Azure
/
azure-cli-extensions
зеркало из https://github.com/Azure/azure-cli-extensions.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

[SecurityInsight] Init release (#2650)

This commit is contained in:
Bin Ma 2020-12-01 16:26:14 +08:00 коммит произвёл GitHub
Родитель 7bb6b38cfe
Коммит f4998347e7
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
57 изменённых файлов: 20545 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
.github/CODEOWNERS поставляемый
Просмотреть файл

@ -160,6 +160,8 @@
/src/stack-hci/ @zhoxing-ms
/src/securityinsight/ @bim-msft
/src/communication/ @haroldrandom
/src/automation/ @arrownj

62
linter_exclusions.yml
Просмотреть файл

@ -1842,6 +1842,68 @@ sapmonitor provider-instance show:
provider_instance_name:
rule_exclusions:
- option_length_too_long
sentinel alert-rule create:
parameters:
logic_app_resource_id:
rule_exclusions:
- option_length_too_long
microsoft_security_incident_creation_alert_rule:
rule_exclusions:
- option_length_too_long
sentinel alert-rule update:
parameters:
microsoft_security_incident_creation_alert_rule:
rule_exclusions:
- option_length_too_long
sentinel alert-rule-template show:
parameters:
alert_rule_template_id:
rule_exclusions:
- option_length_too_long
sentinel data-connector create:
parameters:
aws_cloud_trail_data_connector:
rule_exclusions:
- option_length_too_long
office_data_connector:
rule_exclusions:
- option_length_too_long
sentinel data-connector update:
parameters:
aws_cloud_trail_data_connector:
rule_exclusions:
- option_length_too_long
office_data_connector:
rule_exclusions:
- option_length_too_long
sentinel incident create:
parameters:
classification_comment:
rule_exclusions:
- option_length_too_long
classification_reason:
rule_exclusions:
- option_length_too_long
first_activity_time_utc:
rule_exclusions:
- option_length_too_long
last_activity_time_utc:
rule_exclusions:
- option_length_too_long
sentinel incident update:
parameters:
classification_comment:
rule_exclusions:
- option_length_too_long
classification_reason:
rule_exclusions:
- option_length_too_long
first_activity_time_utc:
rule_exclusions:
- option_length_too_long
last_activity_time_utc:
rule_exclusions:
- option_length_too_long
spring-cloud app create:
parameters:
enable_persistent_storage:

8
src/securityinsight/HISTORY.rst Normal file
Просмотреть файл

@ -0,0 +1,8 @@
.. :changelog:
Release History
===============
0.1.0
++++++
* Initial release.

184
src/securityinsight/README.md Normal file
Просмотреть файл

@ -0,0 +1,184 @@
# Azure CLI sentinel Extension #
This is the extension for sentinel
### How to use ###
Install this extension using the below CLI command
```
az extension add --name sentinel
```
### Included Features ###
#### sentinel alert-rule ####
##### Create #####
```
az sentinel alert-rule create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" \
--logic-app-resource-id "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" \
--trigger-uri "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" \
--action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" \
--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace"
```
##### Show #####
```
az sentinel alert-rule show --resource-group "myRg" --rule-id "myFirstFusionRule" --workspace-name "myWorkspace"
```
##### Show #####
```
az sentinel alert-rule show --resource-group "myRg" --rule-id "microsoftSecurityIncidentCreationRuleExample" \
--workspace-name "myWorkspace"
```
##### Show #####
```
az sentinel alert-rule show --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \
--workspace-name "myWorkspace"
```
##### List #####
```
az sentinel alert-rule list --resource-group "myRg" --workspace-name "myWorkspace"
```
##### Get-action #####
```
az sentinel alert-rule get-action --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" \
--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace"
```
##### Delete #####
```
az sentinel alert-rule delete --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" \
--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace"
```
#### sentinel action ####
##### List #####
```
az sentinel action list --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \
--workspace-name "myWorkspace"
```
#### sentinel alert-rule-template ####
##### List #####
```
az sentinel alert-rule-template list --resource-group "myRg" --workspace-name "myWorkspace"
```
##### Show #####
```
az sentinel alert-rule-template show --alert-rule-template-id "65360bb0-8986-4ade-a89d-af3cf44d28aa" \
--resource-group "myRg" --workspace-name "myWorkspace"
```
#### sentinel bookmark ####
##### Create #####
```
az sentinel bookmark create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --created "2019-01-01T13:15:30Z" \
--display-name "My bookmark" --labels "Tag1" --labels "Tag2" --notes "Found a suspicious activity" \
--query "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)" \
--query-result "Security Event query result" --updated "2019-01-01T13:15:30Z" \
--bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace"
```
##### Show #####
```
az sentinel bookmark show --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### List #####
```
az sentinel bookmark list --resource-group "myRg" --workspace-name "myWorkspace"
```
##### Delete #####
```
az sentinel bookmark delete --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
#### sentinel data-connector ####
##### Create #####
```
az sentinel data-connector create \
--office-data-connector etag="\\"0300bf09-0000-0000-0000-5c37296e0000\\"" tenant-id="2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" \
--data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace"
```
##### Show #####
```
az sentinel data-connector show --data-connector-id "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### Show #####
```
az sentinel data-connector show --data-connector-id "b96d014d-b5c2-4a01-9aba-a8058f629d42" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### Show #####
```
az sentinel data-connector show --data-connector-id "06b3ccb8-1384-4bcc-aec7-852f6d57161b" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### Show #####
```
az sentinel data-connector show --data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### Show #####
```
az sentinel data-connector show --data-connector-id "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### Show #####
```
az sentinel data-connector show --data-connector-id "07e42cb3-e658-4e90-801c-efa0f29d3d44" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### Show #####
```
az sentinel data-connector show --data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### Show #####
```
az sentinel data-connector show --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### List #####
```
az sentinel data-connector list --resource-group "myRg" --workspace-name "myWorkspace"
```
##### Delete #####
```
az sentinel data-connector delete --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
#### sentinel incident ####
##### Create #####
```
az sentinel incident create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" \
--description "This is a demo incident" --classification "FalsePositive" \
--classification-comment "Not a malicious activity" --classification-reason "IncorrectAlertLogic" \
--first-activity-time-utc "2019-01-01T13:00:30Z" --last-activity-time-utc "2019-01-01T13:05:30Z" \
--owner object-id="2046feea-040d-4a46-9e2b-91c2941bfa70" --severity "High" --status "Closed" --title "My incident" \
--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace"
```
##### Show #####
```
az sentinel incident show --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### List #####
```
az sentinel incident list --orderby "properties/createdTimeUtc desc" --top 1 --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### Delete #####
```
az sentinel incident delete --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
#### sentinel incident-comment ####
##### Create #####
```
az sentinel incident-comment create --message "Some message" \
--incident-comment-id "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \
--resource-group "myRg" --workspace-name "myWorkspace"
```
##### Show #####
```
az sentinel incident-comment show --incident-comment-id "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" \
--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace"
```
##### List #####
```
az sentinel incident-comment list --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
--workspace-name "myWorkspace"
```

50
src/securityinsight/azext_sentinel/__init__.py Normal file
Просмотреть файл

@ -0,0 +1,50 @@
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
# --------------------------------------------------------------------------
from azure.cli.core import AzCommandsLoader
from azext_sentinel.generated._help import helps # pylint: disable=unused-import
try:
from azext_sentinel.manual._help import helps # pylint: disable=reimported
except ImportError:
pass
class SecurityInsightsCommandsLoader(AzCommandsLoader):
def __init__(self, cli_ctx=None):
from azure.cli.core.commands import CliCommandType
from azext_sentinel.generated._client_factory import cf_sentinel_cl
sentinel_custom = CliCommandType(
operations_tmpl='azext_sentinel.custom#{}',
client_factory=cf_sentinel_cl)
parent = super(SecurityInsightsCommandsLoader, self)
parent.__init__(cli_ctx=cli_ctx, custom_command_type=sentinel_custom)
def load_command_table(self, args):
from azext_sentinel.generated.commands import load_command_table
load_command_table(self, args)
try:
from azext_sentinel.manual.commands import load_command_table as load_command_table_manual
load_command_table_manual(self, args)
except ImportError:
pass
return self.command_table
def load_arguments(self, command):
from azext_sentinel.generated._params import load_arguments
load_arguments(self, command)
try:
from azext_sentinel.manual._params import load_arguments as load_arguments_manual
load_arguments_manual(self, command)
except ImportError:
pass
COMMAND_LOADER_CLS = SecurityInsightsCommandsLoader

17
src/securityinsight/azext_sentinel/action.py Normal file
Просмотреть файл

@ -0,0 +1,17 @@
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
# --------------------------------------------------------------------------
# pylint: disable=wildcard-import
# pylint: disable=unused-wildcard-import
from .generated.action import * # noqa: F403
try:
from .manual.action import * # noqa: F403
except ImportError:
pass

4
src/securityinsight/azext_sentinel/azext_metadata.json Normal file
Просмотреть файл

@ -0,0 +1,4 @@
{
"azext.isExperimental": true,
"azext.minCliCoreVersion": "2.11.0"
}

17
src/securityinsight/azext_sentinel/custom.py Normal file
Просмотреть файл

@ -0,0 +1,17 @@
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
# --------------------------------------------------------------------------
# pylint: disable=wildcard-import
# pylint: disable=unused-wildcard-import
from .generated.custom import * # noqa: F403
try:
from .manual.custom import * # noqa: F403
except ImportError:
pass

12
src/securityinsight/azext_sentinel/generated/__init__.py Normal file
Просмотреть файл

@ -0,0 +1,12 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
# --------------------------------------------------------------------------
__path__ = __import__('pkgutil').extend_path(__path__, __name__)

44
src/securityinsight/azext_sentinel/generated/_client_factory.py Normal file
Просмотреть файл

@ -0,0 +1,44 @@
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
# --------------------------------------------------------------------------
def cf_sentinel_cl(cli_ctx, *_):
from azure.cli.core.commands.client_factory import get_mgmt_service_client
from ..vendored_sdks.securityinsight import SecurityInsights
return get_mgmt_service_client(cli_ctx,
SecurityInsights)
def cf_alert_rule(cli_ctx, *_):
return cf_sentinel_cl(cli_ctx).alert_rule
def cf_action(cli_ctx, *_):
return cf_sentinel_cl(cli_ctx).action
def cf_alert_rule_template(cli_ctx, *_):
return cf_sentinel_cl(cli_ctx).alert_rule_template
def cf_bookmark(cli_ctx, *_):
return cf_sentinel_cl(cli_ctx).bookmark
def cf_data_connector(cli_ctx, *_):
return cf_sentinel_cl(cli_ctx).data_connector
def cf_incident(cli_ctx, *_):
return cf_sentinel_cl(cli_ctx).incident
def cf_incident_comment(cli_ctx, *_):
return cf_sentinel_cl(cli_ctx).incident_comment

637
src/securityinsight/azext_sentinel/generated/_help.py Normal file
Просмотреть файл

@ -0,0 +1,637 @@
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
# --------------------------------------------------------------------------
# pylint: disable=too-many-lines
from knack.help_files import helps
helps['sentinel alert-rule'] = """
type: group
short-summary: sentinel alert-rule
"""
helps['sentinel alert-rule list'] = """
type: command
short-summary: "Gets all alert rules."
examples:
- name: Get all alert rules.
text: |-
az sentinel alert-rule list --resource-group "myRg" --workspace-name "myWorkspace"
"""
helps['sentinel alert-rule show'] = """
type: command
short-summary: "Gets the alert rule."
examples:
- name: Get an alert rule.
text: |-
az sentinel alert-rule show --resource-group "myRg" --rule-id "myFirstFusionRule" --workspace-name \
"myWorkspace"
"""
helps['sentinel alert-rule create'] = """
type: command
short-summary: "Creates or updates the action of alert rule. And Create the alert rule."
parameters:
- name: --fusion-alert-rule
short-summary: "Represents Fusion alert rule."
long-summary: |
Usage: --fusion-alert-rule alert-rule-template-name=XX enabled=XX kind=XX etag=XX
alert-rule-template-name: The Name of the alert rule template used to create this rule.
enabled: Determines whether this alert rule is enabled or disabled.
kind: Required. The alert rule kind
etag: Etag of the azure resource
- name: --microsoft-security-incident-creation-alert-rule
short-summary: "Represents MicrosoftSecurityIncidentCreation rule."
long-summary: |
Usage: --microsoft-security-incident-creation-alert-rule display-names-filter=XX \
display-names-exclude-filter=XX product-filter=XX severities-filter=XX alert-rule-template-name=XX description=XX \
display-name=XX enabled=XX kind=XX etag=XX
display-names-filter: the alerts' displayNames on which the cases will be generated
display-names-exclude-filter: the alerts' displayNames on which the cases will not be generated
product-filter: The alerts' productName on which the cases will be generated
severities-filter: the alerts' severities on which the cases will be generated
alert-rule-template-name: The Name of the alert rule template used to create this rule.
description: The description of the alert rule.
display-name: The display name for alerts created by this alert rule.
enabled: Determines whether this alert rule is enabled or disabled.
kind: Required. The alert rule kind
etag: Etag of the azure resource
- name: --scheduled-alert-rule
short-summary: "Represents scheduled alert rule."
long-summary: |
Usage: --scheduled-alert-rule query=XX query-frequency=XX query-period=XX severity=XX trigger-operator=XX \
trigger-threshold=XX alert-rule-template-name=XX description=XX display-name=XX enabled=XX suppression-duration=XX \
suppression-enabled=XX tactics=XX kind=XX etag=XX
query: The query that creates alerts for this rule.
query-frequency: The frequency (in ISO 8601 duration format) for this alert rule to run.
query-period: The period (in ISO 8601 duration format) that this alert rule looks at.
severity: The severity for alerts created by this alert rule.
trigger-operator: The operation against the threshold that triggers alert rule.
trigger-threshold: The threshold triggers this alert rule.
alert-rule-template-name: The Name of the alert rule template used to create this rule.
description: The description of the alert rule.
display-name: The display name for alerts created by this alert rule.
enabled: Determines whether this alert rule is enabled or disabled.
suppression-duration: The suppression (in ISO 8601 duration format) to wait since last time this alert \
rule been triggered.
suppression-enabled: Determines whether the suppression for this alert rule is enabled or disabled.
tactics: The tactics of the alert rule
kind: Required. The alert rule kind
etag: Etag of the azure resource
examples:
- name: Creates or updates an action of alert rule.
text: |-
az sentinel alert-rule create --etag "{etag}" \
--logic-app-resource-id "/subscriptions/{subs}/resourceGroups/myRg/providers/Microsoft.Lo\
gic/workflows/MyAlerts" --trigger-uri "https://xxx.northcentralus.logic.azure.com:443/workflows/xxx/triggers/\
manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" \
--action-id "{action-id}" --resource-group "myRg" --rule-id "{rule-id}" --workspace-name "myWorkspace"
- name: Creates or updates a Fusion alert rule.
text: |-
az sentinel alert-rule create --fusion-alert-rule etag="{etag}" \
alert-rule-template-name="{name}" enabled=true --resource-group "myRg" --rule-id \
"myFirstFusionRule" --workspace-name "myWorkspace"
- name: Creates or updates a MicrosoftSecurityIncidentCreation rule.
text: |-
az sentinel alert-rule create --microsoft-security-incident-creation-alert-rule \
etag="{etag}" product-filter="Microsoft Cloud App Security" display-name="testing \
displayname" enabled=true --resource-group "myRg" --rule-id "microsoftSecurityIncidentCreationRuleExample" \
--workspace-name "myWorkspace"
- name: Creates or updates a Scheduled alert rule.
text: |-
az sentinel alert-rule create --scheduled-alert-rule etag="{etag}" \
query="ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden" \
query-frequency="PT1H" query-period="P2DT1H30M" severity="High" trigger-operator="GreaterThan" trigger-threshold=0 \
description="" display-name="Rule2" enabled=true suppression-duration="PT1H" suppression-enabled=false \
tactics="Persistence" tactics="LateralMovement" --resource-group "myRg" --rule-id "{rule-id}" \
--workspace-name "myWorkspace"
"""
helps['sentinel alert-rule update'] = """
type: command
short-summary: "Update the alert rule."
parameters:
- name: --fusion-alert-rule
short-summary: "Represents Fusion alert rule."
long-summary: |
Usage: --fusion-alert-rule alert-rule-template-name=XX enabled=XX kind=XX etag=XX
alert-rule-template-name: The Name of the alert rule template used to create this rule.
enabled: Determines whether this alert rule is enabled or disabled.
kind: Required. The alert rule kind
etag: Etag of the azure resource
- name: --microsoft-security-incident-creation-alert-rule
short-summary: "Represents MicrosoftSecurityIncidentCreation rule."
long-summary: |
Usage: --microsoft-security-incident-creation-alert-rule display-names-filter=XX \
display-names-exclude-filter=XX product-filter=XX severities-filter=XX alert-rule-template-name=XX description=XX \
display-name=XX enabled=XX kind=XX etag=XX
display-names-filter: the alerts' displayNames on which the cases will be generated
display-names-exclude-filter: the alerts' displayNames on which the cases will not be generated
product-filter: The alerts' productName on which the cases will be generated
severities-filter: the alerts' severities on which the cases will be generated
alert-rule-template-name: The Name of the alert rule template used to create this rule.
description: The description of the alert rule.
display-name: The display name for alerts created by this alert rule.
enabled: Determines whether this alert rule is enabled or disabled.
kind: Required. The alert rule kind
etag: Etag of the azure resource
- name: --scheduled-alert-rule
short-summary: "Represents scheduled alert rule."
long-summary: |
Usage: --scheduled-alert-rule query=XX query-frequency=XX query-period=XX severity=XX trigger-operator=XX \
trigger-threshold=XX alert-rule-template-name=XX description=XX display-name=XX enabled=XX suppression-duration=XX \
suppression-enabled=XX tactics=XX kind=XX etag=XX
query: The query that creates alerts for this rule.
query-frequency: The frequency (in ISO 8601 duration format) for this alert rule to run.
query-period: The period (in ISO 8601 duration format) that this alert rule looks at.
severity: The severity for alerts created by this alert rule.
trigger-operator: The operation against the threshold that triggers alert rule.
trigger-threshold: The threshold triggers this alert rule.
alert-rule-template-name: The Name of the alert rule template used to create this rule.
description: The description of the alert rule.
display-name: The display name for alerts created by this alert rule.
enabled: Determines whether this alert rule is enabled or disabled.
suppression-duration: The suppression (in ISO 8601 duration format) to wait since last time this alert \
rule been triggered.
suppression-enabled: Determines whether the suppression for this alert rule is enabled or disabled.
tactics: The tactics of the alert rule
kind: Required. The alert rule kind
etag: Etag of the azure resource
"""
helps['sentinel alert-rule delete'] = """
type: command
short-summary: "Delete the action of alert rule. And Delete the alert rule."
examples:
- name: Delete an action of alert rule.
text: |-
az sentinel alert-rule delete --action-id "{action-id}" --resource-group \
"myRg" --rule-id "{rule-id}" --workspace-name "myWorkspace"
- name: Delete an alert rule.
text: |-
az sentinel alert-rule delete --resource-group "myRg" --rule-id "{rule-id}" \
--workspace-name "myWorkspace"
"""
helps['sentinel alert-rule get-action'] = """
type: command
short-summary: "Gets the action of alert rule."
examples:
- name: Get an action of alert rule.
text: |-
az sentinel alert-rule get-action --action-id "{action-id}" --resource-group \
"myRg" --rule-id "{rule-id}" --workspace-name "myWorkspace"
"""
helps['sentinel action'] = """
type: group
short-summary: sentinel action
"""
helps['sentinel action list'] = """
type: command
short-summary: "Gets all actions of alert rule."
examples:
- name: Get all actions of alert rule.
text: |-
az sentinel action list --resource-group "myRg" --rule-id "{rule-id}" \
--workspace-name "myWorkspace"
"""
helps['sentinel alert-rule-template'] = """
type: group
short-summary: sentinel alert-rule-template
"""
helps['sentinel alert-rule-template list'] = """
type: command
short-summary: "Gets all alert rule templates."
examples:
- name: Get all alert rule templates.
text: |-
az sentinel alert-rule-template list --resource-group "myRg" --workspace-name "myWorkspace"
"""
helps['sentinel alert-rule-template show'] = """
type: command
short-summary: "Gets the alert rule template."
examples:
- name: Get alert rule template by Id.
text: |-
az sentinel alert-rule-template show --alert-rule-template-id "{id}" \
--resource-group "myRg" --workspace-name "myWorkspace"
"""
helps['sentinel bookmark'] = """
type: group
short-summary: sentinel bookmark
"""
helps['sentinel bookmark list'] = """
type: command
short-summary: "Gets all bookmarks."
examples:
- name: Get all bookmarks.
text: |-
az sentinel bookmark list --resource-group "myRg" --workspace-name "myWorkspace"
"""
helps['sentinel bookmark show'] = """
type: command
short-summary: "Gets a bookmark."
examples:
- name: Get a bookmark.
text: |-
az sentinel bookmark show --bookmark-id "{id}" --resource-group "myRg" \
--workspace-name "myWorkspace"
"""
helps['sentinel bookmark create'] = """
type: command
short-summary: "Create the bookmark."
parameters:
- name: --incident-info
short-summary: "Describes an incident that relates to bookmark"
long-summary: |
Usage: --incident-info incident-id=XX severity=XX title=XX relation-name=XX
incident-id: Required. Incident Id
severity: Required. The severity of the incident
title: Required. The title of the incident
relation-name: Required. Relation Name
examples:
- name: Creates or updates a bookmark.
text: |-
az sentinel bookmark create --etag "{etag}" --created \
"2019-01-01T13:15:30Z" --display-name "My bookmark" --labels "Tag1" --labels "Tag2" --notes "Found a suspicious \
activity" -q "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)" --query-result "Security \
Event query result" --updated "2019-01-01T13:15:30Z" --bookmark-id "{id}" \
--resource-group "myRg" --workspace-name "myWorkspace"
"""
helps['sentinel bookmark update'] = """
type: command
short-summary: "Update the bookmark."
parameters:
- name: --incident-info
short-summary: "Describes an incident that relates to bookmark"
long-summary: |
Usage: --incident-info incident-id=XX severity=XX title=XX relation-name=XX
incident-id: Required. Incident Id
severity: Required. The severity of the incident
title: Required. The title of the incident
relation-name: Required. Relation Name
"""
helps['sentinel bookmark delete'] = """
type: command
short-summary: "Delete the bookmark."
examples:
- name: Delete a bookmark.
text: |-
az sentinel bookmark delete --bookmark-id "{id}" --resource-group \
"myRg" --workspace-name "myWorkspace"
"""
helps['sentinel data-connector'] = """
type: group
short-summary: sentinel data-connector
"""
helps['sentinel data-connector list'] = """
type: command
short-summary: "Gets all data connectors."
examples:
- name: Get all data connectors.
text: |-
az sentinel data-connector list --resource-group "myRg" --workspace-name "myWorkspace"
"""
helps['sentinel data-connector show'] = """
type: command
short-summary: "Gets a data connector."
examples:
- name: Get a data connector.
text: |-
az sentinel data-connector show --data-connector-id "{id}" --resource-group "myRg" \
--workspace-name "myWorkspace"
"""
helps['sentinel data-connector create'] = """
type: command
short-summary: "Create the data connector."
parameters:
- name: --aad-data-connector
short-summary: "Represents AAD (Azure Active Directory) data connector."
long-summary: |
Usage: --aad-data-connector tenant-id=XX state=XX kind=XX etag=XX
tenant-id: The tenant id to connect to, and get the data from.
state: Describe whether this data type connection is enabled or not.
kind: Required. The data connector kind
etag: Etag of the azure resource
- name: --aatp-data-connector
short-summary: "Represents AATP (Azure Advanced Threat Protection) data connector."
long-summary: |
Usage: --aatp-data-connector tenant-id=XX state=XX kind=XX etag=XX
tenant-id: The tenant id to connect to, and get the data from.
state: Describe whether this data type connection is enabled or not.
kind: Required. The data connector kind
etag: Etag of the azure resource
- name: --asc-data-connector
short-summary: "Represents ASC (Azure Security Center) data connector."
long-summary: |
Usage: --asc-data-connector subscription-id=XX state=XX kind=XX etag=XX
subscription-id: The subscription id to connect to, and get the data from.
state: Describe whether this data type connection is enabled or not.
kind: Required. The data connector kind
etag: Etag of the azure resource
- name: --aws-cloud-trail-data-connector
short-summary: "Represents Amazon Web Services CloudTrail data connector."
long-summary: |
Usage: --aws-cloud-trail-data-connector aws-role-arn=XX state=XX kind=XX etag=XX
aws-role-arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.
state: Describe whether this data type connection is enabled or not.
kind: Required. The data connector kind
etag: Etag of the azure resource
- name: --mcas-data-connector
short-summary: "Represents MCAS (Microsoft Cloud App Security) data connector."
long-summary: |
Usage: --mcas-data-connector tenant-id=XX state-data-types-alerts-state=XX state-data-types-discovery-logs-\
state=XX kind=XX etag=XX
tenant-id: The tenant id to connect to, and get the data from.
state-data-types-alerts-state: Describe whether this data type connection is enabled or not.
state-data-types-discovery-logs-state: Describe whether this data type connection is enabled or not.
kind: Required. The data connector kind
etag: Etag of the azure resource
- name: --mdatp-data-connector
short-summary: "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector."
long-summary: |
Usage: --mdatp-data-connector tenant-id=XX state=XX kind=XX etag=XX
tenant-id: The tenant id to connect to, and get the data from.
state: Describe whether this data type connection is enabled or not.
kind: Required. The data connector kind
etag: Etag of the azure resource
- name: --office-data-connector
short-summary: "Represents office data connector."
long-summary: |
Usage: --office-data-connector tenant-id=XX state-data-types-share-point-state=XX \
state-data-types-exchange-state=XX kind=XX etag=XX
tenant-id: The tenant id to connect to, and get the data from.
state-data-types-share-point-state: Describe whether this data type connection is enabled or not.
state-data-types-exchange-state: Describe whether this data type connection is enabled or not.
kind: Required. The data connector kind
etag: Etag of the azure resource
- name: --ti-data-connector
short-summary: "Represents threat intelligence data connector."
long-summary: |
Usage: --ti-data-connector tenant-id=XX state=XX kind=XX etag=XX
tenant-id: The tenant id to connect to, and get the data from.
state: Describe whether this data type connection is enabled or not.
kind: Required. The data connector kind
etag: Etag of the azure resource
examples:
- name: Creates or updates an Office365 data connector.
text: |-
az sentinel data-connector create --office-data-connector etag="{etag}" \
tenant-id="{tenant-id}" --data-connector-id "{id}" --resource-group "myRg" --workspace-name "myWorkspace"
"""
helps['sentinel data-connector update'] = """
type: command
short-summary: "Update the data connector."
parameters:
- name: --aad-data-connector
short-summary: "Represents AAD (Azure Active Directory) data connector."
long-summary: |
Usage: --aad-data-connector tenant-id=XX state=XX kind=XX etag=XX
tenant-id: The tenant id to connect to, and get the data from.
state: Describe whether this data type connection is enabled or not.
kind: Required. The data connector kind
etag: Etag of the azure resource
- name: --aatp-data-connector
short-summary: "Represents AATP (Azure Advanced Threat Protection) data connector."
long-summary: |
Usage: --aatp-data-connector tenant-id=XX state=XX kind=XX etag=XX
tenant-id: The tenant id to connect to, and get the data from.
state: Describe whether this data type connection is enabled or not.
kind: Required. The data connector kind
etag: Etag of the azure resource
- name: --asc-data-connector
short-summary: "Represents ASC (Azure Security Center) data connector."
long-summary: |
Usage: --asc-data-connector subscription-id=XX state=XX kind=XX etag=XX
subscription-id: The subscription id to connect to, and get the data from.
state: Describe whether this data type connection is enabled or not.
kind: Required. The data connector kind
etag: Etag of the azure resource
- name: --aws-cloud-trail-data-connector
short-summary: "Represents Amazon Web Services CloudTrail data connector."
long-summary: |
Usage: --aws-cloud-trail-data-connector aws-role-arn=XX state=XX kind=XX etag=XX
aws-role-arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.
state: Describe whether this data type connection is enabled or not.
kind: Required. The data connector kind
etag: Etag of the azure resource
- name: --mcas-data-connector
short-summary: "Represents MCAS (Microsoft Cloud App Security) data connector."
long-summary: |
Usage: --mcas-data-connector tenant-id=XX state-data-types-alerts-state=XX state-data-types-discovery-logs-\
state=XX kind=XX etag=XX
tenant-id: The tenant id to connect to, and get the data from.
state-data-types-alerts-state: Describe whether this data type connection is enabled or not.
state-data-types-discovery-logs-state: Describe whether this data type connection is enabled or not.
kind: Required. The data connector kind
etag: Etag of the azure resource
- name: --mdatp-data-connector
short-summary: "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector."
long-summary: |
Usage: --mdatp-data-connector tenant-id=XX state=XX kind=XX etag=XX
tenant-id: The tenant id to connect to, and get the data from.
state: Describe whether this data type connection is enabled or not.
kind: Required. The data connector kind
etag: Etag of the azure resource
- name: --office-data-connector
short-summary: "Represents office data connector."
long-summary: |
Usage: --office-data-connector tenant-id=XX state-data-types-share-point-state=XX \
state-data-types-exchange-state=XX kind=XX etag=XX
tenant-id: The tenant id to connect to, and get the data from.
state-data-types-share-point-state: Describe whether this data type connection is enabled or not.
state-data-types-exchange-state: Describe whether this data type connection is enabled or not.
kind: Required. The data connector kind
etag: Etag of the azure resource
- name: --ti-data-connector
short-summary: "Represents threat intelligence data connector."
long-summary: |
Usage: --ti-data-connector tenant-id=XX state=XX kind=XX etag=XX
tenant-id: The tenant id to connect to, and get the data from.
state: Describe whether this data type connection is enabled or not.
kind: Required. The data connector kind
etag: Etag of the azure resource
"""
helps['sentinel data-connector delete'] = """
type: command
short-summary: "Delete the data connector."
examples:
- name: Delete a data connector.
text: |-
az sentinel data-connector delete --data-connector-id "{id}" --resource-group "myRg" \
--workspace-name "myWorkspace"
"""
helps['sentinel incident'] = """
type: group
short-summary: sentinel incident
"""
helps['sentinel incident list'] = """
type: command
short-summary: "Gets all incidents."
examples:
- name: Get all incidents.
text: |-
az sentinel incident list --orderby "properties/createdTimeUtc desc" --top 1 --resource-group "myRg" \
--workspace-name "myWorkspace"
"""
helps['sentinel incident show'] = """
type: command
short-summary: "Gets an incident."
examples:
- name: Get an incident.
text: |-
az sentinel incident show --incident-id "{id}" --resource-group "myRg" --workspace-name "myWorkspace"
"""
helps['sentinel incident create'] = """
type: command
short-summary: "Create the incident."
parameters:
- name: --labels
short-summary: "List of labels relevant to this incident"
long-summary: |
Usage: --labels label-name=XX
label-name: Required. The name of the label
Multiple actions can be specified by using more than one --labels argument.
- name: --owner
short-summary: "Describes a user that the incident is assigned to"
long-summary: |
Usage: --owner email=XX assigned-to=XX object-id=XX user-principal-name=XX
email: The email of the user the incident is assigned to.
assigned-to: The name of the user the incident is assigned to.
object-id: The object id of the user the incident is assigned to.
user-principal-name: The user principal name of the user the incident is assigned to.
examples:
- name: Creates or updates an incident.
text: |-
az sentinel incident create --etag "{etag}" --description "This is \
a demo incident" --classification "FalsePositive" --classification-comment "Not a malicious activity" \
--classification-reason "IncorrectAlertLogic" --first-activity-time-utc "2019-01-01T13:00:30Z" \
--last-activity-time-utc "2019-01-01T13:05:30Z" --owner object-id="{oid}" --severity \
"High" --status "Closed" --title "My incident" --incident-id "{id}" --resource-group \
"myRg" --workspace-name "myWorkspace"
"""
helps['sentinel incident update'] = """
type: command
short-summary: "Update the incident."
parameters:
- name: --labels
short-summary: "List of labels relevant to this incident"
long-summary: |
Usage: --labels label-name=XX
label-name: Required. The name of the label
Multiple actions can be specified by using more than one --labels argument.
- name: --owner
short-summary: "Describes a user that the incident is assigned to"
long-summary: |
Usage: --owner email=XX assigned-to=XX object-id=XX user-principal-name=XX
email: The email of the user the incident is assigned to.
assigned-to: The name of the user the incident is assigned to.
object-id: The object id of the user the incident is assigned to.
user-principal-name: The user principal name of the user the incident is assigned to.
"""
helps['sentinel incident delete'] = """
type: command
short-summary: "Delete the incident."
examples:
- name: Delete an incident.
text: |-
az sentinel incident delete --incident-id "{id}" --resource-group \
"myRg" --workspace-name "myWorkspace"
"""
helps['sentinel incident-comment'] = """
type: group
short-summary: sentinel incident-comment
"""
helps['sentinel incident-comment list'] = """
type: command
short-summary: "Gets all incident comments."
examples:
- name: Get all incident comments.
text: |-
az sentinel incident-comment list --incident-id "{id}" --resource-group \
"myRg" --workspace-name "myWorkspace"
"""
helps['sentinel incident-comment show'] = """
type: command
short-summary: "Gets an incident comment."
examples:
- name: Get an incident comment.
text: |-
az sentinel incident-comment show --incident-comment-id "{comment-id}" \
--incident-id "{id}" --resource-group "myRg" --workspace-name "myWorkspace"
"""
helps['sentinel incident-comment create'] = """
type: command
short-summary: "Creates the incident comment."
examples:
- name: Creates an incident comment.
text: |-
az sentinel incident-comment create --message "Some message" --incident-comment-id \
"4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" --incident-id "{id}" --resource-group "myRg" \
--workspace-name "myWorkspace"
"""

293
src/securityinsight/azext_sentinel/generated/_params.py Normal file
Просмотреть файл

@ -0,0 +1,293 @@
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
# --------------------------------------------------------------------------
# pylint: disable=too-many-lines
# pylint: disable=too-many-statements
from azure.cli.core.commands.parameters import (
get_enum_type,
resource_group_name_type
)
from azext_sentinel.action import (
AddFusionAlertRule,
AddMicrosoftSecurityIncidentCreationAlertRule,
AddScheduledAlertRule,
AddIncidentInfo,
AddAadDataConnector,
AddAatpDataConnector,
AddAscDataConnector,
AddAwsCloudTrailDataConnector,
AddMcasDataConnector,
AddMdatpDataConnector,
AddOfficeDataConnector,
AddTiDataConnector,
AddLabels,
AddOwner
)
def load_arguments(self, _):
with self.argument_context('sentinel alert-rule list') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.')
with self.argument_context('sentinel alert-rule show') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name')
c.argument('rule_id', type=str, help='Alert rule ID', id_part='child_name_1')
with self.argument_context('sentinel alert-rule create') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.')
c.argument('rule_id', type=str, help='Alert rule ID')
c.argument('action_id', type=str, help='Action ID')
c.argument('etag', type=str, help='Etag of the azure resource')
c.argument('logic_app_resource_id', type=str, help='Logic App Resource Id, /subscriptions/{my-subscription}/res'
'ourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.')
c.argument('trigger_uri', type=str, help='Logic App Callback URL for this specific workflow.')
c.argument('fusion_alert_rule', action=AddFusionAlertRule, nargs='*', help='Represents Fusion alert rule.',
arg_group='AlertRule')
c.argument('microsoft_security_incident_creation_alert_rule',
action=AddMicrosoftSecurityIncidentCreationAlertRule, nargs='*', help='Represents '
'MicrosoftSecurityIncidentCreation rule.', arg_group='AlertRule')
c.argument('scheduled_alert_rule', action=AddScheduledAlertRule, nargs='*', help='Represents scheduled alert '
'rule.', arg_group='AlertRule')
with self.argument_context('sentinel alert-rule update') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name')
c.argument('rule_id', type=str, help='Alert rule ID', id_part='child_name_1')
c.argument('fusion_alert_rule', action=AddFusionAlertRule, nargs='*', help='Represents Fusion alert rule.',
arg_group='AlertRule')
c.argument('microsoft_security_incident_creation_alert_rule',
action=AddMicrosoftSecurityIncidentCreationAlertRule, nargs='*', help='Represents '
'MicrosoftSecurityIncidentCreation rule.', arg_group='AlertRule')
c.argument('scheduled_alert_rule', action=AddScheduledAlertRule, nargs='*', help='Represents scheduled alert '
'rule.', arg_group='AlertRule')
with self.argument_context('sentinel alert-rule delete') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name')
c.argument('rule_id', type=str, help='Alert rule ID', id_part='child_name_1')
c.argument('action_id', type=str, help='Action ID', id_part='child_name_2')
with self.argument_context('sentinel alert-rule get-action') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name')
c.argument('rule_id', type=str, help='Alert rule ID', id_part='child_name_1')
c.argument('action_id', type=str, help='Action ID', id_part='child_name_2')
with self.argument_context('sentinel action list') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.')
c.argument('rule_id', type=str, help='Alert rule ID')
with self.argument_context('sentinel alert-rule-template list') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.')
with self.argument_context('sentinel alert-rule-template show') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name')
c.argument('alert_rule_template_id', type=str, help='Alert rule template ID', id_part='child_name_1')
with self.argument_context('sentinel bookmark list') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.')
with self.argument_context('sentinel bookmark show') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name')
c.argument('bookmark_id', type=str, help='Bookmark ID', id_part='child_name_1')
with self.argument_context('sentinel bookmark create') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.')
c.argument('bookmark_id', type=str, help='Bookmark ID')
c.argument('etag', type=str, help='Etag of the azure resource')
c.argument('created', help='The time the bookmark was created')
c.argument('display_name', type=str, help='The display name of the bookmark')
c.argument('labels', nargs='*', help='List of labels relevant to this bookmark')
c.argument('notes', type=str, help='The notes of the bookmark')
c.argument('query_content', options_list=['-q'], type=str, help='The query of the bookmark.')
c.argument('query_result', type=str, help='The query result of the bookmark.')
c.argument('updated', help='The last time the bookmark was updated')
c.argument('incident_info', action=AddIncidentInfo, nargs='*', help='Describes an incident that relates to '
'bookmark')
c.argument('updated_by_object_id', help='The object id of the user.')
with self.argument_context('sentinel bookmark update') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name')
c.argument('bookmark_id', type=str, help='Bookmark ID', id_part='child_name_1')
c.argument('etag', type=str, help='Etag of the azure resource')
c.argument('created', help='The time the bookmark was created')
c.argument('display_name', type=str, help='The display name of the bookmark')
c.argument('labels', nargs='*', help='List of labels relevant to this bookmark')
c.argument('notes', type=str, help='The notes of the bookmark')
c.argument('query_content', options_list=['-q'], type=str, help='The query of the bookmark.')
c.argument('query_result', type=str, help='The query result of the bookmark.')
c.argument('updated', help='The last time the bookmark was updated')
c.argument('incident_info', action=AddIncidentInfo, nargs='*', help='Describes an incident that relates to '
'bookmark')
c.argument('updated_by_object_id', help='The object id of the user.')
with self.argument_context('sentinel bookmark delete') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name')
c.argument('bookmark_id', type=str, help='Bookmark ID', id_part='child_name_1')
with self.argument_context('sentinel data-connector list') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.')
with self.argument_context('sentinel data-connector show') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name')
c.argument('data_connector_id', type=str, help='Connector ID', id_part='child_name_1')
with self.argument_context('sentinel data-connector create') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.')
c.argument('data_connector_id', type=str, help='Connector ID')
c.argument('aad_data_connector', action=AddAadDataConnector, nargs='*', help='Represents AAD (Azure Active '
'Directory) data connector.', arg_group='DataConnector')
c.argument('aatp_data_connector', action=AddAatpDataConnector, nargs='*', help='Represents AATP (Azure '
'Advanced Threat Protection) data connector.', arg_group='DataConnector')
c.argument('asc_data_connector', action=AddAscDataConnector, nargs='*', help='Represents ASC (Azure Security '
'Center) data connector.', arg_group='DataConnector')
c.argument('aws_cloud_trail_data_connector', action=AddAwsCloudTrailDataConnector, nargs='*', help='Represents '
'Amazon Web Services CloudTrail data connector.', arg_group='DataConnector')
c.argument('mcas_data_connector', action=AddMcasDataConnector, nargs='*', help='Represents MCAS (Microsoft '
'Cloud App Security) data connector.', arg_group='DataConnector')
c.argument('mdatp_data_connector', action=AddMdatpDataConnector, nargs='*', help='Represents MDATP (Microsoft '
'Defender Advanced Threat Protection) data connector.', arg_group='DataConnector')
c.argument('office_data_connector', action=AddOfficeDataConnector, nargs='*', help='Represents office data '
'connector.', arg_group='DataConnector')
c.argument('ti_data_connector', action=AddTiDataConnector, nargs='*', help='Represents threat intelligence '
'data connector.', arg_group='DataConnector')
with self.argument_context('sentinel data-connector update') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name')
c.argument('data_connector_id', type=str, help='Connector ID', id_part='child_name_1')
c.argument('aad_data_connector', action=AddAadDataConnector, nargs='*', help='Represents AAD (Azure Active '
'Directory) data connector.', arg_group='DataConnector')
c.argument('aatp_data_connector', action=AddAatpDataConnector, nargs='*', help='Represents AATP (Azure '
'Advanced Threat Protection) data connector.', arg_group='DataConnector')
c.argument('asc_data_connector', action=AddAscDataConnector, nargs='*', help='Represents ASC (Azure Security '
'Center) data connector.', arg_group='DataConnector')
c.argument('aws_cloud_trail_data_connector', action=AddAwsCloudTrailDataConnector, nargs='*', help='Represents '
'Amazon Web Services CloudTrail data connector.', arg_group='DataConnector')
c.argument('mcas_data_connector', action=AddMcasDataConnector, nargs='*', help='Represents MCAS (Microsoft '
'Cloud App Security) data connector.', arg_group='DataConnector')
c.argument('mdatp_data_connector', action=AddMdatpDataConnector, nargs='*', help='Represents MDATP (Microsoft '
'Defender Advanced Threat Protection) data connector.', arg_group='DataConnector')
c.argument('office_data_connector', action=AddOfficeDataConnector, nargs='*', help='Represents office data '
'connector.', arg_group='DataConnector')
c.argument('ti_data_connector', action=AddTiDataConnector, nargs='*', help='Represents threat intelligence '
'data connector.', arg_group='DataConnector')
with self.argument_context('sentinel data-connector delete') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name')
c.argument('data_connector_id', type=str, help='Connector ID', id_part='child_name_1')
with self.argument_context('sentinel incident list') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.')
c.argument('filter_', options_list=['--filter'], type=str, help='Filters the results, based on a Boolean '
'condition. Optional.')
c.argument('orderby', type=str, help='Sorts the results. Optional.')
c.argument('top', type=int, help='Returns only the first n results. Optional.')
c.argument('skip_token', type=str, help='Skiptoken is only used if a previous operation returned a partial '
'result. If a previous response contains a nextLink element, the value of the nextLink element will '
'include a skiptoken parameter that specifies a starting point to use for subsequent calls. '
'Optional.')
with self.argument_context('sentinel incident show') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name')
c.argument('incident_id', type=str, help='Incident ID', id_part='child_name_1')
with self.argument_context('sentinel incident create') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.')
c.argument('incident_id', type=str, help='Incident ID')
c.argument('etag', type=str, help='Etag of the azure resource')
c.argument('classification', arg_type=get_enum_type(['Undetermined', 'TruePositive', 'BenignPositive', ''
'FalsePositive']), help='The reason the incident was '
'closed')
c.argument('classification_comment', type=str, help='Describes the reason the incident was closed')
c.argument('classification_reason', arg_type=get_enum_type(['SuspiciousActivity', 'SuspiciousButExpected', ''
'IncorrectAlertLogic', 'InaccurateData']), help=''
'The classification reason the incident was closed with')
c.argument('description', type=str, help='The description of the incident')
c.argument('first_activity_time_utc', help='The time of the first activity in the incident')
c.argument('labels', action=AddLabels, nargs='*', help='List of labels relevant to this incident')
c.argument('last_activity_time_utc', help='The time of the last activity in the incident')
c.argument('owner', action=AddOwner, nargs='*', help='Describes a user that the incident is assigned to')
c.argument('severity', arg_type=get_enum_type(['High', 'Medium', 'Low', 'Informational']), help='The severity '
'of the incident')
c.argument('status', arg_type=get_enum_type(['New', 'Active', 'Closed']), help='The status of the incident')
c.argument('title', type=str, help='The title of the incident')
with self.argument_context('sentinel incident update') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name')
c.argument('incident_id', type=str, help='Incident ID', id_part='child_name_1')
c.argument('etag', type=str, help='Etag of the azure resource')
c.argument('classification', arg_type=get_enum_type(['Undetermined', 'TruePositive', 'BenignPositive', ''
'FalsePositive']), help='The reason the incident was '
'closed')
c.argument('classification_comment', type=str, help='Describes the reason the incident was closed')
c.argument('classification_reason', arg_type=get_enum_type(['SuspiciousActivity', 'SuspiciousButExpected', ''
'IncorrectAlertLogic', 'InaccurateData']), help=''
'The classification reason the incident was closed with')
c.argument('description', type=str, help='The description of the incident')
c.argument('first_activity_time_utc', help='The time of the first activity in the incident')
c.argument('labels', action=AddLabels, nargs='*', help='List of labels relevant to this incident')
c.argument('last_activity_time_utc', help='The time of the last activity in the incident')
c.argument('owner', action=AddOwner, nargs='*', help='Describes a user that the incident is assigned to')
c.argument('severity', arg_type=get_enum_type(['High', 'Medium', 'Low', 'Informational']), help='The severity '
'of the incident')
c.argument('status', arg_type=get_enum_type(['New', 'Active', 'Closed']), help='The status of the incident')
c.argument('title', type=str, help='The title of the incident')
with self.argument_context('sentinel incident delete') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name')
c.argument('incident_id', type=str, help='Incident ID', id_part='child_name_1')
with self.argument_context('sentinel incident-comment list') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.')
c.argument('incident_id', type=str, help='Incident ID')
c.argument('filter_', options_list=['--filter'], type=str, help='Filters the results, based on a Boolean '
'condition. Optional.')
c.argument('orderby', type=str, help='Sorts the results. Optional.')
c.argument('top', type=int, help='Returns only the first n results. Optional.')
c.argument('skip_token', type=str, help='Skiptoken is only used if a previous operation returned a partial '
'result. If a previous response contains a nextLink element, the value of the nextLink element will '
'include a skiptoken parameter that specifies a starting point to use for subsequent calls. '
'Optional.')
with self.argument_context('sentinel incident-comment show') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name')
c.argument('incident_id', type=str, help='Incident ID', id_part='child_name_1')
c.argument('incident_comment_id', type=str, help='Incident comment ID', id_part='child_name_2')
with self.argument_context('sentinel incident-comment create') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.')
c.argument('incident_id', type=str, help='Incident ID')
c.argument('incident_comment_id', type=str, help='Incident comment ID')
c.argument('message', type=str, help='The comment message')

9
src/securityinsight/azext_sentinel/generated/_validators.py Normal file
Просмотреть файл

@ -0,0 +1,9 @@
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
# --------------------------------------------------------------------------

433
src/securityinsight/azext_sentinel/generated/action.py Normal file
Просмотреть файл

@ -0,0 +1,433 @@
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
# --------------------------------------------------------------------------
# pylint: disable=protected-access
import argparse
from collections import defaultdict
from knack.util import CLIError
class AddFusionAlertRule(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
action = self.get_action(values, option_string)
namespace.fusion_alert_rule = action
def get_action(self, values, option_string): # pylint: disable=no-self-use
try:
properties = defaultdict(list)
for (k, v) in (x.split('=', 1) for x in values):
properties[k].append(v)
properties = dict(properties)
except ValueError:
raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string))
d = {}
for k in properties:
kl = k.lower()
v = properties[k]
if kl == 'alert-rule-template-name':
d['alert_rule_template_name'] = v[0]
elif kl == 'enabled':
d['enabled'] = v[0]
elif kl == 'etag':
d['etag'] = v[0]
d['kind'] = 'Fusion'
return d
class AddMicrosoftSecurityIncidentCreationAlertRule(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
action = self.get_action(values, option_string)
namespace.microsoft_security_incident_creation_alert_rule = action
def get_action(self, values, option_string): # pylint: disable=no-self-use
try:
properties = defaultdict(list)
for (k, v) in (x.split('=', 1) for x in values):
properties[k].append(v)
properties = dict(properties)
except ValueError:
raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string))
d = {}
for k in properties:
kl = k.lower()
v = properties[k]
if kl == 'display-names-filter':
d['display_names_filter'] = v
elif kl == 'display-names-exclude-filter':
d['display_names_exclude_filter'] = v
elif kl == 'product-filter':
d['product_filter'] = v[0]
elif kl == 'severities-filter':
d['severities_filter'] = v
elif kl == 'alert-rule-template-name':
d['alert_rule_template_name'] = v[0]
elif kl == 'description':
d['description'] = v[0]
elif kl == 'display-name':
d['display_name'] = v[0]
elif kl == 'enabled':
d['enabled'] = v[0]
elif kl == 'etag':
d['etag'] = v[0]
d['kind'] = 'MicrosoftSecurityIncidentCreation'
return d
class AddScheduledAlertRule(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
action = self.get_action(values, option_string)
namespace.scheduled_alert_rule = action
def get_action(self, values, option_string): # pylint: disable=no-self-use
try:
properties = defaultdict(list)
for (k, v) in (x.split('=', 1) for x in values):
properties[k].append(v)
properties = dict(properties)
except ValueError:
raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string))
d = {}
for k in properties:
kl = k.lower()
v = properties[k]
if kl == 'query':
d['query'] = v[0]
elif kl == 'query-frequency':
d['query_frequency'] = v[0]
elif kl == 'query-period':
d['query_period'] = v[0]
elif kl == 'severity':
d['severity'] = v[0]
elif kl == 'trigger-operator':
d['trigger_operator'] = v[0]
elif kl == 'trigger-threshold':
d['trigger_threshold'] = v[0]
elif kl == 'alert-rule-template-name':
d['alert_rule_template_name'] = v[0]
elif kl == 'description':
d['description'] = v[0]
elif kl == 'display-name':
d['display_name'] = v[0]
elif kl == 'enabled':
d['enabled'] = v[0]
elif kl == 'suppression-duration':
d['suppression_duration'] = v[0]
elif kl == 'suppression-enabled':
d['suppression_enabled'] = v[0]
elif kl == 'tactics':
d['tactics'] = v
elif kl == 'etag':
d['etag'] = v[0]
d['kind'] = 'Scheduled'
return d
class AddIncidentInfo(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
action = self.get_action(values, option_string)
namespace.incident_info = action
def get_action(self, values, option_string): # pylint: disable=no-self-use
try:
properties = defaultdict(list)
for (k, v) in (x.split('=', 1) for x in values):
properties[k].append(v)
properties = dict(properties)
except ValueError:
raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string))
d = {}
for k in properties:
kl = k.lower()
v = properties[k]
if kl == 'incident-id':
d['incident_id'] = v[0]
elif kl == 'severity':
d['severity'] = v[0]
elif kl == 'title':
d['title'] = v[0]
elif kl == 'relation-name':
d['relation_name'] = v[0]
return d
class AddAadDataConnector(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
action = self.get_action(values, option_string)
namespace.aad_data_connector = action
def get_action(self, values, option_string): # pylint: disable=no-self-use
try:
properties = defaultdict(list)
for (k, v) in (x.split('=', 1) for x in values):
properties[k].append(v)
properties = dict(properties)
except ValueError:
raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string))
d = {}
for k in properties:
kl = k.lower()
v = properties[k]
if kl == 'tenant-id':
d['tenant_id'] = v[0]
elif kl == 'state':
d['state'] = v[0]
elif kl == 'etag':
d['etag'] = v[0]
d['kind'] = 'AzureActiveDirectory'
return d
class AddAatpDataConnector(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
action = self.get_action(values, option_string)
namespace.aatp_data_connector = action
def get_action(self, values, option_string): # pylint: disable=no-self-use
try:
properties = defaultdict(list)
for (k, v) in (x.split('=', 1) for x in values):
properties[k].append(v)
properties = dict(properties)
except ValueError:
raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string))
d = {}
for k in properties:
kl = k.lower()
v = properties[k]
if kl == 'tenant-id':
d['tenant_id'] = v[0]
elif kl == 'state':
d['state'] = v[0]
elif kl == 'etag':
d['etag'] = v[0]
d['kind'] = 'AzureAdvancedThreatProtection'
return d
class AddAscDataConnector(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
action = self.get_action(values, option_string)
namespace.asc_data_connector = action
def get_action(self, values, option_string): # pylint: disable=no-self-use
try:
properties = defaultdict(list)
for (k, v) in (x.split('=', 1) for x in values):
properties[k].append(v)
properties = dict(properties)
except ValueError:
raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string))
d = {}
for k in properties:
kl = k.lower()
v = properties[k]
if kl == 'subscription-id':
d['subscription_id'] = v[0]
elif kl == 'state':
d['state'] = v[0]
elif kl == 'etag':
d['etag'] = v[0]
d['kind'] = 'AzureSecurityCenter'
return d
class AddAwsCloudTrailDataConnector(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
action = self.get_action(values, option_string)
namespace.aws_cloud_trail_data_connector = action
def get_action(self, values, option_string): # pylint: disable=no-self-use
try:
properties = defaultdict(list)
for (k, v) in (x.split('=', 1) for x in values):
properties[k].append(v)
properties = dict(properties)
except ValueError:
raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string))
d = {}
for k in properties:
kl = k.lower()
v = properties[k]
if kl == 'aws-role-arn':
d['aws_role_arn'] = v[0]
elif kl == 'state':
d['state'] = v[0]
elif kl == 'etag':
d['etag'] = v[0]
d['kind'] = 'AmazonWebServicesCloudTrail'
return d
class AddMcasDataConnector(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
action = self.get_action(values, option_string)
namespace.mcas_data_connector = action
def get_action(self, values, option_string): # pylint: disable=no-self-use
try:
properties = defaultdict(list)
for (k, v) in (x.split('=', 1) for x in values):
properties[k].append(v)
properties = dict(properties)
except ValueError:
raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string))
d = {}
for k in properties:
kl = k.lower()
v = properties[k]
if kl == 'tenant-id':
d['tenant_id'] = v[0]
elif kl == 'state-data-types-alerts-state':
d['state_data_types_alerts_state'] = v[0]
elif kl == 'state-data-types-discovery-logs-state':
d['state_data_types_discovery_logs_state'] = v[0]
elif kl == 'etag':
d['etag'] = v[0]
d['kind'] = 'MicrosoftCloudAppSecurity'
return d
class AddMdatpDataConnector(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
action = self.get_action(values, option_string)
namespace.mdatp_data_connector = action
def get_action(self, values, option_string): # pylint: disable=no-self-use
try:
properties = defaultdict(list)
for (k, v) in (x.split('=', 1) for x in values):
properties[k].append(v)
properties = dict(properties)
except ValueError:
raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string))
d = {}
for k in properties:
kl = k.lower()
v = properties[k]
if kl == 'tenant-id':
d['tenant_id'] = v[0]
elif kl == 'state':
d['state'] = v[0]
elif kl == 'etag':
d['etag'] = v[0]
d['kind'] = 'MicrosoftDefenderAdvancedThreatProtection'
return d
class AddOfficeDataConnector(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
action = self.get_action(values, option_string)
namespace.office_data_connector = action
def get_action(self, values, option_string): # pylint: disable=no-self-use
try:
properties = defaultdict(list)
for (k, v) in (x.split('=', 1) for x in values):
properties[k].append(v)
properties = dict(properties)
except ValueError:
raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string))
d = {
'dataTypes': {
'sharePoint': {'state': 'Disabled'},
'exchange': {'state': 'Disabled'}
}
}
for k in properties:
kl = k.lower()
v = properties[k]
if kl == 'tenant-id':
d['tenantId'] = v[0]
elif kl == 'sharepoint-enabled':
d['dataTypes']['sharePoint']['state'] = 'Enabled'
elif kl == 'exchange-enabled':
d['dataTypes']['exchange']['state'] = 'Enabled'
elif kl == 'etag':
d['etag'] = v[0]
d['kind'] = 'Office365'
print(d)
return d
class AddTiDataConnector(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
action = self.get_action(values, option_string)
namespace.ti_data_connector = action
def get_action(self, values, option_string): # pylint: disable=no-self-use
try:
properties = defaultdict(list)
for (k, v) in (x.split('=', 1) for x in values):
properties[k].append(v)
properties = dict(properties)
except ValueError:
raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string))
d = {}
for k in properties:
kl = k.lower()
v = properties[k]
if kl == 'tenant-id':
d['tenant_id'] = v[0]
elif kl == 'state':
d['state'] = v[0]
elif kl == 'etag':
d['etag'] = v[0]
d['kind'] = 'ThreatIntelligence'
return d
class AddLabels(argparse._AppendAction):
def __call__(self, parser, namespace, values, option_string=None):
action = self.get_action(values, option_string)
super(AddLabels, self).__call__(parser, namespace, action, option_string)
def get_action(self, values, option_string): # pylint: disable=no-self-use
try:
properties = defaultdict(list)
for (k, v) in (x.split('=', 1) for x in values):
properties[k].append(v)
properties = dict(properties)
except ValueError:
raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string))
d = {}
for k in properties:
kl = k.lower()
v = properties[k]
if kl == 'label-name':
d['label_name'] = v[0]
return d
class AddOwner(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
action = self.get_action(values, option_string)
namespace.owner = action
def get_action(self, values, option_string): # pylint: disable=no-self-use
try:
properties = defaultdict(list)
for (k, v) in (x.split('=', 1) for x in values):
properties[k].append(v)
properties = dict(properties)
except ValueError:
raise CLIError('usage error: {} [KEY=VALUE ...]'.format(option_string))
d = {}
for k in properties:
kl = k.lower()
v = properties[k]
if kl == 'email':
d['email'] = v[0]
elif kl == 'assigned-to':
d['assigned_to'] = v[0]
elif kl == 'object-id':
d['object_id'] = v[0]
elif kl == 'user-principal-name':
d['user_principal_name'] = v[0]
return d

100
src/securityinsight/azext_sentinel/generated/commands.py Normal file
Просмотреть файл

@ -0,0 +1,100 @@
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
# --------------------------------------------------------------------------
# pylint: disable=too-many-statements
# pylint: disable=too-many-locals
from azure.cli.core.commands import CliCommandType
def load_command_table(self, _):
from azext_sentinel.generated._client_factory import cf_alert_rule
sentinel_alert_rule = CliCommandType(
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._alert_rule_operations#AlertRuleOperat'
'ions.{}',
client_factory=cf_alert_rule)
with self.command_group('sentinel alert-rule', sentinel_alert_rule, client_factory=cf_alert_rule,
is_experimental=True) as g:
g.custom_command('list', 'sentinel_alert_rule_list')
g.custom_show_command('show', 'sentinel_alert_rule_show')
g.custom_command('create', 'sentinel_alert_rule_create')
g.generic_update_command('update', setter_arg_name='alert_rule',
custom_func_name='sentinel_alert_rule_update')
g.custom_command('delete', 'sentinel_alert_rule_delete', confirmation=True)
g.custom_command('get-action', 'sentinel_alert_rule_get_action')
from azext_sentinel.generated._client_factory import cf_action
sentinel_action = CliCommandType(
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._action_operations#ActionOperations.{}'
'',
client_factory=cf_action)
with self.command_group('sentinel action', sentinel_action, client_factory=cf_action, is_experimental=True) as g:
g.custom_command('list', 'sentinel_action_list')
from azext_sentinel.generated._client_factory import cf_alert_rule_template
sentinel_alert_rule_template = CliCommandType(
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._alert_rule_template_operations#AlertR'
'uleTemplateOperations.{}',
client_factory=cf_alert_rule_template)
with self.command_group('sentinel alert-rule-template', sentinel_alert_rule_template,
client_factory=cf_alert_rule_template, is_experimental=True) as g:
g.custom_command('list', 'sentinel_alert_rule_template_list')
g.custom_show_command('show', 'sentinel_alert_rule_template_show')
from azext_sentinel.generated._client_factory import cf_bookmark
sentinel_bookmark = CliCommandType(
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._bookmark_operations#BookmarkOperation'
's.{}',
client_factory=cf_bookmark)
with self.command_group('sentinel bookmark', sentinel_bookmark, client_factory=cf_bookmark,
is_experimental=True) as g:
g.custom_command('list', 'sentinel_bookmark_list')
g.custom_show_command('show', 'sentinel_bookmark_show')
g.custom_command('create', 'sentinel_bookmark_create')
g.custom_command('update', 'sentinel_bookmark_update')
g.custom_command('delete', 'sentinel_bookmark_delete', confirmation=True)
from azext_sentinel.generated._client_factory import cf_data_connector
sentinel_data_connector = CliCommandType(
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._data_connector_operations#DataConnect'
'orOperations.{}',
client_factory=cf_data_connector)
with self.command_group('sentinel data-connector', sentinel_data_connector, client_factory=cf_data_connector,
is_experimental=True) as g:
g.custom_command('list', 'sentinel_data_connector_list')
g.custom_show_command('show', 'sentinel_data_connector_show')
g.custom_command('create', 'sentinel_data_connector_create')
g.generic_update_command('update', setter_arg_name='data_connector', custom_func_name=''
'sentinel_data_connector_update')
g.custom_command('delete', 'sentinel_data_connector_delete', confirmation=True)
from azext_sentinel.generated._client_factory import cf_incident
sentinel_incident = CliCommandType(
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._incident_operations#IncidentOperation'
's.{}',
client_factory=cf_incident)
with self.command_group('sentinel incident', sentinel_incident, client_factory=cf_incident,
is_experimental=True) as g:
g.custom_command('list', 'sentinel_incident_list')
g.custom_show_command('show', 'sentinel_incident_show')
g.custom_command('create', 'sentinel_incident_create')
g.custom_command('update', 'sentinel_incident_update')
g.custom_command('delete', 'sentinel_incident_delete', confirmation=True)
from azext_sentinel.generated._client_factory import cf_incident_comment
sentinel_incident_comment = CliCommandType(
operations_tmpl='azext_sentinel.vendored_sdks.securityinsight.operations._incident_comment_operations#IncidentC'
'ommentOperations.{}',
client_factory=cf_incident_comment)
with self.command_group('sentinel incident-comment', sentinel_incident_comment, client_factory=cf_incident_comment,
is_experimental=True) as g:
g.custom_command('list', 'sentinel_incident_comment_list')
g.custom_show_command('show', 'sentinel_incident_comment_show')
g.custom_command('create', 'sentinel_incident_comment_create')

433
src/securityinsight/azext_sentinel/generated/custom.py Normal file
Просмотреть файл

@ -0,0 +1,433 @@
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
# --------------------------------------------------------------------------
# pylint: disable=too-many-lines
# pylint: disable=unused-argument
from knack.util import CLIError
def sentinel_alert_rule_list(client,
resource_group_name,
workspace_name):
return client.list(resource_group_name=resource_group_name,
workspace_name=workspace_name)
def sentinel_alert_rule_show(client,
resource_group_name,
workspace_name,
rule_id):
return client.get(resource_group_name=resource_group_name,
workspace_name=workspace_name,
rule_id=rule_id)
def sentinel_alert_rule_create(client,
resource_group_name,
workspace_name,
rule_id,
action_id=None,
etag=None,
logic_app_resource_id=None,
trigger_uri=None,
fusion_alert_rule=None,
microsoft_security_incident_creation_alert_rule=None,
scheduled_alert_rule=None):
all_alert_rule = []
if fusion_alert_rule is not None:
all_alert_rule.append(fusion_alert_rule)
if microsoft_security_incident_creation_alert_rule is not None:
all_alert_rule.append(microsoft_security_incident_creation_alert_rule)
if scheduled_alert_rule is not None:
all_alert_rule.append(scheduled_alert_rule)
if len(all_alert_rule) > 1:
raise CLIError('at most one of fusion_alert_rule, microsoft_security_incident_creation_alert_rule, '
'scheduled_alert_rule is needed for alert_rule!')
alert_rule = all_alert_rule[0] if len(all_alert_rule) == 1 else None
if resource_group_name and workspace_name is not None and rule_id is not None and action_id is not None:
return client.create_or_update_action(resource_group_name=resource_group_name,
workspace_name=workspace_name,
rule_id=rule_id,
action_id=action_id,
etag=etag,
logic_app_resource_id=logic_app_resource_id,
trigger_uri=trigger_uri)
return client.create_or_update(resource_group_name=resource_group_name,
workspace_name=workspace_name,
rule_id=rule_id,
alert_rule=alert_rule)
def sentinel_alert_rule_update(instance,
resource_group_name,
workspace_name,
rule_id,
fusion_alert_rule=None,
microsoft_security_incident_creation_alert_rule=None,
scheduled_alert_rule=None):
return instance
def sentinel_alert_rule_delete(client,
resource_group_name,
workspace_name,
rule_id,
action_id=None):
if resource_group_name and workspace_name is not None and rule_id is not None and action_id is not None:
return client.delete_action(resource_group_name=resource_group_name,
workspace_name=workspace_name,
rule_id=rule_id,
action_id=action_id)
return client.delete(resource_group_name=resource_group_name,
workspace_name=workspace_name,
rule_id=rule_id)
def sentinel_alert_rule_get_action(client,
resource_group_name,
workspace_name,
rule_id,
action_id):
return client.get_action(resource_group_name=resource_group_name,
workspace_name=workspace_name,
rule_id=rule_id,
action_id=action_id)
def sentinel_action_list(client,
resource_group_name,
workspace_name,
rule_id):
return client.list_by_alert_rule(resource_group_name=resource_group_name,
workspace_name=workspace_name,
rule_id=rule_id)
def sentinel_alert_rule_template_list(client,
resource_group_name,
workspace_name):
return client.list(resource_group_name=resource_group_name,
workspace_name=workspace_name)
def sentinel_alert_rule_template_show(client,
resource_group_name,
workspace_name,
alert_rule_template_id):
return client.get(resource_group_name=resource_group_name,
workspace_name=workspace_name,
alert_rule_template_id=alert_rule_template_id)
def sentinel_bookmark_list(client,
resource_group_name,
workspace_name):
return client.list(resource_group_name=resource_group_name,
workspace_name=workspace_name)
def sentinel_bookmark_show(client,
resource_group_name,
workspace_name,
bookmark_id):
return client.get(resource_group_name=resource_group_name,
workspace_name=workspace_name,
bookmark_id=bookmark_id)
def sentinel_bookmark_create(client,
resource_group_name,
workspace_name,
bookmark_id,
etag=None,
created=None,
display_name=None,
labels=None,
notes=None,
query_content=None,
query_result=None,
updated=None,
incident_info=None,
updated_by_object_id=None):
return client.create_or_update(resource_group_name=resource_group_name,
workspace_name=workspace_name,
bookmark_id=bookmark_id,
etag=etag,
created=created,
display_name=display_name,
labels=labels,
notes=notes,
query=query_content,
query_result=query_result,
updated=updated,
incident_info=incident_info,
object_id=updated_by_object_id)
def sentinel_bookmark_update(client,
resource_group_name,
workspace_name,
bookmark_id,
etag=None,
created=None,
display_name=None,
labels=None,
notes=None,
query_content=None,
query_result=None,
updated=None,
incident_info=None,
updated_by_object_id=None):
return client.create_or_update(resource_group_name=resource_group_name,
workspace_name=workspace_name,
bookmark_id=bookmark_id,
etag=etag,
created=created,
display_name=display_name,
labels=labels,
notes=notes,
query=query_content,
query_result=query_result,
updated=updated,
incident_info=incident_info,
object_id=updated_by_object_id)
def sentinel_bookmark_delete(client,
resource_group_name,
workspace_name,
bookmark_id):
return client.delete(resource_group_name=resource_group_name,
workspace_name=workspace_name,
bookmark_id=bookmark_id)
def sentinel_data_connector_list(client,
resource_group_name,
workspace_name):
return client.list(resource_group_name=resource_group_name,
workspace_name=workspace_name)
def sentinel_data_connector_show(client,
resource_group_name,
workspace_name,
data_connector_id):
return client.get(resource_group_name=resource_group_name,
workspace_name=workspace_name,
data_connector_id=data_connector_id)
def sentinel_data_connector_create(client,
resource_group_name,
workspace_name,
data_connector_id,
aad_data_connector=None,
aatp_data_connector=None,
asc_data_connector=None,
aws_cloud_trail_data_connector=None,
mcas_data_connector=None,
mdatp_data_connector=None,
office_data_connector=None,
ti_data_connector=None):
all_data_connector = []
if aad_data_connector is not None:
all_data_connector.append(aad_data_connector)
if aatp_data_connector is not None:
all_data_connector.append(aatp_data_connector)
if asc_data_connector is not None:
all_data_connector.append(asc_data_connector)
if aws_cloud_trail_data_connector is not None:
all_data_connector.append(aws_cloud_trail_data_connector)
if mcas_data_connector is not None:
all_data_connector.append(mcas_data_connector)
if mdatp_data_connector is not None:
all_data_connector.append(mdatp_data_connector)
if office_data_connector is not None:
all_data_connector.append(office_data_connector)
if ti_data_connector is not None:
all_data_connector.append(ti_data_connector)
if len(all_data_connector) > 1:
raise CLIError('at most one of aad_data_connector, aatp_data_connector, asc_data_connector, '
'aws_cloud_trail_data_connector, mcas_data_connector, mdatp_data_connector, '
'office_data_connector, ti_data_connector is needed for data_connector!')
if len(all_data_connector) != 1:
raise CLIError('data_connector is required. but none of aad_data_connector, aatp_data_connector, '
'asc_data_connector, aws_cloud_trail_data_connector, mcas_data_connector, mdatp_data_connector, '
'office_data_connector, ti_data_connector is provided!')
data_connector = all_data_connector[0] if len(all_data_connector) == 1 else None
return client.create_or_update(resource_group_name=resource_group_name,
workspace_name=workspace_name,
data_connector_id=data_connector_id,
data_connector=data_connector)
def sentinel_data_connector_update(instance,
resource_group_name,
workspace_name,
data_connector_id,
aad_data_connector=None,
aatp_data_connector=None,
asc_data_connector=None,
aws_cloud_trail_data_connector=None,
mcas_data_connector=None,
mdatp_data_connector=None,
office_data_connector=None,
ti_data_connector=None):
return instance
def sentinel_data_connector_delete(client,
resource_group_name,
workspace_name,
data_connector_id):
return client.delete(resource_group_name=resource_group_name,
workspace_name=workspace_name,
data_connector_id=data_connector_id)
def sentinel_incident_list(client,
resource_group_name,
workspace_name,
filter_=None,
orderby=None,
top=None,
skip_token=None):
return client.list(resource_group_name=resource_group_name,
workspace_name=workspace_name,
filter=filter_,
orderby=orderby,
top=top,
skip_token=skip_token)
def sentinel_incident_show(client,
resource_group_name,
workspace_name,
incident_id):
return client.get(resource_group_name=resource_group_name,
workspace_name=workspace_name,
incident_id=incident_id)
def sentinel_incident_create(client,
resource_group_name,
workspace_name,
incident_id,
etag=None,
classification=None,
classification_comment=None,
classification_reason=None,
description=None,
first_activity_time_utc=None,
labels=None,
last_activity_time_utc=None,
owner=None,
severity=None,
status=None,
title=None):
return client.create_or_update(resource_group_name=resource_group_name,
workspace_name=workspace_name,
incident_id=incident_id,
etag=etag,
classification=classification,
classification_comment=classification_comment,
classification_reason=classification_reason,
description=description,
first_activity_time_utc=first_activity_time_utc,
labels=labels,
last_activity_time_utc=last_activity_time_utc,
owner=owner,
severity=severity,
status=status,
title=title)
def sentinel_incident_update(client,
resource_group_name,
workspace_name,
incident_id,
etag=None,
classification=None,
classification_comment=None,
classification_reason=None,
description=None,
first_activity_time_utc=None,
labels=None,
last_activity_time_utc=None,
owner=None,
severity=None,
status=None,
title=None):
return client.create_or_update(resource_group_name=resource_group_name,
workspace_name=workspace_name,
incident_id=incident_id,
etag=etag,
classification=classification,
classification_comment=classification_comment,
classification_reason=classification_reason,
description=description,
first_activity_time_utc=first_activity_time_utc,
labels=labels,
last_activity_time_utc=last_activity_time_utc,
owner=owner,
severity=severity,
status=status,
title=title)
def sentinel_incident_delete(client,
resource_group_name,
workspace_name,
incident_id):
return client.delete(resource_group_name=resource_group_name,
workspace_name=workspace_name,
incident_id=incident_id)
def sentinel_incident_comment_list(client,
resource_group_name,
workspace_name,
incident_id,
filter_=None,
orderby=None,
top=None,
skip_token=None):
return client.list_by_incident(resource_group_name=resource_group_name,
workspace_name=workspace_name,
incident_id=incident_id,
filter=filter_,
orderby=orderby,
top=top,
skip_token=skip_token)
def sentinel_incident_comment_show(client,
resource_group_name,
workspace_name,
incident_id,
incident_comment_id):
return client.get(resource_group_name=resource_group_name,
workspace_name=workspace_name,
incident_id=incident_id,
incident_comment_id=incident_comment_id)
def sentinel_incident_comment_create(client,
resource_group_name,
workspace_name,
incident_id,
incident_comment_id,
message=None):
return client.create_comment(resource_group_name=resource_group_name,
workspace_name=workspace_name,
incident_id=incident_id,
incident_comment_id=incident_comment_id,
message=message)

12
src/securityinsight/azext_sentinel/manual/__init__.py Normal file
Просмотреть файл

@ -0,0 +1,12 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
# --------------------------------------------------------------------------
__path__ = __import__('pkgutil').extend_path(__path__, __name__)

49
src/securityinsight/azext_sentinel/manual/_params.py Normal file
Просмотреть файл

@ -0,0 +1,49 @@
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
# --------------------------------------------------------------------------
# pylint: disable=too-many-lines
# pylint: disable=too-many-statements
from azure.cli.core.commands.parameters import resource_group_name_type
from azext_sentinel.action import AddIncidentInfo
def load_arguments(self, _):
with self.argument_context('sentinel bookmark create') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.')
c.argument('bookmark_id', type=str, help='Bookmark ID')
c.argument('etag', type=str, help='Etag of the azure resource')
c.argument('created', help='The time the bookmark was created')
c.argument('display_name', type=str, help='The display name of the bookmark')
c.argument('labels', nargs='*', help='List of labels relevant to this bookmark')
c.argument('notes', type=str, help='The notes of the bookmark')
c.argument('query_content', options_list=['-q'], type=str, help='The query of the bookmark.')
c.argument('query_result', type=str, help='The query result of the bookmark.')
c.argument('updated', help='The last time the bookmark was updated')
c.argument('incident_info', action=AddIncidentInfo, nargs='*', help='Describes an incident that relates to '
'bookmark')
c.argument('updated_by_object_id', help='The object id of the user.')
with self.argument_context('sentinel bookmark update') as c:
c.argument('resource_group_name', resource_group_name_type)
c.argument('workspace_name', type=str, help='The name of the workspace.', id_part='name')
c.argument('bookmark_id', type=str, help='Bookmark ID', id_part='child_name_1')
c.argument('etag', type=str, help='Etag of the azure resource')
c.argument('created', help='The time the bookmark was created')
c.argument('display_name', type=str, help='The display name of the bookmark')
c.argument('labels', nargs='*', help='List of labels relevant to this bookmark')
c.argument('notes', type=str, help='The notes of the bookmark')
c.argument('query_content', options_list=['-q'], type=str, help='The query of the bookmark.')
c.argument('query_result', type=str, help='The query result of the bookmark.')
c.argument('updated', help='The last time the bookmark was updated')
c.argument('incident_info', action=AddIncidentInfo, nargs='*', help='Describes an incident that relates to '
'bookmark')
c.argument('updated_by_object_id', help='The object id of the user.')

114
src/securityinsight/azext_sentinel/tests/__init__.py Normal file
Просмотреть файл

@ -0,0 +1,114 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
# --------------------------------------------------------------------------
import inspect
import logging
import os
import sys
import traceback
import datetime as dt
from azure.core.exceptions import AzureError
from azure.cli.testsdk.exceptions import CliTestError, CliExecutionError, JMESPathCheckAssertionError
logger = logging.getLogger('azure.cli.testsdk')
logger.addHandler(logging.StreamHandler())
__path__ = __import__('pkgutil').extend_path(__path__, __name__)
exceptions = []
test_map = dict()
SUCCESSED = "successed"
FAILED = "failed"
def try_manual(func):
def import_manual_function(origin_func):
from importlib import import_module
decorated_path = inspect.getfile(origin_func)
module_path = __path__[0]
if not decorated_path.startswith(module_path):
raise Exception("Decorator can only be used in submodules!")
manual_path = os.path.join(
decorated_path[module_path.rfind(os.path.sep) + 1:])
manual_file_path, manual_file_name = os.path.split(manual_path)
module_name, _ = os.path.splitext(manual_file_name)
manual_module = "..manual." + \
".".join(manual_file_path.split(os.path.sep) + [module_name, ])
return getattr(import_module(manual_module, package=__name__), origin_func.__name__)
def get_func_to_call():
func_to_call = func
try:
func_to_call = import_manual_function(func)
func_to_call = import_manual_function(func)
logger.info("Found manual override for %s(...)", func.__name__)
except (ImportError, AttributeError):
pass
return func_to_call
def wrapper(*args, **kwargs):
func_to_call = get_func_to_call()
logger.info("running %s()...", func.__name__)
try:
test_map[func.__name__] = dict()
test_map[func.__name__]["result"] = SUCCESSED
test_map[func.__name__]["error_message"] = ""
test_map[func.__name__]["error_stack"] = ""
test_map[func.__name__]["error_normalized"] = ""
test_map[func.__name__]["start_dt"] = dt.datetime.utcnow()
ret = func_to_call(*args, **kwargs)
except (AssertionError, AzureError, CliTestError, CliExecutionError, SystemExit,
JMESPathCheckAssertionError) as e:
test_map[func.__name__]["end_dt"] = dt.datetime.utcnow()
test_map[func.__name__]["result"] = FAILED
test_map[func.__name__]["error_message"] = str(e).replace("\r\n", " ").replace("\n", " ")[:500]
test_map[func.__name__]["error_stack"] = traceback.format_exc().replace(
"\r\n", " ").replace("\n", " ")[:500]
logger.info("--------------------------------------")
logger.info("step exception: %s", e)
logger.error("--------------------------------------")
logger.error("step exception in %s: %s", func.__name__, e)
logger.info(traceback.format_exc())
exceptions.append((func.__name__, sys.exc_info()))
else:
test_map[func.__name__]["end_dt"] = dt.datetime.utcnow()
return ret
if inspect.isclass(func):
return get_func_to_call()
return wrapper
def calc_coverage(filename):
filename = filename.split(".")[0]
coverage_name = filename + "_coverage.md"
with open(coverage_name, "w") as f:
f.write("|Scenario|Result|ErrorMessage|ErrorStack|ErrorNormalized|StartDt|EndDt|\n")
total = len(test_map)
covered = 0
for k, v in test_map.items():
if not k.startswith("step_"):
total -= 1
continue
if v["result"] == SUCCESSED:
covered += 1
f.write("|{step_name}|{result}|{error_message}|{error_stack}|{error_normalized}|{start_dt}|"
"{end_dt}|\n".format(step_name=k, **v))
f.write("Coverage: {}/{}\n".format(covered, total))
print("Create coverage\n", file=sys.stderr)
def raise_if():
if exceptions:
if len(exceptions) <= 1:
raise exceptions[0][1][1]
message = "{}\nFollowed with exceptions in other steps:\n".format(str(exceptions[0][1][1]))
message += "\n".join(["{}: {}".format(h[0], h[1][1]) for h in exceptions[1:]])
raise exceptions[0][1][0](message).with_traceback(exceptions[0][1][2])

12
src/securityinsight/azext_sentinel/tests/latest/__init__.py Normal file
Просмотреть файл

@ -0,0 +1,12 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
# --------------------------------------------------------------------------
__path__ = __import__('pkgutil').extend_path(__path__, __name__)

5262
src/securityinsight/azext_sentinel/tests/latest/recordings/test_sentinel.yaml Normal file
Просмотреть файл

Различия файлов скрыты, потому что одна или несколько строк слишком длинны

561
src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario.py Normal file
Просмотреть файл

@ -0,0 +1,561 @@
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
# --------------------------------------------------------------------------
import os
from azure.cli.testsdk import ScenarioTest
from .. import try_manual, raise_if, calc_coverage
from azure.cli.testsdk import ResourceGroupPreparer
from azure_devtools.scenario_tests import AllowLargeResponse
TEST_DIR = os.path.abspath(os.path.join(os.path.abspath(__file__), '..'))
# Env setup
@try_manual
def setup(test, rg):
test.kwargs.update({
'workspace': test.create_random_name('cli-test-ws-', 24)
})
test.cmd('az monitor log-analytics workspace create -g {rg} -n {workspace}')
# EXAMPLE: /Actions/get/Get all actions of alert rule.
@try_manual
def step__actions_get_get_all_actions_of_alert_rule_(test, rg):
test.cmd('az sentinel action list '
'--resource-group "{rg}" '
'--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" '
'--workspace-name {workspace}',
checks=[])
# EXAMPLE: /AlertRules/put/Creates or updates a Fusion alert rule.
@try_manual
def step__alertrules_put(test, rg):
test.cmd('az sentinel alert-rule create '
'--fusion-alert-rule etag="3d00c3ca-0000-0100-0000-5d42d5010000" alert-rule-template-name="f71aba3d-28fb-4'
'50b-b192-4e76a83015c8" enabled=true '
'--resource-group "{rg}" '
'--rule-id "myFirstFusionRule" '
'--workspace-name {workspace}',
checks=[
test.check('enabled', True),
test.check('kind', 'Fusion'),
test.check('name', 'myFirstFusionRule')
])
# EXAMPLE: /AlertRules/put/Creates or updates a MicrosoftSecurityIncidentCreation rule.
@try_manual
def step__alertrules_put2(test, rg):
test.cmd('az sentinel alert-rule create '
'--microsoft-security-incident-creation-alert-rule etag="260097e0-0000-0d00-0000-5d6fa88f0000" '
'product-filter="Microsoft Cloud App Security" display-name="testing displayname" enabled=true '
'--resource-group "{rg}" '
'--rule-id "microsoftSecurityIncidentCreationRuleExample" '
'--workspace-name {workspace}',
checks=[
test.check('enabled', True),
test.check('kind', 'MicrosoftSecurityIncidentCreation'),
test.check('name', 'microsoftSecurityIncidentCreationRuleExample'),
test.check('productFilter', 'Microsoft Cloud App Security'),
test.check('displayName', 'testing displayname')
])
# EXAMPLE: /AlertRules/put/Creates or updates a Scheduled alert rule.
@try_manual
def step__alertrules_put3(test, rg):
# BadRequestError: (BadRequest) Failed to run the alert rule query. One of the tables does not exist.
test.cmd('az sentinel alert-rule create '
'--scheduled-alert-rule etag="0300bf09-0000-0000-0000-5c37296e0000" query="ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden“ '
'query-frequency="PT1H" query-period="P2DT1H30M" severity="High" '
'trigger-operator="GreaterThan" trigger-threshold=0 description="" display-name="Rule2" enabled=true '
'suppression-duration="PT1H" suppression-enabled=false tactics="Persistence" tactics="LateralMovement" '
'--resource-group "{rg}" '
'--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" '
'--workspace-name {workspace}',
checks=[])
# EXAMPLE: /AlertRules/put/Creates or updates an action of alert rule.
@try_manual
def step__alertrules_put4(test, rg):
test.cmd('az sentinel alert-rule create '
'--etag "0300bf09-0000-0000-0000-5c37296e0000" '
'--logic-app-resource-id "/subscriptions/{subscription_id}/resourceGroups/{rg}/providers/Microsoft.Logic/w'
'orkflows/MyAlerts" '
'--trigger-uri "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d4'
'8d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signatur'
'e" '
'--action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" '
'--resource-group "{rg}" '
'--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" '
'--workspace-name {workspace}',
checks=[])
# EXAMPLE: /AlertRules/get/Get a Fusion alert rule.
@try_manual
def step__alertrules_get_get_a_fusion_alert_rule_(test, rg):
test.cmd('az sentinel alert-rule show '
'--resource-group "{rg}" '
'--rule-id "myFirstFusionRule" '
'--workspace-name {workspace}',
checks=[
test.check('enabled', True),
test.check('kind', 'Fusion'),
test.check('name', 'myFirstFusionRule')
])
# EXAMPLE: /AlertRules/get/Get a MicrosoftSecurityIncidentCreation rule.
@try_manual
def step__alertrules_get(test, rg):
test.cmd('az sentinel alert-rule show '
'--resource-group "{rg}" '
'--rule-id "microsoftSecurityIncidentCreationRuleExample" '
'--workspace-name {workspace}',
checks=[
test.check('enabled', True),
test.check('kind', 'MicrosoftSecurityIncidentCreation'),
test.check('name', 'microsoftSecurityIncidentCreationRuleExample'),
test.check('productFilter', 'Microsoft Cloud App Security'),
test.check('displayName', 'testing displayname')
])
# EXAMPLE: /AlertRules/get/Get a Scheduled alert rule.
@try_manual
def step__alertrules_get_get_a_scheduled_alert_rule_(test, rg):
test.cmd('az sentinel alert-rule show '
'--resource-group "{rg}" '
'--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" '
'--workspace-name {workspace}',
checks=[])
# EXAMPLE: /AlertRules/get/Get all alert rules.
@try_manual
def step__alertrules_get_get_all_alert_rules_(test, rg):
test.cmd('az sentinel alert-rule list '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[
test.check('length(@)', 2)
])
# EXAMPLE: /AlertRules/get/Get an action of alert rule.
@try_manual
def step__alertrules_get_get_an_action_of_alert_rule_(test, rg):
test.cmd('az sentinel alert-rule get-action '
'--action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" '
'--resource-group "{rg}" '
'--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" '
'--workspace-name {workspace}',
checks=[])
# EXAMPLE: /AlertRules/delete/Delete an action of alert rule.
@try_manual
def step__alertrules_delete(test, rg):
test.cmd('az sentinel alert-rule delete -y '
'--action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" '
'--resource-group "{rg}" '
'--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" '
'--workspace-name {workspace}',
checks=[])
# EXAMPLE: /AlertRules/delete/Delete an alert rule.
@try_manual
def step__alertrules_delete_delete_an_alert_rule_(test, rg):
test.cmd('az sentinel alert-rule delete -y '
'--resource-group "{rg}" '
'--rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" '
'--workspace-name {workspace}',
checks=[])
@try_manual
def step__alertrules_delete_delete_a_fusion_alert_rule_(test, rg):
test.cmd('az sentinel alert-rule delete -y '
'--resource-group "{rg}" '
'--rule-id "myFirstFusionRule" '
'--workspace-name {workspace}')
# EXAMPLE: /AlertRuleTemplates/get/Get alert rule template by Id.
@try_manual
def step__alertruletemplates_get(test, rg):
test.cmd('az sentinel alert-rule-template show '
'--alert-rule-template-id "65360bb0-8986-4ade-a89d-af3cf44d28aa" '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[
test.check('kind', 'Scheduled'),
test.check('name', '65360bb0-8986-4ade-a89d-af3cf44d28aa')
])
# EXAMPLE: /AlertRuleTemplates/get/Get all alert rule templates.
@try_manual
def step__alertruletemplates_list(test, rg):
test.cmd('az sentinel alert-rule-template list '
'--resource-group "{rg}" '
'--workspace-name {workspace}')
# EXAMPLE: /Bookmarks/put/Creates or updates a bookmark.
@try_manual
def step__bookmarks_put_creates_or_updates_a_bookmark_(test, rg):
test.cmd('az sentinel bookmark create '
'--etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" '
'--created "2019-01-01T13:15:30Z" '
'--display-name "My bookmark" '
'--labels "Tag1" '
'--labels "Tag2" '
'--notes "Found a suspicious activity" '
'-q "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)" '
'--query-result "Security Event query result" '
'--updated "2019-01-01T13:15:30Z" '
'--bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[
test.check('name', '73e01a99-5cd7-4139-a149-9f2736ff2ab5'),
test.check('query', 'SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)')
])
# EXAMPLE: /Bookmarks/get/Get a bookmark.
@try_manual
def step__bookmarks_get_get_a_bookmark_(test, rg):
test.cmd('az sentinel bookmark show '
'--bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[
test.check('name', '73e01a99-5cd7-4139-a149-9f2736ff2ab5'),
test.check('query', 'SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)')
])
# EXAMPLE: /Bookmarks/get/Get all bookmarks.
@try_manual
def step__bookmarks_get_get_all_bookmarks_(test, rg):
test.cmd('az sentinel bookmark list '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[
test.check('length(@)', 1),
test.check('[0].name', '73e01a99-5cd7-4139-a149-9f2736ff2ab5'),
test.check('[0].query', 'SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)')
])
# EXAMPLE: /Bookmarks/delete/Delete a bookmark.
@try_manual
def step__bookmarks_delete_delete_a_bookmark_(test, rg):
test.cmd('az sentinel bookmark delete -y '
'--bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" '
'--resource-group "{rg}" '
'--workspace-name {workspace}')
# EXAMPLE: /DataConnectors/put/Creates or updates an Office365 data connector.
@try_manual
def step__dataconnectors_put(test, rg):
test.cmd('az sentinel data-connector create '
'--office-data-connector etag="\\"0300bf09-0000-0000-0000-5c37296e0000\\"" tenant-id="2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" '
'--data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[])
# EXAMPLE: /DataConnectors/get/Get a ASC data connector.
@try_manual
def step__dataconnectors_get_get_a_asc_data_connector_(test, rg):
test.cmd('az sentinel data-connector show '
'--data-connector-id "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[])
# EXAMPLE: /DataConnectors/get/Get a MCAS data connector.
@try_manual
def step__dataconnectors_get(test, rg):
test.cmd('az sentinel data-connector show '
'--data-connector-id "b96d014d-b5c2-4a01-9aba-a8058f629d42" '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[])
# EXAMPLE: /DataConnectors/get/Get a MDATP data connector
@try_manual
def step__dataconnectors_get2(test, rg):
test.cmd('az sentinel data-connector show '
'--data-connector-id "06b3ccb8-1384-4bcc-aec7-852f6d57161b" '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[])
# EXAMPLE: /DataConnectors/get/Get a TI data connector.
@try_manual
def step__dataconnectors_get_get_a_ti_data_connector_(test, rg):
test.cmd('az sentinel data-connector show '
'--data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[])
# EXAMPLE: /DataConnectors/get/Get all data connectors.
@try_manual
def step__dataconnectors_get_get_all_data_connectors_(test, rg):
test.cmd('az sentinel data-connector list '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[])
# EXAMPLE: /DataConnectors/get/Get an AAD data connector.
@try_manual
def step__dataconnectors_get3(test, rg):
test.cmd('az sentinel data-connector show '
'--data-connector-id "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[])
# EXAMPLE: /DataConnectors/get/Get an AATP data connector.
@try_manual
def step__dataconnectors_get4(test, rg):
test.cmd('az sentinel data-connector show '
'--data-connector-id "07e42cb3-e658-4e90-801c-efa0f29d3d44" '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[])
# EXAMPLE: /DataConnectors/get/Get an AwsCloudTrail data connector.
@try_manual
def step__dataconnectors_get5(test, rg):
test.cmd('az sentinel data-connector show '
'--data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[])
# EXAMPLE: /DataConnectors/get/Get an Office365 data connector.
@try_manual
def step__dataconnectors_get6(test, rg):
test.cmd('az sentinel data-connector show '
'--data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[])
# EXAMPLE: /DataConnectors/delete/Delete an Office365 data connector.
@try_manual
def step__dataconnectors_delete(test, rg):
test.cmd('az sentinel data-connector delete -y '
'--data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[])
# EXAMPLE: /IncidentComments/put/Creates an incident comment.
@try_manual
def step__incidentcomments_put(test, rg):
test.cmd('az sentinel incident-comment create '
'--message "Some message" '
'--incident-comment-id "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" '
'--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[
test.check('message', 'Some message'),
test.check('name', '4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014')
])
# EXAMPLE: /IncidentComments/get/Get all incident comments.
@try_manual
def step__incidentcomments_get(test, rg):
test.cmd('az sentinel incident-comment list '
'--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[
test.check('length(@)', 1),
test.check('[0].message', 'Some message'),
test.check('[0].name', '4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014')
])
# EXAMPLE: /IncidentComments/get/Get an incident comment.
@try_manual
def step__incidentcomments_get2(test, rg):
test.cmd('az sentinel incident-comment show '
'--incident-comment-id "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" '
'--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[
test.check('message', 'Some message'),
test.check('name', '4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014')
])
# EXAMPLE: /Incidents/put/Creates or updates an incident.
@try_manual
def step__incidents_put(test, rg):
test.cmd('az sentinel incident create '
'--etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" '
'--description "This is a demo incident" '
'--classification "FalsePositive" '
'--classification-comment "Not a malicious activity" '
'--classification-reason "IncorrectAlertLogic" '
'--first-activity-time-utc "2019-01-01T13:00:30Z" '
'--last-activity-time-utc "2019-01-01T13:05:30Z" '
'--owner object-id="2046feea-040d-4a46-9e2b-91c2941bfa70" '
'--severity "High" '
'--status "Closed" '
'--title "title" '
'--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[
test.check('classification', 'FalsePositive'),
test.check('classificationReason', 'IncorrectAlertLogic'),
test.check('classificationComment', 'Not a malicious activity'),
test.check('severity', 'High'),
test.check('title', 'title'),
test.check('status', 'Closed')
])
# EXAMPLE: /Incidents/get/Get all incidents.
@try_manual
def step__incidents_get_get_all_incidents_(test, rg):
test.cmd('az sentinel incident list '
'--orderby "properties/createdTimeUtc desc" '
'--top 1 '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[
test.check('length(@)', 1),
test.check('[0].name', '73e01a99-5cd7-4139-a149-9f2736ff2ab5')
])
# EXAMPLE: /Incidents/get/Get an incident.
@try_manual
def step__incidents_get_get_an_incident_(test, rg):
test.cmd('az sentinel incident show '
'--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" '
'--resource-group "{rg}" '
'--workspace-name {workspace}',
checks=[
test.check('classification', 'FalsePositive'),
test.check('classificationReason', 'IncorrectAlertLogic'),
test.check('classificationComment', 'Not a malicious activity'),
test.check('severity', 'High'),
test.check('title', 'title'),
test.check('status', 'Closed')
])
# EXAMPLE: /Incidents/delete/Delete an incident.
@try_manual
def step__incidents_delete_delete_an_incident_(test, rg):
test.cmd('az sentinel incident delete -y '
'--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" '
'--resource-group "{rg}" '
'--workspace-name {workspace}')
# Env cleanup
@try_manual
def cleanup(test, rg):
pass
# Testcase
@try_manual
def call_scenario(test, rg):
setup(test, rg)
step__alertrules_put(test, rg)
step__alertrules_put2(test, rg)
# step__alertrules_put3(test, rg)
# step__alertrules_put4(test, rg)
step__alertrules_get_get_a_fusion_alert_rule_(test, rg)
step__alertrules_get(test, rg)
# step__alertrules_get_get_a_scheduled_alert_rule_(test, rg)
step__alertrules_get_get_all_alert_rules_(test, rg)
# step__alertrules_get_get_an_action_of_alert_rule_(test, rg)
# step__alertrules_delete(test, rg)
# step__alertrules_delete_delete_an_alert_rule_(test, rg)
step__alertrules_delete_delete_a_fusion_alert_rule_(test, rg)
step__alertruletemplates_get(test, rg)
step__alertruletemplates_list(test, rg)
# step__actions_get_get_all_actions_of_alert_rule_(test, rg)
step__bookmarks_put_creates_or_updates_a_bookmark_(test, rg)
step__bookmarks_get_get_a_bookmark_(test, rg)
step__bookmarks_get_get_all_bookmarks_(test, rg)
step__bookmarks_delete_delete_a_bookmark_(test, rg)
# step__dataconnectors_put(test, rg)
# step__dataconnectors_get_get_a_asc_data_connector_(test, rg)
# step__dataconnectors_get(test, rg)
# step__dataconnectors_get2(test, rg)
# step__dataconnectors_get_get_a_ti_data_connector_(test, rg)
# step__dataconnectors_get_get_all_data_connectors_(test, rg)
# step__dataconnectors_get3(test, rg)
# step__dataconnectors_get4(test, rg)
# step__dataconnectors_get5(test, rg)
# step__dataconnectors_get6(test, rg)
# step__dataconnectors_delete(test, rg)
step__incidents_put(test, rg)
# step__incidents_get_get_all_incidents_(test, rg)
step__incidents_get_get_an_incident_(test, rg)
step__incidentcomments_put(test, rg)
step__incidentcomments_get(test, rg)
step__incidentcomments_get2(test, rg)
step__incidents_delete_delete_an_incident_(test, rg)
cleanup(test, rg)
@try_manual
class SecurityInsightsScenarioTest(ScenarioTest):
@ResourceGroupPreparer(name_prefix='clitestsentinel_myRg'[:7], key='rg', parameter_name='rg')
@AllowLargeResponse()
def test_sentinel(self, rg):
self.kwargs.update({
'subscription_id': self.get_subscription_id()
})
call_scenario(self, rg)
calc_coverage(__file__)
raise_if()

20
src/securityinsight/azext_sentinel/tests/latest/test_sentinel_scenario_coverage.md Normal file
Просмотреть файл

@ -0,0 +1,20 @@
|Scenario|Result|ErrorMessage|ErrorStack|ErrorNormalized|StartDt|EndDt|
|step__alertrules_put|successed||||2020-11-30 05:12:10.340025|2020-11-30 05:12:14.212919|
|step__alertrules_put2|successed||||2020-11-30 05:12:14.213902|2020-11-30 05:12:16.912928|
|step__alertrules_get_get_a_fusion_alert_rule_|successed||||2020-11-30 05:12:16.913927|2020-11-30 05:12:18.411054|
|step__alertrules_get|successed||||2020-11-30 05:12:18.412055|2020-11-30 05:12:21.541734|
|step__alertrules_get_get_all_alert_rules_|successed||||2020-11-30 05:12:21.541734|2020-11-30 05:12:23.591243|
|step__alertrules_delete_delete_a_fusion_alert_rule_|successed||||2020-11-30 05:12:23.592241|2020-11-30 05:12:26.496214|
|step__alertruletemplates_get|successed||||2020-11-30 05:12:26.497214|2020-11-30 05:12:29.682131|
|step__alertruletemplates_list|successed||||2020-11-30 05:12:29.682131|2020-11-30 05:12:33.559276|
|step__bookmarks_put_creates_or_updates_a_bookmark_|successed||||2020-11-30 05:12:33.560277|2020-11-30 05:12:36.664603|
|step__bookmarks_get_get_a_bookmark_|successed||||2020-11-30 05:12:36.665672|2020-11-30 05:12:37.405872|
|step__bookmarks_get_get_all_bookmarks_|successed||||2020-11-30 05:12:37.406872|2020-11-30 05:12:38.657312|
|step__bookmarks_delete_delete_a_bookmark_|successed||||2020-11-30 05:12:38.658311|2020-11-30 05:12:41.040726|
|step__incidents_put|successed||||2020-11-30 05:12:41.040726|2020-11-30 05:12:43.390843|
|step__incidents_get_get_an_incident_|successed||||2020-11-30 05:12:43.391911|2020-11-30 05:12:45.395363|
|step__incidentcomments_put|successed||||2020-11-30 05:12:45.396360|2020-11-30 05:12:46.378773|
|step__incidentcomments_get|successed||||2020-11-30 05:12:46.379844|2020-11-30 05:12:47.110435|
|step__incidentcomments_get2|successed||||2020-11-30 05:12:47.111432|2020-11-30 05:12:47.890755|
|step__incidents_delete_delete_an_incident_|successed||||2020-11-30 05:12:47.891754|2020-11-30 05:12:48.690398|
Coverage: 18/18

12
src/securityinsight/azext_sentinel/vendored_sdks/__init__.py Normal file
Просмотреть файл

@ -0,0 +1,12 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
# --------------------------------------------------------------------------
__path__ = __import__('pkgutil').extend_path(__path__, __name__)

16
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/__init__.py Normal file
Просмотреть файл

@ -0,0 +1,16 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from ._security_insights import SecurityInsights
__all__ = ['SecurityInsights']
try:
from ._patch import patch_sdk # type: ignore
patch_sdk()
except ImportError:
pass

70
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_configuration.py Normal file
Просмотреть файл

@ -0,0 +1,70 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import TYPE_CHECKING
from azure.core.configuration import Configuration
from azure.core.pipeline import policies
from azure.mgmt.core.policies import ARMHttpLoggingPolicy
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from typing import Any
from azure.core.credentials import TokenCredential
VERSION = "unknown"
class SecurityInsightsConfiguration(Configuration):
"""Configuration for SecurityInsights.
Note that all parameters used to create this instance are saved as instance
attributes.
:param credential: Credential needed for the client to connect to Azure.
:type credential: ~azure.core.credentials.TokenCredential
:param subscription_id: Azure subscription ID.
:type subscription_id: str
"""
def __init__(
self,
credential, # type: "TokenCredential"
subscription_id, # type: str
**kwargs # type: Any
):
# type: (...) -> None
if credential is None:
raise ValueError("Parameter 'credential' must not be None.")
if subscription_id is None:
raise ValueError("Parameter 'subscription_id' must not be None.")
super(SecurityInsightsConfiguration, self).__init__(**kwargs)
self.credential = credential
self.subscription_id = subscription_id
self.api_version = "2020-01-01"
self.credential_scopes = kwargs.pop('credential_scopes', ['https://management.azure.com/.default'])
kwargs.setdefault('sdk_moniker', 'securityinsights/{}'.format(VERSION))
self._configure(**kwargs)
def _configure(
self,
**kwargs # type: Any
):
# type: (...) -> None
self.user_agent_policy = kwargs.get('user_agent_policy') or policies.UserAgentPolicy(**kwargs)
self.headers_policy = kwargs.get('headers_policy') or policies.HeadersPolicy(**kwargs)
self.proxy_policy = kwargs.get('proxy_policy') or policies.ProxyPolicy(**kwargs)
self.logging_policy = kwargs.get('logging_policy') or policies.NetworkTraceLoggingPolicy(**kwargs)
self.http_logging_policy = kwargs.get('http_logging_policy') or ARMHttpLoggingPolicy(**kwargs)
self.retry_policy = kwargs.get('retry_policy') or policies.RetryPolicy(**kwargs)
self.custom_hook_policy = kwargs.get('custom_hook_policy') or policies.CustomHookPolicy(**kwargs)
self.redirect_policy = kwargs.get('redirect_policy') or policies.RedirectPolicy(**kwargs)
self.authentication_policy = kwargs.get('authentication_policy')
if self.credential and not self.authentication_policy:
self.authentication_policy = policies.BearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs)

103
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/_security_insights.py Normal file
Просмотреть файл

@ -0,0 +1,103 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import TYPE_CHECKING
from azure.mgmt.core import ARMPipelineClient
from msrest import Deserializer, Serializer
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from typing import Any, Optional
from azure.core.credentials import TokenCredential
from ._configuration import SecurityInsightsConfiguration
from .operations import OperationOperations
from .operations import AlertRuleOperations
from .operations import ActionOperations
from .operations import AlertRuleTemplateOperations
from .operations import BookmarkOperations
from .operations import DataConnectorOperations
from .operations import IncidentOperations
from .operations import IncidentCommentOperations
from . import models
class SecurityInsights(object):
"""API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider.
:ivar operation: OperationOperations operations
:vartype operation: security_insights.operations.OperationOperations
:ivar alert_rule: AlertRuleOperations operations
:vartype alert_rule: security_insights.operations.AlertRuleOperations
:ivar action: ActionOperations operations
:vartype action: security_insights.operations.ActionOperations
:ivar alert_rule_template: AlertRuleTemplateOperations operations
:vartype alert_rule_template: security_insights.operations.AlertRuleTemplateOperations
:ivar bookmark: BookmarkOperations operations
:vartype bookmark: security_insights.operations.BookmarkOperations
:ivar data_connector: DataConnectorOperations operations
:vartype data_connector: security_insights.operations.DataConnectorOperations
:ivar incident: IncidentOperations operations
:vartype incident: security_insights.operations.IncidentOperations
:ivar incident_comment: IncidentCommentOperations operations
:vartype incident_comment: security_insights.operations.IncidentCommentOperations
:param credential: Credential needed for the client to connect to Azure.
:type credential: ~azure.core.credentials.TokenCredential
:param subscription_id: Azure subscription ID.
:type subscription_id: str
:param str base_url: Service URL
"""
def __init__(
self,
credential, # type: "TokenCredential"
subscription_id, # type: str
base_url=None, # type: Optional[str]
**kwargs # type: Any
):
# type: (...) -> None
if not base_url:
base_url = 'https://management.azure.com'
self._config = SecurityInsightsConfiguration(credential, subscription_id, **kwargs)
self._client = ARMPipelineClient(base_url=base_url, config=self._config, **kwargs)
client_models = {k: v for k, v in models.__dict__.items() if isinstance(v, type)}
self._serialize = Serializer(client_models)
self._deserialize = Deserializer(client_models)
self.operation = OperationOperations(
self._client, self._config, self._serialize, self._deserialize)
self.alert_rule = AlertRuleOperations(
self._client, self._config, self._serialize, self._deserialize)
self.action = ActionOperations(
self._client, self._config, self._serialize, self._deserialize)
self.alert_rule_template = AlertRuleTemplateOperations(
self._client, self._config, self._serialize, self._deserialize)
self.bookmark = BookmarkOperations(
self._client, self._config, self._serialize, self._deserialize)
self.data_connector = DataConnectorOperations(
self._client, self._config, self._serialize, self._deserialize)
self.incident = IncidentOperations(
self._client, self._config, self._serialize, self._deserialize)
self.incident_comment = IncidentCommentOperations(
self._client, self._config, self._serialize, self._deserialize)
def close(self):
# type: () -> None
self._client.close()
def __enter__(self):
# type: () -> SecurityInsights
self._client.__enter__()
return self
def __exit__(self, *exc_details):
# type: (Any) -> None
self._client.__exit__(*exc_details)

10
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/__init__.py Normal file
Просмотреть файл

@ -0,0 +1,10 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from ._security_insights import SecurityInsights
__all__ = ['SecurityInsights']

66
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_configuration.py Normal file
Просмотреть файл

@ -0,0 +1,66 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import Any, TYPE_CHECKING
from azure.core.configuration import Configuration
from azure.core.pipeline import policies
from azure.mgmt.core.policies import ARMHttpLoggingPolicy
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from azure.core.credentials_async import AsyncTokenCredential
VERSION = "unknown"
class SecurityInsightsConfiguration(Configuration):
"""Configuration for SecurityInsights.
Note that all parameters used to create this instance are saved as instance
attributes.
:param credential: Credential needed for the client to connect to Azure.
:type credential: ~azure.core.credentials_async.AsyncTokenCredential
:param subscription_id: Azure subscription ID.
:type subscription_id: str
"""
def __init__(
self,
credential: "AsyncTokenCredential",
subscription_id: str,
**kwargs: Any
) -> None:
if credential is None:
raise ValueError("Parameter 'credential' must not be None.")
if subscription_id is None:
raise ValueError("Parameter 'subscription_id' must not be None.")
super(SecurityInsightsConfiguration, self).__init__(**kwargs)
self.credential = credential
self.subscription_id = subscription_id
self.api_version = "2020-01-01"
self.credential_scopes = kwargs.pop('credential_scopes', ['https://management.azure.com/.default'])
kwargs.setdefault('sdk_moniker', 'securityinsights/{}'.format(VERSION))
self._configure(**kwargs)
def _configure(
self,
**kwargs: Any
) -> None:
self.user_agent_policy = kwargs.get('user_agent_policy') or policies.UserAgentPolicy(**kwargs)
self.headers_policy = kwargs.get('headers_policy') or policies.HeadersPolicy(**kwargs)
self.proxy_policy = kwargs.get('proxy_policy') or policies.ProxyPolicy(**kwargs)
self.logging_policy = kwargs.get('logging_policy') or policies.NetworkTraceLoggingPolicy(**kwargs)
self.http_logging_policy = kwargs.get('http_logging_policy') or ARMHttpLoggingPolicy(**kwargs)
self.retry_policy = kwargs.get('retry_policy') or policies.AsyncRetryPolicy(**kwargs)
self.custom_hook_policy = kwargs.get('custom_hook_policy') or policies.CustomHookPolicy(**kwargs)
self.redirect_policy = kwargs.get('redirect_policy') or policies.AsyncRedirectPolicy(**kwargs)
self.authentication_policy = kwargs.get('authentication_policy')
if self.credential and not self.authentication_policy:
self.authentication_policy = policies.AsyncBearerTokenCredentialPolicy(self.credential, *self.credential_scopes, **kwargs)

97
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/_security_insights.py Normal file
Просмотреть файл

@ -0,0 +1,97 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import Any, Optional, TYPE_CHECKING
from azure.mgmt.core import AsyncARMPipelineClient
from msrest import Deserializer, Serializer
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from azure.core.credentials_async import AsyncTokenCredential
from ._configuration import SecurityInsightsConfiguration
from .operations import OperationOperations
from .operations import AlertRuleOperations
from .operations import ActionOperations
from .operations import AlertRuleTemplateOperations
from .operations import BookmarkOperations
from .operations import DataConnectorOperations
from .operations import IncidentOperations
from .operations import IncidentCommentOperations
from .. import models
class SecurityInsights(object):
"""API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider.
:ivar operation: OperationOperations operations
:vartype operation: security_insights.aio.operations.OperationOperations
:ivar alert_rule: AlertRuleOperations operations
:vartype alert_rule: security_insights.aio.operations.AlertRuleOperations
:ivar action: ActionOperations operations
:vartype action: security_insights.aio.operations.ActionOperations
:ivar alert_rule_template: AlertRuleTemplateOperations operations
:vartype alert_rule_template: security_insights.aio.operations.AlertRuleTemplateOperations
:ivar bookmark: BookmarkOperations operations
:vartype bookmark: security_insights.aio.operations.BookmarkOperations
:ivar data_connector: DataConnectorOperations operations
:vartype data_connector: security_insights.aio.operations.DataConnectorOperations
:ivar incident: IncidentOperations operations
:vartype incident: security_insights.aio.operations.IncidentOperations
:ivar incident_comment: IncidentCommentOperations operations
:vartype incident_comment: security_insights.aio.operations.IncidentCommentOperations
:param credential: Credential needed for the client to connect to Azure.
:type credential: ~azure.core.credentials_async.AsyncTokenCredential
:param subscription_id: Azure subscription ID.
:type subscription_id: str
:param str base_url: Service URL
"""
def __init__(
self,
credential: "AsyncTokenCredential",
subscription_id: str,
base_url: Optional[str] = None,
**kwargs: Any
) -> None:
if not base_url:
base_url = 'https://management.azure.com'
self._config = SecurityInsightsConfiguration(credential, subscription_id, **kwargs)
self._client = AsyncARMPipelineClient(base_url=base_url, config=self._config, **kwargs)
client_models = {k: v for k, v in models.__dict__.items() if isinstance(v, type)}
self._serialize = Serializer(client_models)
self._deserialize = Deserializer(client_models)
self.operation = OperationOperations(
self._client, self._config, self._serialize, self._deserialize)
self.alert_rule = AlertRuleOperations(
self._client, self._config, self._serialize, self._deserialize)
self.action = ActionOperations(
self._client, self._config, self._serialize, self._deserialize)
self.alert_rule_template = AlertRuleTemplateOperations(
self._client, self._config, self._serialize, self._deserialize)
self.bookmark = BookmarkOperations(
self._client, self._config, self._serialize, self._deserialize)
self.data_connector = DataConnectorOperations(
self._client, self._config, self._serialize, self._deserialize)
self.incident = IncidentOperations(
self._client, self._config, self._serialize, self._deserialize)
self.incident_comment = IncidentCommentOperations(
self._client, self._config, self._serialize, self._deserialize)
async def close(self) -> None:
await self._client.close()
async def __aenter__(self) -> "SecurityInsights":
await self._client.__aenter__()
return self
async def __aexit__(self, *exc_details) -> None:
await self._client.__aexit__(*exc_details)

27
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/__init__.py Normal file
Просмотреть файл

@ -0,0 +1,27 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from ._operation_operations import OperationOperations
from ._alert_rule_operations import AlertRuleOperations
from ._action_operations import ActionOperations
from ._alert_rule_template_operations import AlertRuleTemplateOperations
from ._bookmark_operations import BookmarkOperations
from ._data_connector_operations import DataConnectorOperations
from ._incident_operations import IncidentOperations
from ._incident_comment_operations import IncidentCommentOperations
__all__ = [
'OperationOperations',
'AlertRuleOperations',
'ActionOperations',
'AlertRuleTemplateOperations',
'BookmarkOperations',
'DataConnectorOperations',
'IncidentOperations',
'IncidentCommentOperations',
]

121
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_action_operations.py Normal file
Просмотреть файл

@ -0,0 +1,121 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar
import warnings
from azure.core.async_paging import AsyncItemPaged, AsyncList
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest
from azure.mgmt.core.exceptions import ARMErrorFormat
from ... import models
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]]
class ActionOperations:
"""ActionOperations async operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~security_insights.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = models
def __init__(self, client, config, serializer, deserializer) -> None:
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def list_by_alert_rule(
self,
resource_group_name: str,
workspace_name: str,
rule_id: str,
**kwargs
) -> AsyncIterable["models.ActionsList"]:
"""Gets all actions of alert rule.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param rule_id: Alert rule ID.
:type rule_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: An iterator like instance of either ActionsList or the result of cls(response)
:rtype: ~azure.core.async_paging.AsyncItemPaged[~security_insights.models.ActionsList]
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.ActionsList"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
def prepare_request(next_link=None):
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
if not next_link:
# Construct URL
url = self.list_by_alert_rule.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'ruleId': self._serialize.url("rule_id", rule_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
request = self._client.get(url, query_parameters, header_parameters)
else:
url = next_link
query_parameters = {} # type: Dict[str, Any]
request = self._client.get(url, query_parameters, header_parameters)
return request
async def extract_data(pipeline_response):
deserialized = self._deserialize('ActionsList', pipeline_response)
list_of_elem = deserialized.value
if cls:
list_of_elem = cls(list_of_elem)
return deserialized.next_link or None, AsyncList(list_of_elem)
async def get_next(next_link=None):
request = prepare_request(next_link)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
return pipeline_response
return AsyncItemPaged(
get_next, extract_data
)
list_by_alert_rule.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions'} # type: ignore

535
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_operations.py Normal file
Просмотреть файл

@ -0,0 +1,535 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar, Union
import warnings
from azure.core.async_paging import AsyncItemPaged, AsyncList
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest
from azure.mgmt.core.exceptions import ARMErrorFormat
from ... import models
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]]
class AlertRuleOperations:
"""AlertRuleOperations async operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~security_insights.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = models
def __init__(self, client, config, serializer, deserializer) -> None:
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def list(
self,
resource_group_name: str,
workspace_name: str,
**kwargs
) -> AsyncIterable["models.AlertRulesList"]:
"""Gets all alert rules.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: An iterator like instance of either AlertRulesList or the result of cls(response)
:rtype: ~azure.core.async_paging.AsyncItemPaged[~security_insights.models.AlertRulesList]
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRulesList"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
def prepare_request(next_link=None):
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
if not next_link:
# Construct URL
url = self.list.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
request = self._client.get(url, query_parameters, header_parameters)
else:
url = next_link
query_parameters = {} # type: Dict[str, Any]
request = self._client.get(url, query_parameters, header_parameters)
return request
async def extract_data(pipeline_response):
deserialized = self._deserialize('AlertRulesList', pipeline_response)
list_of_elem = deserialized.value
if cls:
list_of_elem = cls(list_of_elem)
return deserialized.next_link or None, AsyncList(list_of_elem)
async def get_next(next_link=None):
request = prepare_request(next_link)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
return pipeline_response
return AsyncItemPaged(
get_next, extract_data
)
list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules'} # type: ignore
async def get(
self,
resource_group_name: str,
workspace_name: str,
rule_id: str,
**kwargs
) -> "models.AlertRule":
"""Gets the alert rule.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param rule_id: Alert rule ID.
:type rule_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: AlertRule, or the result of cls(response)
:rtype: ~security_insights.models.AlertRule
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRule"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.get.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'ruleId': self._serialize.url("rule_id", rule_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
deserialized = self._deserialize('AlertRule', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore
async def create_or_update(
self,
resource_group_name: str,
workspace_name: str,
rule_id: str,
alert_rule: "models.AlertRule",
**kwargs
) -> "models.AlertRule":
"""Creates or updates the alert rule.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param rule_id: Alert rule ID.
:type rule_id: str
:param alert_rule: The alert rule.
:type alert_rule: ~security_insights.models.AlertRule
:keyword callable cls: A custom type or function that will be passed the direct response
:return: AlertRule, or the result of cls(response)
:rtype: ~security_insights.models.AlertRule
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRule"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.create_or_update.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'ruleId': self._serialize.url("rule_id", rule_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(alert_rule, 'AlertRule')
body_content_kwargs['content'] = body_content
request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200, 201]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
if response.status_code == 200:
deserialized = self._deserialize('AlertRule', pipeline_response)
if response.status_code == 201:
deserialized = self._deserialize('AlertRule', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore
async def delete(
self,
resource_group_name: str,
workspace_name: str,
rule_id: str,
**kwargs
) -> None:
"""Delete the alert rule.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param rule_id: Alert rule ID.
:type rule_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: None, or the result of cls(response)
:rtype: None
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType[None]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.delete.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'ruleId': self._serialize.url("rule_id", rule_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.delete(url, query_parameters, header_parameters)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200, 204]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
if cls:
return cls(pipeline_response, None, {})
delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore
async def get_action(
self,
resource_group_name: str,
workspace_name: str,
rule_id: str,
action_id: str,
**kwargs
) -> "models.ActionResponse":
"""Gets the action of alert rule.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param rule_id: Alert rule ID.
:type rule_id: str
:param action_id: Action ID.
:type action_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: ActionResponse, or the result of cls(response)
:rtype: ~security_insights.models.ActionResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.ActionResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.get_action.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'ruleId': self._serialize.url("rule_id", rule_id, 'str'),
'actionId': self._serialize.url("action_id", action_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
deserialized = self._deserialize('ActionResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore
async def create_or_update_action(
self,
resource_group_name: str,
workspace_name: str,
rule_id: str,
action_id: str,
etag: Optional[str] = None,
logic_app_resource_id: Optional[str] = None,
trigger_uri: Optional[str] = None,
**kwargs
) -> "models.ActionResponse":
"""Creates or updates the action of alert rule.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param rule_id: Alert rule ID.
:type rule_id: str
:param action_id: Action ID.
:type action_id: str
:param etag: Etag of the azure resource.
:type etag: str
:param logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-
subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-
workflow-id}.
:type logic_app_resource_id: str
:param trigger_uri: Logic App Callback URL for this specific workflow.
:type trigger_uri: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: ActionResponse, or the result of cls(response)
:rtype: ~security_insights.models.ActionResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.ActionResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
action = models.ActionRequest(etag=etag, logic_app_resource_id=logic_app_resource_id, trigger_uri=trigger_uri)
api_version = "2020-01-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.create_or_update_action.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'ruleId': self._serialize.url("rule_id", rule_id, 'str'),
'actionId': self._serialize.url("action_id", action_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(action, 'ActionRequest')
body_content_kwargs['content'] = body_content
request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200, 201]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
if response.status_code == 200:
deserialized = self._deserialize('ActionResponse', pipeline_response)
if response.status_code == 201:
deserialized = self._deserialize('ActionResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
create_or_update_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore
async def delete_action(
self,
resource_group_name: str,
workspace_name: str,
rule_id: str,
action_id: str,
**kwargs
) -> None:
"""Delete the action of alert rule.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param rule_id: Alert rule ID.
:type rule_id: str
:param action_id: Action ID.
:type action_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: None, or the result of cls(response)
:rtype: None
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType[None]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.delete_action.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'ruleId': self._serialize.url("rule_id", rule_id, 'str'),
'actionId': self._serialize.url("action_id", action_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.delete(url, query_parameters, header_parameters)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200, 204]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
if cls:
return cls(pipeline_response, None, {})
delete_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore

180
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_alert_rule_template_operations.py Normal file
Просмотреть файл

@ -0,0 +1,180 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar
import warnings
from azure.core.async_paging import AsyncItemPaged, AsyncList
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest
from azure.mgmt.core.exceptions import ARMErrorFormat
from ... import models
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]]
class AlertRuleTemplateOperations:
"""AlertRuleTemplateOperations async operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~security_insights.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = models
def __init__(self, client, config, serializer, deserializer) -> None:
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def list(
self,
resource_group_name: str,
workspace_name: str,
**kwargs
) -> AsyncIterable["models.AlertRuleTemplatesList"]:
"""Gets all alert rule templates.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: An iterator like instance of either AlertRuleTemplatesList or the result of cls(response)
:rtype: ~azure.core.async_paging.AsyncItemPaged[~security_insights.models.AlertRuleTemplatesList]
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRuleTemplatesList"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
def prepare_request(next_link=None):
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
if not next_link:
# Construct URL
url = self.list.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
request = self._client.get(url, query_parameters, header_parameters)
else:
url = next_link
query_parameters = {} # type: Dict[str, Any]
request = self._client.get(url, query_parameters, header_parameters)
return request
async def extract_data(pipeline_response):
deserialized = self._deserialize('AlertRuleTemplatesList', pipeline_response)
list_of_elem = deserialized.value
if cls:
list_of_elem = cls(list_of_elem)
return deserialized.next_link or None, AsyncList(list_of_elem)
async def get_next(next_link=None):
request = prepare_request(next_link)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
return pipeline_response
return AsyncItemPaged(
get_next, extract_data
)
list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates'} # type: ignore
async def get(
self,
resource_group_name: str,
workspace_name: str,
alert_rule_template_id: str,
**kwargs
) -> "models.AlertRuleTemplate":
"""Gets the alert rule template.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param alert_rule_template_id: Alert rule template ID.
:type alert_rule_template_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: AlertRuleTemplate, or the result of cls(response)
:rtype: ~security_insights.models.AlertRuleTemplate
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRuleTemplate"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.get.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'alertRuleTemplateId': self._serialize.url("alert_rule_template_id", alert_rule_template_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
deserialized = self._deserialize('AlertRuleTemplate', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}'} # type: ignore

345
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_bookmark_operations.py Normal file
Просмотреть файл

@ -0,0 +1,345 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
import datetime
from typing import Any, AsyncIterable, Callable, Dict, Generic, List, Optional, TypeVar, Union
import warnings
from azure.core.async_paging import AsyncItemPaged, AsyncList
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest
from azure.mgmt.core.exceptions import ARMErrorFormat
from ... import models
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]]
class BookmarkOperations:
"""BookmarkOperations async operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~security_insights.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = models
def __init__(self, client, config, serializer, deserializer) -> None:
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def list(
self,
resource_group_name: str,
workspace_name: str,
**kwargs
) -> AsyncIterable["models.BookmarkList"]:
"""Gets all bookmarks.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: An iterator like instance of either BookmarkList or the result of cls(response)
:rtype: ~azure.core.async_paging.AsyncItemPaged[~security_insights.models.BookmarkList]
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.BookmarkList"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
def prepare_request(next_link=None):
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
if not next_link:
# Construct URL
url = self.list.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
request = self._client.get(url, query_parameters, header_parameters)
else:
url = next_link
query_parameters = {} # type: Dict[str, Any]
request = self._client.get(url, query_parameters, header_parameters)
return request
async def extract_data(pipeline_response):
deserialized = self._deserialize('BookmarkList', pipeline_response)
list_of_elem = deserialized.value
if cls:
list_of_elem = cls(list_of_elem)
return deserialized.next_link or None, AsyncList(list_of_elem)
async def get_next(next_link=None):
request = prepare_request(next_link)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
return pipeline_response
return AsyncItemPaged(
get_next, extract_data
)
list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks'} # type: ignore
async def get(
self,
resource_group_name: str,
workspace_name: str,
bookmark_id: str,
**kwargs
) -> "models.Bookmark":
"""Gets a bookmark.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param bookmark_id: Bookmark ID.
:type bookmark_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: Bookmark, or the result of cls(response)
:rtype: ~security_insights.models.Bookmark
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.Bookmark"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.get.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'bookmarkId': self._serialize.url("bookmark_id", bookmark_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
deserialized = self._deserialize('Bookmark', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}'} # type: ignore
async def create_or_update(
self,
resource_group_name: str,
workspace_name: str,
bookmark_id: str,
etag: Optional[str] = None,
created: Optional[datetime.datetime] = None,
display_name: Optional[str] = None,
labels: Optional[List[str]] = None,
notes: Optional[str] = None,
query: Optional[str] = None,
query_result: Optional[str] = None,
updated: Optional[datetime.datetime] = None,
incident_info: Optional["models.IncidentInfo"] = None,
object_id: Optional[str] = None,
**kwargs
) -> "models.Bookmark":
"""Creates or updates the bookmark.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param bookmark_id: Bookmark ID.
:type bookmark_id: str
:param etag: Etag of the azure resource.
:type etag: str
:param created: The time the bookmark was created.
:type created: ~datetime.datetime
:param display_name: The display name of the bookmark.
:type display_name: str
:param labels: List of labels relevant to this bookmark.
:type labels: list[str]
:param notes: The notes of the bookmark.
:type notes: str
:param query: The query of the bookmark.
:type query: str
:param query_result: The query result of the bookmark.
:type query_result: str
:param updated: The last time the bookmark was updated.
:type updated: ~datetime.datetime
:param incident_info: Describes an incident that relates to bookmark.
:type incident_info: ~security_insights.models.IncidentInfo
:param object_id: The object id of the user.
:type object_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: Bookmark, or the result of cls(response)
:rtype: ~security_insights.models.Bookmark
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.Bookmark"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
bookmark = models.Bookmark(etag=etag, created=created, display_name=display_name, labels=labels, notes=notes, query=query, query_result=query_result, updated=updated, incident_info=incident_info, object_id_updated_by_object_id=object_id)
api_version = "2020-01-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.create_or_update.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'bookmarkId': self._serialize.url("bookmark_id", bookmark_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(bookmark, 'Bookmark')
body_content_kwargs['content'] = body_content
request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200, 201]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
if response.status_code == 200:
deserialized = self._deserialize('Bookmark', pipeline_response)
if response.status_code == 201:
deserialized = self._deserialize('Bookmark', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}'} # type: ignore
async def delete(
self,
resource_group_name: str,
workspace_name: str,
bookmark_id: str,
**kwargs
) -> None:
"""Delete the bookmark.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param bookmark_id: Bookmark ID.
:type bookmark_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: None, or the result of cls(response)
:rtype: None
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType[None]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.delete.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'bookmarkId': self._serialize.url("bookmark_id", bookmark_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.delete(url, query_parameters, header_parameters)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200, 204]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
if cls:
return cls(pipeline_response, None, {})
delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}'} # type: ignore

315
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_data_connector_operations.py Normal file
Просмотреть файл

@ -0,0 +1,315 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar, Union
import warnings
from azure.core.async_paging import AsyncItemPaged, AsyncList
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest
from azure.mgmt.core.exceptions import ARMErrorFormat
from ... import models
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]]
class DataConnectorOperations:
"""DataConnectorOperations async operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~security_insights.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = models
def __init__(self, client, config, serializer, deserializer) -> None:
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def list(
self,
resource_group_name: str,
workspace_name: str,
**kwargs
) -> AsyncIterable["models.DataConnectorList"]:
"""Gets all data connectors.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: An iterator like instance of either DataConnectorList or the result of cls(response)
:rtype: ~azure.core.async_paging.AsyncItemPaged[~security_insights.models.DataConnectorList]
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.DataConnectorList"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
def prepare_request(next_link=None):
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
if not next_link:
# Construct URL
url = self.list.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
request = self._client.get(url, query_parameters, header_parameters)
else:
url = next_link
query_parameters = {} # type: Dict[str, Any]
request = self._client.get(url, query_parameters, header_parameters)
return request
async def extract_data(pipeline_response):
deserialized = self._deserialize('DataConnectorList', pipeline_response)
list_of_elem = deserialized.value
if cls:
list_of_elem = cls(list_of_elem)
return deserialized.next_link or None, AsyncList(list_of_elem)
async def get_next(next_link=None):
request = prepare_request(next_link)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
return pipeline_response
return AsyncItemPaged(
get_next, extract_data
)
list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors'} # type: ignore
async def get(
self,
resource_group_name: str,
workspace_name: str,
data_connector_id: str,
**kwargs
) -> "models.DataConnector":
"""Gets a data connector.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param data_connector_id: Connector ID.
:type data_connector_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: DataConnector, or the result of cls(response)
:rtype: ~security_insights.models.DataConnector
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.DataConnector"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.get.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
deserialized = self._deserialize('DataConnector', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} # type: ignore
async def create_or_update(
self,
resource_group_name: str,
workspace_name: str,
data_connector_id: str,
data_connector: "models.DataConnector",
**kwargs
) -> "models.DataConnector":
"""Creates or updates the data connector.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param data_connector_id: Connector ID.
:type data_connector_id: str
:param data_connector: The data connector.
:type data_connector: ~security_insights.models.DataConnector
:keyword callable cls: A custom type or function that will be passed the direct response
:return: DataConnector, or the result of cls(response)
:rtype: ~security_insights.models.DataConnector
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.DataConnector"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.create_or_update.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(data_connector, 'DataConnector')
body_content_kwargs['content'] = body_content
request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200, 201]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
if response.status_code == 200:
deserialized = self._deserialize('DataConnector', pipeline_response)
if response.status_code == 201:
deserialized = self._deserialize('DataConnector', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} # type: ignore
async def delete(
self,
resource_group_name: str,
workspace_name: str,
data_connector_id: str,
**kwargs
) -> None:
"""Delete the data connector.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param data_connector_id: Connector ID.
:type data_connector_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: None, or the result of cls(response)
:rtype: None
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType[None]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.delete.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.delete(url, query_parameters, header_parameters)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200, 204]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
if cls:
return cls(pipeline_response, None, {})
delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} # type: ignore

287
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_comment_operations.py Normal file
Просмотреть файл

@ -0,0 +1,287 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar
import warnings
from azure.core.async_paging import AsyncItemPaged, AsyncList
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest
from azure.mgmt.core.exceptions import ARMErrorFormat
from ... import models
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]]
class IncidentCommentOperations:
"""IncidentCommentOperations async operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~security_insights.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = models
def __init__(self, client, config, serializer, deserializer) -> None:
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def list_by_incident(
self,
resource_group_name: str,
workspace_name: str,
incident_id: str,
filter: Optional[str] = None,
orderby: Optional[str] = None,
top: Optional[int] = None,
skip_token: Optional[str] = None,
**kwargs
) -> AsyncIterable["models.IncidentCommentList"]:
"""Gets all incident comments.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param incident_id: Incident ID.
:type incident_id: str
:param filter: Filters the results, based on a Boolean condition. Optional.
:type filter: str
:param orderby: Sorts the results. Optional.
:type orderby: str
:param top: Returns only the first n results. Optional.
:type top: int
:param skip_token: Skiptoken is only used if a previous operation returned a partial result. If
a previous response contains a nextLink element, the value of the nextLink element will include
a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
:type skip_token: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: An iterator like instance of either IncidentCommentList or the result of cls(response)
:rtype: ~azure.core.async_paging.AsyncItemPaged[~security_insights.models.IncidentCommentList]
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.IncidentCommentList"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
def prepare_request(next_link=None):
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
if not next_link:
# Construct URL
url = self.list_by_incident.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'incidentId': self._serialize.url("incident_id", incident_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
if filter is not None:
query_parameters['$filter'] = self._serialize.query("filter", filter, 'str')
if orderby is not None:
query_parameters['$orderby'] = self._serialize.query("orderby", orderby, 'str')
if top is not None:
query_parameters['$top'] = self._serialize.query("top", top, 'int')
if skip_token is not None:
query_parameters['$skipToken'] = self._serialize.query("skip_token", skip_token, 'str')
request = self._client.get(url, query_parameters, header_parameters)
else:
url = next_link
query_parameters = {} # type: Dict[str, Any]
request = self._client.get(url, query_parameters, header_parameters)
return request
async def extract_data(pipeline_response):
deserialized = self._deserialize('IncidentCommentList', pipeline_response)
list_of_elem = deserialized.value
if cls:
list_of_elem = cls(list_of_elem)
return deserialized.next_link or None, AsyncList(list_of_elem)
async def get_next(next_link=None):
request = prepare_request(next_link)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
return pipeline_response
return AsyncItemPaged(
get_next, extract_data
)
list_by_incident.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments'} # type: ignore
async def get(
self,
resource_group_name: str,
workspace_name: str,
incident_id: str,
incident_comment_id: str,
**kwargs
) -> "models.IncidentComment":
"""Gets an incident comment.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param incident_id: Incident ID.
:type incident_id: str
:param incident_comment_id: Incident comment ID.
:type incident_comment_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: IncidentComment, or the result of cls(response)
:rtype: ~security_insights.models.IncidentComment
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.IncidentComment"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.get.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'incidentId': self._serialize.url("incident_id", incident_id, 'str'),
'incidentCommentId': self._serialize.url("incident_comment_id", incident_comment_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
deserialized = self._deserialize('IncidentComment', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}'} # type: ignore
async def create_comment(
self,
resource_group_name: str,
workspace_name: str,
incident_id: str,
incident_comment_id: str,
message: Optional[str] = None,
**kwargs
) -> "models.IncidentComment":
"""Creates the incident comment.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param incident_id: Incident ID.
:type incident_id: str
:param incident_comment_id: Incident comment ID.
:type incident_comment_id: str
:param message: The comment message.
:type message: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: IncidentComment, or the result of cls(response)
:rtype: ~security_insights.models.IncidentComment
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.IncidentComment"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
incident_comment = models.IncidentComment(message=message)
api_version = "2020-01-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.create_comment.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'incidentId': self._serialize.url("incident_id", incident_id, 'str'),
'incidentCommentId': self._serialize.url("incident_comment_id", incident_comment_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(incident_comment, 'IncidentComment')
body_content_kwargs['content'] = body_content
request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [201]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
deserialized = self._deserialize('IncidentComment', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
create_comment.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}'} # type: ignore

373
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_incident_operations.py Normal file
Просмотреть файл

@ -0,0 +1,373 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
import datetime
from typing import Any, AsyncIterable, Callable, Dict, Generic, List, Optional, TypeVar, Union
import warnings
from azure.core.async_paging import AsyncItemPaged, AsyncList
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest
from azure.mgmt.core.exceptions import ARMErrorFormat
from ... import models
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]]
class IncidentOperations:
"""IncidentOperations async operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~security_insights.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = models
def __init__(self, client, config, serializer, deserializer) -> None:
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def list(
self,
resource_group_name: str,
workspace_name: str,
filter: Optional[str] = None,
orderby: Optional[str] = None,
top: Optional[int] = None,
skip_token: Optional[str] = None,
**kwargs
) -> AsyncIterable["models.IncidentList"]:
"""Gets all incidents.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param filter: Filters the results, based on a Boolean condition. Optional.
:type filter: str
:param orderby: Sorts the results. Optional.
:type orderby: str
:param top: Returns only the first n results. Optional.
:type top: int
:param skip_token: Skiptoken is only used if a previous operation returned a partial result. If
a previous response contains a nextLink element, the value of the nextLink element will include
a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
:type skip_token: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: An iterator like instance of either IncidentList or the result of cls(response)
:rtype: ~azure.core.async_paging.AsyncItemPaged[~security_insights.models.IncidentList]
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.IncidentList"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
def prepare_request(next_link=None):
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
if not next_link:
# Construct URL
url = self.list.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
if filter is not None:
query_parameters['$filter'] = self._serialize.query("filter", filter, 'str')
if orderby is not None:
query_parameters['$orderby'] = self._serialize.query("orderby", orderby, 'str')
if top is not None:
query_parameters['$top'] = self._serialize.query("top", top, 'int')
if skip_token is not None:
query_parameters['$skipToken'] = self._serialize.query("skip_token", skip_token, 'str')
request = self._client.get(url, query_parameters, header_parameters)
else:
url = next_link
query_parameters = {} # type: Dict[str, Any]
request = self._client.get(url, query_parameters, header_parameters)
return request
async def extract_data(pipeline_response):
deserialized = self._deserialize('IncidentList', pipeline_response)
list_of_elem = deserialized.value
if cls:
list_of_elem = cls(list_of_elem)
return deserialized.next_link or None, AsyncList(list_of_elem)
async def get_next(next_link=None):
request = prepare_request(next_link)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
return pipeline_response
return AsyncItemPaged(
get_next, extract_data
)
list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents'} # type: ignore
async def get(
self,
resource_group_name: str,
workspace_name: str,
incident_id: str,
**kwargs
) -> "models.Incident":
"""Gets an incident.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param incident_id: Incident ID.
:type incident_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: Incident, or the result of cls(response)
:rtype: ~security_insights.models.Incident
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.Incident"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.get.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'incidentId': self._serialize.url("incident_id", incident_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
deserialized = self._deserialize('Incident', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}'} # type: ignore
async def create_or_update(
self,
resource_group_name: str,
workspace_name: str,
incident_id: str,
etag: Optional[str] = None,
classification: Optional[Union[str, "models.IncidentClassification"]] = None,
classification_comment: Optional[str] = None,
classification_reason: Optional[Union[str, "models.IncidentClassificationReason"]] = None,
description: Optional[str] = None,
first_activity_time_utc: Optional[datetime.datetime] = None,
labels: Optional[List["models.IncidentLabel"]] = None,
last_activity_time_utc: Optional[datetime.datetime] = None,
owner: Optional["models.IncidentOwnerInfo"] = None,
severity: Optional[Union[str, "models.IncidentSeverity"]] = None,
status: Optional[Union[str, "models.IncidentStatus"]] = None,
title: Optional[str] = None,
**kwargs
) -> "models.Incident":
"""Creates or updates the incident.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param incident_id: Incident ID.
:type incident_id: str
:param etag: Etag of the azure resource.
:type etag: str
:param classification: The reason the incident was closed.
:type classification: str or ~security_insights.models.IncidentClassification
:param classification_comment: Describes the reason the incident was closed.
:type classification_comment: str
:param classification_reason: The classification reason the incident was closed with.
:type classification_reason: str or ~security_insights.models.IncidentClassificationReason
:param description: The description of the incident.
:type description: str
:param first_activity_time_utc: The time of the first activity in the incident.
:type first_activity_time_utc: ~datetime.datetime
:param labels: List of labels relevant to this incident.
:type labels: list[~security_insights.models.IncidentLabel]
:param last_activity_time_utc: The time of the last activity in the incident.
:type last_activity_time_utc: ~datetime.datetime
:param owner: Describes a user that the incident is assigned to.
:type owner: ~security_insights.models.IncidentOwnerInfo
:param severity: The severity of the incident.
:type severity: str or ~security_insights.models.IncidentSeverity
:param status: The status of the incident.
:type status: str or ~security_insights.models.IncidentStatus
:param title: The title of the incident.
:type title: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: Incident, or the result of cls(response)
:rtype: ~security_insights.models.Incident
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.Incident"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
incident = models.Incident(etag=etag, classification=classification, classification_comment=classification_comment, classification_reason=classification_reason, description=description, first_activity_time_utc=first_activity_time_utc, labels=labels, last_activity_time_utc=last_activity_time_utc, owner=owner, severity=severity, status=status, title=title)
api_version = "2020-01-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.create_or_update.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'incidentId': self._serialize.url("incident_id", incident_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(incident, 'Incident')
body_content_kwargs['content'] = body_content
request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200, 201]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
if response.status_code == 200:
deserialized = self._deserialize('Incident', pipeline_response)
if response.status_code == 201:
deserialized = self._deserialize('Incident', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}'} # type: ignore
async def delete(
self,
resource_group_name: str,
workspace_name: str,
incident_id: str,
**kwargs
) -> None:
"""Delete the incident.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param incident_id: Incident ID.
:type incident_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: None, or the result of cls(response)
:rtype: None
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType[None]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.delete.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'incidentId': self._serialize.url("incident_id", incident_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.delete(url, query_parameters, header_parameters)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200, 204]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
if cls:
return cls(pipeline_response, None, {})
delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}'} # type: ignore

104
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/aio/operations/_operation_operations.py Normal file
Просмотреть файл

@ -0,0 +1,104 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import Any, AsyncIterable, Callable, Dict, Generic, Optional, TypeVar
import warnings
from azure.core.async_paging import AsyncItemPaged, AsyncList
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import AsyncHttpResponse, HttpRequest
from azure.mgmt.core.exceptions import ARMErrorFormat
from ... import models
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]]
class OperationOperations:
"""OperationOperations async operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~security_insights.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = models
def __init__(self, client, config, serializer, deserializer) -> None:
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def list(
self,
**kwargs
) -> AsyncIterable["models.OperationsList"]:
"""Lists all operations available Azure Security Insights Resource Provider.
:keyword callable cls: A custom type or function that will be passed the direct response
:return: An iterator like instance of either OperationsList or the result of cls(response)
:rtype: ~azure.core.async_paging.AsyncItemPaged[~security_insights.models.OperationsList]
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.OperationsList"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
def prepare_request(next_link=None):
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
if not next_link:
# Construct URL
url = self.list.metadata['url'] # type: ignore
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
request = self._client.get(url, query_parameters, header_parameters)
else:
url = next_link
query_parameters = {} # type: Dict[str, Any]
request = self._client.get(url, query_parameters, header_parameters)
return request
async def extract_data(pipeline_response):
deserialized = self._deserialize('OperationsList', pipeline_response)
list_of_elem = deserialized.value
if cls:
list_of_elem = cls(list_of_elem)
return deserialized.next_link or None, AsyncList(list_of_elem)
async def get_next(next_link=None):
request = prepare_request(next_link)
pipeline_response = await self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
return pipeline_response
return AsyncItemPaged(
get_next, extract_data
)
list.metadata = {'url': '/providers/Microsoft.SecurityInsights/operations'} # type: ignore

245
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/__init__.py Normal file
Просмотреть файл

@ -0,0 +1,245 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
try:
from ._models_py3 import AADDataConnector
from ._models_py3 import AATPDataConnector
from ._models_py3 import ASCDataConnector
from ._models_py3 import ASCDataConnectorProperties
from ._models_py3 import ActionPropertiesBase
from ._models_py3 import ActionRequest
from ._models_py3 import ActionRequestProperties
from ._models_py3 import ActionResponse
from ._models_py3 import ActionResponseProperties
from ._models_py3 import ActionsList
from ._models_py3 import AlertRule
from ._models_py3 import AlertRuleTemplate
from ._models_py3 import AlertRuleTemplateDataSource
from ._models_py3 import AlertRuleTemplatesList
from ._models_py3 import AlertRulesList
from ._models_py3 import AlertsDataTypeOfDataConnector
from ._models_py3 import AwsCloudTrailDataConnector
from ._models_py3 import AwsCloudTrailDataConnectorDataTypesLogs
from ._models_py3 import Bookmark
from ._models_py3 import BookmarkList
from ._models_py3 import ClientInfo
from ._models_py3 import DataConnector
from ._models_py3 import DataConnectorDataTypeCommon
from ._models_py3 import DataConnectorList
from ._models_py3 import DataConnectorTenantId
from ._models_py3 import DataConnectorWithAlertsProperties
from ._models_py3 import ErrorAdditionalInfo
from ._models_py3 import ErrorResponse
from ._models_py3 import FusionAlertRule
from ._models_py3 import FusionAlertRuleTemplate
from ._models_py3 import Incident
from ._models_py3 import IncidentAdditionalData
from ._models_py3 import IncidentComment
from ._models_py3 import IncidentCommentList
from ._models_py3 import IncidentInfo
from ._models_py3 import IncidentLabel
from ._models_py3 import IncidentList
from ._models_py3 import IncidentOwnerInfo
from ._models_py3 import MCASDataConnector
from ._models_py3 import MCASDataConnectorDataTypes
from ._models_py3 import MDATPDataConnector
from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRule
from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleCommonProperties
from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleProperties
from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleTemplate
from ._models_py3 import OfficeConsent
from ._models_py3 import OfficeConsentList
from ._models_py3 import OfficeDataConnector
from ._models_py3 import OfficeDataConnectorDataTypesExchange
from ._models_py3 import OfficeDataConnectorDataTypesSharePoint
from ._models_py3 import Operation
from ._models_py3 import OperationDisplay
from ._models_py3 import OperationsList
from ._models_py3 import Resource
from ._models_py3 import ResourceWithEtag
from ._models_py3 import ScheduledAlertRule
from ._models_py3 import ScheduledAlertRuleCommonProperties
from ._models_py3 import ScheduledAlertRuleProperties
from ._models_py3 import ScheduledAlertRuleTemplate
from ._models_py3 import Settings
from ._models_py3 import TIDataConnector
from ._models_py3 import TIDataConnectorDataTypesIndicators
from ._models_py3 import ThreatIntelligence
from ._models_py3 import ToggleSettings
from ._models_py3 import UebaSettings
except (SyntaxError, ImportError):
from ._models import AADDataConnector # type: ignore
from ._models import AATPDataConnector # type: ignore
from ._models import ASCDataConnector # type: ignore
from ._models import ASCDataConnectorProperties # type: ignore
from ._models import ActionPropertiesBase # type: ignore
from ._models import ActionRequest # type: ignore
from ._models import ActionRequestProperties # type: ignore
from ._models import ActionResponse # type: ignore
from ._models import ActionResponseProperties # type: ignore
from ._models import ActionsList # type: ignore
from ._models import AlertRule # type: ignore
from ._models import AlertRuleTemplate # type: ignore
from ._models import AlertRuleTemplateDataSource # type: ignore
from ._models import AlertRuleTemplatesList # type: ignore
from ._models import AlertRulesList # type: ignore
from ._models import AlertsDataTypeOfDataConnector # type: ignore
from ._models import AwsCloudTrailDataConnector # type: ignore
from ._models import AwsCloudTrailDataConnectorDataTypesLogs # type: ignore
from ._models import Bookmark # type: ignore
from ._models import BookmarkList # type: ignore
from ._models import ClientInfo # type: ignore
from ._models import DataConnector # type: ignore
from ._models import DataConnectorDataTypeCommon # type: ignore
from ._models import DataConnectorList # type: ignore
from ._models import DataConnectorTenantId # type: ignore
from ._models import DataConnectorWithAlertsProperties # type: ignore
from ._models import ErrorAdditionalInfo # type: ignore
from ._models import ErrorResponse # type: ignore
from ._models import FusionAlertRule # type: ignore
from ._models import FusionAlertRuleTemplate # type: ignore
from ._models import Incident # type: ignore
from ._models import IncidentAdditionalData # type: ignore
from ._models import IncidentComment # type: ignore
from ._models import IncidentCommentList # type: ignore
from ._models import IncidentInfo # type: ignore
from ._models import IncidentLabel # type: ignore
from ._models import IncidentList # type: ignore
from ._models import IncidentOwnerInfo # type: ignore
from ._models import MCASDataConnector # type: ignore
from ._models import MCASDataConnectorDataTypes # type: ignore
from ._models import MDATPDataConnector # type: ignore
from ._models import MicrosoftSecurityIncidentCreationAlertRule # type: ignore
from ._models import MicrosoftSecurityIncidentCreationAlertRuleCommonProperties # type: ignore
from ._models import MicrosoftSecurityIncidentCreationAlertRuleProperties # type: ignore
from ._models import MicrosoftSecurityIncidentCreationAlertRuleTemplate # type: ignore
from ._models import OfficeConsent # type: ignore
from ._models import OfficeConsentList # type: ignore
from ._models import OfficeDataConnector # type: ignore
from ._models import OfficeDataConnectorDataTypesExchange # type: ignore
from ._models import OfficeDataConnectorDataTypesSharePoint # type: ignore
from ._models import Operation # type: ignore
from ._models import OperationDisplay # type: ignore
from ._models import OperationsList # type: ignore
from ._models import Resource # type: ignore
from ._models import ResourceWithEtag # type: ignore
from ._models import ScheduledAlertRule # type: ignore
from ._models import ScheduledAlertRuleCommonProperties # type: ignore
from ._models import ScheduledAlertRuleProperties # type: ignore
from ._models import ScheduledAlertRuleTemplate # type: ignore
from ._models import Settings # type: ignore
from ._models import TIDataConnector # type: ignore
from ._models import TIDataConnectorDataTypesIndicators # type: ignore
from ._models import ThreatIntelligence # type: ignore
from ._models import ToggleSettings # type: ignore
from ._models import UebaSettings # type: ignore
from ._security_insights_enums import (
AlertRuleKind,
AlertSeverity,
AttackTactic,
CaseSeverity,
DataConnectorKind,
DataTypeState,
IncidentClassification,
IncidentClassificationReason,
IncidentLabelType,
IncidentSeverity,
IncidentStatus,
LicenseStatus,
MicrosoftSecurityProductName,
SettingKind,
StatusInMCAS,
TemplateStatus,
TriggerOperator,
)
__all__ = [
'AADDataConnector',
'AATPDataConnector',
'ASCDataConnector',
'ASCDataConnectorProperties',
'ActionPropertiesBase',
'ActionRequest',
'ActionRequestProperties',
'ActionResponse',
'ActionResponseProperties',
'ActionsList',
'AlertRule',
'AlertRuleTemplate',
'AlertRuleTemplateDataSource',
'AlertRuleTemplatesList',
'AlertRulesList',
'AlertsDataTypeOfDataConnector',
'AwsCloudTrailDataConnector',
'AwsCloudTrailDataConnectorDataTypesLogs',
'Bookmark',
'BookmarkList',
'ClientInfo',
'DataConnector',
'DataConnectorDataTypeCommon',
'DataConnectorList',
'DataConnectorTenantId',
'DataConnectorWithAlertsProperties',
'ErrorAdditionalInfo',
'ErrorResponse',
'FusionAlertRule',
'FusionAlertRuleTemplate',
'Incident',
'IncidentAdditionalData',
'IncidentComment',
'IncidentCommentList',
'IncidentInfo',
'IncidentLabel',
'IncidentList',
'IncidentOwnerInfo',
'MCASDataConnector',
'MCASDataConnectorDataTypes',
'MDATPDataConnector',
'MicrosoftSecurityIncidentCreationAlertRule',
'MicrosoftSecurityIncidentCreationAlertRuleCommonProperties',
'MicrosoftSecurityIncidentCreationAlertRuleProperties',
'MicrosoftSecurityIncidentCreationAlertRuleTemplate',
'OfficeConsent',
'OfficeConsentList',
'OfficeDataConnector',
'OfficeDataConnectorDataTypesExchange',
'OfficeDataConnectorDataTypesSharePoint',
'Operation',
'OperationDisplay',
'OperationsList',
'Resource',
'ResourceWithEtag',
'ScheduledAlertRule',
'ScheduledAlertRuleCommonProperties',
'ScheduledAlertRuleProperties',
'ScheduledAlertRuleTemplate',
'Settings',
'TIDataConnector',
'TIDataConnectorDataTypesIndicators',
'ThreatIntelligence',
'ToggleSettings',
'UebaSettings',
'AlertRuleKind',
'AlertSeverity',
'AttackTactic',
'CaseSeverity',
'DataConnectorKind',
'DataTypeState',
'IncidentClassification',
'IncidentClassificationReason',
'IncidentLabelType',
'IncidentSeverity',
'IncidentStatus',
'LicenseStatus',
'MicrosoftSecurityProductName',
'SettingKind',
'StatusInMCAS',
'TemplateStatus',
'TriggerOperator',
]

2922
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models.py Normal file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

3184
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_models_py3.py Normal file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

182
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/models/_security_insights_enums.py Normal file
Просмотреть файл

@ -0,0 +1,182 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from enum import Enum, EnumMeta
from six import with_metaclass
class _CaseInsensitiveEnumMeta(EnumMeta):
def __getitem__(self, name):
return super().__getitem__(name.upper())
def __getattr__(cls, name):
"""Return the enum member matching `name`
We use __getattr__ instead of descriptors or inserting into the enum
class' __dict__ in order to support `name` and `value` being both
properties for enum members (which live in the class' __dict__) and
enum members themselves.
"""
try:
return cls._member_map_[name.upper()]
except KeyError:
raise AttributeError(name)
class AlertRuleKind(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
"""The kind of the alert rule
"""
SCHEDULED = "Scheduled"
MICROSOFT_SECURITY_INCIDENT_CREATION = "MicrosoftSecurityIncidentCreation"
FUSION = "Fusion"
class AlertSeverity(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
"""The severity of the alert
"""
HIGH = "High" #: High severity.
MEDIUM = "Medium" #: Medium severity.
LOW = "Low" #: Low severity.
INFORMATIONAL = "Informational" #: Informational severity.
class AttackTactic(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
"""The severity for alerts created by this alert rule.
"""
INITIAL_ACCESS = "InitialAccess"
EXECUTION = "Execution"
PERSISTENCE = "Persistence"
PRIVILEGE_ESCALATION = "PrivilegeEscalation"
DEFENSE_EVASION = "DefenseEvasion"
CREDENTIAL_ACCESS = "CredentialAccess"
DISCOVERY = "Discovery"
LATERAL_MOVEMENT = "LateralMovement"
COLLECTION = "Collection"
EXFILTRATION = "Exfiltration"
COMMAND_AND_CONTROL = "CommandAndControl"
IMPACT = "Impact"
class CaseSeverity(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
"""The severity of the incident
"""
CRITICAL = "Critical" #: Critical severity.
HIGH = "High" #: High severity.
MEDIUM = "Medium" #: Medium severity.
LOW = "Low" #: Low severity.
INFORMATIONAL = "Informational" #: Informational severity.
class DataConnectorKind(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
"""The kind of the data connector
"""
AZURE_ACTIVE_DIRECTORY = "AzureActiveDirectory"
AZURE_SECURITY_CENTER = "AzureSecurityCenter"
MICROSOFT_CLOUD_APP_SECURITY = "MicrosoftCloudAppSecurity"
THREAT_INTELLIGENCE = "ThreatIntelligence"
OFFICE365 = "Office365"
AMAZON_WEB_SERVICES_CLOUD_TRAIL = "AmazonWebServicesCloudTrail"
AZURE_ADVANCED_THREAT_PROTECTION = "AzureAdvancedThreatProtection"
MICROSOFT_DEFENDER_ADVANCED_THREAT_PROTECTION = "MicrosoftDefenderAdvancedThreatProtection"
class DataTypeState(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
"""Describe whether this data type connection is enabled or not.
"""
ENABLED = "Enabled"
DISABLED = "Disabled"
class IncidentClassification(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
"""The reason the incident was closed
"""
UNDETERMINED = "Undetermined" #: Incident classification was undetermined.
TRUE_POSITIVE = "TruePositive" #: Incident was true positive.
BENIGN_POSITIVE = "BenignPositive" #: Incident was benign positive.
FALSE_POSITIVE = "FalsePositive" #: Incident was false positive.
class IncidentClassificationReason(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
"""The classification reason the incident was closed with
"""
SUSPICIOUS_ACTIVITY = "SuspiciousActivity" #: Classification reason was suspicious activity.
SUSPICIOUS_BUT_EXPECTED = "SuspiciousButExpected" #: Classification reason was suspicious but expected.
INCORRECT_ALERT_LOGIC = "IncorrectAlertLogic" #: Classification reason was incorrect alert logic.
INACCURATE_DATA = "InaccurateData" #: Classification reason was inaccurate data.
class IncidentLabelType(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
"""The type of the label
"""
USER = "User" #: Label manually created by a user.
SYSTEM = "System" #: Label automatically created by the system.
class IncidentSeverity(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
"""The severity of the incident
"""
HIGH = "High" #: High severity.
MEDIUM = "Medium" #: Medium severity.
LOW = "Low" #: Low severity.
INFORMATIONAL = "Informational" #: Informational severity.
class IncidentStatus(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
"""The status of the incident
"""
NEW = "New" #: An active incident which isn't being handled currently.
ACTIVE = "Active" #: An active incident which is being handled.
CLOSED = "Closed" #: A non-active incident.
class LicenseStatus(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
"""Determines whether the tenant has ATP (Advanced Threat Protection) license.
"""
ENABLED = "Enabled"
DISABLED = "Disabled"
class MicrosoftSecurityProductName(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
"""The alerts' productName on which the cases will be generated
"""
MICROSOFT_CLOUD_APP_SECURITY = "Microsoft Cloud App Security"
AZURE_SECURITY_CENTER = "Azure Security Center"
AZURE_ADVANCED_THREAT_PROTECTION = "Azure Advanced Threat Protection"
AZURE_ACTIVE_DIRECTORY_IDENTITY_PROTECTION = "Azure Active Directory Identity Protection"
AZURE_SECURITY_CENTER_FOR_IO_T = "Azure Security Center for IoT"
class SettingKind(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
"""The kind of the setting
"""
UEBA_SETTINGS = "UebaSettings"
TOGGLE_SETTINGS = "ToggleSettings"
class StatusInMCAS(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
"""Determines whether User and Entity Behavior Analytics is enabled from MCAS (Microsoft Cloud App
Security).
"""
ENABLED = "Enabled"
DISABLED = "Disabled"
class TemplateStatus(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
"""The alert rule template status.
"""
INSTALLED = "Installed" #: Alert rule template installed. and can not use more then once.
AVAILABLE = "Available" #: Alert rule template is available.
NOT_AVAILABLE = "NotAvailable" #: Alert rule template is not available.
class TriggerOperator(with_metaclass(_CaseInsensitiveEnumMeta, str, Enum)):
"""The operation against the threshold that triggers alert rule.
"""
GREATER_THAN = "GreaterThan"
LESS_THAN = "LessThan"
EQUAL = "Equal"
NOT_EQUAL = "NotEqual"

27
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/__init__.py Normal file
Просмотреть файл

@ -0,0 +1,27 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from ._operation_operations import OperationOperations
from ._alert_rule_operations import AlertRuleOperations
from ._action_operations import ActionOperations
from ._alert_rule_template_operations import AlertRuleTemplateOperations
from ._bookmark_operations import BookmarkOperations
from ._data_connector_operations import DataConnectorOperations
from ._incident_operations import IncidentOperations
from ._incident_comment_operations import IncidentCommentOperations
__all__ = [
'OperationOperations',
'AlertRuleOperations',
'ActionOperations',
'AlertRuleTemplateOperations',
'BookmarkOperations',
'DataConnectorOperations',
'IncidentOperations',
'IncidentCommentOperations',
]

126
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_action_operations.py Normal file
Просмотреть файл

@ -0,0 +1,126 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import TYPE_CHECKING
import warnings
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.paging import ItemPaged
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import HttpRequest, HttpResponse
from azure.mgmt.core.exceptions import ARMErrorFormat
from .. import models
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from typing import Any, Callable, Dict, Generic, Iterable, Optional, TypeVar
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]]
class ActionOperations(object):
"""ActionOperations operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~security_insights.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = models
def __init__(self, client, config, serializer, deserializer):
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def list_by_alert_rule(
self,
resource_group_name, # type: str
workspace_name, # type: str
rule_id, # type: str
**kwargs # type: Any
):
# type: (...) -> Iterable["models.ActionsList"]
"""Gets all actions of alert rule.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param rule_id: Alert rule ID.
:type rule_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: An iterator like instance of either ActionsList or the result of cls(response)
:rtype: ~azure.core.paging.ItemPaged[~security_insights.models.ActionsList]
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.ActionsList"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
def prepare_request(next_link=None):
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
if not next_link:
# Construct URL
url = self.list_by_alert_rule.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'ruleId': self._serialize.url("rule_id", rule_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
request = self._client.get(url, query_parameters, header_parameters)
else:
url = next_link
query_parameters = {} # type: Dict[str, Any]
request = self._client.get(url, query_parameters, header_parameters)
return request
def extract_data(pipeline_response):
deserialized = self._deserialize('ActionsList', pipeline_response)
list_of_elem = deserialized.value
if cls:
list_of_elem = cls(list_of_elem)
return deserialized.next_link or None, iter(list_of_elem)
def get_next(next_link=None):
request = prepare_request(next_link)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
return pipeline_response
return ItemPaged(
get_next, extract_data
)
list_by_alert_rule.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions'} # type: ignore

546
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_operations.py Normal file
Просмотреть файл

@ -0,0 +1,546 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import TYPE_CHECKING
import warnings
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.paging import ItemPaged
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import HttpRequest, HttpResponse
from azure.mgmt.core.exceptions import ARMErrorFormat
from .. import models
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from typing import Any, Callable, Dict, Generic, Iterable, Optional, TypeVar, Union
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]]
class AlertRuleOperations(object):
"""AlertRuleOperations operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~security_insights.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = models
def __init__(self, client, config, serializer, deserializer):
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def list(
self,
resource_group_name, # type: str
workspace_name, # type: str
**kwargs # type: Any
):
# type: (...) -> Iterable["models.AlertRulesList"]
"""Gets all alert rules.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: An iterator like instance of either AlertRulesList or the result of cls(response)
:rtype: ~azure.core.paging.ItemPaged[~security_insights.models.AlertRulesList]
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRulesList"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
def prepare_request(next_link=None):
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
if not next_link:
# Construct URL
url = self.list.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
request = self._client.get(url, query_parameters, header_parameters)
else:
url = next_link
query_parameters = {} # type: Dict[str, Any]
request = self._client.get(url, query_parameters, header_parameters)
return request
def extract_data(pipeline_response):
deserialized = self._deserialize('AlertRulesList', pipeline_response)
list_of_elem = deserialized.value
if cls:
list_of_elem = cls(list_of_elem)
return deserialized.next_link or None, iter(list_of_elem)
def get_next(next_link=None):
request = prepare_request(next_link)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
return pipeline_response
return ItemPaged(
get_next, extract_data
)
list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules'} # type: ignore
def get(
self,
resource_group_name, # type: str
workspace_name, # type: str
rule_id, # type: str
**kwargs # type: Any
):
# type: (...) -> "models.AlertRule"
"""Gets the alert rule.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param rule_id: Alert rule ID.
:type rule_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: AlertRule, or the result of cls(response)
:rtype: ~security_insights.models.AlertRule
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRule"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.get.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'ruleId': self._serialize.url("rule_id", rule_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
deserialized = self._deserialize('AlertRule', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore
def create_or_update(
self,
resource_group_name, # type: str
workspace_name, # type: str
rule_id, # type: str
alert_rule, # type: "models.AlertRule"
**kwargs # type: Any
):
# type: (...) -> "models.AlertRule"
"""Creates or updates the alert rule.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param rule_id: Alert rule ID.
:type rule_id: str
:param alert_rule: The alert rule.
:type alert_rule: ~security_insights.models.AlertRule
:keyword callable cls: A custom type or function that will be passed the direct response
:return: AlertRule, or the result of cls(response)
:rtype: ~security_insights.models.AlertRule
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRule"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.create_or_update.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'ruleId': self._serialize.url("rule_id", rule_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(alert_rule, 'AlertRule')
body_content_kwargs['content'] = body_content
request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200, 201]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
if response.status_code == 200:
deserialized = self._deserialize('AlertRule', pipeline_response)
if response.status_code == 201:
deserialized = self._deserialize('AlertRule', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore
def delete(
self,
resource_group_name, # type: str
workspace_name, # type: str
rule_id, # type: str
**kwargs # type: Any
):
# type: (...) -> None
"""Delete the alert rule.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param rule_id: Alert rule ID.
:type rule_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: None, or the result of cls(response)
:rtype: None
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType[None]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.delete.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'ruleId': self._serialize.url("rule_id", rule_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.delete(url, query_parameters, header_parameters)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200, 204]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
if cls:
return cls(pipeline_response, None, {})
delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}'} # type: ignore
def get_action(
self,
resource_group_name, # type: str
workspace_name, # type: str
rule_id, # type: str
action_id, # type: str
**kwargs # type: Any
):
# type: (...) -> "models.ActionResponse"
"""Gets the action of alert rule.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param rule_id: Alert rule ID.
:type rule_id: str
:param action_id: Action ID.
:type action_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: ActionResponse, or the result of cls(response)
:rtype: ~security_insights.models.ActionResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.ActionResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.get_action.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'ruleId': self._serialize.url("rule_id", rule_id, 'str'),
'actionId': self._serialize.url("action_id", action_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
deserialized = self._deserialize('ActionResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore
def create_or_update_action(
self,
resource_group_name, # type: str
workspace_name, # type: str
rule_id, # type: str
action_id, # type: str
etag=None, # type: Optional[str]
logic_app_resource_id=None, # type: Optional[str]
trigger_uri=None, # type: Optional[str]
**kwargs # type: Any
):
# type: (...) -> "models.ActionResponse"
"""Creates or updates the action of alert rule.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param rule_id: Alert rule ID.
:type rule_id: str
:param action_id: Action ID.
:type action_id: str
:param etag: Etag of the azure resource.
:type etag: str
:param logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-
subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-
workflow-id}.
:type logic_app_resource_id: str
:param trigger_uri: Logic App Callback URL for this specific workflow.
:type trigger_uri: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: ActionResponse, or the result of cls(response)
:rtype: ~security_insights.models.ActionResponse
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.ActionResponse"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
action = models.ActionRequest(etag=etag, logic_app_resource_id=logic_app_resource_id, trigger_uri=trigger_uri)
api_version = "2020-01-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.create_or_update_action.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'ruleId': self._serialize.url("rule_id", rule_id, 'str'),
'actionId': self._serialize.url("action_id", action_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(action, 'ActionRequest')
body_content_kwargs['content'] = body_content
request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200, 201]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
if response.status_code == 200:
deserialized = self._deserialize('ActionResponse', pipeline_response)
if response.status_code == 201:
deserialized = self._deserialize('ActionResponse', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
create_or_update_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore
def delete_action(
self,
resource_group_name, # type: str
workspace_name, # type: str
rule_id, # type: str
action_id, # type: str
**kwargs # type: Any
):
# type: (...) -> None
"""Delete the action of alert rule.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param rule_id: Alert rule ID.
:type rule_id: str
:param action_id: Action ID.
:type action_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: None, or the result of cls(response)
:rtype: None
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType[None]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.delete_action.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'ruleId': self._serialize.url("rule_id", rule_id, 'str'),
'actionId': self._serialize.url("action_id", action_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.delete(url, query_parameters, header_parameters)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200, 204]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
if cls:
return cls(pipeline_response, None, {})
delete_action.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}'} # type: ignore

186
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_alert_rule_template_operations.py Normal file
Просмотреть файл

@ -0,0 +1,186 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import TYPE_CHECKING
import warnings
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.paging import ItemPaged
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import HttpRequest, HttpResponse
from azure.mgmt.core.exceptions import ARMErrorFormat
from .. import models
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from typing import Any, Callable, Dict, Generic, Iterable, Optional, TypeVar
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]]
class AlertRuleTemplateOperations(object):
"""AlertRuleTemplateOperations operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~security_insights.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = models
def __init__(self, client, config, serializer, deserializer):
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def list(
self,
resource_group_name, # type: str
workspace_name, # type: str
**kwargs # type: Any
):
# type: (...) -> Iterable["models.AlertRuleTemplatesList"]
"""Gets all alert rule templates.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: An iterator like instance of either AlertRuleTemplatesList or the result of cls(response)
:rtype: ~azure.core.paging.ItemPaged[~security_insights.models.AlertRuleTemplatesList]
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRuleTemplatesList"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
def prepare_request(next_link=None):
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
if not next_link:
# Construct URL
url = self.list.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
request = self._client.get(url, query_parameters, header_parameters)
else:
url = next_link
query_parameters = {} # type: Dict[str, Any]
request = self._client.get(url, query_parameters, header_parameters)
return request
def extract_data(pipeline_response):
deserialized = self._deserialize('AlertRuleTemplatesList', pipeline_response)
list_of_elem = deserialized.value
if cls:
list_of_elem = cls(list_of_elem)
return deserialized.next_link or None, iter(list_of_elem)
def get_next(next_link=None):
request = prepare_request(next_link)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
return pipeline_response
return ItemPaged(
get_next, extract_data
)
list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates'} # type: ignore
def get(
self,
resource_group_name, # type: str
workspace_name, # type: str
alert_rule_template_id, # type: str
**kwargs # type: Any
):
# type: (...) -> "models.AlertRuleTemplate"
"""Gets the alert rule template.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param alert_rule_template_id: Alert rule template ID.
:type alert_rule_template_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: AlertRuleTemplate, or the result of cls(response)
:rtype: ~security_insights.models.AlertRuleTemplate
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.AlertRuleTemplate"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.get.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'alertRuleTemplateId': self._serialize.url("alert_rule_template_id", alert_rule_template_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
deserialized = self._deserialize('AlertRuleTemplate', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}'} # type: ignore

353
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_bookmark_operations.py Normal file
Просмотреть файл

@ -0,0 +1,353 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
import datetime
from typing import TYPE_CHECKING
import warnings
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.paging import ItemPaged
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import HttpRequest, HttpResponse
from azure.mgmt.core.exceptions import ARMErrorFormat
from .. import models
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from typing import Any, Callable, Dict, Generic, Iterable, List, Optional, TypeVar, Union
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]]
class BookmarkOperations(object):
"""BookmarkOperations operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~security_insights.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = models
def __init__(self, client, config, serializer, deserializer):
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def list(
self,
resource_group_name, # type: str
workspace_name, # type: str
**kwargs # type: Any
):
# type: (...) -> Iterable["models.BookmarkList"]
"""Gets all bookmarks.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: An iterator like instance of either BookmarkList or the result of cls(response)
:rtype: ~azure.core.paging.ItemPaged[~security_insights.models.BookmarkList]
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.BookmarkList"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
def prepare_request(next_link=None):
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
if not next_link:
# Construct URL
url = self.list.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
request = self._client.get(url, query_parameters, header_parameters)
else:
url = next_link
query_parameters = {} # type: Dict[str, Any]
request = self._client.get(url, query_parameters, header_parameters)
return request
def extract_data(pipeline_response):
deserialized = self._deserialize('BookmarkList', pipeline_response)
list_of_elem = deserialized.value
if cls:
list_of_elem = cls(list_of_elem)
return deserialized.next_link or None, iter(list_of_elem)
def get_next(next_link=None):
request = prepare_request(next_link)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
return pipeline_response
return ItemPaged(
get_next, extract_data
)
list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks'} # type: ignore
def get(
self,
resource_group_name, # type: str
workspace_name, # type: str
bookmark_id, # type: str
**kwargs # type: Any
):
# type: (...) -> "models.Bookmark"
"""Gets a bookmark.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param bookmark_id: Bookmark ID.
:type bookmark_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: Bookmark, or the result of cls(response)
:rtype: ~security_insights.models.Bookmark
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.Bookmark"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.get.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'bookmarkId': self._serialize.url("bookmark_id", bookmark_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
deserialized = self._deserialize('Bookmark', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}'} # type: ignore
def create_or_update(
self,
resource_group_name, # type: str
workspace_name, # type: str
bookmark_id, # type: str
etag=None, # type: Optional[str]
created=None, # type: Optional[datetime.datetime]
display_name=None, # type: Optional[str]
labels=None, # type: Optional[List[str]]
notes=None, # type: Optional[str]
query=None, # type: Optional[str]
query_result=None, # type: Optional[str]
updated=None, # type: Optional[datetime.datetime]
incident_info=None, # type: Optional["models.IncidentInfo"]
object_id=None, # type: Optional[str]
**kwargs # type: Any
):
# type: (...) -> "models.Bookmark"
"""Creates or updates the bookmark.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param bookmark_id: Bookmark ID.
:type bookmark_id: str
:param etag: Etag of the azure resource.
:type etag: str
:param created: The time the bookmark was created.
:type created: ~datetime.datetime
:param display_name: The display name of the bookmark.
:type display_name: str
:param labels: List of labels relevant to this bookmark.
:type labels: list[str]
:param notes: The notes of the bookmark.
:type notes: str
:param query: The query of the bookmark.
:type query: str
:param query_result: The query result of the bookmark.
:type query_result: str
:param updated: The last time the bookmark was updated.
:type updated: ~datetime.datetime
:param incident_info: Describes an incident that relates to bookmark.
:type incident_info: ~security_insights.models.IncidentInfo
:param object_id: The object id of the user.
:type object_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: Bookmark, or the result of cls(response)
:rtype: ~security_insights.models.Bookmark
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.Bookmark"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
bookmark = models.Bookmark(etag=etag, created=created, display_name=display_name, labels=labels, notes=notes, query=query, query_result=query_result, updated=updated, incident_info=incident_info, object_id_updated_by_object_id=object_id)
api_version = "2020-01-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.create_or_update.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'bookmarkId': self._serialize.url("bookmark_id", bookmark_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(bookmark, 'Bookmark')
body_content_kwargs['content'] = body_content
request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200, 201]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
if response.status_code == 200:
deserialized = self._deserialize('Bookmark', pipeline_response)
if response.status_code == 201:
deserialized = self._deserialize('Bookmark', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}'} # type: ignore
def delete(
self,
resource_group_name, # type: str
workspace_name, # type: str
bookmark_id, # type: str
**kwargs # type: Any
):
# type: (...) -> None
"""Delete the bookmark.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param bookmark_id: Bookmark ID.
:type bookmark_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: None, or the result of cls(response)
:rtype: None
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType[None]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.delete.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'bookmarkId': self._serialize.url("bookmark_id", bookmark_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.delete(url, query_parameters, header_parameters)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200, 204]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
if cls:
return cls(pipeline_response, None, {})
delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}'} # type: ignore

324
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_data_connector_operations.py Normal file
Просмотреть файл

@ -0,0 +1,324 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import TYPE_CHECKING
import warnings
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.paging import ItemPaged
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import HttpRequest, HttpResponse
from azure.mgmt.core.exceptions import ARMErrorFormat
from .. import models
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from typing import Any, Callable, Dict, Generic, Iterable, Optional, TypeVar, Union
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]]
class DataConnectorOperations(object):
"""DataConnectorOperations operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~security_insights.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = models
def __init__(self, client, config, serializer, deserializer):
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def list(
self,
resource_group_name, # type: str
workspace_name, # type: str
**kwargs # type: Any
):
# type: (...) -> Iterable["models.DataConnectorList"]
"""Gets all data connectors.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: An iterator like instance of either DataConnectorList or the result of cls(response)
:rtype: ~azure.core.paging.ItemPaged[~security_insights.models.DataConnectorList]
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.DataConnectorList"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
def prepare_request(next_link=None):
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
if not next_link:
# Construct URL
url = self.list.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
request = self._client.get(url, query_parameters, header_parameters)
else:
url = next_link
query_parameters = {} # type: Dict[str, Any]
request = self._client.get(url, query_parameters, header_parameters)
return request
def extract_data(pipeline_response):
deserialized = self._deserialize('DataConnectorList', pipeline_response)
list_of_elem = deserialized.value
if cls:
list_of_elem = cls(list_of_elem)
return deserialized.next_link or None, iter(list_of_elem)
def get_next(next_link=None):
request = prepare_request(next_link)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
return pipeline_response
return ItemPaged(
get_next, extract_data
)
list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors'} # type: ignore
def get(
self,
resource_group_name, # type: str
workspace_name, # type: str
data_connector_id, # type: str
**kwargs # type: Any
):
# type: (...) -> "models.DataConnector"
"""Gets a data connector.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param data_connector_id: Connector ID.
:type data_connector_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: DataConnector, or the result of cls(response)
:rtype: ~security_insights.models.DataConnector
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.DataConnector"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.get.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
deserialized = self._deserialize('DataConnector', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} # type: ignore
def create_or_update(
self,
resource_group_name, # type: str
workspace_name, # type: str
data_connector_id, # type: str
data_connector, # type: "models.DataConnector"
**kwargs # type: Any
):
# type: (...) -> "models.DataConnector"
"""Creates or updates the data connector.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param data_connector_id: Connector ID.
:type data_connector_id: str
:param data_connector: The data connector.
:type data_connector: ~security_insights.models.DataConnector
:keyword callable cls: A custom type or function that will be passed the direct response
:return: DataConnector, or the result of cls(response)
:rtype: ~security_insights.models.DataConnector
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.DataConnector"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.create_or_update.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
print(url)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(data_connector, 'DataConnector')
body_content_kwargs['content'] = body_content
request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200, 201]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
if response.status_code == 200:
deserialized = self._deserialize('DataConnector', pipeline_response)
if response.status_code == 201:
deserialized = self._deserialize('DataConnector', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} # type: ignore
def delete(
self,
resource_group_name, # type: str
workspace_name, # type: str
data_connector_id, # type: str
**kwargs # type: Any
):
# type: (...) -> None
"""Delete the data connector.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param data_connector_id: Connector ID.
:type data_connector_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: None, or the result of cls(response)
:rtype: None
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType[None]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.delete.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'dataConnectorId': self._serialize.url("data_connector_id", data_connector_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.delete(url, query_parameters, header_parameters)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200, 204]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
if cls:
return cls(pipeline_response, None, {})
delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}'} # type: ignore

294
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_comment_operations.py Normal file
Просмотреть файл

@ -0,0 +1,294 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import TYPE_CHECKING
import warnings
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.paging import ItemPaged
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import HttpRequest, HttpResponse
from azure.mgmt.core.exceptions import ARMErrorFormat
from .. import models
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from typing import Any, Callable, Dict, Generic, Iterable, Optional, TypeVar
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]]
class IncidentCommentOperations(object):
"""IncidentCommentOperations operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~security_insights.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = models
def __init__(self, client, config, serializer, deserializer):
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def list_by_incident(
self,
resource_group_name, # type: str
workspace_name, # type: str
incident_id, # type: str
filter=None, # type: Optional[str]
orderby=None, # type: Optional[str]
top=None, # type: Optional[int]
skip_token=None, # type: Optional[str]
**kwargs # type: Any
):
# type: (...) -> Iterable["models.IncidentCommentList"]
"""Gets all incident comments.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param incident_id: Incident ID.
:type incident_id: str
:param filter: Filters the results, based on a Boolean condition. Optional.
:type filter: str
:param orderby: Sorts the results. Optional.
:type orderby: str
:param top: Returns only the first n results. Optional.
:type top: int
:param skip_token: Skiptoken is only used if a previous operation returned a partial result. If
a previous response contains a nextLink element, the value of the nextLink element will include
a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
:type skip_token: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: An iterator like instance of either IncidentCommentList or the result of cls(response)
:rtype: ~azure.core.paging.ItemPaged[~security_insights.models.IncidentCommentList]
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.IncidentCommentList"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
def prepare_request(next_link=None):
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
if not next_link:
# Construct URL
url = self.list_by_incident.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'incidentId': self._serialize.url("incident_id", incident_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
if filter is not None:
query_parameters['$filter'] = self._serialize.query("filter", filter, 'str')
if orderby is not None:
query_parameters['$orderby'] = self._serialize.query("orderby", orderby, 'str')
if top is not None:
query_parameters['$top'] = self._serialize.query("top", top, 'int')
if skip_token is not None:
query_parameters['$skipToken'] = self._serialize.query("skip_token", skip_token, 'str')
request = self._client.get(url, query_parameters, header_parameters)
else:
url = next_link
query_parameters = {} # type: Dict[str, Any]
request = self._client.get(url, query_parameters, header_parameters)
return request
def extract_data(pipeline_response):
deserialized = self._deserialize('IncidentCommentList', pipeline_response)
list_of_elem = deserialized.value
if cls:
list_of_elem = cls(list_of_elem)
return deserialized.next_link or None, iter(list_of_elem)
def get_next(next_link=None):
request = prepare_request(next_link)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
return pipeline_response
return ItemPaged(
get_next, extract_data
)
list_by_incident.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments'} # type: ignore
def get(
self,
resource_group_name, # type: str
workspace_name, # type: str
incident_id, # type: str
incident_comment_id, # type: str
**kwargs # type: Any
):
# type: (...) -> "models.IncidentComment"
"""Gets an incident comment.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param incident_id: Incident ID.
:type incident_id: str
:param incident_comment_id: Incident comment ID.
:type incident_comment_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: IncidentComment, or the result of cls(response)
:rtype: ~security_insights.models.IncidentComment
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.IncidentComment"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.get.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'incidentId': self._serialize.url("incident_id", incident_id, 'str'),
'incidentCommentId': self._serialize.url("incident_comment_id", incident_comment_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
deserialized = self._deserialize('IncidentComment', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}'} # type: ignore
def create_comment(
self,
resource_group_name, # type: str
workspace_name, # type: str
incident_id, # type: str
incident_comment_id, # type: str
message=None, # type: Optional[str]
**kwargs # type: Any
):
# type: (...) -> "models.IncidentComment"
"""Creates the incident comment.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param incident_id: Incident ID.
:type incident_id: str
:param incident_comment_id: Incident comment ID.
:type incident_comment_id: str
:param message: The comment message.
:type message: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: IncidentComment, or the result of cls(response)
:rtype: ~security_insights.models.IncidentComment
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.IncidentComment"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
incident_comment = models.IncidentComment(message=message)
api_version = "2020-01-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.create_comment.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'incidentId': self._serialize.url("incident_id", incident_id, 'str'),
'incidentCommentId': self._serialize.url("incident_comment_id", incident_comment_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(incident_comment, 'IncidentComment')
body_content_kwargs['content'] = body_content
request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [201]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
deserialized = self._deserialize('IncidentComment', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
create_comment.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}'} # type: ignore

381
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_incident_operations.py Normal file
Просмотреть файл

@ -0,0 +1,381 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
import datetime
from typing import TYPE_CHECKING
import warnings
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.paging import ItemPaged
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import HttpRequest, HttpResponse
from azure.mgmt.core.exceptions import ARMErrorFormat
from .. import models
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from typing import Any, Callable, Dict, Generic, Iterable, List, Optional, TypeVar, Union
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]]
class IncidentOperations(object):
"""IncidentOperations operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~security_insights.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = models
def __init__(self, client, config, serializer, deserializer):
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def list(
self,
resource_group_name, # type: str
workspace_name, # type: str
filter=None, # type: Optional[str]
orderby=None, # type: Optional[str]
top=None, # type: Optional[int]
skip_token=None, # type: Optional[str]
**kwargs # type: Any
):
# type: (...) -> Iterable["models.IncidentList"]
"""Gets all incidents.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param filter: Filters the results, based on a Boolean condition. Optional.
:type filter: str
:param orderby: Sorts the results. Optional.
:type orderby: str
:param top: Returns only the first n results. Optional.
:type top: int
:param skip_token: Skiptoken is only used if a previous operation returned a partial result. If
a previous response contains a nextLink element, the value of the nextLink element will include
a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
:type skip_token: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: An iterator like instance of either IncidentList or the result of cls(response)
:rtype: ~azure.core.paging.ItemPaged[~security_insights.models.IncidentList]
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.IncidentList"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
def prepare_request(next_link=None):
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
if not next_link:
# Construct URL
url = self.list.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
if filter is not None:
query_parameters['$filter'] = self._serialize.query("filter", filter, 'str')
if orderby is not None:
query_parameters['$orderby'] = self._serialize.query("orderby", orderby, 'str')
if top is not None:
query_parameters['$top'] = self._serialize.query("top", top, 'int')
if skip_token is not None:
query_parameters['$skipToken'] = self._serialize.query("skip_token", skip_token, 'str')
request = self._client.get(url, query_parameters, header_parameters)
else:
url = next_link
query_parameters = {} # type: Dict[str, Any]
request = self._client.get(url, query_parameters, header_parameters)
return request
def extract_data(pipeline_response):
deserialized = self._deserialize('IncidentList', pipeline_response)
list_of_elem = deserialized.value
if cls:
list_of_elem = cls(list_of_elem)
return deserialized.next_link or None, iter(list_of_elem)
def get_next(next_link=None):
request = prepare_request(next_link)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
return pipeline_response
return ItemPaged(
get_next, extract_data
)
list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents'} # type: ignore
def get(
self,
resource_group_name, # type: str
workspace_name, # type: str
incident_id, # type: str
**kwargs # type: Any
):
# type: (...) -> "models.Incident"
"""Gets an incident.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param incident_id: Incident ID.
:type incident_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: Incident, or the result of cls(response)
:rtype: ~security_insights.models.Incident
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.Incident"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.get.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'incidentId': self._serialize.url("incident_id", incident_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.get(url, query_parameters, header_parameters)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
deserialized = self._deserialize('Incident', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}'} # type: ignore
def create_or_update(
self,
resource_group_name, # type: str
workspace_name, # type: str
incident_id, # type: str
etag=None, # type: Optional[str]
classification=None, # type: Optional[Union[str, "models.IncidentClassification"]]
classification_comment=None, # type: Optional[str]
classification_reason=None, # type: Optional[Union[str, "models.IncidentClassificationReason"]]
description=None, # type: Optional[str]
first_activity_time_utc=None, # type: Optional[datetime.datetime]
labels=None, # type: Optional[List["models.IncidentLabel"]]
last_activity_time_utc=None, # type: Optional[datetime.datetime]
owner=None, # type: Optional["models.IncidentOwnerInfo"]
severity=None, # type: Optional[Union[str, "models.IncidentSeverity"]]
status=None, # type: Optional[Union[str, "models.IncidentStatus"]]
title=None, # type: Optional[str]
**kwargs # type: Any
):
# type: (...) -> "models.Incident"
"""Creates or updates the incident.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param incident_id: Incident ID.
:type incident_id: str
:param etag: Etag of the azure resource.
:type etag: str
:param classification: The reason the incident was closed.
:type classification: str or ~security_insights.models.IncidentClassification
:param classification_comment: Describes the reason the incident was closed.
:type classification_comment: str
:param classification_reason: The classification reason the incident was closed with.
:type classification_reason: str or ~security_insights.models.IncidentClassificationReason
:param description: The description of the incident.
:type description: str
:param first_activity_time_utc: The time of the first activity in the incident.
:type first_activity_time_utc: ~datetime.datetime
:param labels: List of labels relevant to this incident.
:type labels: list[~security_insights.models.IncidentLabel]
:param last_activity_time_utc: The time of the last activity in the incident.
:type last_activity_time_utc: ~datetime.datetime
:param owner: Describes a user that the incident is assigned to.
:type owner: ~security_insights.models.IncidentOwnerInfo
:param severity: The severity of the incident.
:type severity: str or ~security_insights.models.IncidentSeverity
:param status: The status of the incident.
:type status: str or ~security_insights.models.IncidentStatus
:param title: The title of the incident.
:type title: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: Incident, or the result of cls(response)
:rtype: ~security_insights.models.Incident
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.Incident"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
incident = models.Incident(etag=etag, classification=classification, classification_comment=classification_comment, classification_reason=classification_reason, description=description, first_activity_time_utc=first_activity_time_utc, labels=labels, last_activity_time_utc=last_activity_time_utc, owner=owner, severity=severity, status=status, title=title)
api_version = "2020-01-01"
content_type = kwargs.pop("content_type", "application/json")
accept = "application/json"
# Construct URL
url = self.create_or_update.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'incidentId': self._serialize.url("incident_id", incident_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Content-Type'] = self._serialize.header("content_type", content_type, 'str')
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
body_content_kwargs = {} # type: Dict[str, Any]
body_content = self._serialize.body(incident, 'Incident')
body_content_kwargs['content'] = body_content
request = self._client.put(url, query_parameters, header_parameters, **body_content_kwargs)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200, 201]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
if response.status_code == 200:
deserialized = self._deserialize('Incident', pipeline_response)
if response.status_code == 201:
deserialized = self._deserialize('Incident', pipeline_response)
if cls:
return cls(pipeline_response, deserialized, {})
return deserialized
create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}'} # type: ignore
def delete(
self,
resource_group_name, # type: str
workspace_name, # type: str
incident_id, # type: str
**kwargs # type: Any
):
# type: (...) -> None
"""Delete the incident.
:param resource_group_name: The name of the resource group within the user's subscription. The
name is case insensitive.
:type resource_group_name: str
:param workspace_name: The name of the workspace.
:type workspace_name: str
:param incident_id: Incident ID.
:type incident_id: str
:keyword callable cls: A custom type or function that will be passed the direct response
:return: None, or the result of cls(response)
:rtype: None
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType[None]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
# Construct URL
url = self.delete.metadata['url'] # type: ignore
path_format_arguments = {
'subscriptionId': self._serialize.url("self._config.subscription_id", self._config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'),
'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'),
'workspaceName': self._serialize.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1),
'incidentId': self._serialize.url("incident_id", incident_id, 'str'),
}
url = self._client.format_url(url, **path_format_arguments)
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
request = self._client.delete(url, query_parameters, header_parameters)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200, 204]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
if cls:
return cls(pipeline_response, None, {})
delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}'} # type: ignore

109
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/operations/_operation_operations.py Normal file
Просмотреть файл

@ -0,0 +1,109 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from typing import TYPE_CHECKING
import warnings
from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error
from azure.core.paging import ItemPaged
from azure.core.pipeline import PipelineResponse
from azure.core.pipeline.transport import HttpRequest, HttpResponse
from azure.mgmt.core.exceptions import ARMErrorFormat
from .. import models
if TYPE_CHECKING:
# pylint: disable=unused-import,ungrouped-imports
from typing import Any, Callable, Dict, Generic, Iterable, Optional, TypeVar
T = TypeVar('T')
ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]]
class OperationOperations(object):
"""OperationOperations operations.
You should not instantiate this class directly. Instead, you should create a Client instance that
instantiates it for you and attaches it as an attribute.
:ivar models: Alias to model classes used in this operation group.
:type models: ~security_insights.models
:param client: Client for service requests.
:param config: Configuration of service client.
:param serializer: An object model serializer.
:param deserializer: An object model deserializer.
"""
models = models
def __init__(self, client, config, serializer, deserializer):
self._client = client
self._serialize = serializer
self._deserialize = deserializer
self._config = config
def list(
self,
**kwargs # type: Any
):
# type: (...) -> Iterable["models.OperationsList"]
"""Lists all operations available Azure Security Insights Resource Provider.
:keyword callable cls: A custom type or function that will be passed the direct response
:return: An iterator like instance of either OperationsList or the result of cls(response)
:rtype: ~azure.core.paging.ItemPaged[~security_insights.models.OperationsList]
:raises: ~azure.core.exceptions.HttpResponseError
"""
cls = kwargs.pop('cls', None) # type: ClsType["models.OperationsList"]
error_map = {
401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError
}
error_map.update(kwargs.pop('error_map', {}))
api_version = "2020-01-01"
accept = "application/json"
def prepare_request(next_link=None):
# Construct headers
header_parameters = {} # type: Dict[str, Any]
header_parameters['Accept'] = self._serialize.header("accept", accept, 'str')
if not next_link:
# Construct URL
url = self.list.metadata['url'] # type: ignore
# Construct parameters
query_parameters = {} # type: Dict[str, Any]
query_parameters['api-version'] = self._serialize.query("api_version", api_version, 'str')
request = self._client.get(url, query_parameters, header_parameters)
else:
url = next_link
query_parameters = {} # type: Dict[str, Any]
request = self._client.get(url, query_parameters, header_parameters)
return request
def extract_data(pipeline_response):
deserialized = self._deserialize('OperationsList', pipeline_response)
list_of_elem = deserialized.value
if cls:
list_of_elem = cls(list_of_elem)
return deserialized.next_link or None, iter(list_of_elem)
def get_next(next_link=None):
request = prepare_request(next_link)
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
response = pipeline_response.http_response
if response.status_code not in [200]:
map_error(status_code=response.status_code, response=response, error_map=error_map)
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
return pipeline_response
return ItemPaged(
get_next, extract_data
)
list.metadata = {'url': '/providers/Microsoft.SecurityInsights/operations'} # type: ignore

1
src/securityinsight/azext_sentinel/vendored_sdks/securityinsight/py.typed Normal file
Просмотреть файл

@ -0,0 +1 @@
# Marker file for PEP 561.

Двоичные данные
src/securityinsight/gen.zip Normal file
Просмотреть файл

Двоичный файл не отображается.

610
src/securityinsight/report.md Normal file
Просмотреть файл

@ -0,0 +1,610 @@
# Azure CLI Module Creation Report
## EXTENSION
|CLI Extension|Command Groups|
|---------|------------|
|az sentinel|[groups](#CommandGroups)
## GROUPS
### <a name="CommandGroups">Command groups in `az sentinel` extension </a>
|CLI Command Group|Group Swagger name|Commands|
|---------|------------|--------|
|az sentinel alert-rule|AlertRules|[commands](#CommandsInAlertRules)|
|az sentinel action|Actions|[commands](#CommandsInActions)|
|az sentinel alert-rule-template|AlertRuleTemplates|[commands](#CommandsInAlertRuleTemplates)|
|az sentinel bookmark|Bookmarks|[commands](#CommandsInBookmarks)|
|az sentinel data-connector|DataConnectors|[commands](#CommandsInDataConnectors)|
|az sentinel incident|Incidents|[commands](#CommandsInIncidents)|
|az sentinel incident-comment|IncidentComments|[commands](#CommandsInIncidentComments)|
## COMMANDS
### <a name="CommandsInActions">Commands in `az sentinel action` group</a>
|CLI Command|Operation Swagger name|Parameters|Examples|
|---------|------------|--------|-----------|
|[az sentinel action list](#ActionsListByAlertRule)|ListByAlertRule|[Parameters](#ParametersActionsListByAlertRule)|[Example](#ExamplesActionsListByAlertRule)|
### <a name="CommandsInAlertRules">Commands in `az sentinel alert-rule` group</a>
|CLI Command|Operation Swagger name|Parameters|Examples|
|---------|------------|--------|-----------|
|[az sentinel alert-rule list](#AlertRulesList)|List|[Parameters](#ParametersAlertRulesList)|[Example](#ExamplesAlertRulesList)|
|[az sentinel alert-rule show](#AlertRulesGet)|Get|[Parameters](#ParametersAlertRulesGet)|[Example](#ExamplesAlertRulesGet)|
|[az sentinel alert-rule create](#AlertRulesCreateOrUpdateAction)|CreateOrUpdateAction|[Parameters](#ParametersAlertRulesCreateOrUpdateAction)|[Example](#ExamplesAlertRulesCreateOrUpdateAction)|
|[az sentinel alert-rule create](#AlertRulesCreateOrUpdate#Create)|CreateOrUpdate#Create|[Parameters](#ParametersAlertRulesCreateOrUpdate#Create)|[Example](#ExamplesAlertRulesCreateOrUpdate#Create)|
|[az sentinel alert-rule update](#AlertRulesCreateOrUpdate#Update)|CreateOrUpdate#Update|[Parameters](#ParametersAlertRulesCreateOrUpdate#Update)|Not Found|
|[az sentinel alert-rule delete](#AlertRulesDeleteAction)|DeleteAction|[Parameters](#ParametersAlertRulesDeleteAction)|[Example](#ExamplesAlertRulesDeleteAction)|
|[az sentinel alert-rule delete](#AlertRulesDelete)|Delete|[Parameters](#ParametersAlertRulesDelete)|[Example](#ExamplesAlertRulesDelete)|
|[az sentinel alert-rule get-action](#AlertRulesGetAction)|GetAction|[Parameters](#ParametersAlertRulesGetAction)|[Example](#ExamplesAlertRulesGetAction)|
### <a name="CommandsInAlertRuleTemplates">Commands in `az sentinel alert-rule-template` group</a>
|CLI Command|Operation Swagger name|Parameters|Examples|
|---------|------------|--------|-----------|
|[az sentinel alert-rule-template list](#AlertRuleTemplatesList)|List|[Parameters](#ParametersAlertRuleTemplatesList)|[Example](#ExamplesAlertRuleTemplatesList)|
|[az sentinel alert-rule-template show](#AlertRuleTemplatesGet)|Get|[Parameters](#ParametersAlertRuleTemplatesGet)|[Example](#ExamplesAlertRuleTemplatesGet)|
### <a name="CommandsInBookmarks">Commands in `az sentinel bookmark` group</a>
|CLI Command|Operation Swagger name|Parameters|Examples|
|---------|------------|--------|-----------|
|[az sentinel bookmark list](#BookmarksList)|List|[Parameters](#ParametersBookmarksList)|[Example](#ExamplesBookmarksList)|
|[az sentinel bookmark show](#BookmarksGet)|Get|[Parameters](#ParametersBookmarksGet)|[Example](#ExamplesBookmarksGet)|
|[az sentinel bookmark create](#BookmarksCreateOrUpdate#Create)|CreateOrUpdate#Create|[Parameters](#ParametersBookmarksCreateOrUpdate#Create)|[Example](#ExamplesBookmarksCreateOrUpdate#Create)|
|[az sentinel bookmark update](#BookmarksCreateOrUpdate#Update)|CreateOrUpdate#Update|[Parameters](#ParametersBookmarksCreateOrUpdate#Update)|Not Found|
|[az sentinel bookmark delete](#BookmarksDelete)|Delete|[Parameters](#ParametersBookmarksDelete)|[Example](#ExamplesBookmarksDelete)|
### <a name="CommandsInDataConnectors">Commands in `az sentinel data-connector` group</a>
|CLI Command|Operation Swagger name|Parameters|Examples|
|---------|------------|--------|-----------|
|[az sentinel data-connector list](#DataConnectorsList)|List|[Parameters](#ParametersDataConnectorsList)|[Example](#ExamplesDataConnectorsList)|
|[az sentinel data-connector show](#DataConnectorsGet)|Get|[Parameters](#ParametersDataConnectorsGet)|[Example](#ExamplesDataConnectorsGet)|
|[az sentinel data-connector create](#DataConnectorsCreateOrUpdate#Create)|CreateOrUpdate#Create|[Parameters](#ParametersDataConnectorsCreateOrUpdate#Create)|[Example](#ExamplesDataConnectorsCreateOrUpdate#Create)|
|[az sentinel data-connector update](#DataConnectorsCreateOrUpdate#Update)|CreateOrUpdate#Update|[Parameters](#ParametersDataConnectorsCreateOrUpdate#Update)|Not Found|
|[az sentinel data-connector delete](#DataConnectorsDelete)|Delete|[Parameters](#ParametersDataConnectorsDelete)|[Example](#ExamplesDataConnectorsDelete)|
### <a name="CommandsInIncidents">Commands in `az sentinel incident` group</a>
|CLI Command|Operation Swagger name|Parameters|Examples|
|---------|------------|--------|-----------|
|[az sentinel incident list](#IncidentsList)|List|[Parameters](#ParametersIncidentsList)|[Example](#ExamplesIncidentsList)|
|[az sentinel incident show](#IncidentsGet)|Get|[Parameters](#ParametersIncidentsGet)|[Example](#ExamplesIncidentsGet)|
|[az sentinel incident create](#IncidentsCreateOrUpdate#Create)|CreateOrUpdate#Create|[Parameters](#ParametersIncidentsCreateOrUpdate#Create)|[Example](#ExamplesIncidentsCreateOrUpdate#Create)|
|[az sentinel incident update](#IncidentsCreateOrUpdate#Update)|CreateOrUpdate#Update|[Parameters](#ParametersIncidentsCreateOrUpdate#Update)|Not Found|
|[az sentinel incident delete](#IncidentsDelete)|Delete|[Parameters](#ParametersIncidentsDelete)|[Example](#ExamplesIncidentsDelete)|
### <a name="CommandsInIncidentComments">Commands in `az sentinel incident-comment` group</a>
|CLI Command|Operation Swagger name|Parameters|Examples|
|---------|------------|--------|-----------|
|[az sentinel incident-comment list](#IncidentCommentsListByIncident)|ListByIncident|[Parameters](#ParametersIncidentCommentsListByIncident)|[Example](#ExamplesIncidentCommentsListByIncident)|
|[az sentinel incident-comment show](#IncidentCommentsGet)|Get|[Parameters](#ParametersIncidentCommentsGet)|[Example](#ExamplesIncidentCommentsGet)|
|[az sentinel incident-comment create](#IncidentCommentsCreateComment)|CreateComment|[Parameters](#ParametersIncidentCommentsCreateComment)|[Example](#ExamplesIncidentCommentsCreateComment)|
## COMMAND DETAILS
### group `az sentinel action`
#### <a name="ActionsListByAlertRule">Command `az sentinel action list`</a>
##### <a name="ExamplesActionsListByAlertRule">Example</a>
```
az sentinel action list --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name \
"myWorkspace"
```
##### <a name="ParametersActionsListByAlertRule">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--rule-id**|string|Alert rule ID|rule_id|ruleId|
### group `az sentinel alert-rule`
#### <a name="AlertRulesList">Command `az sentinel alert-rule list`</a>
##### <a name="ExamplesAlertRulesList">Example</a>
```
az sentinel alert-rule list --resource-group "myRg" --workspace-name "myWorkspace"
```
##### <a name="ParametersAlertRulesList">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
#### <a name="AlertRulesGet">Command `az sentinel alert-rule show`</a>
##### <a name="ExamplesAlertRulesGet">Example</a>
```
az sentinel alert-rule show --resource-group "myRg" --rule-id "myFirstFusionRule" --workspace-name "myWorkspace"
```
##### <a name="ExamplesAlertRulesGet">Example</a>
```
az sentinel alert-rule show --resource-group "myRg" --rule-id "microsoftSecurityIncidentCreationRuleExample" \
--workspace-name "myWorkspace"
```
##### <a name="ExamplesAlertRulesGet">Example</a>
```
az sentinel alert-rule show --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name \
"myWorkspace"
```
##### <a name="ParametersAlertRulesGet">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--rule-id**|string|Alert rule ID|rule_id|ruleId|
#### <a name="AlertRulesCreateOrUpdateAction">Command `az sentinel alert-rule create`</a>
##### <a name="ExamplesAlertRulesCreateOrUpdateAction">Example</a>
```
az sentinel alert-rule create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --logic-app-resource-id \
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" \
--trigger-uri "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/m\
anual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" --action-id \
"912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \
--workspace-name "myWorkspace"
```
##### <a name="ParametersAlertRulesCreateOrUpdateAction">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--rule-id**|string|Alert rule ID|rule_id|ruleId|
|**--action-id**|string|Action ID|action_id|actionId|
|**--etag**|string|Etag of the azure resource|etag|etag|
|**--logic-app-resource-id**|string|Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.|logic_app_resource_id|logicAppResourceId|
|**--trigger-uri**|string|Logic App Callback URL for this specific workflow.|trigger_uri|triggerUri|
#### <a name="AlertRulesCreateOrUpdate#Create">Command `az sentinel alert-rule create`</a>
##### <a name="ExamplesAlertRulesCreateOrUpdate#Create">Example</a>
```
az sentinel alert-rule create --fusion-alert-rule etag="3d00c3ca-0000-0100-0000-5d42d5010000" \
alert-rule-template-name="f71aba3d-28fb-450b-b192-4e76a83015c8" enabled=true --resource-group "myRg" --rule-id \
"myFirstFusionRule" --workspace-name "myWorkspace"
```
##### <a name="ExamplesAlertRulesCreateOrUpdate#Create">Example</a>
```
az sentinel alert-rule create --microsoft-security-incident-creation-alert-rule etag="\\"260097e0-0000-0d00-0000-5d6fa8\
8f0000\\"" product-filter="Microsoft Cloud App Security" display-name="testing displayname" enabled=true \
--resource-group "myRg" --rule-id "microsoftSecurityIncidentCreationRuleExample" --workspace-name "myWorkspace"
```
##### <a name="ExamplesAlertRulesCreateOrUpdate#Create">Example</a>
```
az sentinel alert-rule create --scheduled-alert-rule etag="\\"0300bf09-0000-0000-0000-5c37296e0000\\"" \
query="ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden" \
query-frequency="PT1H" query-period="P2DT1H30M" severity="High" trigger-operator="GreaterThan" trigger-threshold=0 \
description="" display-name="Rule2" enabled=true suppression-duration="PT1H" suppression-enabled=false \
tactics="Persistence" tactics="LateralMovement" --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5\
" --workspace-name "myWorkspace"
```
##### <a name="ParametersAlertRulesCreateOrUpdate#Create">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--fusion-alert-rule**|object|Represents Fusion alert rule.|fusion_alert_rule|FusionAlertRule|
|**--microsoft-security-incident-creation-alert-rule**|object|Represents MicrosoftSecurityIncidentCreation rule.|microsoft_security_incident_creation_alert_rule|MicrosoftSecurityIncidentCreationAlertRule|
|**--scheduled-alert-rule**|object|Represents scheduled alert rule.|scheduled_alert_rule|ScheduledAlertRule|
#### <a name="AlertRulesCreateOrUpdate#Update">Command `az sentinel alert-rule update`</a>
##### <a name="ParametersAlertRulesCreateOrUpdate#Update">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--rule-id**|string|Alert rule ID|rule_id|ruleId|
|**--fusion-alert-rule**|object|Represents Fusion alert rule.|fusion_alert_rule|FusionAlertRule|
|**--microsoft-security-incident-creation-alert-rule**|object|Represents MicrosoftSecurityIncidentCreation rule.|microsoft_security_incident_creation_alert_rule|MicrosoftSecurityIncidentCreationAlertRule|
|**--scheduled-alert-rule**|object|Represents scheduled alert rule.|scheduled_alert_rule|ScheduledAlertRule|
#### <a name="AlertRulesDeleteAction">Command `az sentinel alert-rule delete`</a>
##### <a name="ExamplesAlertRulesDeleteAction">Example</a>
```
az sentinel alert-rule delete --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" --rule-id \
"73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace"
```
##### <a name="ParametersAlertRulesDeleteAction">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--rule-id**|string|Alert rule ID|rule_id|ruleId|
|**--action-id**|string|Action ID|action_id|actionId|
#### <a name="AlertRulesDelete">Command `az sentinel alert-rule delete`</a>
##### <a name="ExamplesAlertRulesDelete">Example</a>
```
az sentinel alert-rule delete --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \
--workspace-name "myWorkspace"
```
##### <a name="ParametersAlertRulesDelete">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
#### <a name="AlertRulesGetAction">Command `az sentinel alert-rule get-action`</a>
##### <a name="ExamplesAlertRulesGetAction">Example</a>
```
az sentinel alert-rule get-action --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" --rule-id \
"73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace"
```
##### <a name="ParametersAlertRulesGetAction">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--rule-id**|string|Alert rule ID|rule_id|ruleId|
|**--action-id**|string|Action ID|action_id|actionId|
### group `az sentinel alert-rule-template`
#### <a name="AlertRuleTemplatesList">Command `az sentinel alert-rule-template list`</a>
##### <a name="ExamplesAlertRuleTemplatesList">Example</a>
```
az sentinel alert-rule-template list --resource-group "myRg" --workspace-name "myWorkspace"
```
##### <a name="ParametersAlertRuleTemplatesList">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
#### <a name="AlertRuleTemplatesGet">Command `az sentinel alert-rule-template show`</a>
##### <a name="ExamplesAlertRuleTemplatesGet">Example</a>
```
az sentinel alert-rule-template show --alert-rule-template-id "65360bb0-8986-4ade-a89d-af3cf44d28aa" --resource-group \
"myRg" --workspace-name "myWorkspace"
```
##### <a name="ParametersAlertRuleTemplatesGet">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--alert-rule-template-id**|string|Alert rule template ID|alert_rule_template_id|alertRuleTemplateId|
### group `az sentinel bookmark`
#### <a name="BookmarksList">Command `az sentinel bookmark list`</a>
##### <a name="ExamplesBookmarksList">Example</a>
```
az sentinel bookmark list --resource-group "myRg" --workspace-name "myWorkspace"
```
##### <a name="ParametersBookmarksList">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
#### <a name="BookmarksGet">Command `az sentinel bookmark show`</a>
##### <a name="ExamplesBookmarksGet">Example</a>
```
az sentinel bookmark show --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### <a name="ParametersBookmarksGet">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--bookmark-id**|string|Bookmark ID|bookmark_id|bookmarkId|
#### <a name="BookmarksCreateOrUpdate#Create">Command `az sentinel bookmark create`</a>
##### <a name="ExamplesBookmarksCreateOrUpdate#Create">Example</a>
```
az sentinel bookmark create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --created "2019-01-01T13:15:30Z" \
--display-name "My bookmark" --labels "Tag1" --labels "Tag2" --notes "Found a suspicious activity" --query \
"SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)" --query-result "Security Event query \
result" --updated "2019-01-01T13:15:30Z" --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### <a name="ParametersBookmarksCreateOrUpdate#Create">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--bookmark-id**|string|Bookmark ID|bookmark_id|bookmarkId|
|**--etag**|string|Etag of the azure resource|etag|etag|
|**--created**|date-time|The time the bookmark was created|created|created|
|**--display-name**|string|The display name of the bookmark|display_name|displayName|
|**--labels**|array|List of labels relevant to this bookmark|labels|labels|
|**--notes**|string|The notes of the bookmark|notes|notes|
|**--query**|string|The query of the bookmark.|query|query|
|**--query-result**|string|The query result of the bookmark.|query_result|queryResult|
|**--updated**|date-time|The last time the bookmark was updated|updated|updated|
|**--incident-info**|object|Describes an incident that relates to bookmark|incident_info|incidentInfo|
|**--updated-by-object-id**|uuid|The object id of the user.|object_id|objectId|
#### <a name="BookmarksCreateOrUpdate#Update">Command `az sentinel bookmark update`</a>
##### <a name="ParametersBookmarksCreateOrUpdate#Update">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--bookmark-id**|string|Bookmark ID|bookmark_id|bookmarkId|
|**--etag**|string|Etag of the azure resource|etag|etag|
|**--created**|date-time|The time the bookmark was created|created|created|
|**--display-name**|string|The display name of the bookmark|display_name|displayName|
|**--labels**|array|List of labels relevant to this bookmark|labels|labels|
|**--notes**|string|The notes of the bookmark|notes|notes|
|**--query**|string|The query of the bookmark.|query|query|
|**--query-result**|string|The query result of the bookmark.|query_result|queryResult|
|**--updated**|date-time|The last time the bookmark was updated|updated|updated|
|**--incident-info**|object|Describes an incident that relates to bookmark|incident_info|incidentInfo|
|**--updated-by-object-id**|uuid|The object id of the user.|object_id|objectId|
#### <a name="BookmarksDelete">Command `az sentinel bookmark delete`</a>
##### <a name="ExamplesBookmarksDelete">Example</a>
```
az sentinel bookmark delete --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### <a name="ParametersBookmarksDelete">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--bookmark-id**|string|Bookmark ID|bookmark_id|bookmarkId|
### group `az sentinel data-connector`
#### <a name="DataConnectorsList">Command `az sentinel data-connector list`</a>
##### <a name="ExamplesDataConnectorsList">Example</a>
```
az sentinel data-connector list --resource-group "myRg" --workspace-name "myWorkspace"
```
##### <a name="ParametersDataConnectorsList">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
#### <a name="DataConnectorsGet">Command `az sentinel data-connector show`</a>
##### <a name="ExamplesDataConnectorsGet">Example</a>
```
az sentinel data-connector show --data-connector-id "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### <a name="ExamplesDataConnectorsGet">Example</a>
```
az sentinel data-connector show --data-connector-id "b96d014d-b5c2-4a01-9aba-a8058f629d42" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### <a name="ExamplesDataConnectorsGet">Example</a>
```
az sentinel data-connector show --data-connector-id "06b3ccb8-1384-4bcc-aec7-852f6d57161b" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### <a name="ExamplesDataConnectorsGet">Example</a>
```
az sentinel data-connector show --data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### <a name="ExamplesDataConnectorsGet">Example</a>
```
az sentinel data-connector show --data-connector-id "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### <a name="ExamplesDataConnectorsGet">Example</a>
```
az sentinel data-connector show --data-connector-id "07e42cb3-e658-4e90-801c-efa0f29d3d44" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### <a name="ExamplesDataConnectorsGet">Example</a>
```
az sentinel data-connector show --data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### <a name="ExamplesDataConnectorsGet">Example</a>
```
az sentinel data-connector show --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### <a name="ParametersDataConnectorsGet">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--data-connector-id**|string|Connector ID|data_connector_id|dataConnectorId|
#### <a name="DataConnectorsCreateOrUpdate#Create">Command `az sentinel data-connector create`</a>
##### <a name="ExamplesDataConnectorsCreateOrUpdate#Create">Example</a>
```
az sentinel data-connector create --office-data-connector etag="\\"0300bf09-0000-0000-0000-5c37296e0000\\"" \
tenant-id="2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \
--resource-group "myRg" --workspace-name "myWorkspace"
```
##### <a name="ParametersDataConnectorsCreateOrUpdate#Create">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--data-connector-id**|string|Connector ID|data_connector_id|dataConnectorId|
|**--aad-data-connector**|object|Represents AAD (Azure Active Directory) data connector.|aad_data_connector|AADDataConnector|
|**--aatp-data-connector**|object|Represents AATP (Azure Advanced Threat Protection) data connector.|aatp_data_connector|AATPDataConnector|
|**--asc-data-connector**|object|Represents ASC (Azure Security Center) data connector.|asc_data_connector|ASCDataConnector|
|**--aws-cloud-trail-data-connector**|object|Represents Amazon Web Services CloudTrail data connector.|aws_cloud_trail_data_connector|AwsCloudTrailDataConnector|
|**--mcas-data-connector**|object|Represents MCAS (Microsoft Cloud App Security) data connector.|mcas_data_connector|MCASDataConnector|
|**--mdatp-data-connector**|object|Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.|mdatp_data_connector|MDATPDataConnector|
|**--office-data-connector**|object|Represents office data connector.|office_data_connector|OfficeDataConnector|
|**--ti-data-connector**|object|Represents threat intelligence data connector.|ti_data_connector|TIDataConnector|
#### <a name="DataConnectorsCreateOrUpdate#Update">Command `az sentinel data-connector update`</a>
##### <a name="ParametersDataConnectorsCreateOrUpdate#Update">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--data-connector-id**|string|Connector ID|data_connector_id|dataConnectorId|
|**--aad-data-connector**|object|Represents AAD (Azure Active Directory) data connector.|aad_data_connector|AADDataConnector|
|**--aatp-data-connector**|object|Represents AATP (Azure Advanced Threat Protection) data connector.|aatp_data_connector|AATPDataConnector|
|**--asc-data-connector**|object|Represents ASC (Azure Security Center) data connector.|asc_data_connector|ASCDataConnector|
|**--aws-cloud-trail-data-connector**|object|Represents Amazon Web Services CloudTrail data connector.|aws_cloud_trail_data_connector|AwsCloudTrailDataConnector|
|**--mcas-data-connector**|object|Represents MCAS (Microsoft Cloud App Security) data connector.|mcas_data_connector|MCASDataConnector|
|**--mdatp-data-connector**|object|Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.|mdatp_data_connector|MDATPDataConnector|
|**--office-data-connector**|object|Represents office data connector.|office_data_connector|OfficeDataConnector|
|**--ti-data-connector**|object|Represents threat intelligence data connector.|ti_data_connector|TIDataConnector|
#### <a name="DataConnectorsDelete">Command `az sentinel data-connector delete`</a>
##### <a name="ExamplesDataConnectorsDelete">Example</a>
```
az sentinel data-connector delete --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### <a name="ParametersDataConnectorsDelete">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--data-connector-id**|string|Connector ID|data_connector_id|dataConnectorId|
### group `az sentinel incident`
#### <a name="IncidentsList">Command `az sentinel incident list`</a>
##### <a name="ExamplesIncidentsList">Example</a>
```
az sentinel incident list --orderby "properties/createdTimeUtc desc" --top 1 --resource-group "myRg" --workspace-name \
"myWorkspace"
```
##### <a name="ParametersIncidentsList">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--filter**|string|Filters the results, based on a Boolean condition. Optional.|filter|$filter|
|**--orderby**|string|Sorts the results. Optional.|orderby|$orderby|
|**--top**|integer|Returns only the first n results. Optional.|top|$top|
|**--skip-token**|string|Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.|skip_token|$skipToken|
#### <a name="IncidentsGet">Command `az sentinel incident show`</a>
##### <a name="ExamplesIncidentsGet">Example</a>
```
az sentinel incident show --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### <a name="ParametersIncidentsGet">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--incident-id**|string|Incident ID|incident_id|incidentId|
#### <a name="IncidentsCreateOrUpdate#Create">Command `az sentinel incident create`</a>
##### <a name="ExamplesIncidentsCreateOrUpdate#Create">Example</a>
```
az sentinel incident create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --description "This is a demo \
incident" --classification "FalsePositive" --classification-comment "Not a malicious activity" --classification-reason \
"IncorrectAlertLogic" --first-activity-time-utc "2019-01-01T13:00:30Z" --last-activity-time-utc "2019-01-01T13:05:30Z" \
--owner object-id="2046feea-040d-4a46-9e2b-91c2941bfa70" --severity "High" --status "Closed" --title "My incident" \
--incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace"
```
##### <a name="ParametersIncidentsCreateOrUpdate#Create">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--incident-id**|string|Incident ID|incident_id|incidentId|
|**--etag**|string|Etag of the azure resource|etag|etag|
|**--classification**|choice|The reason the incident was closed|classification|classification|
|**--classification-comment**|string|Describes the reason the incident was closed|classification_comment|classificationComment|
|**--classification-reason**|choice|The classification reason the incident was closed with|classification_reason|classificationReason|
|**--description**|string|The description of the incident|description|description|
|**--first-activity-time-utc**|date-time|The time of the first activity in the incident|first_activity_time_utc|firstActivityTimeUtc|
|**--labels**|array|List of labels relevant to this incident|labels|labels|
|**--last-activity-time-utc**|date-time|The time of the last activity in the incident|last_activity_time_utc|lastActivityTimeUtc|
|**--owner**|object|Describes a user that the incident is assigned to|owner|owner|
|**--severity**|choice|The severity of the incident|severity|severity|
|**--status**|choice|The status of the incident|status|status|
|**--title**|string|The title of the incident|title|title|
#### <a name="IncidentsCreateOrUpdate#Update">Command `az sentinel incident update`</a>
##### <a name="ParametersIncidentsCreateOrUpdate#Update">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--incident-id**|string|Incident ID|incident_id|incidentId|
|**--etag**|string|Etag of the azure resource|etag|etag|
|**--classification**|choice|The reason the incident was closed|classification|classification|
|**--classification-comment**|string|Describes the reason the incident was closed|classification_comment|classificationComment|
|**--classification-reason**|choice|The classification reason the incident was closed with|classification_reason|classificationReason|
|**--description**|string|The description of the incident|description|description|
|**--first-activity-time-utc**|date-time|The time of the first activity in the incident|first_activity_time_utc|firstActivityTimeUtc|
|**--labels**|array|List of labels relevant to this incident|labels|labels|
|**--last-activity-time-utc**|date-time|The time of the last activity in the incident|last_activity_time_utc|lastActivityTimeUtc|
|**--owner**|object|Describes a user that the incident is assigned to|owner|owner|
|**--severity**|choice|The severity of the incident|severity|severity|
|**--status**|choice|The status of the incident|status|status|
|**--title**|string|The title of the incident|title|title|
#### <a name="IncidentsDelete">Command `az sentinel incident delete`</a>
##### <a name="ExamplesIncidentsDelete">Example</a>
```
az sentinel incident delete --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### <a name="ParametersIncidentsDelete">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--incident-id**|string|Incident ID|incident_id|incidentId|
### group `az sentinel incident-comment`
#### <a name="IncidentCommentsListByIncident">Command `az sentinel incident-comment list`</a>
##### <a name="ExamplesIncidentCommentsListByIncident">Example</a>
```
az sentinel incident-comment list --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
--workspace-name "myWorkspace"
```
##### <a name="ParametersIncidentCommentsListByIncident">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--incident-id**|string|Incident ID|incident_id|incidentId|
|**--filter**|string|Filters the results, based on a Boolean condition. Optional.|filter|$filter|
|**--orderby**|string|Sorts the results. Optional.|orderby|$orderby|
|**--top**|integer|Returns only the first n results. Optional.|top|$top|
|**--skip-token**|string|Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.|skip_token|$skipToken|
#### <a name="IncidentCommentsGet">Command `az sentinel incident-comment show`</a>
##### <a name="ExamplesIncidentCommentsGet">Example</a>
```
az sentinel incident-comment show --incident-comment-id "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" --incident-id \
"73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace"
```
##### <a name="ParametersIncidentCommentsGet">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--incident-id**|string|Incident ID|incident_id|incidentId|
|**--incident-comment-id**|string|Incident comment ID|incident_comment_id|incidentCommentId|
#### <a name="IncidentCommentsCreateComment">Command `az sentinel incident-comment create`</a>
##### <a name="ExamplesIncidentCommentsCreateComment">Example</a>
```
az sentinel incident-comment create --message "Some message" --incident-comment-id "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da001\
4" --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace"
```
##### <a name="ParametersIncidentCommentsCreateComment">Parameters</a>
|Option|Type|Description|Path (SDK)|Swagger name|
|------|----|-----------|----------|------------|
|**--resource-group-name**|string|The name of the resource group within the user's subscription. The name is case insensitive.|resource_group_name|resourceGroupName|
|**--workspace-name**|string|The name of the workspace.|workspace_name|workspaceName|
|**--incident-id**|string|Incident ID|incident_id|incidentId|
|**--incident-comment-id**|string|Incident comment ID|incident_comment_id|incidentCommentId|
|**--message**|string|The comment message|message|message|

1
src/securityinsight/setup.cfg Normal file
Просмотреть файл

@ -0,0 +1 @@
#setup.cfg

58
src/securityinsight/setup.py Normal file
Просмотреть файл

@ -0,0 +1,58 @@
#!/usr/bin/env python
# --------------------------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# --------------------------------------------------------------------------------------------
from codecs import open
from setuptools import setup, find_packages
# HISTORY.rst entry.
VERSION = '0.1.0'
try:
from azext_sentinel.manual.version import VERSION
except ImportError:
pass
# The full list of classifiers is available at
# https://pypi.python.org/pypi?%3Aaction=list_classifiers
CLASSIFIERS = [
'Development Status :: 4 - Beta',
'Intended Audience :: Developers',
'Intended Audience :: System Administrators',
'Programming Language :: Python',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',
'Programming Language :: Python :: 3.8',
'License :: OSI Approved :: MIT License',
]
DEPENDENCIES = []
try:
from azext_sentinel.manual.dependency import DEPENDENCIES
except ImportError:
pass
with open('README.md', 'r', encoding='utf-8') as f:
README = f.read()
with open('HISTORY.rst', 'r', encoding='utf-8') as f:
HISTORY = f.read()
setup(
name='sentinel',
version=VERSION,
description='Microsoft Azure Command-Line Tools SecurityInsights Extension',
author='Microsoft Corporation',
author_email='azpycli@microsoft.com',
url='https://github.com/Azure/azure-cli-extensions/tree/master/src/sentinel',
long_description=README + '\n\n' + HISTORY,
license='MIT',
classifiers=CLASSIFIERS,
packages=find_packages(),
install_requires=DEPENDENCIES,
package_data={'azext_sentinel': ['azext_metadata.json']},
)