ActivityEntityQueryTemplate Class

Represents Activity entity query.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Inheritance

azure.mgmt.securityinsight.models._models_py3.EntityQueryTemplate

ActivityEntityQueryTemplate

Constructor

ActivityEntityQueryTemplate(*, title: Optional[str] = None, content: Optional[str] = None, description: Optional[str] = None, query_definitions: Optional[azure.mgmt.securityinsight.models._models_py3.ActivityEntityQueryTemplatePropertiesQueryDefinitions] = None, data_types: Optional[List[azure.mgmt.securityinsight.models._models_py3.DataTypeDefinitions]] = None, input_entity_type: Optional[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.EntityType]] = None, required_input_fields_sets: Optional[List[List[str]]] = None, entities_filter: Optional[Dict[str, List[str]]] = None, **kwargs)

Variables

id

str

Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}.

name

str

The name of the resource.

type

str

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts".

system_data

SystemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

kind

str or EntityQueryTemplateKind

Required. the entity query template kind.Constant filled by server. Possible values include: "Activity".

title

str

The entity query title.

content

str

The entity query content to display in timeline.

description

str

The entity query description.

query_definitions

ActivityEntityQueryTemplatePropertiesQueryDefinitions

The Activity query definitions.

data_types

list[DataTypeDefinitions]

List of required data types for the given entity query template.

input_entity_type

str or EntityType

The type of the query's source entity. Possible values include: "Account", "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail".

required_input_fields_sets

list[list[str]]

List of the fields of the source entity that are required to run the query.

entities_filter

dict[str, list[str]]

The query applied only to entities matching to all filters.