models Package
Classes
| AADCheckRequirements |
Represents AAD (Azure Active Directory) requirements check request. All required parameters must be populated in order to send to Azure. |
| AADCheckRequirementsProperties |
AAD (Azure Active Directory) requirements check properties. All required parameters must be populated in order to send to Azure. |
| AADDataConnector |
Represents AAD (Azure Active Directory) data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| AADDataConnectorProperties |
AAD (Azure Active Directory) data connector properties. All required parameters must be populated in order to send to Azure. |
| AATPCheckRequirements |
Represents AATP (Azure Advanced Threat Protection) requirements check request. All required parameters must be populated in order to send to Azure. |
| AATPCheckRequirementsProperties |
AATP (Azure Advanced Threat Protection) requirements check properties. All required parameters must be populated in order to send to Azure. |
| AATPDataConnector |
Represents AATP (Azure Advanced Threat Protection) data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| AATPDataConnectorProperties |
AATP (Azure Advanced Threat Protection) data connector properties. All required parameters must be populated in order to send to Azure. |
| ASCCheckRequirements |
Represents ASC (Azure Security Center) requirements check request. All required parameters must be populated in order to send to Azure. |
| ASCDataConnector |
Represents ASC (Azure Security Center) data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| ASCDataConnectorProperties |
ASC (Azure Security Center) data connector properties. |
| AccountEntity |
Represents an account entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| AccountEntityProperties |
Account entity property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| ActionPropertiesBase |
Action property bag base. All required parameters must be populated in order to send to Azure. |
| ActionRequest |
Action for alert rule. Variables are only populated by the server, and will be ignored when sending a request. |
| ActionRequestProperties |
Action property bag. All required parameters must be populated in order to send to Azure. |
| ActionResponse |
Action for alert rule. Variables are only populated by the server, and will be ignored when sending a request. |
| ActionResponseProperties |
Action property bag. All required parameters must be populated in order to send to Azure. |
| ActionsList |
List all the actions. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| ActivityCustomEntityQuery |
Represents Activity entity query. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| ActivityEntityQueriesPropertiesQueryDefinitions |
The Activity query definitions. |
| ActivityEntityQuery |
Represents Activity entity query. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| ActivityEntityQueryTemplate |
Represents Activity entity query. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| ActivityEntityQueryTemplatePropertiesQueryDefinitions |
The Activity query definitions. |
| ActivityTimelineItem |
Represents Activity timeline item. All required parameters must be populated in order to send to Azure. |
| AlertDetailsOverride |
Settings for how to dynamically override alert static details. |
| AlertRule |
Alert rule. You probably want to use the sub-classes and not this class directly. Known sub-classes are: FusionAlertRule, MLBehaviorAnalyticsAlertRule, MicrosoftSecurityIncidentCreationAlertRule, NrtAlertRule, ScheduledAlertRule, ThreatIntelligenceAlertRule. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| AlertRuleTemplate |
Alert rule template. You probably want to use the sub-classes and not this class directly. Known sub-classes are: FusionAlertRuleTemplate, MLBehaviorAnalyticsAlertRuleTemplate, MicrosoftSecurityIncidentCreationAlertRuleTemplate, NrtAlertRuleTemplate, ScheduledAlertRuleTemplate, ThreatIntelligenceAlertRuleTemplate. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| AlertRuleTemplateDataSource |
alert rule template data sources. |
| AlertRuleTemplatePropertiesBase |
Base alert rule template property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| AlertRuleTemplateWithMitreProperties |
Alert rule template with MITRE property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| AlertRuleTemplatesList |
List all the alert rule templates. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| AlertRulesList |
List all the alert rules. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| AlertsDataTypeOfDataConnector |
Alerts data type for data connectors. All required parameters must be populated in order to send to Azure. |
| Anomalies |
Settings with single toggle. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| AutomationRule |
AutomationRule. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| AutomationRuleAction |
Describes an automation rule action. You probably want to use the sub-classes and not this class directly. Known sub-classes are: AutomationRuleModifyPropertiesAction, AutomationRuleRunPlaybookAction. All required parameters must be populated in order to send to Azure. |
| AutomationRuleCondition |
Describes an automation rule condition. You probably want to use the sub-classes and not this class directly. Known sub-classes are: PropertyConditionProperties. All required parameters must be populated in order to send to Azure. |
| AutomationRuleModifyPropertiesAction |
Describes an automation rule action to modify an object's properties. All required parameters must be populated in order to send to Azure. |
| AutomationRulePropertyValuesCondition |
AutomationRulePropertyValuesCondition. |
| AutomationRuleRunPlaybookAction |
Describes an automation rule action to run a playbook. All required parameters must be populated in order to send to Azure. |
| AutomationRuleTriggeringLogic |
Describes automation rule triggering logic. All required parameters must be populated in order to send to Azure. |
| AutomationRulesList |
AutomationRulesList. |
| Availability |
Connector Availability Status. |
| AwsCloudTrailCheckRequirements |
Amazon Web Services CloudTrail requirements check request. All required parameters must be populated in order to send to Azure. |
| AwsCloudTrailDataConnector |
Represents Amazon Web Services CloudTrail data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| AwsCloudTrailDataConnectorDataTypes |
The available data types for Amazon Web Services CloudTrail data connector. All required parameters must be populated in order to send to Azure. |
| AwsCloudTrailDataConnectorDataTypesLogs |
Logs data type. All required parameters must be populated in order to send to Azure. |
| AwsS3CheckRequirements |
Amazon Web Services S3 requirements check request. All required parameters must be populated in order to send to Azure. |
| AwsS3DataConnector |
Represents Amazon Web Services S3 data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| AwsS3DataConnectorDataTypes |
The available data types for Amazon Web Services S3 data connector. All required parameters must be populated in order to send to Azure. |
| AwsS3DataConnectorDataTypesLogs |
Logs data type. All required parameters must be populated in order to send to Azure. |
| AzureDevOpsResourceInfo |
Resources created in Azure DevOps repository. |
| AzureResourceEntity |
Represents an azure resource entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| AzureResourceEntityProperties |
AzureResource entity property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| Bookmark |
Represents a bookmark in Azure Security Insights. Variables are only populated by the server, and will be ignored when sending a request. |
| BookmarkEntityMappings |
Describes the entity mappings of a single entity. |
| BookmarkExpandParameters |
The parameters required to execute an expand operation on the given bookmark. |
| BookmarkExpandResponse |
The entity expansion result operation response. |
| BookmarkExpandResponseValue |
The expansion result values. |
| BookmarkList |
List all the bookmarks. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| BookmarkTimelineItem |
Represents bookmark timeline item. All required parameters must be populated in order to send to Azure. |
| ClientInfo |
Information on the client (user or application) that made some action. |
| CloudApplicationEntity |
Represents a cloud application entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| CloudApplicationEntityProperties |
CloudApplication entity property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| CloudErrorBody |
Error details. Variables are only populated by the server, and will be ignored when sending a request. |
| CodelessApiPollingDataConnector |
Represents Codeless API Polling data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| CodelessConnectorPollingAuthProperties |
Describe the authentication properties needed to successfully authenticate with the server. All required parameters must be populated in order to send to Azure. |
| CodelessConnectorPollingConfigProperties |
Config to describe the polling config for API poller connector. All required parameters must be populated in order to send to Azure. |
| CodelessConnectorPollingPagingProperties |
Describe the properties needed to make a pagination call. All required parameters must be populated in order to send to Azure. |
| CodelessConnectorPollingRequestProperties |
Describe the request properties needed to successfully pull from the server. All required parameters must be populated in order to send to Azure. |
| CodelessConnectorPollingResponseProperties |
Describes the response from the external server. All required parameters must be populated in order to send to Azure. |
| CodelessUiConnectorConfigProperties |
Config to describe the instructions blade. All required parameters must be populated in order to send to Azure. |
| CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem |
CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem. |
| CodelessUiConnectorConfigPropertiesDataTypesItem |
CodelessUiConnectorConfigPropertiesDataTypesItem. |
| CodelessUiConnectorConfigPropertiesGraphQueriesItem |
CodelessUiConnectorConfigPropertiesGraphQueriesItem. |
| CodelessUiConnectorConfigPropertiesInstructionStepsItem |
CodelessUiConnectorConfigPropertiesInstructionStepsItem. |
| CodelessUiConnectorConfigPropertiesSampleQueriesItem |
CodelessUiConnectorConfigPropertiesSampleQueriesItem. |
| CodelessUiDataConnector |
Represents Codeless UI data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| ConnectedEntity |
Expansion result connected entities. |
| ConnectivityCriteria |
Setting for the connector check connectivity. |
| ConnectorInstructionModelBase |
Instruction step details. All required parameters must be populated in order to send to Azure. |
| ContentPathMap |
The mapping of content type to a repo path. |
| CustomEntityQuery |
Specific entity query that supports put requests. You probably want to use the sub-classes and not this class directly. Known sub-classes are: ActivityCustomEntityQuery. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| Customs |
Customs permissions required for the connector. |
| CustomsPermission |
Customs permissions required for the connector. |
| DataConnector |
Data connector. You probably want to use the sub-classes and not this class directly. Known sub-classes are: CodelessApiPollingDataConnector, AwsCloudTrailDataConnector, AwsS3DataConnector, AADDataConnector, AATPDataConnector, ASCDataConnector, Dynamics365DataConnector, CodelessUiDataConnector, IoTDataConnector, MCASDataConnector, MDATPDataConnector, MSTIDataConnector, MTPDataConnector, OfficeDataConnector, Office365ProjectDataConnector, OfficeATPDataConnector, OfficeIRMDataConnector, OfficePowerBIDataConnector, TIDataConnector, TiTaxiiDataConnector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| DataConnectorConnectBody |
Represents Codeless API Polling data connector. |
| DataConnectorDataTypeCommon |
Common field for data type in data connectors. All required parameters must be populated in order to send to Azure. |
| DataConnectorList |
List all the data connectors. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| DataConnectorRequirementsState |
Data connector requirements status. |
| DataConnectorTenantId |
Properties data connector on tenant level. All required parameters must be populated in order to send to Azure. |
| DataConnectorWithAlertsProperties |
Data connector properties. |
| DataConnectorsCheckRequirements |
Data connector requirements properties. You probably want to use the sub-classes and not this class directly. Known sub-classes are: AwsCloudTrailCheckRequirements, AwsS3CheckRequirements, AADCheckRequirements, AATPCheckRequirements, ASCCheckRequirements, Dynamics365CheckRequirements, IoTCheckRequirements, MCASCheckRequirements, MDATPCheckRequirements, MSTICheckRequirements, MtpCheckRequirements, Office365ProjectCheckRequirements, OfficeATPCheckRequirements, OfficeIRMCheckRequirements, OfficePowerBICheckRequirements, TICheckRequirements, TiTaxiiCheckRequirements. All required parameters must be populated in order to send to Azure. |
| DataTypeDefinitions |
The data type definition. |
| Deployment |
Description about a deployment. |
| DeploymentInfo |
Information regarding a deployment. |
| DnsEntity |
Represents a dns entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| DnsEntityProperties |
Dns entity property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| Dynamics365CheckRequirements |
Represents Dynamics365 requirements check request. All required parameters must be populated in order to send to Azure. |
| Dynamics365CheckRequirementsProperties |
Dynamics365 requirements check properties. All required parameters must be populated in order to send to Azure. |
| Dynamics365DataConnector |
Represents Dynamics365 data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| Dynamics365DataConnectorDataTypes |
The available data types for Dynamics365 data connector. All required parameters must be populated in order to send to Azure. |
| Dynamics365DataConnectorDataTypesDynamics365CdsActivities |
Common Data Service data type connection. All required parameters must be populated in order to send to Azure. |
| Dynamics365DataConnectorProperties |
Dynamics365 data connector properties. All required parameters must be populated in order to send to Azure. |
| EnrichmentDomainWhois |
Whois information for a given domain and associated metadata. |
| EnrichmentDomainWhoisContact |
An individual contact associated with this domain. |
| EnrichmentDomainWhoisContacts |
The set of contacts associated with this domain. |
| EnrichmentDomainWhoisDetails |
The whois record for a given domain. |
| EnrichmentDomainWhoisRegistrarDetails |
The registrar associated with this domain. |
| EnrichmentIpGeodata |
Geodata information for a given IP address. |
| Entity |
Specific entity. You probably want to use the sub-classes and not this class directly. Known sub-classes are: AccountEntity, AzureResourceEntity, HuntingBookmark, CloudApplicationEntity, DnsEntity, FileEntity, FileHashEntity, HostEntity, IoTDeviceEntity, IpEntity, MailClusterEntity, MailMessageEntity, MailboxEntity, MalwareEntity, ProcessEntity, RegistryKeyEntity, RegistryValueEntity, SecurityAlert, SecurityGroupEntity, SubmissionMailEntity, UrlEntity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| EntityAnalytics |
Settings with single toggle. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| EntityCommonProperties |
Entity common property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| EntityEdges |
The edge that connects the entity to the other entity. |
| EntityExpandParameters |
The parameters required to execute an expand operation on the given entity. |
| EntityExpandResponse |
The entity expansion result operation response. |
| EntityExpandResponseValue |
The expansion result values. |
| EntityFieldMapping |
Map identifiers of a single entity. |
| EntityGetInsightsParameters |
The parameters required to execute insights operation on the given entity. All required parameters must be populated in order to send to Azure. |
| EntityGetInsightsResponse |
The Get Insights result operation response. |
| EntityInsightItem |
Entity insight Item. |
| EntityInsightItemQueryTimeInterval |
The Time interval that the query actually executed on. |
| EntityList |
List of all the entities. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| EntityMapping |
Single entity mapping for the alert rule. |
| EntityQuery |
Specific entity query. You probably want to use the sub-classes and not this class directly. Known sub-classes are: ActivityEntityQuery, ExpansionEntityQuery. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| EntityQueryItem |
An abstract Query item for entity. You probably want to use the sub-classes and not this class directly. Known sub-classes are: InsightQueryItem. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| EntityQueryItemProperties |
An properties abstract Query item for entity. |
| EntityQueryItemPropertiesDataTypesItem |
EntityQueryItemPropertiesDataTypesItem. |
| EntityQueryList |
List of all the entity queries. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| EntityQueryTemplate |
Specific entity query template. You probably want to use the sub-classes and not this class directly. Known sub-classes are: ActivityEntityQueryTemplate. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| EntityQueryTemplateList |
List of all the entity query templates. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| EntityTimelineItem |
Entity timeline Item. You probably want to use the sub-classes and not this class directly. Known sub-classes are: ActivityTimelineItem, BookmarkTimelineItem, SecurityAlertTimelineItem. All required parameters must be populated in order to send to Azure. |
| EntityTimelineParameters |
The parameters required to execute s timeline operation on the given entity. All required parameters must be populated in order to send to Azure. |
| EntityTimelineResponse |
The entity timeline result operation response. |
| EventGroupingSettings |
Event grouping settings property bag. |
| ExpansionEntityQuery |
Represents Expansion entity query. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| ExpansionResultAggregation |
Information of a specific aggregation in the expansion result. All required parameters must be populated in order to send to Azure. |
| ExpansionResultsMetadata |
Expansion result metadata. |
| EyesOn |
Settings with single toggle. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| FieldMapping |
A single field mapping of the mapped entity. |
| FileEntity |
Represents a file entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| FileEntityProperties |
File entity property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| FileHashEntity |
Represents a file hash entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| FileHashEntityProperties |
FileHash entity property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| FusionAlertRule |
Represents Fusion alert rule. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| FusionAlertRuleTemplate |
Represents Fusion alert rule template. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| FusionScenarioExclusionPattern |
Represents a Fusion scenario exclusion patterns in Fusion detection. All required parameters must be populated in order to send to Azure. |
| FusionSourceSettings |
Represents a supported source signal configuration in Fusion detection. All required parameters must be populated in order to send to Azure. |
| FusionSourceSubTypeSetting |
Represents a supported source subtype configuration under a source signal in Fusion detection. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| FusionSubTypeSeverityFilter |
Represents severity configuration for a source subtype consumed in Fusion detection. Variables are only populated by the server, and will be ignored when sending a request. |
| FusionSubTypeSeverityFiltersItem |
Represents a Severity filter setting for a given source subtype consumed in Fusion detection. All required parameters must be populated in order to send to Azure. |
| FusionTemplateSourceSetting |
Represents a source signal consumed in Fusion detection. All required parameters must be populated in order to send to Azure. |
| FusionTemplateSourceSubType |
Represents a source subtype under a source signal consumed in Fusion detection. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| FusionTemplateSubTypeSeverityFilter |
Represents severity configurations available for a source subtype consumed in Fusion detection. All required parameters must be populated in order to send to Azure. |
| GeoLocation |
The geo-location context attached to the ip entity. Variables are only populated by the server, and will be ignored when sending a request. |
| GetInsightsError |
GetInsights Query Errors. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| GetInsightsResultsMetadata |
Get Insights result metadata. All required parameters must be populated in order to send to Azure. |
| GetQueriesResponse |
Retrieve queries for entity result operation response. |
| GitHubResourceInfo |
Resources created in GitHub repository. |
| GraphQueries |
The graph query to show the current data status. |
| GroupingConfiguration |
Grouping configuration property bag. All required parameters must be populated in order to send to Azure. |
| HostEntity |
Represents a host entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| HostEntityProperties |
Host entity property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| HuntingBookmark |
Represents a Hunting bookmark entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| HuntingBookmarkProperties |
Describes bookmark properties. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| Incident |
Represents an incident in Azure Security Insights. Variables are only populated by the server, and will be ignored when sending a request. |
| IncidentAdditionalData |
Incident additional data property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| IncidentAlertList |
List of incident alerts. All required parameters must be populated in order to send to Azure. |
| IncidentBookmarkList |
List of incident bookmarks. All required parameters must be populated in order to send to Azure. |
| IncidentComment |
Represents an incident comment. Variables are only populated by the server, and will be ignored when sending a request. |
| IncidentCommentList |
List of incident comments. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| IncidentConfiguration |
Incident Configuration property bag. All required parameters must be populated in order to send to Azure. |
| IncidentEntitiesResponse |
The incident related entities response. |
| IncidentEntitiesResultsMetadata |
Information of a specific aggregation in the incident related entities result. All required parameters must be populated in order to send to Azure. |
| IncidentInfo |
Describes related incident information for the bookmark. |
| IncidentLabel |
Represents an incident label. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| IncidentList |
List all the incidents. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| IncidentOwnerInfo |
Information on the user an incident is assigned to. Variables are only populated by the server, and will be ignored when sending a request. |
| IncidentPropertiesAction |
IncidentPropertiesAction. |
| InsightQueryItem |
Represents Insight Query. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| InsightQueryItemProperties |
Represents Insight Query. |
| InsightQueryItemPropertiesAdditionalQuery |
The activity query definitions. |
| InsightQueryItemPropertiesDefaultTimeRange |
The insight chart query. |
| InsightQueryItemPropertiesReferenceTimeRange |
The insight chart query. |
| InsightQueryItemPropertiesTableQuery |
The insight table query. |
| InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem |
InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem. |
| InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem |
InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem. |
| InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem |
InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem. |
| InsightsTableResult |
Query results for table insights query. |
| InsightsTableResultColumnsItem |
InsightsTableResultColumnsItem. |
| InstructionSteps |
Instruction steps to enable the connector. |
| InstructionStepsInstructionsItem |
InstructionStepsInstructionsItem. All required parameters must be populated in order to send to Azure. |
| IoTCheckRequirements |
Represents IoT requirements check request. All required parameters must be populated in order to send to Azure. |
| IoTDataConnector |
Represents IoT data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| IoTDataConnectorProperties |
IoT data connector properties. |
| IoTDeviceEntity |
Represents an IoT device entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| IoTDeviceEntityProperties |
IoTDevice entity property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| IpEntity |
Represents an ip entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| IpEntityProperties |
Ip entity property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| LastDataReceivedDataType |
Data type for last data received. |
| MCASCheckRequirements |
Represents MCAS (Microsoft Cloud App Security) requirements check request. All required parameters must be populated in order to send to Azure. |
| MCASCheckRequirementsProperties |
MCAS (Microsoft Cloud App Security) requirements check properties. All required parameters must be populated in order to send to Azure. |
| MCASDataConnector |
Represents MCAS (Microsoft Cloud App Security) data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| MCASDataConnectorDataTypes |
The available data types for MCAS (Microsoft Cloud App Security) data connector. All required parameters must be populated in order to send to Azure. |
| MCASDataConnectorProperties |
MCAS (Microsoft Cloud App Security) data connector properties. All required parameters must be populated in order to send to Azure. |
| MDATPCheckRequirements |
Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request. All required parameters must be populated in order to send to Azure. |
| MDATPCheckRequirementsProperties |
MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. All required parameters must be populated in order to send to Azure. |
| MDATPDataConnector |
Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| MDATPDataConnectorProperties |
MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. All required parameters must be populated in order to send to Azure. |
| MLBehaviorAnalyticsAlertRule |
Represents MLBehaviorAnalytics alert rule. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| MLBehaviorAnalyticsAlertRuleTemplate |
Represents MLBehaviorAnalytics alert rule template. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| MLBehaviorAnalyticsAlertRuleTemplateProperties |
MLBehaviorAnalytics alert rule template properties. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| MSTICheckRequirements |
Represents Microsoft Threat Intelligence requirements check request. All required parameters must be populated in order to send to Azure. |
| MSTICheckRequirementsProperties |
Microsoft Threat Intelligence requirements check properties. All required parameters must be populated in order to send to Azure. |
| MSTIDataConnector |
Represents Microsoft Threat Intelligence data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| MSTIDataConnectorDataTypes |
The available data types for Microsoft Threat Intelligence Platforms data connector. All required parameters must be populated in order to send to Azure. |
| MSTIDataConnectorDataTypesBingSafetyPhishingURL |
Data type for Microsoft Threat Intelligence Platforms data connector. All required parameters must be populated in order to send to Azure. |
| MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed |
Data type for Microsoft Threat Intelligence Platforms data connector. All required parameters must be populated in order to send to Azure. |
| MSTIDataConnectorProperties |
Microsoft Threat Intelligence data connector properties. All required parameters must be populated in order to send to Azure. |
| MTPCheckRequirementsProperties |
MTP (Microsoft Threat Protection) requirements check properties. All required parameters must be populated in order to send to Azure. |
| MTPDataConnector |
Represents MTP (Microsoft Threat Protection) data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| MTPDataConnectorDataTypes |
The available data types for Microsoft Threat Protection Platforms data connector. All required parameters must be populated in order to send to Azure. |
| MTPDataConnectorDataTypesIncidents |
Data type for Microsoft Threat Protection Platforms data connector. All required parameters must be populated in order to send to Azure. |
| MTPDataConnectorProperties |
MTP (Microsoft Threat Protection) data connector properties. All required parameters must be populated in order to send to Azure. |
| MailClusterEntity |
Represents a mail cluster entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| MailClusterEntityProperties |
Mail cluster entity property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| MailMessageEntity |
Represents a mail message entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| MailMessageEntityProperties |
Mail message entity property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| MailboxEntity |
Represents a mailbox entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| MailboxEntityProperties |
Mailbox entity property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| MalwareEntity |
Represents a malware entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| MalwareEntityProperties |
Malware entity property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| ManualTriggerRequestBody |
ManualTriggerRequestBody. |
| MetadataAuthor |
Publisher or creator of the content item. |
| MetadataCategories |
ies for the solution content item. |
| MetadataDependencies |
Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies. |
| MetadataList |
List of all the metadata. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| MetadataModel |
Metadata resource definition. Variables are only populated by the server, and will be ignored when sending a request. |
| MetadataPatch |
Metadata patch request body. Variables are only populated by the server, and will be ignored when sending a request. |
| MetadataSource |
The original source of the content item, where it comes from. All required parameters must be populated in order to send to Azure. |
| MetadataSupport |
Support information for the content item. All required parameters must be populated in order to send to Azure. |
| MicrosoftSecurityIncidentCreationAlertRule |
Represents MicrosoftSecurityIncidentCreation rule. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| MicrosoftSecurityIncidentCreationAlertRuleCommonProperties |
MicrosoftSecurityIncidentCreation rule common property bag. All required parameters must be populated in order to send to Azure. |
| MicrosoftSecurityIncidentCreationAlertRuleProperties |
MicrosoftSecurityIncidentCreation rule property bag. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| MicrosoftSecurityIncidentCreationAlertRuleTemplate |
Represents MicrosoftSecurityIncidentCreation rule template. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties |
MicrosoftSecurityIncidentCreation rule template properties. Variables are only populated by the server, and will be ignored when sending a request. |
| MtpCheckRequirements |
Represents MTP (Microsoft Threat Protection) requirements check request. All required parameters must be populated in order to send to Azure. |
| NrtAlertRule |
Represents NRT alert rule. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| NrtAlertRuleTemplate |
Represents NRT alert rule template. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| NrtAlertRuleTemplateProperties |
NRT alert rule template properties. Variables are only populated by the server, and will be ignored when sending a request. |
| Office365ProjectCheckRequirements |
Represents Office365 Project requirements check request. All required parameters must be populated in order to send to Azure. |
| Office365ProjectCheckRequirementsProperties |
Office365 Project requirements check properties. All required parameters must be populated in order to send to Azure. |
| Office365ProjectConnectorDataTypes |
The available data types for Office Microsoft Project data connector. All required parameters must be populated in order to send to Azure. |
| Office365ProjectConnectorDataTypesLogs |
Logs data type. All required parameters must be populated in order to send to Azure. |
| Office365ProjectDataConnector |
Represents Office Microsoft Project data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| Office365ProjectDataConnectorProperties |
Office Microsoft Project data connector properties. All required parameters must be populated in order to send to Azure. |
| OfficeATPCheckRequirements |
Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request. All required parameters must be populated in order to send to Azure. |
| OfficeATPCheckRequirementsProperties |
OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. All required parameters must be populated in order to send to Azure. |
| OfficeATPDataConnector |
Represents OfficeATP (Office 365 Advanced Threat Protection) data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| OfficeATPDataConnectorProperties |
OfficeATP (Office 365 Advanced Threat Protection) data connector properties. All required parameters must be populated in order to send to Azure. |
| OfficeConsent |
Consent for Office365 tenant that already made. Variables are only populated by the server, and will be ignored when sending a request. |
| OfficeConsentList |
List of all the office365 consents. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| OfficeDataConnector |
Represents office data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| OfficeDataConnectorDataTypes |
The available data types for office data connector. All required parameters must be populated in order to send to Azure. |
| OfficeDataConnectorDataTypesExchange |
Exchange data type connection. All required parameters must be populated in order to send to Azure. |
| OfficeDataConnectorDataTypesSharePoint |
SharePoint data type connection. All required parameters must be populated in order to send to Azure. |
| OfficeDataConnectorDataTypesTeams |
Teams data type connection. All required parameters must be populated in order to send to Azure. |
| OfficeDataConnectorProperties |
Office data connector properties. All required parameters must be populated in order to send to Azure. |
| OfficeIRMCheckRequirements |
Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request. All required parameters must be populated in order to send to Azure. |
| OfficeIRMCheckRequirementsProperties |
OfficeIRM (Microsoft Insider Risk Management) requirements check properties. All required parameters must be populated in order to send to Azure. |
| OfficeIRMDataConnector |
Represents OfficeIRM (Microsoft Insider Risk Management) data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| OfficeIRMDataConnectorProperties |
OfficeIRM (Microsoft Insider Risk Management) data connector properties. All required parameters must be populated in order to send to Azure. |
| OfficePowerBICheckRequirements |
Represents Office PowerBI requirements check request. All required parameters must be populated in order to send to Azure. |
| OfficePowerBICheckRequirementsProperties |
Office PowerBI requirements check properties. All required parameters must be populated in order to send to Azure. |
| OfficePowerBIConnectorDataTypes |
The available data types for Office Microsoft PowerBI data connector. All required parameters must be populated in order to send to Azure. |
| OfficePowerBIConnectorDataTypesLogs |
Logs data type. All required parameters must be populated in order to send to Azure. |
| OfficePowerBIDataConnector |
Represents Office Microsoft PowerBI data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| OfficePowerBIDataConnectorProperties |
Office Microsoft PowerBI data connector properties. All required parameters must be populated in order to send to Azure. |
| Operation |
Operation provided by provider. |
| OperationDisplay |
Properties of the operation. |
| OperationsList |
Lists the operations available in the SecurityInsights RP. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| Permissions |
Permissions required for the connector. |
| PermissionsCustomsItem |
PermissionsCustomsItem. |
| PermissionsResourceProviderItem |
PermissionsResourceProviderItem. |
| PlaybookActionProperties |
PlaybookActionProperties. |
| ProcessEntity |
Represents a process entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| ProcessEntityProperties |
Process entity property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| PropertyConditionProperties |
Describes an automation rule condition that evaluates a property's value. All required parameters must be populated in order to send to Azure. |
| QueryBasedAlertRuleTemplateProperties |
Query based alert rule template base property bag. |
| RegistryKeyEntity |
Represents a registry key entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| RegistryKeyEntityProperties |
RegistryKey entity property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| RegistryValueEntity |
Represents a registry value entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| RegistryValueEntityProperties |
RegistryValue entity property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| Relation |
Represents a relation between two resources. Variables are only populated by the server, and will be ignored when sending a request. |
| RelationList |
List of relations. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| Repo |
Represents a repository. |
| RepoList |
List all the source controls. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| Repository |
metadata of a repository. |
| RepositoryResourceInfo |
Resources created in user's repository for the source-control. |
| RequiredPermissions |
Required permissions for the connector. |
| Resource |
Common fields that are returned in the response for all Azure Resource Manager resources. Variables are only populated by the server, and will be ignored when sending a request. |
| ResourceProvider |
Resource provider permissions required for the connector. |
| ResourceWithEtag |
An azure resource object with an Etag property. Variables are only populated by the server, and will be ignored when sending a request. |
| SampleQueries |
The sample queries for the connector. |
| ScheduledAlertRule |
Represents scheduled alert rule. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| ScheduledAlertRuleCommonProperties |
Scheduled alert rule template property bag. |
| ScheduledAlertRuleProperties |
Scheduled alert rule base property bag. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| ScheduledAlertRuleTemplate |
Represents scheduled alert rule template. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| SecurityAlert |
Represents a security alert entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| SecurityAlertProperties |
SecurityAlert entity property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| SecurityAlertPropertiesConfidenceReasonsItem |
confidence reason item. Variables are only populated by the server, and will be ignored when sending a request. |
| SecurityAlertTimelineItem |
Represents security alert timeline item. All required parameters must be populated in order to send to Azure. |
| SecurityGroupEntity |
Represents a security group entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| SecurityGroupEntityProperties |
SecurityGroup entity property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| SentinelOnboardingState |
Sentinel onboarding state. Variables are only populated by the server, and will be ignored when sending a request. |
| SentinelOnboardingStatesList |
List of the Sentinel onboarding states. All required parameters must be populated in order to send to Azure. |
| SettingList |
List of all the settings. All required parameters must be populated in order to send to Azure. |
| Settings |
The Setting. You probably want to use the sub-classes and not this class directly. Known sub-classes are: Anomalies, EntityAnalytics, EyesOn, Ueba. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| Sku |
The pricing tier of the solution. |
| SourceControl |
Represents a SourceControl in Azure Security Insights. Variables are only populated by the server, and will be ignored when sending a request. |
| SourceControlList |
List all the source controls. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| SubmissionMailEntity |
Represents a submission mail entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| SubmissionMailEntityProperties |
Submission mail entity property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| SystemData |
Metadata pertaining to creation and last modification of the resource. |
| TICheckRequirements |
Threat Intelligence Platforms data connector check requirements. All required parameters must be populated in order to send to Azure. |
| TICheckRequirementsProperties |
Threat Intelligence Platforms data connector required properties. All required parameters must be populated in order to send to Azure. |
| TIDataConnector |
Represents threat intelligence data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| TIDataConnectorDataTypes |
The available data types for TI (Threat Intelligence) data connector. All required parameters must be populated in order to send to Azure. |
| TIDataConnectorDataTypesIndicators |
Data type for indicators connection. All required parameters must be populated in order to send to Azure. |
| TIDataConnectorProperties |
TI (Threat Intelligence) data connector properties. All required parameters must be populated in order to send to Azure. |
| TeamInformation |
Describes team information. Variables are only populated by the server, and will be ignored when sending a request. |
| TeamProperties |
Describes team properties. All required parameters must be populated in order to send to Azure. |
| ThreatIntelligence |
ThreatIntelligence property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| ThreatIntelligenceAlertRule |
Represents Threat Intelligence alert rule. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| ThreatIntelligenceAlertRuleTemplate |
Represents Threat Intelligence alert rule template. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| ThreatIntelligenceAlertRuleTemplateProperties |
Threat Intelligence alert rule template properties. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| ThreatIntelligenceAppendTags |
Array of tags to be appended to the threat intelligence indicator. |
| ThreatIntelligenceExternalReference |
Describes external reference. |
| ThreatIntelligenceFilteringCriteria |
Filtering criteria for querying threat intelligence indicators. |
| ThreatIntelligenceGranularMarkingModel |
Describes threat granular marking model entity. |
| ThreatIntelligenceIndicatorModel |
Threat intelligence indicator entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| ThreatIntelligenceIndicatorProperties |
Describes threat intelligence entity properties. Variables are only populated by the server, and will be ignored when sending a request. |
| ThreatIntelligenceInformation |
Threat intelligence information object. You probably want to use the sub-classes and not this class directly. Known sub-classes are: ThreatIntelligenceIndicatorModel. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| ThreatIntelligenceInformationList |
List of all the threat intelligence information objects. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| ThreatIntelligenceKillChainPhase |
Describes threat kill chain phase entity. |
| ThreatIntelligenceMetric |
Describes threat intelligence metric. |
| ThreatIntelligenceMetricEntity |
Describes threat intelligence metric entity. |
| ThreatIntelligenceMetrics |
Threat intelligence metrics. |
| ThreatIntelligenceMetricsList |
List of all the threat intelligence metric fields (type/threat type/source). All required parameters must be populated in order to send to Azure. |
| ThreatIntelligenceParsedPattern |
Describes parsed pattern entity. |
| ThreatIntelligenceParsedPatternTypeValue |
Describes threat kill chain phase entity. |
| ThreatIntelligenceSortingCriteria |
List of available columns for sorting. |
| TiTaxiiCheckRequirements |
Threat Intelligence TAXII data connector check requirements. All required parameters must be populated in order to send to Azure. |
| TiTaxiiCheckRequirementsProperties |
Threat Intelligence TAXII data connector required properties. All required parameters must be populated in order to send to Azure. |
| TiTaxiiDataConnector |
Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| TiTaxiiDataConnectorDataTypes |
The available data types for Threat Intelligence TAXII data connector. All required parameters must be populated in order to send to Azure. |
| TiTaxiiDataConnectorDataTypesTaxiiClient |
Data type for TAXII connector. All required parameters must be populated in order to send to Azure. |
| TiTaxiiDataConnectorProperties |
Threat Intelligence TAXII data connector properties. All required parameters must be populated in order to send to Azure. |
| TimelineAggregation |
timeline aggregation information per kind. All required parameters must be populated in order to send to Azure. |
| TimelineError |
Timeline Query Errors. All required parameters must be populated in order to send to Azure. |
| TimelineResultsMetadata |
Expansion result metadata. All required parameters must be populated in order to send to Azure. |
| Ueba |
Settings with single toggle. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| UrlEntity |
Represents a url entity. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| UrlEntityProperties |
Url entity property bag. Variables are only populated by the server, and will be ignored when sending a request. |
| UserInfo |
User information that made some action. Variables are only populated by the server, and will be ignored when sending a request. |
| Watchlist |
Represents a Watchlist in Azure Security Insights. Variables are only populated by the server, and will be ignored when sending a request. |
| WatchlistItem |
Represents a Watchlist item in Azure Security Insights. Variables are only populated by the server, and will be ignored when sending a request. |
| WatchlistItemList |
List all the watchlist items. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| WatchlistList |
List all the watchlists. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. |
| Webhook |
Detail about the webhook object. |
Enums
| ActionType |
The type of the automation rule action |
| AlertDetail |
Alert detail |
| AlertRuleKind |
The kind of the alert rule |
| AlertSeverity |
The severity of the alert |
| AlertStatus |
The lifecycle status of the alert. |
| AntispamMailDirection |
The directionality of this mail message |
| AttackTactic |
The severity for alerts created by this alert rule. |
| AutomationRulePropertyConditionSupportedOperator |
An enumeration. |
| AutomationRulePropertyConditionSupportedProperty |
The property to evaluate in an automation rule property condition |
| ConditionType |
An enumeration. |
| ConfidenceLevel |
The confidence level of this alert. |
| ConfidenceScoreStatus |
The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. |
| ConnectAuthKind |
The authentication kind used to poll the data |
| ConnectivityType |
type of connectivity |
| ContentType |
The content type of a source control path. |
| CreatedByType |
The type of identity that created the resource. |
| CustomEntityQueryKind |
The kind of the entity query that supports put request. |
| DataConnectorAuthorizationState |
Describes the state of user's authorization for a connector kind. |
| DataConnectorKind |
The kind of the data connector |
| DataConnectorLicenseState |
Describes the state of user's license for a connector kind. |
| DataTypeState |
Describe whether this data type connection is enabled or not. |
| DeliveryAction |
The delivery action of this mail message like Delivered, Blocked, Replaced etc |
| DeliveryLocation |
The delivery location of this mail message like Inbox, JunkFolder etc |
| DeploymentFetchStatus |
Status while trying to fetch the deployment information. |
| DeploymentResult |
Status while trying to fetch the deployment information. |
| DeploymentState |
The current state of the deployment. |
| ElevationToken |
The elevation token associated with the process. |
| EntityItemQueryKind |
An enumeration. |
| EntityKind |
The kind of the entity |
| EntityMappingType |
The V3 type of the mapped entity |
| EntityQueryKind |
The kind of the entity query |
| EntityQueryTemplateKind |
The kind of the entity query template. |
| EntityTimelineKind |
The entity query kind |
| EntityType |
The type of the entity |
| Enum12 |
An enumeration. |
| EventGroupingAggregationKind |
The event grouping aggregation kinds |
| FileHashAlgorithm |
The hash algorithm type. |
| IncidentClassification |
The reason the incident was closed |
| IncidentClassificationReason |
The classification reason the incident was closed with |
| IncidentLabelType |
The type of the label |
| IncidentSeverity |
The severity of the incident |
| IncidentStatus |
The status of the incident |
| KillChainIntent |
Holds the alert intent stage(s) mapping for this alert. |
| Kind |
The kind of content the metadata is for. |
| MatchingMethod |
Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. |
| MicrosoftSecurityProductName |
The alerts' productName on which the cases will be generated |
| OSFamily |
The operating system type. |
| Operator |
Operator used for list of dependencies in criteria array. |
| OutputType |
Insights Column type. |
| OwnerType |
The type of the owner the incident is assigned to. |
| PermissionProviderScope |
Permission provider scope |
| PollingFrequency |
The polling frequency for the TAXII server. |
| ProviderName |
Provider name |
| RegistryHive |
the hive that holds the registry key. |
| RegistryValueKind |
Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. |
| RepoType |
The type of repository. |
| SettingKind |
The kind of the setting |
| SettingType |
The kind of the setting |
| SkuKind |
The kind of the tier |
| SourceKind |
Source type of the content |
| SourceType |
The sourceType of the watchlist |
| SupportTier |
Type of support for content item |
| TemplateStatus |
The alert rule template status. |
| ThreatIntelligenceResourceKindEnum |
The kind of the threat intelligence entity |
| ThreatIntelligenceSortingCriteriaEnum |
Sorting order (ascending/descending/unsorted). |
| TriggerOperator |
The operation against the threshold that triggers alert rule. |
| TriggersOn |
An enumeration. |
| TriggersWhen |
An enumeration. |
| UebaDataSources |
The data source that enriched by ueba. |
| Version |
The version of the source control. |
Feedback
Submit and view feedback for