment: IncidentCommentOperations operations - :vartype incident_comment: security_insights.operations.IncidentCommentOperations + :ivar alert_rules: AlertRulesOperations operations + :vartype alert_rules: security_insights.operations.AlertRulesOperations + :ivar actions: ActionsOperations operations + :vartype actions: security_insights.operations.ActionsOperations + :ivar alert_rule_templates: AlertRuleTemplatesOperations operations + :vartype alert_rule_templates: security_insights.operations.AlertRuleTemplatesOperations + :ivar bookmarks: BookmarksOperations operations + :vartype bookmarks: security_insights.operations.BookmarksOperations + :ivar data_connectors: DataConnectorsOperations operations + :vartype data_connectors: security_insights.operations.DataConnectorsOperations + :ivar operations: Operations operations + :vartype operations: security_insights.operations.Operations + :ivar incidents: IncidentsOperations operations + :vartype incidents: security_insights.operations.IncidentsOperations + :ivar incident_comments: IncidentCommentsOperations operations + :vartype incident_comments: security_insights.operations.IncidentCommentsOperations :param credential: Credential needed for the client to connect to Azure. :type credential: ~azure.core.credentials.TokenCredential :param subscription_id: Azure subscription ID. @@ -72,21 +72,21 @@ def __init__( self._serialize = Serializer(client_models) self._deserialize = Deserializer(client_models) - self.operation = OperationOperations( + self.alert_rules = AlertRulesOperations( self._client, self._config, self._serialize, self._deserialize) - self.alert_rule = AlertRuleOperations( + self.actions = ActionsOperations( self._client, self._config, self._serialize, self._deserialize) - self.action = ActionOperations( + self.alert_rule_templates = AlertRuleTemplatesOperations( self._client, self._config, self._serialize, self._deserialize) - self.alert_rule_template = AlertRuleTemplateOperations( + self.bookmarks = BookmarksOperations( self._client, self._config, self._serialize, self._deserialize) - self.bookmark = BookmarkOperations( + self.data_connectors = DataConnectorsOperations( self._client, self._config, self._serialize, self._deserialize) - self.data_connector = DataConnectorOperations( + self.operations = Operations( self._client, self._config, self._serialize, self._deserialize) - self.incident = IncidentOperations( + self.incidents = IncidentsOperations( self._client, self._config, self._serialize, self._deserialize) - self.incident_comment = IncidentCommentOperations( + self.incident_comments = IncidentCommentsOperations( self._client, self._config, self._serialize, self._deserialize) def close(self): diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_security_insights.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_security_insights.py index 7eb275a24fa..76807fadff1 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_security_insights.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_security_insights.py @@ -16,36 +16,36 @@ from azure.core.credentials_async import AsyncTokenCredential from ._configuration import SecurityInsightsConfiguration -from .operations import OperationOperations -from .operations import AlertRuleOperations -from .operations import ActionOperations -from .operations import AlertRuleTemplateOperations -from .operations import BookmarkOperations -from .operations import DataConnectorOperations -from .operations import IncidentOperations -from .operations import IncidentCommentOperations +from .operations import AlertRulesOperations +from .operations import ActionsOperations +from .operations import AlertRuleTemplatesOperations +from .operations import BookmarksOperations +from .operations import DataConnectorsOperations +from .operations import Operations +from .operations import IncidentsOperations +from .operations import IncidentCommentsOperations from .. import models class SecurityInsights(object): """API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider. - :ivar operation: OperationOperations operations - :vartype operation: security_insights.aio.operations.OperationOperations - :ivar alert_rule: AlertRuleOperations operations - :vartype alert_rule: security_insights.aio.operations.AlertRuleOperations - :ivar action: ActionOperations operations - :vartype action: security_insights.aio.operations.ActionOperations - :ivar alert_rule_template: AlertRuleTemplateOperations operations - :vartype alert_rule_template: security_insights.aio.operations.AlertRuleTemplateOperations - :ivar bookmark: BookmarkOperations operations - :vartype bookmark: security_insights.aio.operations.BookmarkOperations - :ivar data_connector: DataConnectorOperations operations - :vartype data_connector: security_insights.aio.operations.DataConnectorOperations - :ivar incident: IncidentOperations operations - :vartype incident: security_insights.aio.operations.IncidentOperations - :ivar incident_comment: IncidentCommentOperations operations - :vartype incident_comment: security_insights.aio.operations.IncidentCommentOperations + :ivar alert_rules: AlertRulesOperations operations + :vartype alert_rules: security_insights.aio.operations.AlertRulesOperations + :ivar actions: ActionsOperations operations + :vartype actions: security_insights.aio.operations.ActionsOperations + :ivar alert_rule_templates: AlertRuleTemplatesOperations operations + :vartype alert_rule_templates: security_insights.aio.operations.AlertRuleTemplatesOperations + :ivar bookmarks: BookmarksOperations operations + :vartype bookmarks: security_insights.aio.operations.BookmarksOperations + :ivar data_connectors: DataConnectorsOperations operations + :vartype data_connectors: security_insights.aio.operations.DataConnectorsOperations + :ivar operations: Operations operations + :vartype operations: security_insights.aio.operations.Operations + :ivar incidents: IncidentsOperations operations + :vartype incidents: security_insights.aio.operations.IncidentsOperations + :ivar incident_comments: IncidentCommentsOperations operations + :vartype incident_comments: security_insights.aio.operations.IncidentCommentsOperations :param credential: Credential needed for the client to connect to Azure. :type credential: ~azure.core.credentials_async.AsyncTokenCredential :param subscription_id: Azure subscription ID. @@ -69,21 +69,21 @@ def __init__( self._serialize = Serializer(client_models) self._deserialize = Deserializer(client_models) - self.operation = OperationOperations( + self.alert_rules = AlertRulesOperations( self._client, self._config, self._serialize, self._deserialize) - self.alert_rule = AlertRuleOperations( + self.actions = ActionsOperations( self._client, self._config, self._serialize, self._deserialize) - self.action = ActionOperations( + self.alert_rule_templates = AlertRuleTemplatesOperations( self._client, self._config, self._serialize, self._deserialize) - self.alert_rule_template = AlertRuleTemplateOperations( + self.bookmarks = BookmarksOperations( self._client, self._config, self._serialize, self._deserialize) - self.bookmark = BookmarkOperations( + self.data_connectors = DataConnectorsOperations( self._client, self._config, self._serialize, self._deserialize) - self.data_connector = DataConnectorOperations( + self.operations = Operations( self._client, self._config, self._serialize, self._deserialize) - self.incident = IncidentOperations( + self.incidents = IncidentsOperations( self._client, self._config, self._serialize, self._deserialize) - self.incident_comment = IncidentCommentOperations( + self.incident_comments = IncidentCommentsOperations( self._client, self._config, self._serialize, self._deserialize) async def close(self) -> None: diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/__init__.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/__init__.py index 5e67996dcd4..e6b787caab9 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/__init__.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/__init__.py @@ -6,22 +6,22 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from ._operation_operations import OperationOperations -from ._alert_rule_operations import AlertRuleOperations -from ._action_operations import ActionOperations -from ._alert_rule_template_operations import AlertRuleTemplateOperations -from ._bookmark_operations import BookmarkOperations -from ._data_connector_operations import DataConnectorOperations -from ._incident_operations import IncidentOperations -from ._incident_comment_operations import IncidentCommentOperations +from ._alert_rules_operations import AlertRulesOperations +from ._actions_operations import ActionsOperations +from ._alert_rule_templates_operations import AlertRuleTemplatesOperations +from ._bookmarks_operations import BookmarksOperations +from ._data_connectors_operations import DataConnectorsOperations +from ._operations import Operations +from ._incidents_operations import IncidentsOperations +from ._incident_comments_operations import IncidentCommentsOperations __all__ = [ - 'OperationOperations', - 'AlertRuleOperations', - 'ActionOperations', - 'AlertRuleTemplateOperations', - 'BookmarkOperations', - 'DataConnectorOperations', - 'IncidentOperations', - 'IncidentCommentOperations', + 'AlertRulesOperations', + 'ActionsOperations', + 'AlertRuleTemplatesOperations', + 'BookmarksOperations', + 'DataConnectorsOperations', + 'Operations', + 'IncidentsOperations', + 'IncidentCommentsOperations', ] diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_action_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_action_operations.py deleted file mode 100644 index 378198b2cfb..00000000000 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_action_operations.py +++ /dev/null @@ -1,121 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar -import warnings - -from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models - -T = TypeVar('T') -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - -class ActionOperations: - """ActionOperations async operations. - - You should not instantiate this class directly. Instead, you should create a Client instance that - instantiates it for you and attaches it as an attribute. - - :ivar models: Alias to model classes used in this operation group. - :type models: ~security_insights.models - :param client: Client for service requests. - :param config: Configuration of service client. - :param serializer: An object model serializer. - :param deserializer: An object model deserializer. - """ - - models = models - - def __init__(self, client, config, serializer, deserializer) -> None: - self._client = client - self._serialize = serializer - self._deserialize = deserializer - self._config = config - - def list_by_alert_rule( - self, - resource_group_name: str, - workspace_name: str, - rule_id: str, - **kwargs - ) -> AsyncIterable["models.ActionsList"]: - """Gets all actions of alert rule. - - :param resource_group_name: The name of the resource group within the user's subscription. The - name is case insensitive. - :type resource_group_name: str - :param workspace_name: The name of the workspace. - :type workspace_name: str - :param rule_id: Alert rule ID. - :type rule_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either ActionsList or the result of cls(response) - :rtype: ~azure.core.async_paging.AsyncItemPaged[~security_insights.models.ActionsList] - :raises: ~azure.core.exceptions.HttpResponseError - """ - cls = kwargs.pop('cls', None) # type: ClsType["models.ActionsList"] - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {})) - api_version = "2020-01-01" - accept = "application/json" - - def prepare_request(next_link=None): - # Construct headers - header_parameters = {} # type: Dict[str, Any] - header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') - - if not next_link: - # Construct URL - url = self.list_by_alert_rule.metadata['url'] # type: ignore - path_format_arguments = { - 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), - 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), - } - url = self._client.format_url(url, **path_format_arguments) - # Construct parameters - query_parameters = {} # type: Dict[str, Any] - query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') - - request = self._client.get(url, query_parameters, header_parameters) - else: - url = next_link - query_parameters = {} # type: Dict[str, Any] - request = self._client.get(url, query_parameters, header_parameters) - return request - - async def extract_data(pipeline_response): - deserialized = self._deserialize('ActionsList', pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) - return deserialized.next_link or None, AsyncList(list_of_elem) - - async def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return AsyncItemPaged( - get_next, extract_data - ) - list_by_alert_rule.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_actions_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_actions_operations.py new file mode 100644 index 00000000000..88a972873b3 --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_actions_operations.py @@ -0,0 +1,331 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar, Union +import warnings + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models + +T = TypeVar('T') +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + +class ActionsOperations: + """ActionsOperations async operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~security_insights.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer) -> None: + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list_by_alert_rule( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + **kwargs + ) -> AsyncIterable["models.ActionsList"]: + """Gets all actions of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either ActionsList or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~security_insights.models.ActionsList] + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.ActionsList"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + def prepare_request(next_link=None): + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + if not next_link: + # Construct URL + url = self.list_by_alert_rule.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + else: + url = next_link + query_parameters = {} # type: Dict[str, Any] + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize('ActionsList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged( + get_next, extract_data + ) + list_by_alert_rule.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions'} # type: ignore + + async def get( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + action_id: str, + **kwargs + ) -> "models.ActionResponse": + """Gets the action of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param action_id: Action ID. + :type action_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ActionResponse, or the result of cls(response) + :rtype: ~security_insights.models.ActionResponse + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.ActionResponse"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.get.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('ActionResponse', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore + + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + action_id: str, + action: "models.ActionRequest", + **kwargs + ) -> "models.ActionResponse": + """Creates or updates the action of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param action_id: Action ID. + :type action_id: str + :param action: The action. + :type action: ~security_insights.models.ActionRequest + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ActionResponse, or the result of cls(response) + :rtype: ~security_insights.models.ActionResponse + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.ActionResponse"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + accept = "application/json" + + # Construct URL + url = self.create_or_update.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(action, 'ActionRequest') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize('ActionResponse', pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize('ActionResponse', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore + + async def delete( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + action_id: str, + **kwargs + ) -> None: + """Delete the action of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param action_id: Action ID. + :type action_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None, or the result of cls(response) + :rtype: None + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType[None] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.delete.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_operations.py deleted file mode 100644 index 89d90bb06be..00000000000 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_operations.py +++ /dev/null @@ -1,535 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar, Union -import warnings - -from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest -from azure.mgmt.core.exceptions import ARMErrorFormat - -from ... import models - -T = TypeVar('T') -ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] - -class AlertRuleOperations: - """AlertRuleOperations async operations. - - You should not instantiate this class directly. Instead, you should create a Client instance that - instantiates it for you and attaches it as an attribute. - - :ivar models: Alias to model classes used in this operation group. - :type models: ~security_insights.models - :param client: Client for service requests. - :param config: Configuration of service client. - :param serializer: An object model serializer. - :param deserializer: An object model deserializer. - """ - - models = models - - def __init__(self, client, config, serializer, deserializer) -> None: - self._client = client - self._serialize = serializer - self._deserialize = deserializer - self._config = config - - def list( - self, - resource_group_name: str, - workspace_name: str, - **kwargs - ) -> AsyncIterable["models.AlertRulesList"]: - """Gets all alert rules. - - :param resource_group_name: The name of the resource group within the user's subscription. The - name is case insensitive. - :type resource_group_name: str - :param workspace_name: The name of the workspace. - :type workspace_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either AlertRulesList or the result of cls(response) - :rtype: ~azure.core.async_paging.AsyncItemPaged[~security_insights.models.AlertRulesList] - :raises: ~azure.core.exceptions.HttpResponseError - """ - cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRulesList"] - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {})) - api_version = "2020-01-01" - accept = "application/json" - - def prepare_request(next_link=None): - # Construct headers - header_parameters = {} # type: Dict[str, Any] - header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') - - if not next_link: - # Construct URL - url = self.list.metadata['url'] # type: ignore - path_format_arguments = { - 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), - 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - } - url = self._client.format_url(url, **path_format_arguments) - # Construct parameters - query_parameters = {} # type: Dict[str, Any] - query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') - - request = self._client.get(url, query_parameters, header_parameters) - else: - url = next_link - query_parameters = {} # type: Dict[str, Any] - request = self._client.get(url, query_parameters, header_parameters) - return request - - async def extract_data(pipeline_response): - deserialized = self._deserialize('AlertRulesList', pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) - return deserialized.next_link or None, AsyncList(list_of_elem) - - async def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return AsyncItemPaged( - get_next, extract_data - ) - list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules'} # type: ignore - - async def get( - self, - resource_group_name: str, - workspace_name: str, - rule_id: str, - **kwargs - ) -> "models.AlertRule": - """Gets the alert rule. - - :param resource_group_name: The name of the resource group within the user's subscription. The - name is case insensitive. - :type resource_group_name: str - :param workspace_name: The name of the workspace. - :type workspace_name: str - :param rule_id: Alert rule ID. - :type rule_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: AlertRule, or the result of cls(response) - :rtype: ~security_insights.models.AlertRule - :raises: ~azure.core.exceptions.HttpResponseError - """ - cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRule"] - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {})) - api_version = "2020-01-01" - accept = "application/json" - - # Construct URL - url = self.get.metadata['url'] # type: ignore - path_format_arguments = { - 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), - 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} # type: Dict[str, Any] - query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') - - # Construct headers - header_parameters = {} # type: Dict[str, Any] - header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') - - request = self._client.get(url, query_parameters, header_parameters) - pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize('AlertRule', pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore - - async def create_or_update( - self, - resource_group_name: str, - workspace_name: str, - rule_id: str, - alert_rule: "models.AlertRule", - **kwargs - ) -> "models.AlertRule": - """Creates or updates the alert rule. - - :param resource_group_name: The name of the resource group within the user's subscription. The - name is case insensitive. - :type resource_group_name: str - :param workspace_name: The name of the workspace. - :type workspace_name: str - :param rule_id: Alert rule ID. - :type rule_id: str - :param alert_rule: The alert rule. - :type alert_rule: ~security_insights.models.AlertRule - :keyword callable cls: A custom type or function that will be passed the direct response - :return: AlertRule, or the result of cls(response) - :rtype: ~security_insights.models.AlertRule - :raises: ~azure.core.exceptions.HttpResponseError - """ - cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRule"] - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {})) - api_version = "2020-01-01" - content_type = kwargs.pop("content_type", "application/json") - accept = "application/json" - - # Construct URL - url = self.create_or_update.metadata['url'] # type: ignore - path_format_arguments = { - 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), - 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} # type: Dict[str, Any] - query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') - - # Construct headers - header_parameters = {} # type: Dict[str, Any] - header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') - header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') - - body_content_kwargs = {} # type: Dict[str, Any] - body_content = self._serialize.body(alert_rule, 'AlertRule') - body_content_kwargs['content'] = body_content - request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) - pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) - response = pipeline_response.http_response - - if response.status_code not in [200, 201]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if response.status_code == 200: - deserialized = self._deserialize('AlertRule', pipeline_response) - - if response.status_code == 201: - deserialized = self._deserialize('AlertRule', pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore - - async def delete( - self, - resource_group_name: str, - workspace_name: str, - rule_id: str, - **kwargs - ) -> None: - """Delete the alert rule. - - :param resource_group_name: The name of the resource group within the user's subscription. The - name is case insensitive. - :type resource_group_name: str - :param workspace_name: The name of the workspace. - :type workspace_name: str - :param rule_id: Alert rule ID. - :type rule_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) - :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError - """ - cls = kwargs.pop('cls', None) # type: ClsType[None] - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {})) - api_version = "2020-01-01" - accept = "application/json" - - # Construct URL - url = self.delete.metadata['url'] # type: ignore - path_format_arguments = { - 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), - 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} # type: Dict[str, Any] - query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') - - # Construct headers - header_parameters = {} # type: Dict[str, Any] - header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') - - request = self._client.delete(url, query_parameters, header_parameters) - pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) - response = pipeline_response.http_response - - if response.status_code not in [200, 204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore - - async def get_action( - self, - resource_group_name: str, - workspace_name: str, - rule_id: str, - action_id: str, - **kwargs - ) -> "models.ActionResponse": - """Gets the action of alert rule. - - :param resource_group_name: The name of the resource group within the user's subscription. The - name is case insensitive. - :type resource_group_name: str - :param workspace_name: The name of the workspace. - :type workspace_name: str - :param rule_id: Alert rule ID. - :type rule_id: str - :param action_id: Action ID. - :type action_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: ActionResponse, or the result of cls(response) - :rtype: ~security_insights.models.ActionResponse - :raises: ~azure.core.exceptions.HttpResponseError - """ - cls = kwargs.pop('cls', None) # type: ClsType["models.ActionResponse"] - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {})) - api_version = "2020-01-01" - accept = "application/json" - - # Construct URL - url = self.get_action.metadata['url'] # type: ignore - path_format_arguments = { - 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), - 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), - 'actionId': self._serialize.url("action_id", action_id, 'str'), - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} # type: Dict[str, Any] - query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') - - # Construct headers - header_parameters = {} # type: Dict[str, Any] - header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') - - request = self._client.get(url, query_parameters, header_parameters) - pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize('ActionResponse', pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - get_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore - - async def create_or_update_action( - self, - resource_group_name: str, - workspace_name: str, - rule_id: str, - action_id: str, - etag: Optional[str] = None, - logic_app_resource_id: Optional[str] = None, - trigger_uri: Optional[str] = None, - **kwargs - ) -> "models.ActionResponse": - """Creates or updates the action of alert rule. - - :param resource_group_name: The name of the resource group within the user's subscription. The - name is case insensitive. - :type resource_group_name: str - :param workspace_name: The name of the workspace. - :type workspace_name: str - :param rule_id: Alert rule ID. - :type rule_id: str - :param action_id: Action ID. - :type action_id: str - :param etag: Etag of the azure resource. - :type etag: str - :param logic_app_resource_id: Logic App Resource Id, /subscriptions/{my- - subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my- - workflow-id}. - :type logic_app_resource_id: str - :param trigger_uri: Logic App Callback URL for this specific workflow. - :type trigger_uri: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: ActionResponse, or the result of cls(response) - :rtype: ~security_insights.models.ActionResponse - :raises: ~azure.core.exceptions.HttpResponseError - """ - cls = kwargs.pop('cls', None) # type: ClsType["models.ActionResponse"] - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {})) - - action = models.ActionRequest(etag=etag, logic_app_resource_id=logic_app_resource_id, trigger_uri=trigger_uri) - api_version = "2020-01-01" - content_type = kwargs.pop("content_type", "application/json") - accept = "application/json" - - # Construct URL - url = self.create_or_update_action.metadata['url'] # type: ignore - path_format_arguments = { - 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), - 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), - 'actionId': self._serialize.url("action_id", action_id, 'str'), - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} # type: Dict[str, Any] - query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') - - # Construct headers - header_parameters = {} # type: Dict[str, Any] - header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') - header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') - - body_content_kwargs = {} # type: Dict[str, Any] - body_content = self._serialize.body(action, 'ActionRequest') - body_content_kwargs['content'] = body_content - request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) - pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) - response = pipeline_response.http_response - - if response.status_code not in [200, 201]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if response.status_code == 200: - deserialized = self._deserialize('ActionResponse', pipeline_response) - - if response.status_code == 201: - deserialized = self._deserialize('ActionResponse', pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - create_or_update_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore - - async def delete_action( - self, - resource_group_name: str, - workspace_name: str, - rule_id: str, - action_id: str, - **kwargs - ) -> None: - """Delete the action of alert rule. - - :param resource_group_name: The name of the resource group within the user's subscription. The - name is case insensitive. - :type resource_group_name: str - :param workspace_name: The name of the workspace. - :type workspace_name: str - :param rule_id: Alert rule ID. - :type rule_id: str - :param action_id: Action ID. - :type action_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) - :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError - """ - cls = kwargs.pop('cls', None) # type: ClsType[None] - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {})) - api_version = "2020-01-01" - accept = "application/json" - - # Construct URL - url = self.delete_action.metadata['url'] # type: ignore - path_format_arguments = { - 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), - 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), - 'actionId': self._serialize.url("action_id", action_id, 'str'), - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} # type: Dict[str, Any] - query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') - - # Construct headers - header_parameters = {} # type: Dict[str, Any] - header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') - - request = self._client.delete(url, query_parameters, header_parameters) - pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) - response = pipeline_response.http_response - - if response.status_code not in [200, 204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - delete_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_template_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_templates_operations.py similarity index 99% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_template_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_templates_operations.py index 986138cb66b..0b004ed0e59 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_template_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_templates_operations.py @@ -19,8 +19,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] -class AlertRuleTemplateOperations: - """AlertRuleTemplateOperations async operations. +class AlertRuleTemplatesOperations: + """AlertRuleTemplatesOperations async operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rules_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rules_operations.py new file mode 100644 index 00000000000..c4a7b082d1e --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rules_operations.py @@ -0,0 +1,315 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar, Union +import warnings + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models + +T = TypeVar('T') +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + +class AlertRulesOperations: + """AlertRulesOperations async operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~security_insights.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer) -> None: + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list( + self, + resource_group_name: str, + workspace_name: str, + **kwargs + ) -> AsyncIterable["models.AlertRulesList"]: + """Gets all alert rules. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either AlertRulesList or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~security_insights.models.AlertRulesList] + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRulesList"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + def prepare_request(next_link=None): + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + if not next_link: + # Construct URL + url = self.list.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + } + url = self._client.format_url(url, **path_format_arguments) + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + else: + url = next_link + query_parameters = {} # type: Dict[str, Any] + request = self._client.get(url, query_parameters, header_parameters) + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize('AlertRulesList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged( + get_next, extract_data + ) + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules'} # type: ignore + + async def get( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + **kwargs + ) -> "models.AlertRule": + """Gets the alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AlertRule, or the result of cls(response) + :rtype: ~security_insights.models.AlertRule + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRule"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.get.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('AlertRule', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore + + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + alert_rule: "models.AlertRule", + **kwargs + ) -> "models.AlertRule": + """Creates or updates the alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param alert_rule: The alert rule. + :type alert_rule: ~security_insights.models.AlertRule + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AlertRule, or the result of cls(response) + :rtype: ~security_insights.models.AlertRule + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRule"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + accept = "application/json" + + # Construct URL + url = self.create_or_update.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(alert_rule, 'AlertRule') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize('AlertRule', pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize('AlertRule', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore + + async def delete( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + **kwargs + ) -> None: + """Delete the alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None, or the result of cls(response) + :rtype: None + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType[None] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.delete.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_bookmark_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_bookmarks_operations.py similarity index 89% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_bookmark_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_bookmarks_operations.py index 6cd59a2dc8c..e22f720758a 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_bookmark_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_bookmarks_operations.py @@ -5,8 +5,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import datetime -from typing import Any, AsyncIterable, Callable, Dict, Generic, List, Optional, TypeVar, Union +from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar, Union import warnings from azure.core.async_paging import AsyncItemPaged, AsyncList @@ -20,8 +19,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] -class BookmarkOperations: - """BookmarkOperations async operations. +class BookmarksOperations: + """BookmarksOperations async operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. @@ -185,16 +184,7 @@ async def create_or_update( resource_group_name: str, workspace_name: str, bookmark_id: str, - etag: Optional[str] = None, - created: Optional[datetime.datetime] = None, - display_name: Optional[str] = None, - labels: Optional[List[str]] = None, - notes: Optional[str] = None, - query: Optional[str] = None, - query_result: Optional[str] = None, - updated: Optional[datetime.datetime] = None, - incident_info: Optional["models.IncidentInfo"] = None, - object_id: Optional[str] = None, + bookmark: "models.Bookmark", **kwargs ) -> "models.Bookmark": """Creates or updates the bookmark. @@ -206,26 +196,8 @@ async def create_or_update( :type workspace_name: str :param bookmark_id: Bookmark ID. :type bookmark_id: str - :param etag: Etag of the azure resource. - :type etag: str - :param created: The time the bookmark was created. - :type created: ~datetime.datetime - :param display_name: The display name of the bookmark. - :type display_name: str - :param labels: List of labels relevant to this bookmark. - :type labels: list[str] - :param notes: The notes of the bookmark. - :type notes: str - :param query: The query of the bookmark. - :type query: str - :param query_result: The query result of the bookmark. - :type query_result: str - :param updated: The last time the bookmark was updated. - :type updated: ~datetime.datetime - :param incident_info: Describes an incident that relates to bookmark. - :type incident_info: ~security_insights.models.IncidentInfo - :param object_id: The object id of the user. - :type object_id: str + :param bookmark: The bookmark. + :type bookmark: ~security_insights.models.Bookmark :keyword callable cls: A custom type or function that will be passed the direct response :return: Bookmark, or the result of cls(response) :rtype: ~security_insights.models.Bookmark @@ -236,8 +208,6 @@ async def create_or_update( 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError } error_map.update(kwargs.pop('error_map', {})) - - bookmark = models.Bookmark(etag=etag, created=created, display_name=display_name, labels=labels, notes=notes, query=query, query_result=query_result, updated=updated, incident_info=incident_info, object_id_updated_by_object_id=object_id) api_version = "2020-01-01" content_type = kwargs.pop("content_type", "application/json") accept = "application/json" diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_data_connector_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_data_connectors_operations.py similarity index 99% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_data_connector_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_data_connectors_operations.py index 9f83b3170a9..f0a4fee020e 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_data_connector_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_data_connectors_operations.py @@ -19,8 +19,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] -class DataConnectorOperations: - """DataConnectorOperations async operations. +class DataConnectorsOperations: + """DataConnectorsOperations async operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_comment_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_comments_operations.py similarity index 98% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_comment_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_comments_operations.py index cc2b8403fc1..413a720e50a 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_comment_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_comments_operations.py @@ -19,8 +19,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] -class IncidentCommentOperations: - """IncidentCommentOperations async operations. +class IncidentCommentsOperations: + """IncidentCommentsOperations async operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. @@ -215,7 +215,7 @@ async def create_comment( workspace_name: str, incident_id: str, incident_comment_id: str, - message: Optional[str] = None, + incident_comment: "models.IncidentComment", **kwargs ) -> "models.IncidentComment": """Creates the incident comment. @@ -229,8 +229,8 @@ async def create_comment( :type incident_id: str :param incident_comment_id: Incident comment ID. :type incident_comment_id: str - :param message: The comment message. - :type message: str + :param incident_comment: The incident comment. + :type incident_comment: ~security_insights.models.IncidentComment :keyword callable cls: A custom type or function that will be passed the direct response :return: IncidentComment, or the result of cls(response) :rtype: ~security_insights.models.IncidentComment @@ -241,8 +241,6 @@ async def create_comment( 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError } error_map.update(kwargs.pop('error_map', {})) - - incident_comment = models.IncidentComment(message=message) api_version = "2020-01-01" content_type = kwargs.pop("content_type", "application/json") accept = "application/json" diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incidents_operations.py similarity index 85% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incidents_operations.py index 8efc09e2788..edd3f511ac9 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incidents_operations.py @@ -5,8 +5,7 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import datetime -from typing import Any, AsyncIterable, Callable, Dict, Generic, List, Optional, TypeVar, Union +from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar, Union import warnings from azure.core.async_paging import AsyncItemPaged, AsyncList @@ -20,8 +19,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] -class IncidentOperations: - """IncidentOperations async operations. +class IncidentsOperations: + """IncidentsOperations async operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. @@ -207,18 +206,7 @@ async def create_or_update( resource_group_name: str, workspace_name: str, incident_id: str, - etag: Optional[str] = None, - classification: Optional[Union[str, "models.IncidentClassification"]] = None, - classification_comment: Optional[str] = None, - classification_reason: Optional[Union[str, "models.IncidentClassificationReason"]] = None, - description: Optional[str] = None, - first_activity_time_utc: Optional[datetime.datetime] = None, - labels: Optional[List["models.IncidentLabel"]] = None, - last_activity_time_utc: Optional[datetime.datetime] = None, - owner: Optional["models.IncidentOwnerInfo"] = None, - severity: Optional[Union[str, "models.IncidentSeverity"]] = None, - status: Optional[Union[str, "models.IncidentStatus"]] = None, - title: Optional[str] = None, + incident: "models.Incident", **kwargs ) -> "models.Incident": """Creates or updates the incident. @@ -230,30 +218,8 @@ async def create_or_update( :type workspace_name: str :param incident_id: Incident ID. :type incident_id: str - :param etag: Etag of the azure resource. - :type etag: str - :param classification: The reason the incident was closed. - :type classification: str or ~security_insights.models.IncidentClassification - :param classification_comment: Describes the reason the incident was closed. - :type classification_comment: str - :param classification_reason: The classification reason the incident was closed with. - :type classification_reason: str or ~security_insights.models.IncidentClassificationReason - :param description: The description of the incident. - :type description: str - :param first_activity_time_utc: The time of the first activity in the incident. - :type first_activity_time_utc: ~datetime.datetime - :param labels: List of labels relevant to this incident. - :type labels: list[~security_insights.models.IncidentLabel] - :param last_activity_time_utc: The time of the last activity in the incident. - :type last_activity_time_utc: ~datetime.datetime - :param owner: Describes a user that the incident is assigned to. - :type owner: ~security_insights.models.IncidentOwnerInfo - :param severity: The severity of the incident. - :type severity: str or ~security_insights.models.IncidentSeverity - :param status: The status of the incident. - :type status: str or ~security_insights.models.IncidentStatus - :param title: The title of the incident. - :type title: str + :param incident: The incident. + :type incident: ~security_insights.models.Incident :keyword callable cls: A custom type or function that will be passed the direct response :return: Incident, or the result of cls(response) :rtype: ~security_insights.models.Incident @@ -264,8 +230,6 @@ async def create_or_update( 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError } error_map.update(kwargs.pop('error_map', {})) - - incident = models.Incident(etag=etag, classification=classification, classification_comment=classification_comment, classification_reason=classification_reason, description=description, first_activity_time_utc=first_activity_time_utc, labels=labels, last_activity_time_utc=last_activity_time_utc, owner=owner, severity=severity, status=status, title=title) api_version = "2020-01-01" content_type = kwargs.pop("content_type", "application/json") accept = "application/json" diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_operation_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_operations.py similarity index 98% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_operation_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_operations.py index d8d19921e5c..0b48d47f85f 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_operation_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_operations.py @@ -19,8 +19,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] -class OperationOperations: - """OperationOperations async operations. +class Operations: + """Operations async operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/__init__.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/__init__.py index d50534763d7..73d2a150c03 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/__init__.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/__init__.py @@ -7,10 +7,8 @@ # -------------------------------------------------------------------------- try: - from ._models_py3 import AADDataConnector - from ._models_py3 import AATPDataConnector - from ._models_py3 import ASCDataConnector - from ._models_py3 import ASCDataConnectorProperties + from ._models_py3 import AadDataConnector + from ._models_py3 import AatpDataConnector from ._models_py3 import ActionPropertiesBase from ._models_py3 import ActionRequest from ._models_py3 import ActionRequestProperties @@ -23,7 +21,10 @@ from ._models_py3 import AlertRuleTemplatesList from ._models_py3 import AlertRulesList from ._models_py3 import AlertsDataTypeOfDataConnector + from ._models_py3 import AscDataConnector + from ._models_py3 import AscDataConnectorProperties from ._models_py3 import AwsCloudTrailDataConnector + from ._models_py3 import AwsCloudTrailDataConnectorDataTypes from ._models_py3 import AwsCloudTrailDataConnectorDataTypesLogs from ._models_py3 import Bookmark from ._models_py3 import BookmarkList @@ -45,9 +46,9 @@ from ._models_py3 import IncidentLabel from ._models_py3 import IncidentList from ._models_py3 import IncidentOwnerInfo - from ._models_py3 import MCASDataConnector - from ._models_py3 import MCASDataConnectorDataTypes - from ._models_py3 import MDATPDataConnector + from ._models_py3 import McasDataConnector + from ._models_py3 import McasDataConnectorDataTypes + from ._models_py3 import MdatpDataConnector from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRule from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleCommonProperties from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleProperties @@ -55,8 +56,10 @@ from ._models_py3 import OfficeConsent from ._models_py3 import OfficeConsentList from ._models_py3 import OfficeDataConnector + from ._models_py3 import OfficeDataConnectorDataTypes from ._models_py3 import OfficeDataConnectorDataTypesExchange from ._models_py3 import OfficeDataConnectorDataTypesSharePoint + from ._models_py3 import OfficeDataConnectorDataTypesTeams from ._models_py3 import Operation from ._models_py3 import OperationDisplay from ._models_py3 import OperationsList @@ -67,16 +70,16 @@ from ._models_py3 import ScheduledAlertRuleProperties from ._models_py3 import ScheduledAlertRuleTemplate from ._models_py3 import Settings - from ._models_py3 import TIDataConnector - from ._models_py3 import TIDataConnectorDataTypesIndicators from ._models_py3 import ThreatIntelligence + from ._models_py3 import TiDataConnector + from ._models_py3 import TiDataConnectorDataTypes + from ._models_py3 import TiDataConnectorDataTypesIndicators from ._models_py3 import ToggleSettings from ._models_py3 import UebaSettings + from ._models_py3 import UserInfo except (SyntaxError, ImportError): - from ._models import AADDataConnector # type: ignore - from ._models import AATPDataConnector # type: ignore - from ._models import ASCDataConnector # type: ignore - from ._models import ASCDataConnectorProperties # type: ignore + from ._models import AadDataConnector # type: ignore + from ._models import AatpDataConnector # type: ignore from ._models import ActionPropertiesBase # type: ignore from ._models import ActionRequest # type: ignore from ._models import ActionRequestProperties # type: ignore @@ -89,7 +92,10 @@ from ._models import AlertRuleTemplatesList # type: ignore from ._models import AlertRulesList # type: ignore from ._models import AlertsDataTypeOfDataConnector # type: ignore + from ._models import AscDataConnector # type: ignore + from ._models import AscDataConnectorProperties # type: ignore from ._models import AwsCloudTrailDataConnector # type: ignore + from ._models import AwsCloudTrailDataConnectorDataTypes # type: ignore from ._models import AwsCloudTrailDataConnectorDataTypesLogs # type: ignore from ._models import Bookmark # type: ignore from ._models import BookmarkList # type: ignore @@ -111,9 +117,9 @@ from ._models import IncidentLabel # type: ignore from ._models import IncidentList # type: ignore from ._models import IncidentOwnerInfo # type: ignore - from ._models import MCASDataConnector # type: ignore - from ._models import MCASDataConnectorDataTypes # type: ignore - from ._models import MDATPDataConnector # type: ignore + from ._models import McasDataConnector # type: ignore + from ._models import McasDataConnectorDataTypes # type: ignore + from ._models import MdatpDataConnector # type: ignore from ._models import MicrosoftSecurityIncidentCreationAlertRule # type: ignore from ._models import MicrosoftSecurityIncidentCreationAlertRuleCommonProperties # type: ignore from ._models import MicrosoftSecurityIncidentCreationAlertRuleProperties # type: ignore @@ -121,8 +127,10 @@ from ._models import OfficeConsent # type: ignore from ._models import OfficeConsentList # type: ignore from ._models import OfficeDataConnector # type: ignore + from ._models import OfficeDataConnectorDataTypes # type: ignore from ._models import OfficeDataConnectorDataTypesExchange # type: ignore from ._models import OfficeDataConnectorDataTypesSharePoint # type: ignore + from ._models import OfficeDataConnectorDataTypesTeams # type: ignore from ._models import Operation # type: ignore from ._models import OperationDisplay # type: ignore from ._models import OperationsList # type: ignore @@ -133,11 +141,13 @@ from ._models import ScheduledAlertRuleProperties # type: ignore from ._models import ScheduledAlertRuleTemplate # type: ignore from ._models import Settings # type: ignore - from ._models import TIDataConnector # type: ignore - from ._models import TIDataConnectorDataTypesIndicators # type: ignore from ._models import ThreatIntelligence # type: ignore + from ._models import TiDataConnector # type: ignore + from ._models import TiDataConnectorDataTypes # type: ignore + from ._models import TiDataConnectorDataTypesIndicators # type: ignore from ._models import ToggleSettings # type: ignore from ._models import UebaSettings # type: ignore + from ._models import UserInfo # type: ignore from ._security_insights_enums import ( AlertRuleKind, @@ -154,16 +164,14 @@ LicenseStatus, MicrosoftSecurityProductName, SettingKind, - StatusInMCAS, + StatusInMcas, TemplateStatus, TriggerOperator, ) __all__ = [ - 'AADDataConnector', - 'AATPDataConnector', - 'ASCDataConnector', - 'ASCDataConnectorProperties', + 'AadDataConnector', + 'AatpDataConnector', 'ActionPropertiesBase', 'ActionRequest', 'ActionRequestProperties', @@ -176,7 +184,10 @@ 'AlertRuleTemplatesList', 'AlertRulesList', 'AlertsDataTypeOfDataConnector', + 'AscDataConnector', + 'AscDataConnectorProperties', 'AwsCloudTrailDataConnector', + 'AwsCloudTrailDataConnectorDataTypes', 'AwsCloudTrailDataConnectorDataTypesLogs', 'Bookmark', 'BookmarkList', @@ -198,9 +209,9 @@ 'IncidentLabel', 'IncidentList', 'IncidentOwnerInfo', - 'MCASDataConnector', - 'MCASDataConnectorDataTypes', - 'MDATPDataConnector', + 'McasDataConnector', + 'McasDataConnectorDataTypes', + 'MdatpDataConnector', 'MicrosoftSecurityIncidentCreationAlertRule', 'MicrosoftSecurityIncidentCreationAlertRuleCommonProperties', 'MicrosoftSecurityIncidentCreationAlertRuleProperties', @@ -208,8 +219,10 @@ 'OfficeConsent', 'OfficeConsentList', 'OfficeDataConnector', + 'OfficeDataConnectorDataTypes', 'OfficeDataConnectorDataTypesExchange', 'OfficeDataConnectorDataTypesSharePoint', + 'OfficeDataConnectorDataTypesTeams', 'Operation', 'OperationDisplay', 'OperationsList', @@ -220,11 +233,13 @@ 'ScheduledAlertRuleProperties', 'ScheduledAlertRuleTemplate', 'Settings', - 'TIDataConnector', - 'TIDataConnectorDataTypesIndicators', 'ThreatIntelligence', + 'TiDataConnector', + 'TiDataConnectorDataTypes', + 'TiDataConnectorDataTypesIndicators', 'ToggleSettings', 'UebaSettings', + 'UserInfo', 'AlertRuleKind', 'AlertSeverity', 'AttackTactic', @@ -239,7 +254,7 @@ 'LicenseStatus', 'MicrosoftSecurityProductName', 'SettingKind', - 'StatusInMCAS', + 'StatusInMcas', 'TemplateStatus', 'TriggerOperator', ] diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models.py index f8a2cf69674..6bbd130bb11 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models.py @@ -52,7 +52,7 @@ class DataConnector(ResourceWithEtag): """Data connector. You probably want to use the sub-classes and not this class directly. Known - sub-classes are: AwsCloudTrailDataConnector, AADDataConnector, AATPDataConnector, ASCDataConnector, MCASDataConnector, MDATPDataConnector, OfficeDataConnector, TIDataConnector. + sub-classes are: AwsCloudTrailDataConnector, AadDataConnector, AatpDataConnector, AscDataConnector, McasDataConnector, MdatpDataConnector, OfficeDataConnector, TiDataConnector. Variables are only populated by the server, and will be ignored when sending a request. @@ -89,7 +89,7 @@ class DataConnector(ResourceWithEtag): } _subtype_map = { - 'kind': {'AmazonWebServicesCloudTrail': 'AwsCloudTrailDataConnector', 'AzureActiveDirectory': 'AADDataConnector', 'AzureAdvancedThreatProtection': 'AATPDataConnector', 'AzureSecurityCenter': 'ASCDataConnector', 'MicrosoftCloudAppSecurity': 'MCASDataConnector', 'MicrosoftDefenderAdvancedThreatProtection': 'MDATPDataConnector', 'Office365': 'OfficeDataConnector', 'ThreatIntelligence': 'TIDataConnector'} + 'kind': {'AmazonWebServicesCloudTrail': 'AwsCloudTrailDataConnector', 'AzureActiveDirectory': 'AadDataConnector', 'AzureAdvancedThreatProtection': 'AatpDataConnector', 'AzureSecurityCenter': 'AscDataConnector', 'MicrosoftCloudAppSecurity': 'McasDataConnector', 'MicrosoftDefenderAdvancedThreatProtection': 'MdatpDataConnector', 'Office365': 'OfficeDataConnector', 'ThreatIntelligence': 'TiDataConnector'} } def __init__( @@ -100,7 +100,7 @@ def __init__( self.kind = 'DataConnector' # type: str -class AADDataConnector(DataConnector): +class AadDataConnector(DataConnector): """Represents AAD (Azure Active Directory) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -122,9 +122,8 @@ class AADDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AlertsDataTypeOfDataConnector """ _validation = { @@ -141,20 +140,20 @@ class AADDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, } def __init__( self, **kwargs ): - super(AADDataConnector, self).__init__(**kwargs) + super(AadDataConnector, self).__init__(**kwargs) self.kind = 'AzureActiveDirectory' # type: str self.tenant_id = kwargs.get('tenant_id', None) - self.state = kwargs.get('state', None) + self.data_types = kwargs.get('data_types', None) -class AATPDataConnector(DataConnector): +class AatpDataConnector(DataConnector): """Represents AATP (Azure Advanced Threat Protection) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -176,9 +175,8 @@ class AATPDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AlertsDataTypeOfDataConnector """ _validation = { @@ -195,17 +193,17 @@ class AATPDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, } def __init__( self, **kwargs ): - super(AATPDataConnector, self).__init__(**kwargs) + super(AatpDataConnector, self).__init__(**kwargs) self.kind = 'AzureAdvancedThreatProtection' # type: str self.tenant_id = kwargs.get('tenant_id', None) - self.state = kwargs.get('state', None) + self.data_types = kwargs.get('data_types', None) class ActionPropertiesBase(msrest.serialization.Model): @@ -289,12 +287,13 @@ class ActionRequestProperties(ActionPropertiesBase): subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my- workflow-id}. :type logic_app_resource_id: str - :param trigger_uri: Logic App Callback URL for this specific workflow. + :param trigger_uri: Required. Logic App Callback URL for this specific workflow. :type trigger_uri: str """ _validation = { 'logic_app_resource_id': {'required': True}, + 'trigger_uri': {'required': True}, } _attribute_map = { @@ -307,7 +306,7 @@ def __init__( **kwargs ): super(ActionRequestProperties, self).__init__(**kwargs) - self.trigger_uri = kwargs.get('trigger_uri', None) + self.trigger_uri = kwargs['trigger_uri'] class Resource(msrest.serialization.Model): @@ -640,13 +639,12 @@ def __init__( class AlertsDataTypeOfDataConnector(msrest.serialization.Model): """Alerts data type for data connectors. - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param alerts: Alerts data type connection. + :type alerts: ~security_insights.models.DataConnectorDataTypeCommon """ _attribute_map = { - 'state': {'key': 'alerts.state', 'type': 'str'}, + 'alerts': {'key': 'alerts', 'type': 'DataConnectorDataTypeCommon'}, } def __init__( @@ -654,10 +652,10 @@ def __init__( **kwargs ): super(AlertsDataTypeOfDataConnector, self).__init__(**kwargs) - self.state = kwargs.get('state', None) + self.alerts = kwargs.get('alerts', None) -class ASCDataConnector(DataConnector): +class AscDataConnector(DataConnector): """Represents ASC (Azure Security Center) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -677,11 +675,10 @@ class ASCDataConnector(DataConnector): "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". :type kind: str or ~security_insights.models.DataConnectorKind + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AlertsDataTypeOfDataConnector :param subscription_id: The subscription id to connect to, and get the data from. :type subscription_id: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState """ _validation = { @@ -697,18 +694,18 @@ class ASCDataConnector(DataConnector): 'type': {'key': 'type', 'type': 'str'}, 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, 'subscription_id': {'key': 'properties.subscriptionId', 'type': 'str'}, - 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, } def __init__( self, **kwargs ): - super(ASCDataConnector, self).__init__(**kwargs) + super(AscDataConnector, self).__init__(**kwargs) self.kind = 'AzureSecurityCenter' # type: str + self.data_types = kwargs.get('data_types', None) self.subscription_id = kwargs.get('subscription_id', None) - self.state = kwargs.get('state', None) class DataConnectorWithAlertsProperties(msrest.serialization.Model): @@ -730,7 +727,7 @@ def __init__( self.data_types = kwargs.get('data_types', None) -class ASCDataConnectorProperties(DataConnectorWithAlertsProperties): +class AscDataConnectorProperties(DataConnectorWithAlertsProperties): """ASC (Azure Security Center) data connector properties. :param data_types: The available data types for the connector. @@ -748,7 +745,7 @@ def __init__( self, **kwargs ): - super(ASCDataConnectorProperties, self).__init__(**kwargs) + super(AscDataConnectorProperties, self).__init__(**kwargs) self.subscription_id = kwargs.get('subscription_id', None) @@ -775,9 +772,8 @@ class AwsCloudTrailDataConnector(DataConnector): :param aws_role_arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. :type aws_role_arn: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AwsCloudTrailDataConnectorDataTypes """ _validation = { @@ -794,7 +790,7 @@ class AwsCloudTrailDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'aws_role_arn': {'key': 'properties.awsRoleArn', 'type': 'str'}, - 'state': {'key': 'dataTypes.logs.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AwsCloudTrailDataConnectorDataTypes'}, } def __init__( @@ -804,7 +800,26 @@ def __init__( super(AwsCloudTrailDataConnector, self).__init__(**kwargs) self.kind = 'AmazonWebServicesCloudTrail' # type: str self.aws_role_arn = kwargs.get('aws_role_arn', None) - self.state = kwargs.get('state', None) + self.data_types = kwargs.get('data_types', None) + + +class AwsCloudTrailDataConnectorDataTypes(msrest.serialization.Model): + """The available data types for Amazon Web Services CloudTrail data connector. + + :param logs: Logs data type. + :type logs: ~security_insights.models.DataConnectorDataTypeCommon + """ + + _attribute_map = { + 'logs': {'key': 'logs', 'type': 'DataConnectorDataTypeCommon'}, + } + + def __init__( + self, + **kwargs + ): + super(AwsCloudTrailDataConnectorDataTypes, self).__init__(**kwargs) + self.logs = kwargs.get('logs', None) class DataConnectorDataTypeCommon(msrest.serialization.Model): @@ -861,6 +876,8 @@ class Bookmark(ResourceWithEtag): :type etag: str :param created: The time the bookmark was created. :type created: ~datetime.datetime + :param created_by: Describes a user that created the bookmark. + :type created_by: ~security_insights.models.UserInfo :param display_name: The display name of the bookmark. :type display_name: str :param labels: List of labels relevant to this bookmark. @@ -873,30 +890,22 @@ class Bookmark(ResourceWithEtag): :type query_result: str :param updated: The last time the bookmark was updated. :type updated: ~datetime.datetime + :param updated_by: Describes a user that updated the bookmark. + :type updated_by: ~security_insights.models.UserInfo + :param event_time: The bookmark event time. + :type event_time: ~datetime.datetime + :param query_start_time: The start time for the query. + :type query_start_time: ~datetime.datetime + :param query_end_time: The end time for the query. + :type query_end_time: ~datetime.datetime :param incident_info: Describes an incident that relates to bookmark. :type incident_info: ~security_insights.models.IncidentInfo - :ivar email_updated_by_email: The email of the user. - :vartype email_updated_by_email: str - :ivar name_updated_by_name: The name of the user. - :vartype name_updated_by_name: str - :param object_id_updated_by_object_id: The object id of the user. - :type object_id_updated_by_object_id: str - :ivar email_created_by_email: The email of the user. - :vartype email_created_by_email: str - :ivar name_created_by_name: The name of the user. - :vartype name_created_by_name: str - :param object_id_created_by_object_id: The object id of the user. - :type object_id_created_by_object_id: str """ _validation = { 'id': {'readonly': True}, 'name': {'readonly': True}, 'type': {'readonly': True}, - 'email_updated_by_email': {'readonly': True}, - 'name_updated_by_name': {'readonly': True}, - 'email_created_by_email': {'readonly': True}, - 'name_created_by_name': {'readonly': True}, } _attribute_map = { @@ -905,19 +914,18 @@ class Bookmark(ResourceWithEtag): 'type': {'key': 'type', 'type': 'str'}, 'etag': {'key': 'etag', 'type': 'str'}, 'created': {'key': 'properties.created', 'type': 'iso-8601'}, + 'created_by': {'key': 'properties.createdBy', 'type': 'UserInfo'}, 'display_name': {'key': 'properties.displayName', 'type': 'str'}, 'labels': {'key': 'properties.labels', 'type': '[str]'}, 'notes': {'key': 'properties.notes', 'type': 'str'}, 'query': {'key': 'properties.query', 'type': 'str'}, 'query_result': {'key': 'properties.queryResult', 'type': 'str'}, 'updated': {'key': 'properties.updated', 'type': 'iso-8601'}, + 'updated_by': {'key': 'properties.updatedBy', 'type': 'UserInfo'}, + 'event_time': {'key': 'properties.eventTime', 'type': 'iso-8601'}, + 'query_start_time': {'key': 'properties.queryStartTime', 'type': 'iso-8601'}, + 'query_end_time': {'key': 'properties.queryEndTime', 'type': 'iso-8601'}, 'incident_info': {'key': 'properties.incidentInfo', 'type': 'IncidentInfo'}, - 'email_updated_by_email': {'key': 'updatedBy.email', 'type': 'str'}, - 'name_updated_by_name': {'key': 'updatedBy.name', 'type': 'str'}, - 'object_id_updated_by_object_id': {'key': 'updatedBy.objectId', 'type': 'str'}, - 'email_created_by_email': {'key': 'createdBy.email', 'type': 'str'}, - 'name_created_by_name': {'key': 'createdBy.name', 'type': 'str'}, - 'object_id_created_by_object_id': {'key': 'createdBy.objectId', 'type': 'str'}, } def __init__( @@ -926,19 +934,18 @@ def __init__( ): super(Bookmark, self).__init__(**kwargs) self.created = kwargs.get('created', None) + self.created_by = kwargs.get('created_by', None) self.display_name = kwargs.get('display_name', None) self.labels = kwargs.get('labels', None) self.notes = kwargs.get('notes', None) self.query = kwargs.get('query', None) self.query_result = kwargs.get('query_result', None) self.updated = kwargs.get('updated', None) + self.updated_by = kwargs.get('updated_by', None) + self.event_time = kwargs.get('event_time', None) + self.query_start_time = kwargs.get('query_start_time', None) + self.query_end_time = kwargs.get('query_end_time', None) self.incident_info = kwargs.get('incident_info', None) - self.email_updated_by_email = None - self.name_updated_by_name = None - self.object_id_updated_by_object_id = kwargs.get('object_id_updated_by_object_id', None) - self.email_created_by_email = None - self.name_created_by_name = None - self.object_id_created_by_object_id = kwargs.get('object_id_created_by_object_id', None) class BookmarkList(msrest.serialization.Model): @@ -1086,7 +1093,7 @@ def __init__( class ErrorResponse(msrest.serialization.Model): - """The resource management error response. + """Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.). Variables are only populated by the server, and will be ignored when sending a request. @@ -1523,26 +1530,17 @@ def __init__( class IncidentInfo(msrest.serialization.Model): """Describes related incident information for the bookmark. - All required parameters must be populated in order to send to Azure. - - :param incident_id: Required. Incident Id. + :param incident_id: Incident Id. :type incident_id: str - :param severity: Required. The severity of the incident. Possible values include: "Critical", - "High", "Medium", "Low", "Informational". + :param severity: The severity of the incident. Possible values include: "Critical", "High", + "Medium", "Low", "Informational". :type severity: str or ~security_insights.models.CaseSeverity - :param title: Required. The title of the incident. + :param title: The title of the incident. :type title: str - :param relation_name: Required. Relation Name. + :param relation_name: Relation Name. :type relation_name: str """ - _validation = { - 'incident_id': {'required': True}, - 'severity': {'required': True}, - 'title': {'required': True}, - 'relation_name': {'required': True}, - } - _attribute_map = { 'incident_id': {'key': 'incidentId', 'type': 'str'}, 'severity': {'key': 'severity', 'type': 'str'}, @@ -1555,10 +1553,10 @@ def __init__( **kwargs ): super(IncidentInfo, self).__init__(**kwargs) - self.incident_id = kwargs['incident_id'] - self.severity = kwargs['severity'] - self.title = kwargs['title'] - self.relation_name = kwargs['relation_name'] + self.incident_id = kwargs.get('incident_id', None) + self.severity = kwargs.get('severity', None) + self.title = kwargs.get('title', None) + self.relation_name = kwargs.get('relation_name', None) class IncidentLabel(msrest.serialization.Model): @@ -1656,7 +1654,7 @@ def __init__( self.user_principal_name = kwargs.get('user_principal_name', None) -class MCASDataConnector(DataConnector): +class McasDataConnector(DataConnector): """Represents MCAS (Microsoft Cloud App Security) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -1678,12 +1676,8 @@ class MCASDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state_data_types_alerts_state: Describe whether this data type connection is enabled or - not. Possible values include: "Enabled", "Disabled". - :type state_data_types_alerts_state: str or ~security_insights.models.DataTypeState - :param state_data_types_discovery_logs_state: Describe whether this data type connection is - enabled or not. Possible values include: "Enabled", "Disabled". - :type state_data_types_discovery_logs_state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.McasDataConnectorDataTypes """ _validation = { @@ -1700,46 +1694,42 @@ class MCASDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state_data_types_alerts_state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, - 'state_data_types_discovery_logs_state': {'key': 'dataTypes.discoveryLogs.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'McasDataConnectorDataTypes'}, } def __init__( self, **kwargs ): - super(MCASDataConnector, self).__init__(**kwargs) + super(McasDataConnector, self).__init__(**kwargs) self.kind = 'MicrosoftCloudAppSecurity' # type: str self.tenant_id = kwargs.get('tenant_id', None) - self.state_data_types_alerts_state = kwargs.get('state_data_types_alerts_state', None) - self.state_data_types_discovery_logs_state = kwargs.get('state_data_types_discovery_logs_state', None) + self.data_types = kwargs.get('data_types', None) -class MCASDataConnectorDataTypes(AlertsDataTypeOfDataConnector): +class McasDataConnectorDataTypes(AlertsDataTypeOfDataConnector): """The available data types for MCAS (Microsoft Cloud App Security) data connector. - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState - :param state_discovery_logs_state: Describe whether this data type connection is enabled or - not. Possible values include: "Enabled", "Disabled". - :type state_discovery_logs_state: str or ~security_insights.models.DataTypeState + :param alerts: Alerts data type connection. + :type alerts: ~security_insights.models.DataConnectorDataTypeCommon + :param discovery_logs: Discovery log data type connection. + :type discovery_logs: ~security_insights.models.DataConnectorDataTypeCommon """ _attribute_map = { - 'state': {'key': 'alerts.state', 'type': 'str'}, - 'state_discovery_logs_state': {'key': 'discoveryLogs.state', 'type': 'str'}, + 'alerts': {'key': 'alerts', 'type': 'DataConnectorDataTypeCommon'}, + 'discovery_logs': {'key': 'discoveryLogs', 'type': 'DataConnectorDataTypeCommon'}, } def __init__( self, **kwargs ): - super(MCASDataConnectorDataTypes, self).__init__(**kwargs) - self.state_discovery_logs_state = kwargs.get('state_discovery_logs_state', None) + super(McasDataConnectorDataTypes, self).__init__(**kwargs) + self.discovery_logs = kwargs.get('discovery_logs', None) -class MDATPDataConnector(DataConnector): +class MdatpDataConnector(DataConnector): """Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -1761,9 +1751,8 @@ class MDATPDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AlertsDataTypeOfDataConnector """ _validation = { @@ -1780,17 +1769,17 @@ class MDATPDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, } def __init__( self, **kwargs ): - super(MDATPDataConnector, self).__init__(**kwargs) + super(MdatpDataConnector, self).__init__(**kwargs) self.kind = 'MicrosoftDefenderAdvancedThreatProtection' # type: str self.tenant_id = kwargs.get('tenant_id', None) - self.state = kwargs.get('state', None) + self.data_types = kwargs.get('data_types', None) class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): @@ -2160,12 +2149,8 @@ class OfficeDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state_data_types_share_point_state: Describe whether this data type connection is - enabled or not. Possible values include: "Enabled", "Disabled". - :type state_data_types_share_point_state: str or ~security_insights.models.DataTypeState - :param state_data_types_exchange_state: Describe whether this data type connection is enabled - or not. Possible values include: "Enabled", "Disabled". - :type state_data_types_exchange_state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.OfficeDataConnectorDataTypes """ _validation = { @@ -2182,8 +2167,7 @@ class OfficeDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state_data_types_share_point_state': {'key': 'dataTypes.sharePoint.state', 'type': 'str'}, - 'state_data_types_exchange_state': {'key': 'dataTypes.exchange.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'OfficeDataConnectorDataTypes'}, } def __init__( @@ -2193,8 +2177,34 @@ def __init__( super(OfficeDataConnector, self).__init__(**kwargs) self.kind = 'Office365' # type: str self.tenant_id = kwargs.get('tenant_id', None) - self.state_data_types_share_point_state = kwargs.get('state_data_types_share_point_state', None) - self.state_data_types_exchange_state = kwargs.get('state_data_types_exchange_state', None) + self.data_types = kwargs.get('data_types', None) + + +class OfficeDataConnectorDataTypes(msrest.serialization.Model): + """The available data types for office data connector. + + :param exchange: Exchange data type connection. + :type exchange: ~security_insights.models.DataConnectorDataTypeCommon + :param share_point: SharePoint data type connection. + :type share_point: ~security_insights.models.DataConnectorDataTypeCommon + :param teams: Teams data type connection. + :type teams: ~security_insights.models.DataConnectorDataTypeCommon + """ + + _attribute_map = { + 'exchange': {'key': 'exchange', 'type': 'DataConnectorDataTypeCommon'}, + 'share_point': {'key': 'sharePoint', 'type': 'DataConnectorDataTypeCommon'}, + 'teams': {'key': 'teams', 'type': 'DataConnectorDataTypeCommon'}, + } + + def __init__( + self, + **kwargs + ): + super(OfficeDataConnectorDataTypes, self).__init__(**kwargs) + self.exchange = kwargs.get('exchange', None) + self.share_point = kwargs.get('share_point', None) + self.teams = kwargs.get('teams', None) class OfficeDataConnectorDataTypesExchange(DataConnectorDataTypeCommon): @@ -2235,6 +2245,25 @@ def __init__( super(OfficeDataConnectorDataTypesSharePoint, self).__init__(**kwargs) +class OfficeDataConnectorDataTypesTeams(DataConnectorDataTypeCommon): + """Teams data type connection. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(OfficeDataConnectorDataTypesTeams, self).__init__(**kwargs) + + class Operation(msrest.serialization.Model): """Operation provided by provider. @@ -2242,11 +2271,14 @@ class Operation(msrest.serialization.Model): :type display: ~security_insights.models.OperationDisplay :param name: Name of the operation. :type name: str + :param origin: The origin of the operation. + :type origin: str """ _attribute_map = { 'display': {'key': 'display', 'type': 'OperationDisplay'}, 'name': {'key': 'name', 'type': 'str'}, + 'origin': {'key': 'origin', 'type': 'str'}, } def __init__( @@ -2256,6 +2288,7 @@ def __init__( super(Operation, self).__init__(**kwargs) self.display = kwargs.get('display', None) self.name = kwargs.get('name', None) + self.origin = kwargs.get('origin', None) class OperationDisplay(msrest.serialization.Model): @@ -2742,7 +2775,7 @@ def __init__( self.threat_type = None -class TIDataConnector(DataConnector): +class TiDataConnector(DataConnector): """Represents threat intelligence data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -2764,9 +2797,10 @@ class TIDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param tip_lookback_period: The lookback period for the feed to be imported. + :type tip_lookback_period: ~datetime.datetime + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.TiDataConnectorDataTypes """ _validation = { @@ -2783,20 +2817,41 @@ class TIDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state': {'key': 'dataTypes.indicators.state', 'type': 'str'}, + 'tip_lookback_period': {'key': 'properties.tipLookbackPeriod', 'type': 'iso-8601'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'TiDataConnectorDataTypes'}, } def __init__( self, **kwargs ): - super(TIDataConnector, self).__init__(**kwargs) + super(TiDataConnector, self).__init__(**kwargs) self.kind = 'ThreatIntelligence' # type: str self.tenant_id = kwargs.get('tenant_id', None) - self.state = kwargs.get('state', None) + self.tip_lookback_period = kwargs.get('tip_lookback_period', None) + self.data_types = kwargs.get('data_types', None) + + +class TiDataConnectorDataTypes(msrest.serialization.Model): + """The available data types for TI (Threat Intelligence) data connector. + + :param indicators: Data type for indicators connection. + :type indicators: ~security_insights.models.DataConnectorDataTypeCommon + """ + + _attribute_map = { + 'indicators': {'key': 'indicators', 'type': 'DataConnectorDataTypeCommon'}, + } + + def __init__( + self, + **kwargs + ): + super(TiDataConnectorDataTypes, self).__init__(**kwargs) + self.indicators = kwargs.get('indicators', None) -class TIDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): +class TiDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): """Data type for indicators connection. :param state: Describe whether this data type connection is enabled or not. Possible values @@ -2812,7 +2867,7 @@ def __init__( self, **kwargs ): - super(TIDataConnectorDataTypesIndicators, self).__init__(**kwargs) + super(TiDataConnectorDataTypesIndicators, self).__init__(**kwargs) class ToggleSettings(Settings): @@ -2888,7 +2943,7 @@ class UebaSettings(Settings): :type is_enabled: bool :ivar status_in_mcas: Determines whether User and Entity Behavior Analytics is enabled from MCAS (Microsoft Cloud App Security). Possible values include: "Enabled", "Disabled". - :vartype status_in_mcas: str or ~security_insights.models.StatusInMCAS + :vartype status_in_mcas: str or ~security_insights.models.StatusInMcas """ _validation = { @@ -2920,3 +2975,40 @@ def __init__( self.atp_license_status = None self.is_enabled = kwargs.get('is_enabled', None) self.status_in_mcas = None + + +class UserInfo(msrest.serialization.Model): + """User information that made some action. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar email: The email of the user. + :vartype email: str + :ivar name: The name of the user. + :vartype name: str + :param object_id: Required. The object id of the user. + :type object_id: str + """ + + _validation = { + 'email': {'readonly': True}, + 'name': {'readonly': True}, + 'object_id': {'required': True}, + } + + _attribute_map = { + 'email': {'key': 'email', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'object_id': {'key': 'objectId', 'type': 'str'}, + } + + def __init__( + self, + **kwargs + ): + super(UserInfo, self).__init__(**kwargs) + self.email = None + self.name = None + self.object_id = kwargs['object_id'] diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models_py3.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models_py3.py index 29010ed670f..5558a8dd053 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models_py3.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models_py3.py @@ -59,7 +59,7 @@ class DataConnector(ResourceWithEtag): """Data connector. You probably want to use the sub-classes and not this class directly. Known - sub-classes are: AwsCloudTrailDataConnector, AADDataConnector, AATPDataConnector, ASCDataConnector, MCASDataConnector, MDATPDataConnector, OfficeDataConnector, TIDataConnector. + sub-classes are: AwsCloudTrailDataConnector, AadDataConnector, AatpDataConnector, AscDataConnector, McasDataConnector, MdatpDataConnector, OfficeDataConnector, TiDataConnector. Variables are only populated by the server, and will be ignored when sending a request. @@ -96,7 +96,7 @@ class DataConnector(ResourceWithEtag): } _subtype_map = { - 'kind': {'AmazonWebServicesCloudTrail': 'AwsCloudTrailDataConnector', 'AzureActiveDirectory': 'AADDataConnector', 'AzureAdvancedThreatProtection': 'AATPDataConnector', 'AzureSecurityCenter': 'ASCDataConnector', 'MicrosoftCloudAppSecurity': 'MCASDataConnector', 'MicrosoftDefenderAdvancedThreatProtection': 'MDATPDataConnector', 'Office365': 'OfficeDataConnector', 'ThreatIntelligence': 'TIDataConnector'} + 'kind': {'AmazonWebServicesCloudTrail': 'AwsCloudTrailDataConnector', 'AzureActiveDirectory': 'AadDataConnector', 'AzureAdvancedThreatProtection': 'AatpDataConnector', 'AzureSecurityCenter': 'AscDataConnector', 'MicrosoftCloudAppSecurity': 'McasDataConnector', 'MicrosoftDefenderAdvancedThreatProtection': 'MdatpDataConnector', 'Office365': 'OfficeDataConnector', 'ThreatIntelligence': 'TiDataConnector'} } def __init__( @@ -109,7 +109,7 @@ def __init__( self.kind = 'DataConnector' # type: str -class AADDataConnector(DataConnector): +class AadDataConnector(DataConnector): """Represents AAD (Azure Active Directory) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -131,9 +131,8 @@ class AADDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AlertsDataTypeOfDataConnector """ _validation = { @@ -150,7 +149,7 @@ class AADDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, } def __init__( @@ -158,16 +157,16 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - state: Optional[Union[str, "DataTypeState"]] = None, + data_types: Optional["AlertsDataTypeOfDataConnector"] = None, **kwargs ): - super(AADDataConnector, self).__init__(etag=etag, **kwargs) + super(AadDataConnector, self).__init__(etag=etag, **kwargs) self.kind = 'AzureActiveDirectory' # type: str self.tenant_id = tenant_id - self.state = state + self.data_types = data_types -class AATPDataConnector(DataConnector): +class AatpDataConnector(DataConnector): """Represents AATP (Azure Advanced Threat Protection) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -189,9 +188,8 @@ class AATPDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AlertsDataTypeOfDataConnector """ _validation = { @@ -208,7 +206,7 @@ class AATPDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, } def __init__( @@ -216,13 +214,13 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - state: Optional[Union[str, "DataTypeState"]] = None, + data_types: Optional["AlertsDataTypeOfDataConnector"] = None, **kwargs ): - super(AATPDataConnector, self).__init__(etag=etag, **kwargs) + super(AatpDataConnector, self).__init__(etag=etag, **kwargs) self.kind = 'AzureAdvancedThreatProtection' # type: str self.tenant_id = tenant_id - self.state = state + self.data_types = data_types class ActionPropertiesBase(msrest.serialization.Model): @@ -312,12 +310,13 @@ class ActionRequestProperties(ActionPropertiesBase): subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my- workflow-id}. :type logic_app_resource_id: str - :param trigger_uri: Logic App Callback URL for this specific workflow. + :param trigger_uri: Required. Logic App Callback URL for this specific workflow. :type trigger_uri: str """ _validation = { 'logic_app_resource_id': {'required': True}, + 'trigger_uri': {'required': True}, } _attribute_map = { @@ -329,7 +328,7 @@ def __init__( self, *, logic_app_resource_id: str, - trigger_uri: Optional[str] = None, + trigger_uri: str, **kwargs ): super(ActionRequestProperties, self).__init__(logic_app_resource_id=logic_app_resource_id, **kwargs) @@ -684,26 +683,25 @@ def __init__( class AlertsDataTypeOfDataConnector(msrest.serialization.Model): """Alerts data type for data connectors. - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param alerts: Alerts data type connection. + :type alerts: ~security_insights.models.DataConnectorDataTypeCommon """ _attribute_map = { - 'state': {'key': 'alerts.state', 'type': 'str'}, + 'alerts': {'key': 'alerts', 'type': 'DataConnectorDataTypeCommon'}, } def __init__( self, *, - state: Optional[Union[str, "DataTypeState"]] = None, + alerts: Optional["DataConnectorDataTypeCommon"] = None, **kwargs ): super(AlertsDataTypeOfDataConnector, self).__init__(**kwargs) - self.state = state + self.alerts = alerts -class ASCDataConnector(DataConnector): +class AscDataConnector(DataConnector): """Represents ASC (Azure Security Center) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -723,11 +721,10 @@ class ASCDataConnector(DataConnector): "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". :type kind: str or ~security_insights.models.DataConnectorKind + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AlertsDataTypeOfDataConnector :param subscription_id: The subscription id to connect to, and get the data from. :type subscription_id: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState """ _validation = { @@ -743,22 +740,22 @@ class ASCDataConnector(DataConnector): 'type': {'key': 'type', 'type': 'str'}, 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, 'subscription_id': {'key': 'properties.subscriptionId', 'type': 'str'}, - 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, } def __init__( self, *, etag: Optional[str] = None, + data_types: Optional["AlertsDataTypeOfDataConnector"] = None, subscription_id: Optional[str] = None, - state: Optional[Union[str, "DataTypeState"]] = None, **kwargs ): - super(ASCDataConnector, self).__init__(etag=etag, **kwargs) + super(AscDataConnector, self).__init__(etag=etag, **kwargs) self.kind = 'AzureSecurityCenter' # type: str + self.data_types = data_types self.subscription_id = subscription_id - self.state = state class DataConnectorWithAlertsProperties(msrest.serialization.Model): @@ -782,7 +779,7 @@ def __init__( self.data_types = data_types -class ASCDataConnectorProperties(DataConnectorWithAlertsProperties): +class AscDataConnectorProperties(DataConnectorWithAlertsProperties): """ASC (Azure Security Center) data connector properties. :param data_types: The available data types for the connector. @@ -803,7 +800,7 @@ def __init__( subscription_id: Optional[str] = None, **kwargs ): - super(ASCDataConnectorProperties, self).__init__(data_types=data_types, **kwargs) + super(AscDataConnectorProperties, self).__init__(data_types=data_types, **kwargs) self.subscription_id = subscription_id @@ -830,9 +827,8 @@ class AwsCloudTrailDataConnector(DataConnector): :param aws_role_arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. :type aws_role_arn: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AwsCloudTrailDataConnectorDataTypes """ _validation = { @@ -849,7 +845,7 @@ class AwsCloudTrailDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'aws_role_arn': {'key': 'properties.awsRoleArn', 'type': 'str'}, - 'state': {'key': 'dataTypes.logs.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AwsCloudTrailDataConnectorDataTypes'}, } def __init__( @@ -857,13 +853,34 @@ def __init__( *, etag: Optional[str] = None, aws_role_arn: Optional[str] = None, - state: Optional[Union[str, "DataTypeState"]] = None, + data_types: Optional["AwsCloudTrailDataConnectorDataTypes"] = None, **kwargs ): super(AwsCloudTrailDataConnector, self).__init__(etag=etag, **kwargs) self.kind = 'AmazonWebServicesCloudTrail' # type: str self.aws_role_arn = aws_role_arn - self.state = state + self.data_types = data_types + + +class AwsCloudTrailDataConnectorDataTypes(msrest.serialization.Model): + """The available data types for Amazon Web Services CloudTrail data connector. + + :param logs: Logs data type. + :type logs: ~security_insights.models.DataConnectorDataTypeCommon + """ + + _attribute_map = { + 'logs': {'key': 'logs', 'type': 'DataConnectorDataTypeCommon'}, + } + + def __init__( + self, + *, + logs: Optional["DataConnectorDataTypeCommon"] = None, + **kwargs + ): + super(AwsCloudTrailDataConnectorDataTypes, self).__init__(**kwargs) + self.logs = logs class DataConnectorDataTypeCommon(msrest.serialization.Model): @@ -924,6 +941,8 @@ class Bookmark(ResourceWithEtag): :type etag: str :param created: The time the bookmark was created. :type created: ~datetime.datetime + :param created_by: Describes a user that created the bookmark. + :type created_by: ~security_insights.models.UserInfo :param display_name: The display name of the bookmark. :type display_name: str :param labels: List of labels relevant to this bookmark. @@ -936,30 +955,22 @@ class Bookmark(ResourceWithEtag): :type query_result: str :param updated: The last time the bookmark was updated. :type updated: ~datetime.datetime + :param updated_by: Describes a user that updated the bookmark. + :type updated_by: ~security_insights.models.UserInfo + :param event_time: The bookmark event time. + :type event_time: ~datetime.datetime + :param query_start_time: The start time for the query. + :type query_start_time: ~datetime.datetime + :param query_end_time: The end time for the query. + :type query_end_time: ~datetime.datetime :param incident_info: Describes an incident that relates to bookmark. :type incident_info: ~security_insights.models.IncidentInfo - :ivar email_updated_by_email: The email of the user. - :vartype email_updated_by_email: str - :ivar name_updated_by_name: The name of the user. - :vartype name_updated_by_name: str - :param object_id_updated_by_object_id: The object id of the user. - :type object_id_updated_by_object_id: str - :ivar email_created_by_email: The email of the user. - :vartype email_created_by_email: str - :ivar name_created_by_name: The name of the user. - :vartype name_created_by_name: str - :param object_id_created_by_object_id: The object id of the user. - :type object_id_created_by_object_id: str """ _validation = { 'id': {'readonly': True}, 'name': {'readonly': True}, 'type': {'readonly': True}, - 'email_updated_by_email': {'readonly': True}, - 'name_updated_by_name': {'readonly': True}, - 'email_created_by_email': {'readonly': True}, - 'name_created_by_name': {'readonly': True}, } _attribute_map = { @@ -968,19 +979,18 @@ class Bookmark(ResourceWithEtag): 'type': {'key': 'type', 'type': 'str'}, 'etag': {'key': 'etag', 'type': 'str'}, 'created': {'key': 'properties.created', 'type': 'iso-8601'}, + 'created_by': {'key': 'properties.createdBy', 'type': 'UserInfo'}, 'display_name': {'key': 'properties.displayName', 'type': 'str'}, 'labels': {'key': 'properties.labels', 'type': '[str]'}, 'notes': {'key': 'properties.notes', 'type': 'str'}, 'query': {'key': 'properties.query', 'type': 'str'}, 'query_result': {'key': 'properties.queryResult', 'type': 'str'}, 'updated': {'key': 'properties.updated', 'type': 'iso-8601'}, + 'updated_by': {'key': 'properties.updatedBy', 'type': 'UserInfo'}, + 'event_time': {'key': 'properties.eventTime', 'type': 'iso-8601'}, + 'query_start_time': {'key': 'properties.queryStartTime', 'type': 'iso-8601'}, + 'query_end_time': {'key': 'properties.queryEndTime', 'type': 'iso-8601'}, 'incident_info': {'key': 'properties.incidentInfo', 'type': 'IncidentInfo'}, - 'email_updated_by_email': {'key': 'updatedBy.email', 'type': 'str'}, - 'name_updated_by_name': {'key': 'updatedBy.name', 'type': 'str'}, - 'object_id_updated_by_object_id': {'key': 'updatedBy.objectId', 'type': 'str'}, - 'email_created_by_email': {'key': 'createdBy.email', 'type': 'str'}, - 'name_created_by_name': {'key': 'createdBy.name', 'type': 'str'}, - 'object_id_created_by_object_id': {'key': 'createdBy.objectId', 'type': 'str'}, } def __init__( @@ -988,32 +998,34 @@ def __init__( *, etag: Optional[str] = None, created: Optional[datetime.datetime] = None, + created_by: Optional["UserInfo"] = None, display_name: Optional[str] = None, labels: Optional[List[str]] = None, notes: Optional[str] = None, query: Optional[str] = None, query_result: Optional[str] = None, updated: Optional[datetime.datetime] = None, + updated_by: Optional["UserInfo"] = None, + event_time: Optional[datetime.datetime] = None, + query_start_time: Optional[datetime.datetime] = None, + query_end_time: Optional[datetime.datetime] = None, incident_info: Optional["IncidentInfo"] = None, - object_id_updated_by_object_id: Optional[str] = None, - object_id_created_by_object_id: Optional[str] = None, **kwargs ): super(Bookmark, self).__init__(etag=etag, **kwargs) self.created = created + self.created_by = created_by self.display_name = display_name self.labels = labels self.notes = notes self.query = query self.query_result = query_result self.updated = updated + self.updated_by = updated_by + self.event_time = event_time + self.query_start_time = query_start_time + self.query_end_time = query_end_time self.incident_info = incident_info - self.email_updated_by_email = None - self.name_updated_by_name = None - self.object_id_updated_by_object_id = object_id_updated_by_object_id - self.email_created_by_email = None - self.name_created_by_name = None - self.object_id_created_by_object_id = object_id_created_by_object_id class BookmarkList(msrest.serialization.Model): @@ -1172,7 +1184,7 @@ def __init__( class ErrorResponse(msrest.serialization.Model): - """The resource management error response. + """Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.). Variables are only populated by the server, and will be ignored when sending a request. @@ -1638,26 +1650,17 @@ def __init__( class IncidentInfo(msrest.serialization.Model): """Describes related incident information for the bookmark. - All required parameters must be populated in order to send to Azure. - - :param incident_id: Required. Incident Id. + :param incident_id: Incident Id. :type incident_id: str - :param severity: Required. The severity of the incident. Possible values include: "Critical", - "High", "Medium", "Low", "Informational". + :param severity: The severity of the incident. Possible values include: "Critical", "High", + "Medium", "Low", "Informational". :type severity: str or ~security_insights.models.CaseSeverity - :param title: Required. The title of the incident. + :param title: The title of the incident. :type title: str - :param relation_name: Required. Relation Name. + :param relation_name: Relation Name. :type relation_name: str """ - _validation = { - 'incident_id': {'required': True}, - 'severity': {'required': True}, - 'title': {'required': True}, - 'relation_name': {'required': True}, - } - _attribute_map = { 'incident_id': {'key': 'incidentId', 'type': 'str'}, 'severity': {'key': 'severity', 'type': 'str'}, @@ -1668,10 +1671,10 @@ class IncidentInfo(msrest.serialization.Model): def __init__( self, *, - incident_id: str, - severity: Union[str, "CaseSeverity"], - title: str, - relation_name: str, + incident_id: Optional[str] = None, + severity: Optional[Union[str, "CaseSeverity"]] = None, + title: Optional[str] = None, + relation_name: Optional[str] = None, **kwargs ): super(IncidentInfo, self).__init__(**kwargs) @@ -1785,7 +1788,7 @@ def __init__( self.user_principal_name = user_principal_name -class MCASDataConnector(DataConnector): +class McasDataConnector(DataConnector): """Represents MCAS (Microsoft Cloud App Security) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -1807,12 +1810,8 @@ class MCASDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state_data_types_alerts_state: Describe whether this data type connection is enabled or - not. Possible values include: "Enabled", "Disabled". - :type state_data_types_alerts_state: str or ~security_insights.models.DataTypeState - :param state_data_types_discovery_logs_state: Describe whether this data type connection is - enabled or not. Possible values include: "Enabled", "Disabled". - :type state_data_types_discovery_logs_state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.McasDataConnectorDataTypes """ _validation = { @@ -1829,8 +1828,7 @@ class MCASDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state_data_types_alerts_state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, - 'state_data_types_discovery_logs_state': {'key': 'dataTypes.discoveryLogs.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'McasDataConnectorDataTypes'}, } def __init__( @@ -1838,45 +1836,41 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - state_data_types_alerts_state: Optional[Union[str, "DataTypeState"]] = None, - state_data_types_discovery_logs_state: Optional[Union[str, "DataTypeState"]] = None, + data_types: Optional["McasDataConnectorDataTypes"] = None, **kwargs ): - super(MCASDataConnector, self).__init__(etag=etag, **kwargs) + super(McasDataConnector, self).__init__(etag=etag, **kwargs) self.kind = 'MicrosoftCloudAppSecurity' # type: str self.tenant_id = tenant_id - self.state_data_types_alerts_state = state_data_types_alerts_state - self.state_data_types_discovery_logs_state = state_data_types_discovery_logs_state + self.data_types = data_types -class MCASDataConnectorDataTypes(AlertsDataTypeOfDataConnector): +class McasDataConnectorDataTypes(AlertsDataTypeOfDataConnector): """The available data types for MCAS (Microsoft Cloud App Security) data connector. - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState - :param state_discovery_logs_state: Describe whether this data type connection is enabled or - not. Possible values include: "Enabled", "Disabled". - :type state_discovery_logs_state: str or ~security_insights.models.DataTypeState + :param alerts: Alerts data type connection. + :type alerts: ~security_insights.models.DataConnectorDataTypeCommon + :param discovery_logs: Discovery log data type connection. + :type discovery_logs: ~security_insights.models.DataConnectorDataTypeCommon """ _attribute_map = { - 'state': {'key': 'alerts.state', 'type': 'str'}, - 'state_discovery_logs_state': {'key': 'discoveryLogs.state', 'type': 'str'}, + 'alerts': {'key': 'alerts', 'type': 'DataConnectorDataTypeCommon'}, + 'discovery_logs': {'key': 'discoveryLogs', 'type': 'DataConnectorDataTypeCommon'}, } def __init__( self, *, - state: Optional[Union[str, "DataTypeState"]] = None, - state_discovery_logs_state: Optional[Union[str, "DataTypeState"]] = None, + alerts: Optional["DataConnectorDataTypeCommon"] = None, + discovery_logs: Optional["DataConnectorDataTypeCommon"] = None, **kwargs ): - super(MCASDataConnectorDataTypes, self).__init__(state=state, **kwargs) - self.state_discovery_logs_state = state_discovery_logs_state + super(McasDataConnectorDataTypes, self).__init__(alerts=alerts, **kwargs) + self.discovery_logs = discovery_logs -class MDATPDataConnector(DataConnector): +class MdatpDataConnector(DataConnector): """Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -1898,9 +1892,8 @@ class MDATPDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.AlertsDataTypeOfDataConnector """ _validation = { @@ -1917,7 +1910,7 @@ class MDATPDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state': {'key': 'dataTypes.alerts.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, } def __init__( @@ -1925,13 +1918,13 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - state: Optional[Union[str, "DataTypeState"]] = None, + data_types: Optional["AlertsDataTypeOfDataConnector"] = None, **kwargs ): - super(MDATPDataConnector, self).__init__(etag=etag, **kwargs) + super(MdatpDataConnector, self).__init__(etag=etag, **kwargs) self.kind = 'MicrosoftDefenderAdvancedThreatProtection' # type: str self.tenant_id = tenant_id - self.state = state + self.data_types = data_types class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): @@ -2339,12 +2332,8 @@ class OfficeDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state_data_types_share_point_state: Describe whether this data type connection is - enabled or not. Possible values include: "Enabled", "Disabled". - :type state_data_types_share_point_state: str or ~security_insights.models.DataTypeState - :param state_data_types_exchange_state: Describe whether this data type connection is enabled - or not. Possible values include: "Enabled", "Disabled". - :type state_data_types_exchange_state: str or ~security_insights.models.DataTypeState + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.OfficeDataConnectorDataTypes """ _validation = { @@ -2361,8 +2350,7 @@ class OfficeDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state_data_types_share_point_state': {'key': 'dataTypes.sharePoint.state', 'type': 'str'}, - 'state_data_types_exchange_state': {'key': 'dataTypes.exchange.state', 'type': 'str'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'OfficeDataConnectorDataTypes'}, } def __init__( @@ -2370,15 +2358,44 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - state_data_types_share_point_state: Optional[Union[str, "DataTypeState"]] = None, - state_data_types_exchange_state: Optional[Union[str, "DataTypeState"]] = None, + data_types: Optional["OfficeDataConnectorDataTypes"] = None, **kwargs ): super(OfficeDataConnector, self).__init__(etag=etag, **kwargs) self.kind = 'Office365' # type: str self.tenant_id = tenant_id - self.state_data_types_share_point_state = state_data_types_share_point_state - self.state_data_types_exchange_state = state_data_types_exchange_state + self.data_types = data_types + + +class OfficeDataConnectorDataTypes(msrest.serialization.Model): + """The available data types for office data connector. + + :param exchange: Exchange data type connection. + :type exchange: ~security_insights.models.DataConnectorDataTypeCommon + :param share_point: SharePoint data type connection. + :type share_point: ~security_insights.models.DataConnectorDataTypeCommon + :param teams: Teams data type connection. + :type teams: ~security_insights.models.DataConnectorDataTypeCommon + """ + + _attribute_map = { + 'exchange': {'key': 'exchange', 'type': 'DataConnectorDataTypeCommon'}, + 'share_point': {'key': 'sharePoint', 'type': 'DataConnectorDataTypeCommon'}, + 'teams': {'key': 'teams', 'type': 'DataConnectorDataTypeCommon'}, + } + + def __init__( + self, + *, + exchange: Optional["DataConnectorDataTypeCommon"] = None, + share_point: Optional["DataConnectorDataTypeCommon"] = None, + teams: Optional["DataConnectorDataTypeCommon"] = None, + **kwargs + ): + super(OfficeDataConnectorDataTypes, self).__init__(**kwargs) + self.exchange = exchange + self.share_point = share_point + self.teams = teams class OfficeDataConnectorDataTypesExchange(DataConnectorDataTypeCommon): @@ -2423,6 +2440,27 @@ def __init__( super(OfficeDataConnectorDataTypesSharePoint, self).__init__(state=state, **kwargs) +class OfficeDataConnectorDataTypesTeams(DataConnectorDataTypeCommon): + """Teams data type connection. + + :param state: Describe whether this data type connection is enabled or not. Possible values + include: "Enabled", "Disabled". + :type state: str or ~security_insights.models.DataTypeState + """ + + _attribute_map = { + 'state': {'key': 'state', 'type': 'str'}, + } + + def __init__( + self, + *, + state: Optional[Union[str, "DataTypeState"]] = None, + **kwargs + ): + super(OfficeDataConnectorDataTypesTeams, self).__init__(state=state, **kwargs) + + class Operation(msrest.serialization.Model): """Operation provided by provider. @@ -2430,11 +2468,14 @@ class Operation(msrest.serialization.Model): :type display: ~security_insights.models.OperationDisplay :param name: Name of the operation. :type name: str + :param origin: The origin of the operation. + :type origin: str """ _attribute_map = { 'display': {'key': 'display', 'type': 'OperationDisplay'}, 'name': {'key': 'name', 'type': 'str'}, + 'origin': {'key': 'origin', 'type': 'str'}, } def __init__( @@ -2442,11 +2483,13 @@ def __init__( *, display: Optional["OperationDisplay"] = None, name: Optional[str] = None, + origin: Optional[str] = None, **kwargs ): super(Operation, self).__init__(**kwargs) self.display = display self.name = name + self.origin = origin class OperationDisplay(msrest.serialization.Model): @@ -2992,7 +3035,7 @@ def __init__( self.threat_type = None -class TIDataConnector(DataConnector): +class TiDataConnector(DataConnector): """Represents threat intelligence data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -3014,9 +3057,10 @@ class TIDataConnector(DataConnector): :type kind: str or ~security_insights.models.DataConnectorKind :param tenant_id: The tenant id to connect to, and get the data from. :type tenant_id: str - :param state: Describe whether this data type connection is enabled or not. Possible values - include: "Enabled", "Disabled". - :type state: str or ~security_insights.models.DataTypeState + :param tip_lookback_period: The lookback period for the feed to be imported. + :type tip_lookback_period: ~datetime.datetime + :param data_types: The available data types for the connector. + :type data_types: ~security_insights.models.TiDataConnectorDataTypes """ _validation = { @@ -3033,7 +3077,8 @@ class TIDataConnector(DataConnector): 'etag': {'key': 'etag', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'state': {'key': 'dataTypes.indicators.state', 'type': 'str'}, + 'tip_lookback_period': {'key': 'properties.tipLookbackPeriod', 'type': 'iso-8601'}, + 'data_types': {'key': 'properties.dataTypes', 'type': 'TiDataConnectorDataTypes'}, } def __init__( @@ -3041,16 +3086,39 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - state: Optional[Union[str, "DataTypeState"]] = None, + tip_lookback_period: Optional[datetime.datetime] = None, + data_types: Optional["TiDataConnectorDataTypes"] = None, **kwargs ): - super(TIDataConnector, self).__init__(etag=etag, **kwargs) + super(TiDataConnector, self).__init__(etag=etag, **kwargs) self.kind = 'ThreatIntelligence' # type: str self.tenant_id = tenant_id - self.state = state + self.tip_lookback_period = tip_lookback_period + self.data_types = data_types -class TIDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): +class TiDataConnectorDataTypes(msrest.serialization.Model): + """The available data types for TI (Threat Intelligence) data connector. + + :param indicators: Data type for indicators connection. + :type indicators: ~security_insights.models.DataConnectorDataTypeCommon + """ + + _attribute_map = { + 'indicators': {'key': 'indicators', 'type': 'DataConnectorDataTypeCommon'}, + } + + def __init__( + self, + *, + indicators: Optional["DataConnectorDataTypeCommon"] = None, + **kwargs + ): + super(TiDataConnectorDataTypes, self).__init__(**kwargs) + self.indicators = indicators + + +class TiDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): """Data type for indicators connection. :param state: Describe whether this data type connection is enabled or not. Possible values @@ -3068,7 +3136,7 @@ def __init__( state: Optional[Union[str, "DataTypeState"]] = None, **kwargs ): - super(TIDataConnectorDataTypesIndicators, self).__init__(state=state, **kwargs) + super(TiDataConnectorDataTypesIndicators, self).__init__(state=state, **kwargs) class ToggleSettings(Settings): @@ -3147,7 +3215,7 @@ class UebaSettings(Settings): :type is_enabled: bool :ivar status_in_mcas: Determines whether User and Entity Behavior Analytics is enabled from MCAS (Microsoft Cloud App Security). Possible values include: "Enabled", "Disabled". - :vartype status_in_mcas: str or ~security_insights.models.StatusInMCAS + :vartype status_in_mcas: str or ~security_insights.models.StatusInMcas """ _validation = { @@ -3182,3 +3250,42 @@ def __init__( self.atp_license_status = None self.is_enabled = is_enabled self.status_in_mcas = None + + +class UserInfo(msrest.serialization.Model): + """User information that made some action. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar email: The email of the user. + :vartype email: str + :ivar name: The name of the user. + :vartype name: str + :param object_id: Required. The object id of the user. + :type object_id: str + """ + + _validation = { + 'email': {'readonly': True}, + 'name': {'readonly': True}, + 'object_id': {'required': True}, + } + + _attribute_map = { + 'email': {'key': 'email', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'object_id': {'key': 'objectId', 'type': 'str'}, + } + + def __init__( + self, + *, + object_id: str, + **kwargs + ): + super(UserInfo, self).__init__(**kwargs) + self.email = None + self.name = None + self.object_id = object_id diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_security_insights_enums.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_security_insights_enums.py index ff1e2d1db57..b97f5497911 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_security_insights_enums.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_security_insights_enums.py @@ -156,7 +156,7 @@ class SettingKind(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): UEBA_SETTINGS = "UebaSettings" TOGGLE_SETTINGS = "ToggleSettings" -class StatusInMCAS(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): +class StatusInMcas(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)): """Determines whether User and Entity Behavior Analytics is enabled from MCAS (Microsoft Cloud App Security). """ diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/__init__.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/__init__.py index 5e67996dcd4..e6b787caab9 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/__init__.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/__init__.py @@ -6,22 +6,22 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from ._operation_operations import OperationOperations -from ._alert_rule_operations import AlertRuleOperations -from ._action_operations import ActionOperations -from ._alert_rule_template_operations import AlertRuleTemplateOperations -from ._bookmark_operations import BookmarkOperations -from ._data_connector_operations import DataConnectorOperations -from ._incident_operations import IncidentOperations -from ._incident_comment_operations import IncidentCommentOperations +from ._alert_rules_operations import AlertRulesOperations +from ._actions_operations import ActionsOperations +from ._alert_rule_templates_operations import AlertRuleTemplatesOperations +from ._bookmarks_operations import BookmarksOperations +from ._data_connectors_operations import DataConnectorsOperations +from ._operations import Operations +from ._incidents_operations import IncidentsOperations +from ._incident_comments_operations import IncidentCommentsOperations __all__ = [ - 'OperationOperations', - 'AlertRuleOperations', - 'ActionOperations', - 'AlertRuleTemplateOperations', - 'BookmarkOperations', - 'DataConnectorOperations', - 'IncidentOperations', - 'IncidentCommentOperations', + 'AlertRulesOperations', + 'ActionsOperations', + 'AlertRuleTemplatesOperations', + 'BookmarksOperations', + 'DataConnectorsOperations', + 'Operations', + 'IncidentsOperations', + 'IncidentCommentsOperations', ] diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_action_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_action_operations.py deleted file mode 100644 index a0eaa43cf9a..00000000000 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_action_operations.py +++ /dev/null @@ -1,126 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -from typing import TYPE_CHECKING -import warnings - -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error -from azure.core.paging import ItemPaged -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpRequest, HttpResponse -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models - -if TYPE_CHECKING: - # pylint: disable=unused-import,ungrouped-imports - from typing import Any, Callable, Dict, Generic, Iterable, Optional, TypeVar - - T = TypeVar('T') - ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -class ActionOperations(object): - """ActionOperations operations. - - You should not instantiate this class directly. Instead, you should create a Client instance that - instantiates it for you and attaches it as an attribute. - - :ivar models: Alias to model classes used in this operation group. - :type models: ~security_insights.models - :param client: Client for service requests. - :param config: Configuration of service client. - :param serializer: An object model serializer. - :param deserializer: An object model deserializer. - """ - - models = models - - def __init__(self, client, config, serializer, deserializer): - self._client = client - self._serialize = serializer - self._deserialize = deserializer - self._config = config - - def list_by_alert_rule( - self, - resource_group_name, # type: str - workspace_name, # type: str - rule_id, # type: str - **kwargs # type: Any - ): - # type: (...) -> Iterable["models.ActionsList"] - """Gets all actions of alert rule. - - :param resource_group_name: The name of the resource group within the user's subscription. The - name is case insensitive. - :type resource_group_name: str - :param workspace_name: The name of the workspace. - :type workspace_name: str - :param rule_id: Alert rule ID. - :type rule_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either ActionsList or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~security_insights.models.ActionsList] - :raises: ~azure.core.exceptions.HttpResponseError - """ - cls = kwargs.pop('cls', None) # type: ClsType["models.ActionsList"] - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {})) - api_version = "2020-01-01" - accept = "application/json" - - def prepare_request(next_link=None): - # Construct headers - header_parameters = {} # type: Dict[str, Any] - header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') - - if not next_link: - # Construct URL - url = self.list_by_alert_rule.metadata['url'] # type: ignore - path_format_arguments = { - 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), - 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), - } - url = self._client.format_url(url, **path_format_arguments) - # Construct parameters - query_parameters = {} # type: Dict[str, Any] - query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') - - request = self._client.get(url, query_parameters, header_parameters) - else: - url = next_link - query_parameters = {} # type: Dict[str, Any] - request = self._client.get(url, query_parameters, header_parameters) - return request - - def extract_data(pipeline_response): - deserialized = self._deserialize('ActionsList', pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) - return deserialized.next_link or None, iter(list_of_elem) - - def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return ItemPaged( - get_next, extract_data - ) - list_by_alert_rule.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_actions_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_actions_operations.py new file mode 100644 index 00000000000..526403451dc --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_actions_operations.py @@ -0,0 +1,339 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import TYPE_CHECKING +import warnings + +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpRequest, HttpResponse +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from typing import Any, Callable, Dict, Generic, Iterable, Optional, TypeVar, Union + + T = TypeVar('T') + ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +class ActionsOperations(object): + """ActionsOperations operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~security_insights.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list_by_alert_rule( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> Iterable["models.ActionsList"] + """Gets all actions of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either ActionsList or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~security_insights.models.ActionsList] + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.ActionsList"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + def prepare_request(next_link=None): + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + if not next_link: + # Construct URL + url = self.list_by_alert_rule.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + else: + url = next_link + query_parameters = {} # type: Dict[str, Any] + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize('ActionsList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged( + get_next, extract_data + ) + list_by_alert_rule.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions'} # type: ignore + + def get( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + action_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> "models.ActionResponse" + """Gets the action of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param action_id: Action ID. + :type action_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ActionResponse, or the result of cls(response) + :rtype: ~security_insights.models.ActionResponse + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.ActionResponse"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.get.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('ActionResponse', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore + + def create_or_update( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + action_id, # type: str + action, # type: "models.ActionRequest" + **kwargs # type: Any + ): + # type: (...) -> "models.ActionResponse" + """Creates or updates the action of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param action_id: Action ID. + :type action_id: str + :param action: The action. + :type action: ~security_insights.models.ActionRequest + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ActionResponse, or the result of cls(response) + :rtype: ~security_insights.models.ActionResponse + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.ActionResponse"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + accept = "application/json" + + # Construct URL + url = self.create_or_update.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(action, 'ActionRequest') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize('ActionResponse', pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize('ActionResponse', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore + + def delete( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + action_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> None + """Delete the action of alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param action_id: Action ID. + :type action_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None, or the result of cls(response) + :rtype: None + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType[None] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.delete.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + 'actionId': self._serialize.url("action_id", action_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_operations.py deleted file mode 100644 index f91eef2b673..00000000000 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_operations.py +++ /dev/null @@ -1,546 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for license information. -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is regenerated. -# -------------------------------------------------------------------------- -from typing import TYPE_CHECKING -import warnings - -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error -from azure.core.paging import ItemPaged -from azure.core.pipeline import PipelineResponse -from azure.core.pipeline.transport import HttpRequest, HttpResponse -from azure.mgmt.core.exceptions import ARMErrorFormat - -from .. import models - -if TYPE_CHECKING: - # pylint: disable=unused-import,ungrouped-imports - from typing import Any, Callable, Dict, Generic, Iterable, Optional, TypeVar, Union - - T = TypeVar('T') - ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] - -class AlertRuleOperations(object): - """AlertRuleOperations operations. - - You should not instantiate this class directly. Instead, you should create a Client instance that - instantiates it for you and attaches it as an attribute. - - :ivar models: Alias to model classes used in this operation group. - :type models: ~security_insights.models - :param client: Client for service requests. - :param config: Configuration of service client. - :param serializer: An object model serializer. - :param deserializer: An object model deserializer. - """ - - models = models - - def __init__(self, client, config, serializer, deserializer): - self._client = client - self._serialize = serializer - self._deserialize = deserializer - self._config = config - - def list( - self, - resource_group_name, # type: str - workspace_name, # type: str - **kwargs # type: Any - ): - # type: (...) -> Iterable["models.AlertRulesList"] - """Gets all alert rules. - - :param resource_group_name: The name of the resource group within the user's subscription. The - name is case insensitive. - :type resource_group_name: str - :param workspace_name: The name of the workspace. - :type workspace_name: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either AlertRulesList or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~security_insights.models.AlertRulesList] - :raises: ~azure.core.exceptions.HttpResponseError - """ - cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRulesList"] - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {})) - api_version = "2020-01-01" - accept = "application/json" - - def prepare_request(next_link=None): - # Construct headers - header_parameters = {} # type: Dict[str, Any] - header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') - - if not next_link: - # Construct URL - url = self.list.metadata['url'] # type: ignore - path_format_arguments = { - 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), - 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - } - url = self._client.format_url(url, **path_format_arguments) - # Construct parameters - query_parameters = {} # type: Dict[str, Any] - query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') - - request = self._client.get(url, query_parameters, header_parameters) - else: - url = next_link - query_parameters = {} # type: Dict[str, Any] - request = self._client.get(url, query_parameters, header_parameters) - return request - - def extract_data(pipeline_response): - deserialized = self._deserialize('AlertRulesList', pipeline_response) - list_of_elem = deserialized.value - if cls: - list_of_elem = cls(list_of_elem) - return deserialized.next_link or None, iter(list_of_elem) - - def get_next(next_link=None): - request = prepare_request(next_link) - - pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - return pipeline_response - - return ItemPaged( - get_next, extract_data - ) - list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules'} # type: ignore - - def get( - self, - resource_group_name, # type: str - workspace_name, # type: str - rule_id, # type: str - **kwargs # type: Any - ): - # type: (...) -> "models.AlertRule" - """Gets the alert rule. - - :param resource_group_name: The name of the resource group within the user's subscription. The - name is case insensitive. - :type resource_group_name: str - :param workspace_name: The name of the workspace. - :type workspace_name: str - :param rule_id: Alert rule ID. - :type rule_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: AlertRule, or the result of cls(response) - :rtype: ~security_insights.models.AlertRule - :raises: ~azure.core.exceptions.HttpResponseError - """ - cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRule"] - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {})) - api_version = "2020-01-01" - accept = "application/json" - - # Construct URL - url = self.get.metadata['url'] # type: ignore - path_format_arguments = { - 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), - 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} # type: Dict[str, Any] - query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') - - # Construct headers - header_parameters = {} # type: Dict[str, Any] - header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') - - request = self._client.get(url, query_parameters, header_parameters) - pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize('AlertRule', pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore - - def create_or_update( - self, - resource_group_name, # type: str - workspace_name, # type: str - rule_id, # type: str - alert_rule, # type: "models.AlertRule" - **kwargs # type: Any - ): - # type: (...) -> "models.AlertRule" - """Creates or updates the alert rule. - - :param resource_group_name: The name of the resource group within the user's subscription. The - name is case insensitive. - :type resource_group_name: str - :param workspace_name: The name of the workspace. - :type workspace_name: str - :param rule_id: Alert rule ID. - :type rule_id: str - :param alert_rule: The alert rule. - :type alert_rule: ~security_insights.models.AlertRule - :keyword callable cls: A custom type or function that will be passed the direct response - :return: AlertRule, or the result of cls(response) - :rtype: ~security_insights.models.AlertRule - :raises: ~azure.core.exceptions.HttpResponseError - """ - cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRule"] - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {})) - api_version = "2020-01-01" - content_type = kwargs.pop("content_type", "application/json") - accept = "application/json" - - # Construct URL - url = self.create_or_update.metadata['url'] # type: ignore - path_format_arguments = { - 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), - 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} # type: Dict[str, Any] - query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') - - # Construct headers - header_parameters = {} # type: Dict[str, Any] - header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') - header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') - - body_content_kwargs = {} # type: Dict[str, Any] - body_content = self._serialize.body(alert_rule, 'AlertRule') - body_content_kwargs['content'] = body_content - request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) - pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) - response = pipeline_response.http_response - - if response.status_code not in [200, 201]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if response.status_code == 200: - deserialized = self._deserialize('AlertRule', pipeline_response) - - if response.status_code == 201: - deserialized = self._deserialize('AlertRule', pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore - - def delete( - self, - resource_group_name, # type: str - workspace_name, # type: str - rule_id, # type: str - **kwargs # type: Any - ): - # type: (...) -> None - """Delete the alert rule. - - :param resource_group_name: The name of the resource group within the user's subscription. The - name is case insensitive. - :type resource_group_name: str - :param workspace_name: The name of the workspace. - :type workspace_name: str - :param rule_id: Alert rule ID. - :type rule_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) - :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError - """ - cls = kwargs.pop('cls', None) # type: ClsType[None] - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {})) - api_version = "2020-01-01" - accept = "application/json" - - # Construct URL - url = self.delete.metadata['url'] # type: ignore - path_format_arguments = { - 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), - 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} # type: Dict[str, Any] - query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') - - # Construct headers - header_parameters = {} # type: Dict[str, Any] - header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') - - request = self._client.delete(url, query_parameters, header_parameters) - pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) - response = pipeline_response.http_response - - if response.status_code not in [200, 204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore - - def get_action( - self, - resource_group_name, # type: str - workspace_name, # type: str - rule_id, # type: str - action_id, # type: str - **kwargs # type: Any - ): - # type: (...) -> "models.ActionResponse" - """Gets the action of alert rule. - - :param resource_group_name: The name of the resource group within the user's subscription. The - name is case insensitive. - :type resource_group_name: str - :param workspace_name: The name of the workspace. - :type workspace_name: str - :param rule_id: Alert rule ID. - :type rule_id: str - :param action_id: Action ID. - :type action_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: ActionResponse, or the result of cls(response) - :rtype: ~security_insights.models.ActionResponse - :raises: ~azure.core.exceptions.HttpResponseError - """ - cls = kwargs.pop('cls', None) # type: ClsType["models.ActionResponse"] - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {})) - api_version = "2020-01-01" - accept = "application/json" - - # Construct URL - url = self.get_action.metadata['url'] # type: ignore - path_format_arguments = { - 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), - 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), - 'actionId': self._serialize.url("action_id", action_id, 'str'), - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} # type: Dict[str, Any] - query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') - - # Construct headers - header_parameters = {} # type: Dict[str, Any] - header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') - - request = self._client.get(url, query_parameters, header_parameters) - pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) - response = pipeline_response.http_response - - if response.status_code not in [200]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - deserialized = self._deserialize('ActionResponse', pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - get_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore - - def create_or_update_action( - self, - resource_group_name, # type: str - workspace_name, # type: str - rule_id, # type: str - action_id, # type: str - etag=None, # type: Optional[str] - logic_app_resource_id=None, # type: Optional[str] - trigger_uri=None, # type: Optional[str] - **kwargs # type: Any - ): - # type: (...) -> "models.ActionResponse" - """Creates or updates the action of alert rule. - - :param resource_group_name: The name of the resource group within the user's subscription. The - name is case insensitive. - :type resource_group_name: str - :param workspace_name: The name of the workspace. - :type workspace_name: str - :param rule_id: Alert rule ID. - :type rule_id: str - :param action_id: Action ID. - :type action_id: str - :param etag: Etag of the azure resource. - :type etag: str - :param logic_app_resource_id: Logic App Resource Id, /subscriptions/{my- - subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my- - workflow-id}. - :type logic_app_resource_id: str - :param trigger_uri: Logic App Callback URL for this specific workflow. - :type trigger_uri: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: ActionResponse, or the result of cls(response) - :rtype: ~security_insights.models.ActionResponse - :raises: ~azure.core.exceptions.HttpResponseError - """ - cls = kwargs.pop('cls', None) # type: ClsType["models.ActionResponse"] - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {})) - - action = models.ActionRequest(etag=etag, logic_app_resource_id=logic_app_resource_id, trigger_uri=trigger_uri) - api_version = "2020-01-01" - content_type = kwargs.pop("content_type", "application/json") - accept = "application/json" - - # Construct URL - url = self.create_or_update_action.metadata['url'] # type: ignore - path_format_arguments = { - 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), - 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), - 'actionId': self._serialize.url("action_id", action_id, 'str'), - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} # type: Dict[str, Any] - query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') - - # Construct headers - header_parameters = {} # type: Dict[str, Any] - header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') - header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') - - body_content_kwargs = {} # type: Dict[str, Any] - body_content = self._serialize.body(action, 'ActionRequest') - body_content_kwargs['content'] = body_content - request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) - pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) - response = pipeline_response.http_response - - if response.status_code not in [200, 201]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if response.status_code == 200: - deserialized = self._deserialize('ActionResponse', pipeline_response) - - if response.status_code == 201: - deserialized = self._deserialize('ActionResponse', pipeline_response) - - if cls: - return cls(pipeline_response, deserialized, {}) - - return deserialized - create_or_update_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore - - def delete_action( - self, - resource_group_name, # type: str - workspace_name, # type: str - rule_id, # type: str - action_id, # type: str - **kwargs # type: Any - ): - # type: (...) -> None - """Delete the action of alert rule. - - :param resource_group_name: The name of the resource group within the user's subscription. The - name is case insensitive. - :type resource_group_name: str - :param workspace_name: The name of the workspace. - :type workspace_name: str - :param rule_id: Alert rule ID. - :type rule_id: str - :param action_id: Action ID. - :type action_id: str - :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) - :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError - """ - cls = kwargs.pop('cls', None) # type: ClsType[None] - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {})) - api_version = "2020-01-01" - accept = "application/json" - - # Construct URL - url = self.delete_action.metadata['url'] # type: ignore - path_format_arguments = { - 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), - 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), - 'actionId': self._serialize.url("action_id", action_id, 'str'), - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} # type: Dict[str, Any] - query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') - - # Construct headers - header_parameters = {} # type: Dict[str, Any] - header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') - - request = self._client.delete(url, query_parameters, header_parameters) - pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) - response = pipeline_response.http_response - - if response.status_code not in [200, 204]: - map_error(status_code=response.status_code, response=response, error_map=error_map) - raise HttpResponseError(response=response, error_format=ARMErrorFormat) - - if cls: - return cls(pipeline_response, None, {}) - - delete_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_template_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_templates_operations.py similarity index 98% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_template_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_templates_operations.py index 2dad458b3f7..fd1261fe812 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_template_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_templates_operations.py @@ -23,8 +23,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] -class AlertRuleTemplateOperations(object): - """AlertRuleTemplateOperations operations. +class AlertRuleTemplatesOperations(object): + """AlertRuleTemplatesOperations operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rules_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rules_operations.py new file mode 100644 index 00000000000..72f2c8fc11c --- /dev/null +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rules_operations.py @@ -0,0 +1,323 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import TYPE_CHECKING +import warnings + +from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpRequest, HttpResponse +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models + +if TYPE_CHECKING: + # pylint: disable=unused-import,ungrouped-imports + from typing import Any, Callable, Dict, Generic, Iterable, Optional, TypeVar, Union + + T = TypeVar('T') + ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +class AlertRulesOperations(object): + """AlertRulesOperations operations. + + You should not instantiate this class directly. Instead, you should create a Client instance that + instantiates it for you and attaches it as an attribute. + + :ivar models: Alias to model classes used in this operation group. + :type models: ~security_insights.models + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self._config = config + + def list( + self, + resource_group_name, # type: str + workspace_name, # type: str + **kwargs # type: Any + ): + # type: (...) -> Iterable["models.AlertRulesList"] + """Gets all alert rules. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either AlertRulesList or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~security_insights.models.AlertRulesList] + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRulesList"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + def prepare_request(next_link=None): + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + if not next_link: + # Construct URL + url = self.list.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + } + url = self._client.format_url(url, **path_format_arguments) + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + else: + url = next_link + query_parameters = {} # type: Dict[str, Any] + request = self._client.get(url, query_parameters, header_parameters) + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize('AlertRulesList', pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged( + get_next, extract_data + ) + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules'} # type: ignore + + def get( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> "models.AlertRule" + """Gets the alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AlertRule, or the result of cls(response) + :rtype: ~security_insights.models.AlertRule + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRule"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.get.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.get(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize('AlertRule', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore + + def create_or_update( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + alert_rule, # type: "models.AlertRule" + **kwargs # type: Any + ): + # type: (...) -> "models.AlertRule" + """Creates or updates the alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :param alert_rule: The alert rule. + :type alert_rule: ~security_insights.models.AlertRule + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AlertRule, or the result of cls(response) + :rtype: ~security_insights.models.AlertRule + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRule"] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + content_type = kwargs.pop("content_type", "application/json") + accept = "application/json" + + # Construct URL + url = self.create_or_update.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str') + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + body_content_kwargs = {} # type: Dict[str, Any] + body_content = self._serialize.body(alert_rule, 'AlertRule') + body_content_kwargs['content'] = body_content + request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize('AlertRule', pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize('AlertRule', pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore + + def delete( + self, + resource_group_name, # type: str + workspace_name, # type: str + rule_id, # type: str + **kwargs # type: Any + ): + # type: (...) -> None + """Delete the alert rule. + + :param resource_group_name: The name of the resource group within the user's subscription. The + name is case insensitive. + :type resource_group_name: str + :param workspace_name: The name of the workspace. + :type workspace_name: str + :param rule_id: Alert rule ID. + :type rule_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None, or the result of cls(response) + :rtype: None + :raises: ~azure.core.exceptions.HttpResponseError + """ + cls = kwargs.pop('cls', None) # type: ClsType[None] + error_map = { + 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError + } + error_map.update(kwargs.pop('error_map', {})) + api_version = "2020-01-01" + accept = "application/json" + + # Construct URL + url = self.delete.metadata['url'] # type: ignore + path_format_arguments = { + 'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + 'ruleId': self._serialize.url("rule_id", rule_id, 'str'), + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} # type: Dict[str, Any] + query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str') + + # Construct headers + header_parameters = {} # type: Dict[str, Any] + header_parameters['Accept'] = self._serialize.header("accept", accept, 'str') + + request = self._client.delete(url, query_parameters, header_parameters) + pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_bookmark_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_bookmarks_operations.py similarity index 89% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_bookmark_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_bookmarks_operations.py index 0121790c420..916b766a5ff 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_bookmark_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_bookmarks_operations.py @@ -5,7 +5,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import datetime from typing import TYPE_CHECKING import warnings @@ -19,13 +18,13 @@ if TYPE_CHECKING: # pylint: disable=unused-import,ungrouped-imports - from typing import Any, Callable, Dict, Generic, Iterable, List, Optional, TypeVar, Union + from typing import Any, Callable, Dict, Generic, Iterable, Optional, TypeVar, Union T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] -class BookmarkOperations(object): - """BookmarkOperations operations. +class BookmarksOperations(object): + """BookmarksOperations operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. @@ -191,16 +190,7 @@ def create_or_update( resource_group_name, # type: str workspace_name, # type: str bookmark_id, # type: str - etag=None, # type: Optional[str] - created=None, # type: Optional[datetime.datetime] - display_name=None, # type: Optional[str] - labels=None, # type: Optional[List[str]] - notes=None, # type: Optional[str] - query=None, # type: Optional[str] - query_result=None, # type: Optional[str] - updated=None, # type: Optional[datetime.datetime] - incident_info=None, # type: Optional["models.IncidentInfo"] - object_id=None, # type: Optional[str] + bookmark, # type: "models.Bookmark" **kwargs # type: Any ): # type: (...) -> "models.Bookmark" @@ -213,26 +203,8 @@ def create_or_update( :type workspace_name: str :param bookmark_id: Bookmark ID. :type bookmark_id: str - :param etag: Etag of the azure resource. - :type etag: str - :param created: The time the bookmark was created. - :type created: ~datetime.datetime - :param display_name: The display name of the bookmark. - :type display_name: str - :param labels: List of labels relevant to this bookmark. - :type labels: list[str] - :param notes: The notes of the bookmark. - :type notes: str - :param query: The query of the bookmark. - :type query: str - :param query_result: The query result of the bookmark. - :type query_result: str - :param updated: The last time the bookmark was updated. - :type updated: ~datetime.datetime - :param incident_info: Describes an incident that relates to bookmark. - :type incident_info: ~security_insights.models.IncidentInfo - :param object_id: The object id of the user. - :type object_id: str + :param bookmark: The bookmark. + :type bookmark: ~security_insights.models.Bookmark :keyword callable cls: A custom type or function that will be passed the direct response :return: Bookmark, or the result of cls(response) :rtype: ~security_insights.models.Bookmark @@ -243,8 +215,6 @@ def create_or_update( 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError } error_map.update(kwargs.pop('error_map', {})) - - bookmark = models.Bookmark(etag=etag, created=created, display_name=display_name, labels=labels, notes=notes, query=query, query_result=query_result, updated=updated, incident_info=incident_info, object_id_updated_by_object_id=object_id) api_version = "2020-01-01" content_type = kwargs.pop("content_type", "application/json") accept = "application/json" diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_data_connector_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_data_connectors_operations.py similarity index 99% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_data_connector_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_data_connectors_operations.py index cce78e5ae84..be8df047530 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_data_connector_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_data_connectors_operations.py @@ -23,8 +23,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] -class DataConnectorOperations(object): - """DataConnectorOperations operations. +class DataConnectorsOperations(object): + """DataConnectorsOperations operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. @@ -228,7 +228,6 @@ def create_or_update( 'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str'), } url = self._client.format_url(url, **path_format_arguments) - print(url) # Construct parameters query_parameters = {} # type: Dict[str, Any] diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_comment_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_comments_operations.py similarity index 98% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_comment_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_comments_operations.py index ebed41e74ae..423987e28f8 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_comment_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_comments_operations.py @@ -23,8 +23,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] -class IncidentCommentOperations(object): - """IncidentCommentOperations operations. +class IncidentCommentsOperations(object): + """IncidentCommentsOperations operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. @@ -221,7 +221,7 @@ def create_comment( workspace_name, # type: str incident_id, # type: str incident_comment_id, # type: str - message=None, # type: Optional[str] + incident_comment, # type: "models.IncidentComment" **kwargs # type: Any ): # type: (...) -> "models.IncidentComment" @@ -236,8 +236,8 @@ def create_comment( :type incident_id: str :param incident_comment_id: Incident comment ID. :type incident_comment_id: str - :param message: The comment message. - :type message: str + :param incident_comment: The incident comment. + :type incident_comment: ~security_insights.models.IncidentComment :keyword callable cls: A custom type or function that will be passed the direct response :return: IncidentComment, or the result of cls(response) :rtype: ~security_insights.models.IncidentComment @@ -248,8 +248,6 @@ def create_comment( 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError } error_map.update(kwargs.pop('error_map', {})) - - incident_comment = models.IncidentComment(message=message) api_version = "2020-01-01" content_type = kwargs.pop("content_type", "application/json") accept = "application/json" diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incidents_operations.py similarity index 85% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incidents_operations.py index 0a2071ac198..bb389cb6d93 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incidents_operations.py @@ -5,7 +5,6 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -import datetime from typing import TYPE_CHECKING import warnings @@ -19,13 +18,13 @@ if TYPE_CHECKING: # pylint: disable=unused-import,ungrouped-imports - from typing import Any, Callable, Dict, Generic, Iterable, List, Optional, TypeVar, Union + from typing import Any, Callable, Dict, Generic, Iterable, Optional, TypeVar, Union T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] -class IncidentOperations(object): - """IncidentOperations operations. +class IncidentsOperations(object): + """IncidentsOperations operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. @@ -213,18 +212,7 @@ def create_or_update( resource_group_name, # type: str workspace_name, # type: str incident_id, # type: str - etag=None, # type: Optional[str] - classification=None, # type: Optional[Union[str, "models.IncidentClassification"]] - classification_comment=None, # type: Optional[str] - classification_reason=None, # type: Optional[Union[str, "models.IncidentClassificationReason"]] - description=None, # type: Optional[str] - first_activity_time_utc=None, # type: Optional[datetime.datetime] - labels=None, # type: Optional[List["models.IncidentLabel"]] - last_activity_time_utc=None, # type: Optional[datetime.datetime] - owner=None, # type: Optional["models.IncidentOwnerInfo"] - severity=None, # type: Optional[Union[str, "models.IncidentSeverity"]] - status=None, # type: Optional[Union[str, "models.IncidentStatus"]] - title=None, # type: Optional[str] + incident, # type: "models.Incident" **kwargs # type: Any ): # type: (...) -> "models.Incident" @@ -237,30 +225,8 @@ def create_or_update( :type workspace_name: str :param incident_id: Incident ID. :type incident_id: str - :param etag: Etag of the azure resource. - :type etag: str - :param classification: The reason the incident was closed. - :type classification: str or ~security_insights.models.IncidentClassification - :param classification_comment: Describes the reason the incident was closed. - :type classification_comment: str - :param classification_reason: The classification reason the incident was closed with. - :type classification_reason: str or ~security_insights.models.IncidentClassificationReason - :param description: The description of the incident. - :type description: str - :param first_activity_time_utc: The time of the first activity in the incident. - :type first_activity_time_utc: ~datetime.datetime - :param labels: List of labels relevant to this incident. - :type labels: list[~security_insights.models.IncidentLabel] - :param last_activity_time_utc: The time of the last activity in the incident. - :type last_activity_time_utc: ~datetime.datetime - :param owner: Describes a user that the incident is assigned to. - :type owner: ~security_insights.models.IncidentOwnerInfo - :param severity: The severity of the incident. - :type severity: str or ~security_insights.models.IncidentSeverity - :param status: The status of the incident. - :type status: str or ~security_insights.models.IncidentStatus - :param title: The title of the incident. - :type title: str + :param incident: The incident. + :type incident: ~security_insights.models.Incident :keyword callable cls: A custom type or function that will be passed the direct response :return: Incident, or the result of cls(response) :rtype: ~security_insights.models.Incident @@ -271,8 +237,6 @@ def create_or_update( 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError } error_map.update(kwargs.pop('error_map', {})) - - incident = models.Incident(etag=etag, classification=classification, classification_comment=classification_comment, classification_reason=classification_reason, description=description, first_activity_time_utc=first_activity_time_utc, labels=labels, last_activity_time_utc=last_activity_time_utc, owner=owner, severity=severity, status=status, title=title) api_version = "2020-01-01" content_type = kwargs.pop("content_type", "application/json") accept = "application/json" diff --git a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_operation_operations.py b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_operations.py similarity index 98% rename from src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_operation_operations.py rename to src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_operations.py index b1d3c09bbf3..3826b0ea142 100644 --- a/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_operation_operations.py +++ b/src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_operations.py @@ -23,8 +23,8 @@ T = TypeVar('T') ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] -class OperationOperations(object): - """OperationOperations operations. +class Operations(object): + """Operations operations. You should not instantiate this class directly. Instead, you should create a Client instance that instantiates it for you and attaches it as an attribute. diff --git a/src/securityinsight/report.md b/src/securityinsight/report.md index d2f533d3f36..b06c6c39776 100644 --- a/src/securityinsight/report.md +++ b/src/securityinsight/report.md @@ -22,18 +22,19 @@ |CLI Command|Operation Swagger name|Parameters|Examples| |---------|------------|--------|-----------| |[az sentinel action list](#ActionsListByAlertRule)|ListByAlertRule|[Parameters](#ParametersActionsListByAlertRule)|[Example](#ExamplesActionsListByAlertRule)| +|[az sentinel action show](#ActionsGet)|Get|[Parameters](#ParametersActionsGet)|[Example](#ExamplesActionsGet)| +|[az sentinel action create](#ActionsCreateOrUpdate#Create)|CreateOrUpdate#Create|[Parameters](#ParametersActionsCreateOrUpdate#Create)|[Example](#ExamplesActionsCreateOrUpdate#Create)| +|[az sentinel action update](#ActionsCreateOrUpdate#Update)|CreateOrUpdate#Update|[Parameters](#ParametersActionsCreateOrUpdate#Update)|Not Found| +|[az sentinel action delete](#ActionsDelete)|Delete|[Parameters](#ParametersActionsDelete)|[Example](#ExamplesActionsDelete)| ### Commands in `az sentinel alert-rule` group |CLI Command|Operation Swagger name|Parameters|Examples| |---------|------------|--------|-----------| |[az sentinel alert-rule list](#AlertRulesList)|List|[Parameters](#ParametersAlertRulesList)|[Example](#ExamplesAlertRulesList)| |[az sentinel alert-rule show](#AlertRulesGet)|Get|[Parameters](#ParametersAlertRulesGet)|[Example](#ExamplesAlertRulesGet)| -|[az sentinel alert-rule create](#AlertRulesCreateOrUpdateAction)|CreateOrUpdateAction|[Parameters](#ParametersAlertRulesCreateOrUpdateAction)|[Example](#ExamplesAlertRulesCreateOrUpdateAction)| |[az sentinel alert-rule create](#AlertRulesCreateOrUpdate#Create)|CreateOrUpdate#Create|[Parameters](#ParametersAlertRulesCreateOrUpdate#Create)|[Example](#ExamplesAlertRulesCreateOrUpdate#Create)| |[az sentinel alert-rule update](#AlertRulesCreateOrUpdate#Update)|CreateOrUpdate#Update|[Parameters](#ParametersAlertRulesCreateOrUpdate#Update)|Not Found| -|[az sentinel alert-rule delete](#AlertRulesDeleteAction)|DeleteAction|[Parameters](#ParametersAlertRulesDeleteAction)|[Example](#ExamplesAlertRulesDeleteAction)| |[az sentinel alert-rule delete](#AlertRulesDelete)|Delete|[Parameters](#ParametersAlertRulesDelete)|[Example](#ExamplesAlertRulesDelete)| -|[az sentinel alert-rule get-action](#AlertRulesGetAction)|GetAction|[Parameters](#ParametersAlertRulesGetAction)|[Example](#ExamplesAlertRulesGetAction)| ### Commands in `az sentinel alert-rule-template` group |CLI Command|Operation Swagger name|Parameters|Examples| @@ -93,6 +94,71 @@ az sentinel action list --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a1 |**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| |**--rule-id**|string|Alert rule ID|rule_id|ruleId| +#### Command `az sentinel action show` + +##### Example +``` +az sentinel action show --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" --rule-id \ +"73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--rule-id**|string|Alert rule ID|rule_id|ruleId| +|**--action-id**|string|Action ID|action_id|actionId| + +#### Command `az sentinel action create` + +##### Example +``` +az sentinel action create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --logic-app-resource-id \ +"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" \ +--trigger-uri "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/m\ +anual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" --action-id \ +"912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ +--workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--rule-id**|string|Alert rule ID|rule_id|ruleId| +|**--action-id**|string|Action ID|action_id|actionId| +|**--etag**|string|Etag of the azure resource|etag|etag| +|**--logic-app-resource-id**|string|Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.|logic_app_resource_id|logicAppResourceId| +|**--trigger-uri**|string|Logic App Callback URL for this specific workflow.|trigger_uri|triggerUri| + +#### Command `az sentinel action update` + +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--rule-id**|string|Alert rule ID|rule_id|ruleId| +|**--action-id**|string|Action ID|action_id|actionId| +|**--etag**|string|Etag of the azure resource|etag|etag| +|**--logic-app-resource-id**|string|Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.|logic_app_resource_id|logicAppResourceId| +|**--trigger-uri**|string|Logic App Callback URL for this specific workflow.|trigger_uri|triggerUri| + +#### Command `az sentinel action delete` + +##### Example +``` +az sentinel action delete --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" --rule-id \ +"73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" +``` +##### Parameters +|Option|Type|Description|Path (SDK)|Swagger name| +|------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--rule-id**|string|Alert rule ID|rule_id|ruleId| +|**--action-id**|string|Action ID|action_id|actionId| + ### group `az sentinel alert-rule` #### Command `az sentinel alert-rule list` @@ -129,28 +195,6 @@ az sentinel alert-rule show --resource-group "myRg" --rule-id "73e01a99-5cd7-413 |**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| |**--rule-id**|string|Alert rule ID|rule_id|ruleId| -#### Command `az sentinel alert-rule create` - -##### Example -``` -az sentinel alert-rule create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --logic-app-resource-id \ -"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" \ ---trigger-uri "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/m\ -anual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" --action-id \ -"912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ ---workspace-name "myWorkspace" -``` -##### Parameters -|Option|Type|Description|Path (SDK)|Swagger name| -|------|----|-----------|----------|------------| -|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| -|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| -|**--rule-id**|string|Alert rule ID|rule_id|ruleId| -|**--action-id**|string|Action ID|action_id|actionId| -|**--etag**|string|Etag of the azure resource|etag|etag| -|**--logic-app-resource-id**|string|Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.|logic_app_resource_id|logicAppResourceId| -|**--trigger-uri**|string|Logic App Callback URL for this specific workflow.|trigger_uri|triggerUri| - #### Command `az sentinel alert-rule create` ##### Example @@ -177,6 +221,9 @@ tactics="Persistence" tactics="LateralMovement" --resource-group "myRg" --rule-i ##### Parameters |Option|Type|Description|Path (SDK)|Swagger name| |------|----|-----------|----------|------------| +|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| +|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| +|**--rule-id**|string|Alert rule ID|rule_id|ruleId| |**--fusion-alert-rule**|object|Represents Fusion alert rule.|fusion_alert_rule|FusionAlertRule| |**--microsoft-security-incident-creation-alert-rule**|object|Represents MicrosoftSecurityIncidentCreation rule.|microsoft_security_incident_creation_alert_rule|MicrosoftSecurityIncidentCreationAlertRule| |**--scheduled-alert-rule**|object|Represents scheduled alert rule.|scheduled_alert_rule|ScheduledAlertRule| @@ -193,21 +240,6 @@ tactics="Persistence" tactics="LateralMovement" --resource-group "myRg" --rule-i |**--microsoft-security-incident-creation-alert-rule**|object|Represents MicrosoftSecurityIncidentCreation rule.|microsoft_security_incident_creation_alert_rule|MicrosoftSecurityIncidentCreationAlertRule| |**--scheduled-alert-rule**|object|Represents scheduled alert rule.|scheduled_alert_rule|ScheduledAlertRule| -#### Command `az sentinel alert-rule delete` - -##### Example -``` -az sentinel alert-rule delete --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" --rule-id \ -"73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" -``` -##### Parameters -|Option|Type|Description|Path (SDK)|Swagger name| -|------|----|-----------|----------|------------| -|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| -|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| -|**--rule-id**|string|Alert rule ID|rule_id|ruleId| -|**--action-id**|string|Action ID|action_id|actionId| - #### Command `az sentinel alert-rule delete` ##### Example @@ -218,20 +250,9 @@ az sentinel alert-rule delete --resource-group "myRg" --rule-id "73e01a99-5cd7-4 ##### Parameters |Option|Type|Description|Path (SDK)|Swagger name| |------|----|-----------|----------|------------| -#### Command `az sentinel alert-rule get-action` - -##### Example -``` -az sentinel alert-rule get-action --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" --rule-id \ -"73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" -``` -##### Parameters -|Option|Type|Description|Path (SDK)|Swagger name| -|------|----|-----------|----------|------------| |**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName| |**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName| |**--rule-id**|string|Alert rule ID|rule_id|ruleId| -|**--action-id**|string|Action ID|action_id|actionId| ### group `az sentinel alert-rule-template` #### Command `az sentinel alert-rule-template list` @@ -292,9 +313,10 @@ az sentinel bookmark show --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - ##### Example ``` az sentinel bookmark create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --created "2019-01-01T13:15:30Z" \ ---display-name "My bookmark" --labels "Tag1" --labels "Tag2" --notes "Found a suspicious activity" --query \ -"SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)" --query-result "Security Event query \ -result" --updated "2019-01-01T13:15:30Z" --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ +--user-info-object-id "2046feea-040d-4a46-9e2b-91c2941bfa70" --display-name "My bookmark" --labels "Tag1" "Tag2" \ +--notes "Found a suspicious activity" --query "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < \ +ago(2d)" --query-result "Security Event query result" --updated "2019-01-01T13:15:30Z" --object-id \ +"2046feea-040d-4a46-9e2b-91c2941bfa70" --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \ --workspace-name "myWorkspace" ``` ##### Parameters @@ -311,8 +333,12 @@ result" --updated "2019-01-01T13:15:30Z" --bookmark-id "73e01a99-5cd7-4139-a149- |**--query**|string|The query of the bookmark.|query|query| |**--query-result**|string|The query result of the bookmark.|query_result|queryResult| |**--updated**|date-time|The last time the bookmark was updated|updated|updated| +|**--event-time**|date-time|The bookmark event time|event_time|eventTime| +|**--query-start-time**|date-time|The start time for the query|query_start_time|queryStartTime| +|**--query-end-time**|date-time|The end time for the query|query_end_time|queryEndTime| |**--incident-info**|object|Describes an incident that relates to bookmark|incident_info|incidentInfo| -|**--updated-by-object-id**|uuid|The object id of the user.|object_id|objectId| +|**--object-id**|uuid|The object id of the user.|object_id|objectId| +|**--user-info-object-id**|uuid|The object id of the user.|user_info_object_id|objectId| #### Command `az sentinel bookmark update` @@ -330,8 +356,12 @@ result" --updated "2019-01-01T13:15:30Z" --bookmark-id "73e01a99-5cd7-4139-a149- |**--query**|string|The query of the bookmark.|query|query| |**--query-result**|string|The query result of the bookmark.|query_result|queryResult| |**--updated**|date-time|The last time the bookmark was updated|updated|updated| +|**--event-time**|date-time|The bookmark event time|event_time|eventTime| +|**--query-start-time**|date-time|The start time for the query|query_start_time|queryStartTime| +|**--query-end-time**|date-time|The end time for the query|query_end_time|queryEndTime| |**--incident-info**|object|Describes an incident that relates to bookmark|incident_info|incidentInfo| -|**--updated-by-object-id**|uuid|The object id of the user.|object_id|objectId| +|**--object-id**|uuid|The object id of the user.|object_id|objectId| +|**--user-info-object-id**|uuid|The object id of the user.|user_info_object_id|objectId| #### Command `az sentinel bookmark delete` @@ -414,8 +444,14 @@ az sentinel data-connector show --data-connector-id "73e01a99-5cd7-4139-a149-9f2 ##### Example ``` az sentinel data-connector create --office-data-connector etag="\\"0300bf09-0000-0000-0000-5c37296e0000\\"" \ -tenant-id="2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \ ---resource-group "myRg" --workspace-name "myWorkspace" +tenant-id="2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" state-properties-data-types-exchange-state="Enabled" \ +--data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace" +``` +##### Example +``` +az sentinel data-connector create --ti-data-connector tenant-id="06b3ccb8-1384-4bcc-aec7-852f6d57161b" \ +tip-lookback-period="2020-01-01T13:00:30.123Z" state="Enabled" --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab\ +5" --resource-group "myRg" --workspace-name "myWorkspace" ``` ##### Parameters |Option|Type|Description|Path (SDK)|Swagger name| @@ -429,8 +465,8 @@ tenant-id="2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" --data-connector-id "73e01a99-5 |**--aws-cloud-trail-data-connector**|object|Represents Amazon Web Services CloudTrail data connector.|aws_cloud_trail_data_connector|AwsCloudTrailDataConnector| |**--mcas-data-connector**|object|Represents MCAS (Microsoft Cloud App Security) data connector.|mcas_data_connector|MCASDataConnector| |**--mdatp-data-connector**|object|Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.|mdatp_data_connector|MDATPDataConnector| -|**--office-data-connector**|object|Represents office data connector.|office_data_connector|OfficeDataConnector| |**--ti-data-connector**|object|Represents threat intelligence data connector.|ti_data_connector|TIDataConnector| +|**--office-data-connector**|object|Represents office data connector.|office_data_connector|OfficeDataConnector| #### Command `az sentinel data-connector update` @@ -446,8 +482,8 @@ tenant-id="2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" --data-connector-id "73e01a99-5 |**--aws-cloud-trail-data-connector**|object|Represents Amazon Web Services CloudTrail data connector.|aws_cloud_trail_data_connector|AwsCloudTrailDataConnector| |**--mcas-data-connector**|object|Represents MCAS (Microsoft Cloud App Security) data connector.|mcas_data_connector|MCASDataConnector| |**--mdatp-data-connector**|object|Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.|mdatp_data_connector|MDATPDataConnector| -|**--office-data-connector**|object|Represents office data connector.|office_data_connector|OfficeDataConnector| |**--ti-data-connector**|object|Represents threat intelligence data connector.|ti_data_connector|TIDataConnector| +|**--office-data-connector**|object|Represents office data connector.|office_data_connector|OfficeDataConnector| #### Command `az sentinel data-connector delete` diff --git a/src/securityinsight/setup.py b/src/securityinsight/setup.py index 90474e79782..bac798e21ab 100644 --- a/src/securityinsight/setup.py +++ b/src/securityinsight/setup.py @@ -10,7 +10,7 @@ from setuptools import setup, find_packages # HISTORY.rst entry. -VERSION = '0.1.1' +VERSION = '0.1.0' try: from azext_sentinel.manual.version import VERSION except ImportError: @@ -48,7 +48,7 @@ description='Microsoft Azure Command-Line Tools SecurityInsights Extension', author='Microsoft Corporation', author_email='azpycli@microsoft.com', - url='https://github.com/Azure/azure-cli-extensions/tree/master/src/sentinel', + url='https://github.com/Azure/azure-cli-extensions/tree/master/src/securityinsight', long_description=README + '\n\n' + HISTORY, license='MIT', classifiers=CLASSIFIERS,