Feedback Edit

ActivityEntityQuery Class

  • Reference

Represents Activity entity query.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Inheritance
azure.mgmt.securityinsight.models._models_py3.EntityQuery
ActivityEntityQuery

Constructor

ActivityEntityQuery(*, etag: Optional[str] = None, title: Optional[str] = None, content: Optional[str] = None, description: Optional[str] = None, query_definitions: Optional[azure.mgmt.securityinsight.models._models_py3.ActivityEntityQueriesPropertiesQueryDefinitions] = None, input_entity_type: Optional[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.EntityType]] = None, required_input_fields_sets: Optional[List[List[str]]] = None, entities_filter: Optional[Dict[str, List[str]]] = None, template_name: Optional[str] = None, enabled: Optional[bool] = None, **kwargs)

Variables

id
str

Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}.

name
str

The name of the resource.

type
str

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts".

system_data
SystemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

etag
str

Etag of the azure resource.

kind
str or EntityQueryKind

Required. the entity query kind.Constant filled by server. Possible values include: "Expansion", "Insight", "Activity".

title
str

The entity query title.

content
str

The entity query content to display in timeline.

description
str

The entity query description.

query_definitions
ActivityEntityQueriesPropertiesQueryDefinitions

The Activity query definitions.

input_entity_type
str or EntityType

The type of the query's source entity. Possible values include: "Account", "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail".

required_input_fields_sets
list[list[str]]

List of the fields of the source entity that are required to run the query.

entities_filter
dict[str, list[str]]

The query applied only to entities matching to all filters.

template_name
str

The template id this activity was created from.

enabled
bool

Determines whether this activity is enabled or disabled.

created_time_utc
datetime

The time the activity was created.

last_modified_time_utc
datetime

The last time the activity was updated.