@pulumi/azure-native

Version:

[![Slack](http://www.pulumi.com/images/docs/badges/slack.svg)](https://slack.pulumi.com) [![NPM version](https://badge.fury.io/js/%40pulumi%2Fazure-native.svg)](https://npmjs.com/package/@pulumi/azure-native) [![Python version](https://badge.fury.io/py/pu

pulumi.com

pulumi/pulumi-azure-native

1,389 lines (1,388 loc) • 42 kB

TypeScript

export declare const ActionType: { /** * Modify an object's properties */ readonly ModifyProperties: "ModifyProperties"; /** * Run a playbook on an object */ readonly RunPlaybook: "RunPlaybook"; /** * Add a task to an incident object */ readonly AddIncidentTask: "AddIncidentTask"; }; /** * The type of the automation rule action. */ export type ActionType = (typeof ActionType)[keyof typeof ActionType]; export declare const AgentType: { readonly SAP: "SAP"; }; /** * Type of the agent */ export type AgentType = (typeof AgentType)[keyof typeof AgentType]; export declare const AlertDetail: { /** * Alert display name */ readonly DisplayName: "DisplayName"; /** * Alert severity */ readonly Severity: "Severity"; }; /** * Alert detail */ export type AlertDetail = (typeof AlertDetail)[keyof typeof AlertDetail]; export declare const AlertProperty: { /** * Alert's link */ readonly AlertLink: "AlertLink"; /** * Confidence level property */ readonly ConfidenceLevel: "ConfidenceLevel"; /** * Confidence score */ readonly ConfidenceScore: "ConfidenceScore"; /** * Extended links to the alert */ readonly ExtendedLinks: "ExtendedLinks"; /** * Product name alert property */ readonly ProductName: "ProductName"; /** * Provider name alert property */ readonly ProviderName: "ProviderName"; /** * Product component name alert property */ readonly ProductComponentName: "ProductComponentName"; /** * Remediation steps alert property */ readonly RemediationSteps: "RemediationSteps"; /** * Techniques alert property */ readonly Techniques: "Techniques"; }; /** * The V3 alert property */ export type AlertProperty = (typeof AlertProperty)[keyof typeof AlertProperty]; export declare const AlertRuleKind: { readonly Scheduled: "Scheduled"; readonly MicrosoftSecurityIncidentCreation: "MicrosoftSecurityIncidentCreation"; readonly Fusion: "Fusion"; }; /** * The alert rule kind */ export type AlertRuleKind = (typeof AlertRuleKind)[keyof typeof AlertRuleKind]; export declare const AlertSeverity: { /** * High severity */ readonly High: "High"; /** * Medium severity */ readonly Medium: "Medium"; /** * Low severity */ readonly Low: "Low"; /** * Informational severity */ readonly Informational: "Informational"; }; /** * The severity for alerts created by this alert rule. */ export type AlertSeverity = (typeof AlertSeverity)[keyof typeof AlertSeverity]; export declare const AttackTactic: { readonly Reconnaissance: "Reconnaissance"; readonly ResourceDevelopment: "ResourceDevelopment"; readonly InitialAccess: "InitialAccess"; readonly Execution: "Execution"; readonly Persistence: "Persistence"; readonly PrivilegeEscalation: "PrivilegeEscalation"; readonly DefenseEvasion: "DefenseEvasion"; readonly CredentialAccess: "CredentialAccess"; readonly Discovery: "Discovery"; readonly LateralMovement: "LateralMovement"; readonly Collection: "Collection"; readonly Exfiltration: "Exfiltration"; readonly CommandAndControl: "CommandAndControl"; readonly Impact: "Impact"; readonly PreAttack: "PreAttack"; readonly ImpairProcessControl: "ImpairProcessControl"; readonly InhibitResponseFunction: "InhibitResponseFunction"; }; /** * The severity for alerts created by this alert rule. */ export type AttackTactic = (typeof AttackTactic)[keyof typeof AttackTactic]; export declare const AutomationRuleBooleanConditionSupportedOperator: { /** * Evaluates as true if all the item conditions are evaluated as true */ readonly And: "And"; /** * Evaluates as true if at least one of the item conditions are evaluated as true */ readonly Or: "Or"; }; /** * Describes a boolean condition operator. */ export type AutomationRuleBooleanConditionSupportedOperator = (typeof AutomationRuleBooleanConditionSupportedOperator)[keyof typeof AutomationRuleBooleanConditionSupportedOperator]; export declare const AutomationRulePropertyArrayChangedConditionSupportedArrayType: { /** * Evaluate the condition on the alerts */ readonly Alerts: "Alerts"; /** * Evaluate the condition on the labels */ readonly Labels: "Labels"; /** * Evaluate the condition on the tactics */ readonly Tactics: "Tactics"; /** * Evaluate the condition on the comments */ readonly Comments: "Comments"; }; export type AutomationRulePropertyArrayChangedConditionSupportedArrayType = (typeof AutomationRulePropertyArrayChangedConditionSupportedArrayType)[keyof typeof AutomationRulePropertyArrayChangedConditionSupportedArrayType]; export declare const AutomationRulePropertyArrayChangedConditionSupportedChangeType: { /** * Evaluate the condition on items added to the array */ readonly Added: "Added"; }; export type AutomationRulePropertyArrayChangedConditionSupportedChangeType = (typeof AutomationRulePropertyArrayChangedConditionSupportedChangeType)[keyof typeof AutomationRulePropertyArrayChangedConditionSupportedChangeType]; export declare const AutomationRulePropertyArrayConditionSupportedArrayConditionType: { /** * Evaluate the condition as true if any item fulfills it */ readonly AnyItem: "AnyItem"; }; /** * Describes an array condition evaluation type. */ export type AutomationRulePropertyArrayConditionSupportedArrayConditionType = (typeof AutomationRulePropertyArrayConditionSupportedArrayConditionType)[keyof typeof AutomationRulePropertyArrayConditionSupportedArrayConditionType]; export declare const AutomationRulePropertyArrayConditionSupportedArrayType: { /** * Evaluate the condition on the custom detail keys */ readonly CustomDetails: "CustomDetails"; /** * Evaluate the condition on a custom detail's values */ readonly CustomDetailValues: "CustomDetailValues"; }; /** * Describes an array condition evaluated array type. */ export type AutomationRulePropertyArrayConditionSupportedArrayType = (typeof AutomationRulePropertyArrayConditionSupportedArrayType)[keyof typeof AutomationRulePropertyArrayConditionSupportedArrayType]; export declare const AutomationRulePropertyChangedConditionSupportedChangedType: { /** * Evaluate the condition on the previous value of the property */ readonly ChangedFrom: "ChangedFrom"; /** * Evaluate the condition on the updated value of the property */ readonly ChangedTo: "ChangedTo"; }; export type AutomationRulePropertyChangedConditionSupportedChangedType = (typeof AutomationRulePropertyChangedConditionSupportedChangedType)[keyof typeof AutomationRulePropertyChangedConditionSupportedChangedType]; export declare const AutomationRulePropertyChangedConditionSupportedPropertyType: { /** * Evaluate the condition on the incident severity */ readonly IncidentSeverity: "IncidentSeverity"; /** * Evaluate the condition on the incident status */ readonly IncidentStatus: "IncidentStatus"; /** * Evaluate the condition on the incident owner */ readonly IncidentOwner: "IncidentOwner"; }; export type AutomationRulePropertyChangedConditionSupportedPropertyType = (typeof AutomationRulePropertyChangedConditionSupportedPropertyType)[keyof typeof AutomationRulePropertyChangedConditionSupportedPropertyType]; export declare const AutomationRulePropertyConditionSupportedOperator: { /** * Evaluates if the property equals at least one of the condition values */ readonly Equals: "Equals"; /** * Evaluates if the property does not equal any of the condition values */ readonly NotEquals: "NotEquals"; /** * Evaluates if the property contains at least one of the condition values */ readonly Contains: "Contains"; /** * Evaluates if the property does not contain any of the condition values */ readonly NotContains: "NotContains"; /** * Evaluates if the property starts with any of the condition values */ readonly StartsWith: "StartsWith"; /** * Evaluates if the property does not start with any of the condition values */ readonly NotStartsWith: "NotStartsWith"; /** * Evaluates if the property ends with any of the condition values */ readonly EndsWith: "EndsWith"; /** * Evaluates if the property does not end with any of the condition values */ readonly NotEndsWith: "NotEndsWith"; }; export type AutomationRulePropertyConditionSupportedOperator = (typeof AutomationRulePropertyConditionSupportedOperator)[keyof typeof AutomationRulePropertyConditionSupportedOperator]; export declare const AutomationRulePropertyConditionSupportedProperty: { /** * The title of the incident */ readonly IncidentTitle: "IncidentTitle"; /** * The description of the incident */ readonly IncidentDescription: "IncidentDescription"; /** * The severity of the incident */ readonly IncidentSeverity: "IncidentSeverity"; /** * The status of the incident */ readonly IncidentStatus: "IncidentStatus"; /** * The related Analytic rule ids of the incident */ readonly IncidentRelatedAnalyticRuleIds: "IncidentRelatedAnalyticRuleIds"; /** * The tactics of the incident */ readonly IncidentTactics: "IncidentTactics"; /** * The labels of the incident */ readonly IncidentLabel: "IncidentLabel"; /** * The provider name of the incident */ readonly IncidentProviderName: "IncidentProviderName"; /** * The update source of the incident */ readonly IncidentUpdatedBySource: "IncidentUpdatedBySource"; /** * The incident custom detail key */ readonly IncidentCustomDetailsKey: "IncidentCustomDetailsKey"; /** * The incident custom detail value */ readonly IncidentCustomDetailsValue: "IncidentCustomDetailsValue"; /** * The account Azure Active Directory tenant id */ readonly AccountAadTenantId: "AccountAadTenantId"; /** * The account Azure Active Directory user id */ readonly AccountAadUserId: "AccountAadUserId"; /** * The account name */ readonly AccountName: "AccountName"; /** * The account NetBIOS domain name */ readonly AccountNTDomain: "AccountNTDomain"; /** * The account Azure Active Directory Passport User ID */ readonly AccountPUID: "AccountPUID"; /** * The account security identifier */ readonly AccountSid: "AccountSid"; /** * The account unique identifier */ readonly AccountObjectGuid: "AccountObjectGuid"; /** * The account user principal name suffix */ readonly AccountUPNSuffix: "AccountUPNSuffix"; /** * The name of the product of the alert */ readonly AlertProductNames: "AlertProductNames"; /** * The analytic rule ids of the alert */ readonly AlertAnalyticRuleIds: "AlertAnalyticRuleIds"; /** * The Azure resource id */ readonly AzureResourceResourceId: "AzureResourceResourceId"; /** * The Azure resource subscription id */ readonly AzureResourceSubscriptionId: "AzureResourceSubscriptionId"; /** * The cloud application identifier */ readonly CloudApplicationAppId: "CloudApplicationAppId"; /** * The cloud application name */ readonly CloudApplicationAppName: "CloudApplicationAppName"; /** * The dns record domain name */ readonly DNSDomainName: "DNSDomainName"; /** * The file directory full path */ readonly FileDirectory: "FileDirectory"; /** * The file name without path */ readonly FileName: "FileName"; /** * The file hash value */ readonly FileHashValue: "FileHashValue"; /** * The host Azure resource id */ readonly HostAzureID: "HostAzureID"; /** * The host name without domain */ readonly HostName: "HostName"; /** * The host NetBIOS name */ readonly HostNetBiosName: "HostNetBiosName"; /** * The host NT domain */ readonly HostNTDomain: "HostNTDomain"; /** * The host operating system */ readonly HostOSVersion: "HostOSVersion"; /** * "The IoT device id */ readonly IoTDeviceId: "IoTDeviceId"; /** * The IoT device name */ readonly IoTDeviceName: "IoTDeviceName"; /** * The IoT device type */ readonly IoTDeviceType: "IoTDeviceType"; /** * The IoT device vendor */ readonly IoTDeviceVendor: "IoTDeviceVendor"; /** * The IoT device model */ readonly IoTDeviceModel: "IoTDeviceModel"; /** * The IoT device operating system */ readonly IoTDeviceOperatingSystem: "IoTDeviceOperatingSystem"; /** * The IP address */ readonly IPAddress: "IPAddress"; /** * The mailbox display name */ readonly MailboxDisplayName: "MailboxDisplayName"; /** * The mailbox primary address */ readonly MailboxPrimaryAddress: "MailboxPrimaryAddress"; /** * The mailbox user principal name */ readonly MailboxUPN: "MailboxUPN"; /** * The mail message delivery action */ readonly MailMessageDeliveryAction: "MailMessageDeliveryAction"; /** * The mail message delivery location */ readonly MailMessageDeliveryLocation: "MailMessageDeliveryLocation"; /** * The mail message recipient */ readonly MailMessageRecipient: "MailMessageRecipient"; /** * The mail message sender IP address */ readonly MailMessageSenderIP: "MailMessageSenderIP"; /** * The mail message subject */ readonly MailMessageSubject: "MailMessageSubject"; /** * The mail message P1 sender */ readonly MailMessageP1Sender: "MailMessageP1Sender"; /** * The mail message P2 sender */ readonly MailMessageP2Sender: "MailMessageP2Sender"; /** * The malware category */ readonly MalwareCategory: "MalwareCategory"; /** * The malware name */ readonly MalwareName: "MalwareName"; /** * The process execution command line */ readonly ProcessCommandLine: "ProcessCommandLine"; /** * The process id */ readonly ProcessId: "ProcessId"; /** * The registry key path */ readonly RegistryKey: "RegistryKey"; /** * The registry key value in string formatted representation */ readonly RegistryValueData: "RegistryValueData"; /** * The url */ readonly Url: "Url"; }; /** * The property to evaluate in an automation rule property condition. */ export type AutomationRulePropertyConditionSupportedProperty = (typeof AutomationRulePropertyConditionSupportedProperty)[keyof typeof AutomationRulePropertyConditionSupportedProperty]; export declare const CcpAuthType: { readonly Basic: "Basic"; readonly APIKey: "APIKey"; readonly OAuth2: "OAuth2"; readonly AWS: "AWS"; readonly GCP: "GCP"; readonly Session: "Session"; readonly JwtToken: "JwtToken"; readonly GitHub: "GitHub"; readonly ServiceBus: "ServiceBus"; readonly Oracle: "Oracle"; readonly None: "None"; }; /** * The auth type */ export type CcpAuthType = (typeof CcpAuthType)[keyof typeof CcpAuthType]; export declare const ConditionType: { /** * Evaluate an object property value */ readonly Property: "Property"; /** * Evaluate an object array property value */ readonly PropertyArray: "PropertyArray"; /** * Evaluate an object property changed value */ readonly PropertyChanged: "PropertyChanged"; /** * Evaluate an object array property changed value */ readonly PropertyArrayChanged: "PropertyArrayChanged"; /** * Apply a boolean operator (e.g AND, OR) to conditions */ readonly Boolean: "Boolean"; }; export type ConditionType = (typeof ConditionType)[keyof typeof ConditionType]; export declare const ConfigurationType: { readonly SAP: "SAP"; }; /** * Represents the types of configuration for a system. */ export type ConfigurationType = (typeof ConfigurationType)[keyof typeof ConfigurationType]; export declare const ContentType: { readonly AnalyticsRule: "AnalyticsRule"; readonly Workbook: "Workbook"; }; /** * Content type. */ export type ContentType = (typeof ContentType)[keyof typeof ContentType]; export declare const CustomEntityQueryKind: { readonly Activity: "Activity"; }; /** * the entity query kind */ export type CustomEntityQueryKind = (typeof CustomEntityQueryKind)[keyof typeof CustomEntityQueryKind]; export declare const DataConnectorDefinitionKind: { readonly Customizable: "Customizable"; }; /** * The data connector kind */ export type DataConnectorDefinitionKind = (typeof DataConnectorDefinitionKind)[keyof typeof DataConnectorDefinitionKind]; export declare const DataConnectorKind: { readonly AzureActiveDirectory: "AzureActiveDirectory"; readonly AzureSecurityCenter: "AzureSecurityCenter"; readonly MicrosoftCloudAppSecurity: "MicrosoftCloudAppSecurity"; readonly ThreatIntelligence: "ThreatIntelligence"; readonly MicrosoftThreatIntelligence: "MicrosoftThreatIntelligence"; readonly PremiumMicrosoftDefenderForThreatIntelligence: "PremiumMicrosoftDefenderForThreatIntelligence"; readonly Office365: "Office365"; readonly AmazonWebServicesCloudTrail: "AmazonWebServicesCloudTrail"; readonly AzureAdvancedThreatProtection: "AzureAdvancedThreatProtection"; readonly MicrosoftDefenderAdvancedThreatProtection: "MicrosoftDefenderAdvancedThreatProtection"; readonly RestApiPoller: "RestApiPoller"; }; /** * The data connector kind */ export type DataConnectorKind = (typeof DataConnectorKind)[keyof typeof DataConnectorKind]; export declare const DataTypeState: { readonly Enabled: "Enabled"; readonly Disabled: "Disabled"; }; /** * Describe whether this data type connection is enabled or not. */ export type DataTypeState = (typeof DataTypeState)[keyof typeof DataTypeState]; export declare const DeploymentFetchStatus: { readonly Success: "Success"; readonly Unauthorized: "Unauthorized"; readonly NotFound: "NotFound"; }; /** * Status while fetching the last deployment. */ export type DeploymentFetchStatus = (typeof DeploymentFetchStatus)[keyof typeof DeploymentFetchStatus]; export declare const DeploymentResult: { readonly Success: "Success"; readonly Canceled: "Canceled"; readonly Failed: "Failed"; }; /** * The outcome of the deployment. */ export type DeploymentResult = (typeof DeploymentResult)[keyof typeof DeploymentResult]; export declare const DeploymentState: { readonly In_Progress: "In_Progress"; readonly Completed: "Completed"; readonly Queued: "Queued"; readonly Canceling: "Canceling"; }; /** * Current status of the deployment. */ export type DeploymentState = (typeof DeploymentState)[keyof typeof DeploymentState]; export declare const EntityMappingType: { /** * User account entity type */ readonly Account: "Account"; /** * Host entity type */ readonly Host: "Host"; /** * IP address entity type */ readonly IP: "IP"; /** * Malware entity type */ readonly Malware: "Malware"; /** * System file entity type */ readonly File: "File"; /** * Process entity type */ readonly Process: "Process"; /** * Cloud app entity type */ readonly CloudApplication: "CloudApplication"; /** * DNS entity type */ readonly DNS: "DNS"; /** * Azure resource entity type */ readonly AzureResource: "AzureResource"; /** * File-hash entity type */ readonly FileHash: "FileHash"; /** * Registry key entity type */ readonly RegistryKey: "RegistryKey"; /** * Registry value entity type */ readonly RegistryValue: "RegistryValue"; /** * Security group entity type */ readonly SecurityGroup: "SecurityGroup"; /** * URL entity type */ readonly URL: "URL"; /** * Mailbox entity type */ readonly Mailbox: "Mailbox"; /** * Mail cluster entity type */ readonly MailCluster: "MailCluster"; /** * Mail message entity type */ readonly MailMessage: "MailMessage"; /** * Submission mail entity type */ readonly SubmissionMail: "SubmissionMail"; }; /** * The V3 type of the mapped entity */ export type EntityMappingType = (typeof EntityMappingType)[keyof typeof EntityMappingType]; export declare const EntityProviders: { readonly ActiveDirectory: "ActiveDirectory"; readonly AzureActiveDirectory: "AzureActiveDirectory"; }; /** * The entity provider that is synced. */ export type EntityProviders = (typeof EntityProviders)[keyof typeof EntityProviders]; export declare const EntityTimelineKind: { /** * activity */ readonly Activity: "Activity"; /** * bookmarks */ readonly Bookmark: "Bookmark"; /** * security alerts */ readonly SecurityAlert: "SecurityAlert"; /** * anomaly */ readonly Anomaly: "Anomaly"; }; /** * The entity query kind */ export type EntityTimelineKind = (typeof EntityTimelineKind)[keyof typeof EntityTimelineKind]; export declare const EntityType: { /** * Entity represents account in the system. */ readonly Account: "Account"; /** * Entity represents host in the system. */ readonly Host: "Host"; /** * Entity represents file in the system. */ readonly File: "File"; /** * Entity represents azure resource in the system. */ readonly AzureResource: "AzureResource"; /** * Entity represents cloud application in the system. */ readonly CloudApplication: "CloudApplication"; /** * Entity represents dns in the system. */ readonly DNS: "DNS"; /** * Entity represents file hash in the system. */ readonly FileHash: "FileHash"; /** * Entity represents ip in the system. */ readonly IP: "IP"; /** * Entity represents malware in the system. */ readonly Malware: "Malware"; /** * Entity represents process in the system. */ readonly Process: "Process"; /** * Entity represents registry key in the system. */ readonly RegistryKey: "RegistryKey"; /** * Entity represents registry value in the system. */ readonly RegistryValue: "RegistryValue"; /** * Entity represents security group in the system. */ readonly SecurityGroup: "SecurityGroup"; /** * Entity represents url in the system. */ readonly URL: "URL"; /** * Entity represents IoT device in the system. */ readonly IoTDevice: "IoTDevice"; /** * Entity represents security alert in the system. */ readonly SecurityAlert: "SecurityAlert"; /** * Entity represents HuntingBookmark in the system. */ readonly HuntingBookmark: "HuntingBookmark"; /** * Entity represents mail cluster in the system. */ readonly MailCluster: "MailCluster"; /** * Entity represents mail message in the system. */ readonly MailMessage: "MailMessage"; /** * Entity represents mailbox in the system. */ readonly Mailbox: "Mailbox"; /** * Entity represents submission mail in the system. */ readonly SubmissionMail: "SubmissionMail"; /** * Entity represents network interface in the system. */ readonly Nic: "Nic"; }; /** * The type of the query's source entity */ export type EntityType = (typeof EntityType)[keyof typeof EntityType]; export declare const EventGroupingAggregationKind: { readonly SingleAlert: "SingleAlert"; readonly AlertPerResult: "AlertPerResult"; }; /** * The event grouping aggregation kinds */ export type EventGroupingAggregationKind = (typeof EventGroupingAggregationKind)[keyof typeof EventGroupingAggregationKind]; export declare const FileFormat: { /** * A CSV file. */ readonly CSV: "CSV"; /** * A JSON file. */ readonly JSON: "JSON"; /** * A file of other format. */ readonly Unspecified: "Unspecified"; }; /** * The format of the file */ export type FileFormat = (typeof FileFormat)[keyof typeof FileFormat]; export declare const FileImportContentType: { /** * File containing records with the core fields of an indicator, plus the observables to construct the STIX pattern. */ readonly BasicIndicator: "BasicIndicator"; /** * File containing STIX indicators. */ readonly StixIndicator: "StixIndicator"; /** * File containing other records. */ readonly Unspecified: "Unspecified"; }; /** * The content type of this file. */ export type FileImportContentType = (typeof FileImportContentType)[keyof typeof FileImportContentType]; export declare const Flag: { readonly True: "true"; readonly False: "false"; }; /** * Flag indicates if this package is in preview. */ export type Flag = (typeof Flag)[keyof typeof Flag]; export declare const HttpMethodVerb: { readonly GET: "GET"; readonly POST: "POST"; readonly PUT: "PUT"; readonly DELETE: "DELETE"; }; /** * The HTTP method, default value GET. */ export type HttpMethodVerb = (typeof HttpMethodVerb)[keyof typeof HttpMethodVerb]; export declare const HttpsConfigurationType: { readonly HttpOnly: "HttpOnly"; readonly HttpsWithSslVerification: "HttpsWithSslVerification"; readonly HttpsWithoutSslVerification: "HttpsWithoutSslVerification"; }; /** * Represents the types of HTTPS configuration to connect to the SapControl service. */ export type HttpsConfigurationType = (typeof HttpsConfigurationType)[keyof typeof HttpsConfigurationType]; export declare const HypothesisStatus: { readonly Unknown: "Unknown"; readonly Invalidated: "Invalidated"; readonly Validated: "Validated"; }; /** * The hypothesis status of the hunt. */ export type HypothesisStatus = (typeof HypothesisStatus)[keyof typeof HypothesisStatus]; export declare const IncidentClassification: { /** * Incident classification was undetermined */ readonly Undetermined: "Undetermined"; /** * Incident was true positive */ readonly TruePositive: "TruePositive"; /** * Incident was benign positive */ readonly BenignPositive: "BenignPositive"; /** * Incident was false positive */ readonly FalsePositive: "FalsePositive"; }; /** * The reason the incident was closed */ export type IncidentClassification = (typeof IncidentClassification)[keyof typeof IncidentClassification]; export declare const IncidentClassificationReason: { /** * Classification reason was suspicious activity */ readonly SuspiciousActivity: "SuspiciousActivity"; /** * Classification reason was suspicious but expected */ readonly SuspiciousButExpected: "SuspiciousButExpected"; /** * Classification reason was incorrect alert logic */ readonly IncorrectAlertLogic: "IncorrectAlertLogic"; /** * Classification reason was inaccurate data */ readonly InaccurateData: "InaccurateData"; }; /** * The classification reason the incident was closed with */ export type IncidentClassificationReason = (typeof IncidentClassificationReason)[keyof typeof IncidentClassificationReason]; export declare const IncidentSeverity: { /** * High severity */ readonly High: "High"; /** * Medium severity */ readonly Medium: "Medium"; /** * Low severity */ readonly Low: "Low"; /** * Informational severity */ readonly Informational: "Informational"; }; /** * The severity of the incident */ export type IncidentSeverity = (typeof IncidentSeverity)[keyof typeof IncidentSeverity]; export declare const IncidentStatus: { /** * An active incident which isn't being handled currently */ readonly New: "New"; /** * An active incident which is being handled */ readonly Active: "Active"; /** * A non-active incident */ readonly Closed: "Closed"; }; /** * The status of the incident */ export type IncidentStatus = (typeof IncidentStatus)[keyof typeof IncidentStatus]; export declare const IncidentTaskStatus: { /** * A new task */ readonly New: "New"; /** * A completed task */ readonly Completed: "Completed"; }; /** * The status of the task */ export type IncidentTaskStatus = (typeof IncidentTaskStatus)[keyof typeof IncidentTaskStatus]; export declare const IngestionMode: { /** * No records should be ingested when invalid records are detected. */ readonly IngestOnlyIfAllAreValid: "IngestOnlyIfAllAreValid"; /** * Valid records should still be ingested when invalid records are detected. */ readonly IngestAnyValidRecords: "IngestAnyValidRecords"; /** * Unspecified */ readonly Unspecified: "Unspecified"; }; /** * Describes how to ingest the records in the file. */ export type IngestionMode = (typeof IngestionMode)[keyof typeof IngestionMode]; export declare const IngestionType: { readonly Full: "Full"; readonly Incremental: "Incremental"; }; /** * Types of ingestion. */ export type IngestionType = (typeof IngestionType)[keyof typeof IngestionType]; export declare const KeyVaultAuthenticationMode: { readonly ManagedIdentity: "ManagedIdentity"; readonly ServicePrincipal: "ServicePrincipal"; }; /** * The key mode of the agent. * ManagedIdentity|ApplicationIdentity are the options */ export type KeyVaultAuthenticationMode = (typeof KeyVaultAuthenticationMode)[keyof typeof KeyVaultAuthenticationMode]; export declare const Kind: { readonly DataConnector: "DataConnector"; readonly DataType: "DataType"; readonly Workbook: "Workbook"; readonly WorkbookTemplate: "WorkbookTemplate"; readonly Playbook: "Playbook"; readonly PlaybookTemplate: "PlaybookTemplate"; readonly AnalyticsRuleTemplate: "AnalyticsRuleTemplate"; readonly AnalyticsRule: "AnalyticsRule"; readonly HuntingQuery: "HuntingQuery"; readonly InvestigationQuery: "InvestigationQuery"; readonly Parser: "Parser"; readonly Watchlist: "Watchlist"; readonly WatchlistTemplate: "WatchlistTemplate"; readonly Solution: "Solution"; readonly AzureFunction: "AzureFunction"; readonly LogicAppsCustomConnector: "LogicAppsCustomConnector"; readonly AutomationRule: "AutomationRule"; }; /** * Type of the content item we depend on */ export type Kind = (typeof Kind)[keyof typeof Kind]; export declare const LogStatusType: { readonly Enabled: "Enabled"; readonly Disabled: "Disabled"; }; /** * Types of log status. */ export type LogStatusType = (typeof LogStatusType)[keyof typeof LogStatusType]; export declare const LogType: { readonly AbapAuditLog: "AbapAuditLog"; readonly AbapJobLog: "AbapJobLog"; readonly AbapSpoolLog: "AbapSpoolLog"; readonly AbapSpoolOutputLog: "AbapSpoolOutputLog"; readonly AbapChangeDocsLog: "AbapChangeDocsLog"; readonly AbapAppLog: "AbapAppLog"; readonly AbapWorkflowLog: "AbapWorkflowLog"; readonly AbapCrLog: "AbapCrLog"; readonly AbapTableDataLog: "AbapTableDataLog"; readonly AbapFilesLogs: "AbapFilesLogs"; readonly JavaFilesLogs: "JavaFilesLogs"; readonly AGRTCODES: "AGRTCODES"; readonly USR01: "USR01"; readonly USR02: "USR02"; readonly AGR1251: "AGR1251"; readonly AGRUSERS: "AGRUSERS"; readonly AGRPROF: "AGRPROF"; readonly UST04: "UST04"; readonly USR21: "USR21"; readonly ADR6: "ADR6"; readonly ADCP: "ADCP"; readonly USR05: "USR05"; readonly USGRPUSER: "USGRPUSER"; readonly USERADDR: "USERADDR"; readonly DEVACCESS: "DEVACCESS"; readonly AGRDEFINE: "AGRDEFINE"; readonly PAHI: "PAHI"; readonly AGRAGRS: "AGRAGRS"; readonly USRSTAMP: "USRSTAMP"; readonly AGRFLAGS: "AGRFLAGS"; readonly SNCSYSACL: "SNCSYSACL"; readonly USRACL: "USRACL"; }; /** * Types of logs and tables. */ export type LogType = (typeof LogType)[keyof typeof LogType]; export declare const MatchingMethod: { /** * Grouping alerts into a single incident if all the entities match */ readonly AllEntities: "AllEntities"; /** * Grouping any alerts triggered by this rule into a single incident */ readonly AnyAlert: "AnyAlert"; /** * Grouping alerts into a single incident if the selected entities, custom details and alert details match */ readonly Selected: "Selected"; }; /** * Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. */ export type MatchingMethod = (typeof MatchingMethod)[keyof typeof MatchingMethod]; export declare const MicrosoftSecurityProductName: { readonly Microsoft_Cloud_App_Security: "Microsoft Cloud App Security"; readonly Azure_Security_Center: "Azure Security Center"; readonly Azure_Advanced_Threat_Protection: "Azure Advanced Threat Protection"; readonly Azure_Active_Directory_Identity_Protection: "Azure Active Directory Identity Protection"; readonly Azure_Security_Center_for_IoT: "Azure Security Center for IoT"; }; /** * The alerts' productName on which the cases will be generated */ export type MicrosoftSecurityProductName = (typeof MicrosoftSecurityProductName)[keyof typeof MicrosoftSecurityProductName]; export declare const Mode: { /** * The workspace manager configuration is enabled */ readonly Enabled: "Enabled"; /** * The workspace manager configuration is disabled */ readonly Disabled: "Disabled"; }; /** * The current mode of the workspace manager configuration */ export type Mode = (typeof Mode)[keyof typeof Mode]; export declare const Operator: { readonly AND: "AND"; readonly OR: "OR"; }; /** * Operator used for list of dependencies in criteria array. */ export type Operator = (typeof Operator)[keyof typeof Operator]; export declare const OwnerType: { /** * The incident owner type is unknown */ readonly Unknown: "Unknown"; /** * The incident owner type is an AAD user */ readonly User: "User"; /** * The incident owner type is an AAD group */ readonly Group: "Group"; }; /** * The type of the owner the incident is assigned to. */ export type OwnerType = (typeof OwnerType)[keyof typeof OwnerType]; export declare const PackageKind: { readonly Solution: "Solution"; readonly Standalone: "Standalone"; }; /** * the packageKind of the package contains this template */ export type PackageKind = (typeof PackageKind)[keyof typeof PackageKind]; export declare const ProviderPermissionsScope: { readonly Subscription: "Subscription"; readonly ResourceGroup: "ResourceGroup"; readonly Workspace: "Workspace"; }; /** * The scope on which the user should have permissions, in order to be able to create connections. */ export type ProviderPermissionsScope = (typeof ProviderPermissionsScope)[keyof typeof ProviderPermissionsScope]; export declare const RepoType: { readonly Github: "Github"; readonly DevOps: "DevOps"; }; /** * The repository type of the source control */ export type RepoType = (typeof RepoType)[keyof typeof RepoType]; export declare const RepositoryAccessKind: { readonly OAuth: "OAuth"; readonly PAT: "PAT"; readonly App: "App"; }; /** * The kind of repository access credentials */ export type RepositoryAccessKind = (typeof RepositoryAccessKind)[keyof typeof RepositoryAccessKind]; export declare const RestApiPollerRequestPagingKind: { readonly LinkHeader: "LinkHeader"; readonly NextPageToken: "NextPageToken"; readonly NextPageUrl: "NextPageUrl"; readonly PersistentToken: "PersistentToken"; readonly PersistentLinkHeader: "PersistentLinkHeader"; readonly Offset: "Offset"; readonly CountBasedPaging: "CountBasedPaging"; }; /** * Type of paging */ export type RestApiPollerRequestPagingKind = (typeof RestApiPollerRequestPagingKind)[keyof typeof RestApiPollerRequestPagingKind]; export declare const SapAuthenticationType: { readonly UsernamePassword: "UsernamePassword"; readonly Snc: "Snc"; readonly SncWithUsernamePassword: "SncWithUsernamePassword"; }; /** * The authentication type to SAP. */ export type SapAuthenticationType = (typeof SapAuthenticationType)[keyof typeof SapAuthenticationType]; export declare const SecretSource: { readonly AzureKeyVault: "AzureKeyVault"; }; /** * The secret source of the agent. * AzureKeyVault is the option */ export type SecretSource = (typeof SecretSource)[keyof typeof SecretSource]; export declare const SecurityMLAnalyticsSettingsKind: { readonly Anomaly: "Anomaly"; }; /** * The kind of security ML Analytics Settings */ export type SecurityMLAnalyticsSettingsKind = (typeof SecurityMLAnalyticsSettingsKind)[keyof typeof SecurityMLAnalyticsSettingsKind]; export declare const SettingKind: { readonly Anomalies: "Anomalies"; readonly EyesOn: "EyesOn"; readonly EntityAnalytics: "EntityAnalytics"; readonly Ueba: "Ueba"; }; /** * The kind of the setting */ export type SettingKind = (typeof SettingKind)[keyof typeof SettingKind]; export declare const SettingsStatus: { /** * Anomaly settings status in Production mode */ readonly Production: "Production"; /** * Anomaly settings status in Flighting mode */ readonly Flighting: "Flighting"; }; /** * The anomaly SecurityMLAnalyticsSettings status */ export type SettingsStatus = (typeof SettingsStatus)[keyof typeof SettingsStatus]; export declare const SourceKind: { readonly LocalWorkspace: "LocalWorkspace"; readonly Community: "Community"; readonly Solution: "Solution"; readonly SourceRepository: "SourceRepository"; }; /** * Source type of the content */ export type SourceKind = (typeof SourceKind)[keyof typeof SourceKind]; export declare const SourceType: { /** * The source from local file. */ readonly Local: "Local"; /** * The source from Azure storage. */ readonly AzureStorage: "AzureStorage"; }; /** * The sourceType of the watchlist */ export type SourceType = (typeof SourceType)[keyof typeof SourceType]; export declare const Status: { readonly New: "New"; readonly Active: "Active"; readonly Closed: "Closed"; readonly Backlog: "Backlog"; readonly Approved: "Approved"; }; /** * The status of the hunt. */ export type Status = (typeof Status)[keyof typeof Status]; export declare const SupportTier: { readonly Microsoft: "Microsoft"; readonly Partner: "Partner"; readonly Community: "Community"; }; /** * Type of support for content item */ export type SupportTier = (typeof SupportTier)[keyof typeof SupportTier]; export declare const SystemConfigurationConnectorType: { readonly Rfc: "Rfc"; readonly SapControl: "SapControl"; }; /** * Represents the types of SAP systems. */ export type SystemConfigurationConnectorType = (typeof SystemConfigurationConnectorType)[keyof typeof SystemConfigurationConnectorType]; export declare const SystemStatusType: { readonly Running: "Running"; readonly Stopped: "Stopped"; }; /** * The status of the system. */ export type SystemStatusType = (typeof SystemStatusType)[keyof typeof SystemStatusType]; export declare const ThreatIntelligenceResourceInnerKind: { /** * Entity represents threat intelligence indicator in the system. */ readonly Indicator: "indicator"; }; /** * The kind of the entity. */ export type ThreatIntelligenceResourceInnerKind = (typeof ThreatIntelligenceResourceInnerKind)[keyof typeof ThreatIntelligenceResourceInnerKind]; export declare const TriggerOperator: { readonly GreaterThan: "GreaterThan"; readonly LessThan: "LessThan"; readonly Equal: "Equal"; readonly NotEqual: "NotEqual"; }; /** * The operation against the threshold that triggers alert rule. */ export type TriggerOperator = (typeof TriggerOperator)[keyof typeof TriggerOperator]; export declare const TriggersOn: { /** * Trigger on Incidents */ readonly Incidents: "Incidents"; /** * Trigger on Alerts */ readonly Alerts: "Alerts"; }; export type TriggersOn = (typeof TriggersOn)[keyof typeof TriggersOn]; export declare const TriggersWhen: { /** * Trigger on created objects */ readonly Created: "Created"; /** * Trigger on updated objects */ readonly Updated: "Updated"; }; export type TriggersWhen = (typeof TriggersWhen)[keyof typeof TriggersWhen]; export declare const UebaDataSources: { readonly AuditLogs: "AuditLogs"; readonly AzureActivity: "AzureActivity"; readonly SecurityEvent: "SecurityEvent"; readonly SigninLogs: "SigninLogs"; }; /** * The data source that enriched by ueba. */ export type UebaDataSources = (typeof UebaDataSources)[keyof typeof UebaDataSources]; export declare const Version: { readonly V1: "V1"; readonly V2: "V2"; }; /** * The version number associated with the source control */ export type Version = (typeof Version)[keyof typeof Version];