@azure/arm-securityinsight 1.0.0-beta.1

package/review/arm-securityinsight.api.md

@@ -0,0 +1,5007 @@
+## API Report File for "@azure/arm-securityinsight"
+
+> Do not edit this file. It is a report generated by [API Extractor](https://api-extractor.com/).
+
+```ts
+
+import * as coreAuth from '@azure/core-auth';
+import * as coreClient from '@azure/core-client';
+import { PagedAsyncIterableIterator } from '@azure/core-paging';
+
+// @public
+export type AADCheckRequirements = DataConnectorsCheckRequirements & {
+    kind: "AzureActiveDirectory";
+    tenantId?: string;
+};
+
+// @public
+export type AADCheckRequirementsProperties = DataConnectorTenantId & {};
+
+// @public
+export type AADDataConnector = DataConnector & {
+    tenantId?: string;
+    dataTypes?: AlertsDataTypeOfDataConnector;
+};
+
+// @public
+export type AADDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {};
+
+// @public
+export type AatpCheckRequirements = DataConnectorsCheckRequirements & {
+    kind: "AzureAdvancedThreatProtection";
+    tenantId?: string;
+};
+
+// @public
+export type AatpCheckRequirementsProperties = DataConnectorTenantId & {};
+
+// @public
+export type AatpDataConnector = DataConnector & {
+    tenantId?: string;
+    dataTypes?: AlertsDataTypeOfDataConnector;
+};
+
+// @public
+export type AatpDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {};
+
+// @public
+export type AccountEntity = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    readonly aadTenantId?: string;
+    readonly aadUserId?: string;
+    readonly accountName?: string;
+    readonly displayName?: string;
+    readonly hostEntityId?: string;
+    readonly isDomainJoined?: boolean;
+    readonly ntDomain?: string;
+    readonly objectGuid?: string;
+    readonly puid?: string;
+    readonly sid?: string;
+    readonly upnSuffix?: string;
+    readonly dnsDomain?: string;
+};
+
+// @public
+export type AccountEntityProperties = EntityCommonProperties & {
+    readonly aadTenantId?: string;
+    readonly aadUserId?: string;
+    readonly accountName?: string;
+    readonly displayName?: string;
+    readonly hostEntityId?: string;
+    readonly isDomainJoined?: boolean;
+    readonly ntDomain?: string;
+    readonly objectGuid?: string;
+    readonly puid?: string;
+    readonly sid?: string;
+    readonly upnSuffix?: string;
+    readonly dnsDomain?: string;
+};
+
+// @public
+export interface ActionPropertiesBase {
+    logicAppResourceId: string;
+}
+
+// @public
+export type ActionRequest = ResourceWithEtag & {
+    logicAppResourceId?: string;
+    triggerUri?: string;
+};
+
+// @public
+export type ActionRequestProperties = ActionPropertiesBase & {
+    triggerUri: string;
+};
+
+// @public
+export type ActionResponse = ResourceWithEtag & {
+    logicAppResourceId?: string;
+    workflowId?: string;
+};
+
+// @public
+export type ActionResponseProperties = ActionPropertiesBase & {
+    workflowId?: string;
+};
+
+// @public
+export interface Actions {
+    createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, action: ActionRequest, options?: ActionsCreateOrUpdateOptionalParams): Promise<ActionsCreateOrUpdateResponse>;
+    delete(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, options?: ActionsDeleteOptionalParams): Promise<void>;
+    get(resourceGroupName: string, workspaceName: string, ruleId: string, actionId: string, options?: ActionsGetOptionalParams): Promise<ActionsGetResponse>;
+    listByAlertRule(resourceGroupName: string, workspaceName: string, ruleId: string, options?: ActionsListByAlertRuleOptionalParams): PagedAsyncIterableIterator<ActionResponse>;
+}
+
+// @public
+export interface ActionsCreateOrUpdateOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type ActionsCreateOrUpdateResponse = ActionResponse;
+
+// @public
+export interface ActionsDeleteOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface ActionsGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type ActionsGetResponse = ActionResponse;
+
+// @public
+export interface ActionsList {
+    readonly nextLink?: string;
+    value: ActionResponse[];
+}
+
+// @public
+export interface ActionsListByAlertRuleNextOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type ActionsListByAlertRuleNextResponse = ActionsList;
+
+// @public
+export interface ActionsListByAlertRuleOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type ActionsListByAlertRuleResponse = ActionsList;
+
+// @public
+export type ActivityCustomEntityQuery = CustomEntityQuery & {
+    title?: string;
+    content?: string;
+    description?: string;
+    queryDefinitions?: ActivityEntityQueriesPropertiesQueryDefinitions;
+    inputEntityType?: EntityType;
+    requiredInputFieldsSets?: string[][];
+    entitiesFilter?: {
+        [propertyName: string]: string[];
+    };
+    templateName?: string;
+    enabled?: boolean;
+    readonly createdTimeUtc?: Date;
+    readonly lastModifiedTimeUtc?: Date;
+};
+
+// @public
+export interface ActivityEntityQueriesPropertiesQueryDefinitions {
+    query?: string;
+}
+
+// @public
+export type ActivityEntityQuery = EntityQuery & {
+    title?: string;
+    content?: string;
+    description?: string;
+    queryDefinitions?: ActivityEntityQueriesPropertiesQueryDefinitions;
+    inputEntityType?: EntityType;
+    requiredInputFieldsSets?: string[][];
+    entitiesFilter?: {
+        [propertyName: string]: string[];
+    };
+    templateName?: string;
+    enabled?: boolean;
+    readonly createdTimeUtc?: Date;
+    readonly lastModifiedTimeUtc?: Date;
+};
+
+// @public
+export type ActivityEntityQueryTemplate = EntityQueryTemplate & {
+    title?: string;
+    content?: string;
+    description?: string;
+    queryDefinitions?: ActivityEntityQueryTemplatePropertiesQueryDefinitions;
+    dataTypes?: DataTypeDefinitions[];
+    inputEntityType?: EntityType;
+    requiredInputFieldsSets?: string[][];
+    entitiesFilter?: {
+        [propertyName: string]: string[];
+    };
+};
+
+// @public
+export interface ActivityEntityQueryTemplatePropertiesQueryDefinitions {
+    query?: string;
+    summarizeBy?: string;
+}
+
+// @public
+export type ActivityTimelineItem = EntityTimelineItem & {
+    kind: "Activity";
+    queryId: string;
+    bucketStartTimeUTC: Date;
+    bucketEndTimeUTC: Date;
+    firstActivityTimeUTC: Date;
+    lastActivityTimeUTC: Date;
+    content: string;
+    title: string;
+};
+
+// @public
+export type AlertDetail = string;
+
+// @public
+export interface AlertDetailsOverride {
+    alertDescriptionFormat?: string;
+    alertDisplayNameFormat?: string;
+    alertSeverityColumnName?: string;
+    alertTacticsColumnName?: string;
+}
+
+// @public
+export type AlertRule = ResourceWithEtag & {
+    kind: AlertRuleKind;
+};
+
+// @public
+export type AlertRuleKind = string;
+
+// @public
+export interface AlertRules {
+    createOrUpdate(resourceGroupName: string, workspaceName: string, ruleId: string, alertRule: AlertRuleUnion, options?: AlertRulesCreateOrUpdateOptionalParams): Promise<AlertRulesCreateOrUpdateResponse>;
+    delete(resourceGroupName: string, workspaceName: string, ruleId: string, options?: AlertRulesDeleteOptionalParams): Promise<void>;
+    get(resourceGroupName: string, workspaceName: string, ruleId: string, options?: AlertRulesGetOptionalParams): Promise<AlertRulesGetResponse>;
+    list(resourceGroupName: string, workspaceName: string, options?: AlertRulesListOptionalParams): PagedAsyncIterableIterator<AlertRuleUnion>;
+}
+
+// @public
+export interface AlertRulesCreateOrUpdateOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type AlertRulesCreateOrUpdateResponse = AlertRuleUnion;
+
+// @public
+export interface AlertRulesDeleteOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface AlertRulesGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type AlertRulesGetResponse = AlertRuleUnion;
+
+// @public
+export interface AlertRulesList {
+    readonly nextLink?: string;
+    value: AlertRuleUnion[];
+}
+
+// @public
+export interface AlertRulesListNextOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type AlertRulesListNextResponse = AlertRulesList;
+
+// @public
+export interface AlertRulesListOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type AlertRulesListResponse = AlertRulesList;
+
+// @public
+export type AlertRuleTemplate = Resource & {
+    kind: AlertRuleKind;
+};
+
+// @public
+export interface AlertRuleTemplateDataSource {
+    connectorId?: string;
+    dataTypes?: string[];
+}
+
+// @public
+export interface AlertRuleTemplatePropertiesBase {
+    alertRulesCreatedByTemplateCount?: number;
+    readonly createdDateUTC?: Date;
+    description?: string;
+    displayName?: string;
+    readonly lastUpdatedDateUTC?: Date;
+    requiredDataConnectors?: AlertRuleTemplateDataSource[];
+    status?: TemplateStatus;
+}
+
+// @public
+export interface AlertRuleTemplates {
+    get(resourceGroupName: string, workspaceName: string, alertRuleTemplateId: string, options?: AlertRuleTemplatesGetOptionalParams): Promise<AlertRuleTemplatesGetResponse>;
+    list(resourceGroupName: string, workspaceName: string, options?: AlertRuleTemplatesListOptionalParams): PagedAsyncIterableIterator<AlertRuleTemplateUnion>;
+}
+
+// @public
+export interface AlertRuleTemplatesGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type AlertRuleTemplatesGetResponse = AlertRuleTemplateUnion;
+
+// @public
+export interface AlertRuleTemplatesList {
+    readonly nextLink?: string;
+    value: AlertRuleTemplateUnion[];
+}
+
+// @public
+export interface AlertRuleTemplatesListNextOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type AlertRuleTemplatesListNextResponse = AlertRuleTemplatesList;
+
+// @public
+export interface AlertRuleTemplatesListOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type AlertRuleTemplatesListResponse = AlertRuleTemplatesList;
+
+// @public (undocumented)
+export type AlertRuleTemplateUnion = AlertRuleTemplate | MLBehaviorAnalyticsAlertRuleTemplate | FusionAlertRuleTemplate | ThreatIntelligenceAlertRuleTemplate | MicrosoftSecurityIncidentCreationAlertRuleTemplate | ScheduledAlertRuleTemplate | NrtAlertRuleTemplate;
+
+// @public (undocumented)
+export type AlertRuleUnion = AlertRule | MLBehaviorAnalyticsAlertRule | FusionAlertRule | ThreatIntelligenceAlertRule | MicrosoftSecurityIncidentCreationAlertRule | ScheduledAlertRule | NrtAlertRule;
+
+// @public
+export interface AlertsDataTypeOfDataConnector {
+    alerts: DataConnectorDataTypeCommon;
+}
+
+// @public
+export type AlertSeverity = string;
+
+// @public
+export type AlertStatus = string;
+
+// @public
+export type Anomalies = Settings & {
+    readonly isEnabled?: boolean;
+};
+
+// @public
+export type AntispamMailDirection = string;
+
+// @public
+export type ASCCheckRequirements = DataConnectorsCheckRequirements & {
+    kind: "AzureSecurityCenter";
+    subscriptionId?: string;
+};
+
+// @public
+export type ASCDataConnector = DataConnector & {
+    dataTypes?: AlertsDataTypeOfDataConnector;
+    subscriptionId?: string;
+};
+
+// @public
+export type ASCDataConnectorProperties = DataConnectorWithAlertsProperties & {
+    subscriptionId?: string;
+};
+
+// @public
+export type AttackTactic = string;
+
+// @public
+export type AutomationRule = ResourceWithEtag & {
+    displayName?: string;
+    order?: number;
+    triggeringLogic?: AutomationRuleTriggeringLogic;
+    actions?: AutomationRuleActionUnion[];
+    readonly createdTimeUtc?: Date;
+    readonly lastModifiedTimeUtc?: Date;
+    readonly createdBy?: ClientInfo;
+    readonly lastModifiedBy?: ClientInfo;
+};
+
+// @public
+export interface AutomationRuleAction {
+    actionType: "RunPlaybook" | "ModifyProperties";
+    order: number;
+}
+
+// @public
+export type AutomationRuleActionType = string;
+
+// @public (undocumented)
+export type AutomationRuleActionUnion = AutomationRuleAction | AutomationRuleRunPlaybookAction | AutomationRuleModifyPropertiesAction;
+
+// @public
+export interface AutomationRuleCondition {
+    conditionType: "Property";
+}
+
+// @public
+export type AutomationRuleConditionType = string;
+
+// @public (undocumented)
+export type AutomationRuleConditionUnion = AutomationRuleCondition | AutomationRulePropertyValuesCondition;
+
+// @public
+export type AutomationRuleModifyPropertiesAction = AutomationRuleAction & {
+    actionType: "ModifyProperties";
+    actionConfiguration: AutomationRuleModifyPropertiesActionConfiguration;
+};
+
+// @public
+export interface AutomationRuleModifyPropertiesActionConfiguration {
+    classification?: IncidentClassification;
+    classificationComment?: string;
+    classificationReason?: IncidentClassificationReason;
+    labels?: IncidentLabel[];
+    owner?: IncidentOwnerInfo;
+    severity?: IncidentSeverity;
+    status?: IncidentStatus;
+}
+
+// @public
+export type AutomationRulePropertyConditionSupportedOperator = string;
+
+// @public
+export type AutomationRulePropertyConditionSupportedProperty = string;
+
+// @public
+export type AutomationRulePropertyValuesCondition = AutomationRuleCondition & {
+    conditionType: "Property";
+    conditionProperties: AutomationRulePropertyValuesConditionProperties;
+};
+
+// @public
+export interface AutomationRulePropertyValuesConditionProperties {
+    operator?: AutomationRulePropertyConditionSupportedOperator;
+    propertyName?: AutomationRulePropertyConditionSupportedProperty;
+    propertyValues?: string[];
+}
+
+// @public
+export type AutomationRuleRunPlaybookAction = AutomationRuleAction & {
+    actionType: "RunPlaybook";
+    actionConfiguration: AutomationRuleRunPlaybookActionConfiguration;
+};
+
+// @public
+export interface AutomationRuleRunPlaybookActionConfiguration {
+    logicAppResourceId?: string;
+    tenantId?: string;
+}
+
+// @public
+export interface AutomationRules {
+    createOrUpdate(resourceGroupName: string, workspaceName: string, automationRuleId: string, automationRule: AutomationRule, options?: AutomationRulesCreateOrUpdateOptionalParams): Promise<AutomationRulesCreateOrUpdateResponse>;
+    delete(resourceGroupName: string, workspaceName: string, automationRuleId: string, options?: AutomationRulesDeleteOptionalParams): Promise<void>;
+    get(resourceGroupName: string, workspaceName: string, automationRuleId: string, options?: AutomationRulesGetOptionalParams): Promise<AutomationRulesGetResponse>;
+    list(resourceGroupName: string, workspaceName: string, options?: AutomationRulesListOptionalParams): PagedAsyncIterableIterator<AutomationRule>;
+}
+
+// @public
+export interface AutomationRulesCreateOrUpdateOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type AutomationRulesCreateOrUpdateResponse = AutomationRule;
+
+// @public
+export interface AutomationRulesDeleteOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface AutomationRulesGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type AutomationRulesGetResponse = AutomationRule;
+
+// @public
+export interface AutomationRulesList {
+    readonly nextLink?: string;
+    value: AutomationRule[];
+}
+
+// @public
+export interface AutomationRulesListNextOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type AutomationRulesListNextResponse = AutomationRulesList;
+
+// @public
+export interface AutomationRulesListOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type AutomationRulesListResponse = AutomationRulesList;
+
+// @public
+export interface AutomationRuleTriggeringLogic {
+    conditions?: AutomationRuleConditionUnion[];
+    expirationTimeUtc?: Date;
+    isEnabled: boolean;
+    triggersOn: TriggersOn;
+    triggersWhen: TriggersWhen;
+}
+
+// @public
+export interface Availability {
+    isPreview?: boolean;
+    status?: "1";
+}
+
+// @public
+export type AwsCloudTrailCheckRequirements = DataConnectorsCheckRequirements & {
+    kind: "AmazonWebServicesCloudTrail";
+};
+
+// @public
+export type AwsCloudTrailDataConnector = DataConnector & {
+    awsRoleArn?: string;
+    dataTypes?: AwsCloudTrailDataConnectorDataTypes;
+};
+
+// @public
+export interface AwsCloudTrailDataConnectorDataTypes {
+    logs: AwsCloudTrailDataConnectorDataTypesLogs;
+}
+
+// @public
+export type AwsCloudTrailDataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {};
+
+// @public
+export type AwsS3CheckRequirements = DataConnectorsCheckRequirements & {
+    kind: "AmazonWebServicesS3";
+};
+
+// @public
+export type AwsS3DataConnector = DataConnector & {
+    destinationTable?: string;
+    sqsUrls?: string[];
+    roleArn?: string;
+    dataTypes?: AwsS3DataConnectorDataTypes;
+};
+
+// @public
+export interface AwsS3DataConnectorDataTypes {
+    logs: AwsS3DataConnectorDataTypesLogs;
+}
+
+// @public
+export type AwsS3DataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {};
+
+// @public
+export type AzureResourceEntity = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    readonly resourceId?: string;
+    readonly subscriptionId?: string;
+};
+
+// @public
+export type AzureResourceEntityProperties = EntityCommonProperties & {
+    readonly resourceId?: string;
+    readonly subscriptionId?: string;
+};
+
+// @public
+export type Bookmark = ResourceWithEtag & {
+    created?: Date;
+    createdBy?: UserInfo;
+    displayName?: string;
+    labels?: string[];
+    notes?: string;
+    query?: string;
+    queryResult?: string;
+    updated?: Date;
+    updatedBy?: UserInfo;
+    eventTime?: Date;
+    queryStartTime?: Date;
+    queryEndTime?: Date;
+    incidentInfo?: IncidentInfo;
+};
+
+// @public
+export type BookmarkExpandOperationResponse = BookmarkExpandResponse;
+
+// @public
+export interface BookmarkExpandOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface BookmarkExpandParameters {
+    endTime?: Date;
+    expansionId?: string;
+    startTime?: Date;
+}
+
+// @public
+export interface BookmarkExpandResponse {
+    metaData?: ExpansionResultsMetadata;
+    value?: BookmarkExpandResponseValue;
+}
+
+// @public
+export interface BookmarkExpandResponseValue {
+    edges?: ConnectedEntity[];
+    entities?: EntityUnion[];
+}
+
+// @public
+export interface BookmarkList {
+    readonly nextLink?: string;
+    value: Bookmark[];
+}
+
+// @public
+export interface BookmarkOperations {
+    expand(resourceGroupName: string, workspaceName: string, bookmarkId: string, parameters: BookmarkExpandParameters, options?: BookmarkExpandOptionalParams): Promise<BookmarkExpandOperationResponse>;
+}
+
+// @public
+export interface BookmarkRelations {
+    createOrUpdate(resourceGroupName: string, workspaceName: string, bookmarkId: string, relationName: string, relation: Relation, options?: BookmarkRelationsCreateOrUpdateOptionalParams): Promise<BookmarkRelationsCreateOrUpdateResponse>;
+    delete(resourceGroupName: string, workspaceName: string, bookmarkId: string, relationName: string, options?: BookmarkRelationsDeleteOptionalParams): Promise<void>;
+    get(resourceGroupName: string, workspaceName: string, bookmarkId: string, relationName: string, options?: BookmarkRelationsGetOptionalParams): Promise<BookmarkRelationsGetResponse>;
+    list(resourceGroupName: string, workspaceName: string, bookmarkId: string, options?: BookmarkRelationsListOptionalParams): PagedAsyncIterableIterator<Relation>;
+}
+
+// @public
+export interface BookmarkRelationsCreateOrUpdateOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type BookmarkRelationsCreateOrUpdateResponse = Relation;
+
+// @public
+export interface BookmarkRelationsDeleteOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface BookmarkRelationsGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type BookmarkRelationsGetResponse = Relation;
+
+// @public
+export interface BookmarkRelationsListNextOptionalParams extends coreClient.OperationOptions {
+    filter?: string;
+    orderby?: string;
+    skipToken?: string;
+    top?: number;
+}
+
+// @public
+export type BookmarkRelationsListNextResponse = RelationList;
+
+// @public
+export interface BookmarkRelationsListOptionalParams extends coreClient.OperationOptions {
+    filter?: string;
+    orderby?: string;
+    skipToken?: string;
+    top?: number;
+}
+
+// @public
+export type BookmarkRelationsListResponse = RelationList;
+
+// @public
+export interface Bookmarks {
+    createOrUpdate(resourceGroupName: string, workspaceName: string, bookmarkId: string, bookmark: Bookmark, options?: BookmarksCreateOrUpdateOptionalParams): Promise<BookmarksCreateOrUpdateResponse>;
+    delete(resourceGroupName: string, workspaceName: string, bookmarkId: string, options?: BookmarksDeleteOptionalParams): Promise<void>;
+    get(resourceGroupName: string, workspaceName: string, bookmarkId: string, options?: BookmarksGetOptionalParams): Promise<BookmarksGetResponse>;
+    list(resourceGroupName: string, workspaceName: string, options?: BookmarksListOptionalParams): PagedAsyncIterableIterator<Bookmark>;
+}
+
+// @public
+export interface BookmarksCreateOrUpdateOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type BookmarksCreateOrUpdateResponse = Bookmark;
+
+// @public
+export interface BookmarksDeleteOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface BookmarksGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type BookmarksGetResponse = Bookmark;
+
+// @public
+export interface BookmarksListNextOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type BookmarksListNextResponse = BookmarkList;
+
+// @public
+export interface BookmarksListOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type BookmarksListResponse = BookmarkList;
+
+// @public
+export type BookmarkTimelineItem = EntityTimelineItem & {
+    kind: "Bookmark";
+    azureResourceId: string;
+    displayName?: string;
+    notes?: string;
+    endTimeUtc?: Date;
+    startTimeUtc?: Date;
+    eventTime?: Date;
+    createdBy?: UserInfo;
+    labels?: string[];
+};
+
+// @public
+export interface ClientInfo {
+    email?: string;
+    name?: string;
+    objectId?: string;
+    userPrincipalName?: string;
+}
+
+// @public
+export type CloudApplicationEntity = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    readonly appId?: number;
+    readonly appName?: string;
+    readonly instanceName?: string;
+};
+
+// @public
+export type CloudApplicationEntityProperties = EntityCommonProperties & {
+    readonly appId?: number;
+    readonly appName?: string;
+    readonly instanceName?: string;
+};
+
+// @public
+export interface CloudError {
+    error?: CloudErrorBody;
+}
+
+// @public
+export interface CloudErrorBody {
+    readonly code?: string;
+    readonly message?: string;
+}
+
+// @public
+export type CodelessApiPollingDataConnector = DataConnector & {
+    connectorUiConfig?: CodelessUiConnectorConfigProperties;
+    pollingConfig?: CodelessConnectorPollingConfigProperties;
+};
+
+// @public
+export interface CodelessConnectorPollingAuthProperties {
+    apiKeyIdentifier?: string;
+    apiKeyName?: string;
+    authorizationEndpoint?: string;
+    authorizationEndpointQueryParameters?: Record<string, unknown>;
+    authType: string;
+    flowName?: string;
+    isApiKeyInPostPayload?: string;
+    isClientSecretInHeader?: boolean;
+    redirectionEndpoint?: string;
+    scope?: string;
+    tokenEndpoint?: string;
+    tokenEndpointHeaders?: Record<string, unknown>;
+    tokenEndpointQueryParameters?: Record<string, unknown>;
+}
+
+// @public
+export interface CodelessConnectorPollingConfigProperties {
+    auth: CodelessConnectorPollingAuthProperties;
+    isActive?: boolean;
+    paging?: CodelessConnectorPollingPagingProperties;
+    request: CodelessConnectorPollingRequestProperties;
+    response?: CodelessConnectorPollingResponseProperties;
+}
+
+// @public
+export interface CodelessConnectorPollingPagingProperties {
+    nextPageParaName?: string;
+    nextPageTokenJsonPath?: string;
+    pageCountAttributePath?: string;
+    pageSize?: number;
+    pageSizeParaName?: string;
+    pageTimeStampAttributePath?: string;
+    pageTotalCountAttributePath?: string;
+    pagingType: string;
+    searchTheLatestTimeStampFromEventsList?: string;
+}
+
+// @public
+export interface CodelessConnectorPollingRequestProperties {
+    apiEndpoint: string;
+    endTimeAttributeName?: string;
+    headers?: Record<string, unknown>;
+    httpMethod: string;
+    queryParameters?: Record<string, unknown>;
+    queryParametersTemplate?: string;
+    queryTimeFormat: string;
+    queryWindowInMin: number;
+    rateLimitQps?: number;
+    retryCount?: number;
+    startTimeAttributeName?: string;
+    timeoutInSeconds?: number;
+}
+
+// @public
+export interface CodelessConnectorPollingResponseProperties {
+    eventsJsonPaths: string[];
+    isGzipCompressed?: boolean;
+    successStatusJsonPath?: string;
+    successStatusValue?: string;
+}
+
+// @public
+export interface CodelessUiConnectorConfigProperties {
+    availability: Availability;
+    connectivityCriteria: CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem[];
+    customImage?: string;
+    dataTypes: CodelessUiConnectorConfigPropertiesDataTypesItem[];
+    descriptionMarkdown: string;
+    graphQueries: CodelessUiConnectorConfigPropertiesGraphQueriesItem[];
+    graphQueriesTableName: string;
+    instructionSteps: CodelessUiConnectorConfigPropertiesInstructionStepsItem[];
+    permissions: Permissions_2;
+    publisher: string;
+    sampleQueries: CodelessUiConnectorConfigPropertiesSampleQueriesItem[];
+    title: string;
+}
+
+// @public (undocumented)
+export type CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem = ConnectivityCriteria & {};
+
+// @public (undocumented)
+export type CodelessUiConnectorConfigPropertiesDataTypesItem = LastDataReceivedDataType & {};
+
+// @public (undocumented)
+export type CodelessUiConnectorConfigPropertiesGraphQueriesItem = GraphQueries & {};
+
+// @public (undocumented)
+export type CodelessUiConnectorConfigPropertiesInstructionStepsItem = InstructionSteps & {};
+
+// @public (undocumented)
+export type CodelessUiConnectorConfigPropertiesSampleQueriesItem = SampleQueries & {};
+
+// @public
+export type CodelessUiDataConnector = DataConnector & {
+    connectorUiConfig?: CodelessUiConnectorConfigProperties;
+};
+
+// @public
+export type ConfidenceLevel = string;
+
+// @public
+export type ConfidenceScoreStatus = string;
+
+// @public
+export type ConnectAuthKind = string;
+
+// @public
+export interface ConnectedEntity {
+    additionalData?: Record<string, unknown>;
+    targetEntityId?: string;
+}
+
+// @public
+export interface ConnectivityCriteria {
+    type?: ConnectivityType;
+    value?: string[];
+}
+
+// @public
+export type ConnectivityType = string;
+
+// @public
+export interface ConnectorInstructionModelBase {
+    parameters?: Record<string, unknown>;
+    type: SettingType;
+}
+
+// @public
+export interface ContentPathMap {
+    contentType?: ContentType;
+    path?: string;
+}
+
+// @public
+export type ContentType = string;
+
+// @public
+export type CreatedByType = string;
+
+// @public
+export type CustomEntityQuery = ResourceWithEtag & {
+    kind: CustomEntityQueryKind;
+};
+
+// @public
+export type CustomEntityQueryKind = string;
+
+// @public (undocumented)
+export type CustomEntityQueryUnion = CustomEntityQuery | ActivityCustomEntityQuery;
+
+// @public
+export type Customs = CustomsPermission & {};
+
+// @public
+export interface CustomsPermission {
+    description?: string;
+    name?: string;
+}
+
+// @public
+export type DataConnector = ResourceWithEtag & {
+    kind: DataConnectorKind;
+};
+
+// @public
+export type DataConnectorAuthorizationState = string;
+
+// @public
+export interface DataConnectorConnectBody {
+    apiKey?: string;
+    authorizationCode?: string;
+    clientId?: string;
+    clientSecret?: string;
+    kind?: ConnectAuthKind;
+    password?: string;
+    // (undocumented)
+    requestConfigUserInputValues?: Record<string, unknown>[];
+    userName?: string;
+}
+
+// @public
+export interface DataConnectorDataTypeCommon {
+    state: DataTypeState;
+}
+
+// @public
+export type DataConnectorKind = string;
+
+// @public
+export type DataConnectorLicenseState = string;
+
+// @public
+export interface DataConnectorList {
+    readonly nextLink?: string;
+    value: DataConnectorUnion[];
+}
+
+// @public
+export interface DataConnectorRequirementsState {
+    authorizationState?: DataConnectorAuthorizationState;
+    licenseState?: DataConnectorLicenseState;
+}
+
+// @public
+export interface DataConnectors {
+    connect(resourceGroupName: string, workspaceName: string, dataConnectorId: string, connectBody: DataConnectorConnectBody, options?: DataConnectorsConnectOptionalParams): Promise<void>;
+    createOrUpdate(resourceGroupName: string, workspaceName: string, dataConnectorId: string, dataConnector: DataConnectorUnion, options?: DataConnectorsCreateOrUpdateOptionalParams): Promise<DataConnectorsCreateOrUpdateResponse>;
+    delete(resourceGroupName: string, workspaceName: string, dataConnectorId: string, options?: DataConnectorsDeleteOptionalParams): Promise<void>;
+    disconnect(resourceGroupName: string, workspaceName: string, dataConnectorId: string, options?: DataConnectorsDisconnectOptionalParams): Promise<void>;
+    get(resourceGroupName: string, workspaceName: string, dataConnectorId: string, options?: DataConnectorsGetOptionalParams): Promise<DataConnectorsGetResponse>;
+    list(resourceGroupName: string, workspaceName: string, options?: DataConnectorsListOptionalParams): PagedAsyncIterableIterator<DataConnectorUnion>;
+}
+
+// @public
+export interface DataConnectorsCheckRequirements {
+    kind: "AzureActiveDirectory" | "AzureAdvancedThreatProtection" | "AzureSecurityCenter" | "AmazonWebServicesCloudTrail" | "AmazonWebServicesS3" | "Dynamics365" | "MicrosoftCloudAppSecurity" | "MicrosoftDefenderAdvancedThreatProtection" | "MicrosoftThreatIntelligence" | "MicrosoftThreatProtection" | "OfficeATP" | "OfficeIRM" | "ThreatIntelligence" | "ThreatIntelligenceTaxii";
+}
+
+// @public
+export interface DataConnectorsCheckRequirementsOperations {
+    post(resourceGroupName: string, workspaceName: string, dataConnectorsCheckRequirements: DataConnectorsCheckRequirementsUnion, options?: DataConnectorsCheckRequirementsPostOptionalParams): Promise<DataConnectorsCheckRequirementsPostResponse>;
+}
+
+// @public
+export interface DataConnectorsCheckRequirementsPostOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type DataConnectorsCheckRequirementsPostResponse = DataConnectorRequirementsState;
+
+// @public (undocumented)
+export type DataConnectorsCheckRequirementsUnion = DataConnectorsCheckRequirements | AADCheckRequirements | AatpCheckRequirements | ASCCheckRequirements | AwsCloudTrailCheckRequirements | AwsS3CheckRequirements | Dynamics365CheckRequirements | McasCheckRequirements | MdatpCheckRequirements | MstiCheckRequirements | MtpCheckRequirements | OfficeATPCheckRequirements | OfficeIRMCheckRequirements | TICheckRequirements | TiTaxiiCheckRequirements;
+
+// @public
+export interface DataConnectorsConnectOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface DataConnectorsCreateOrUpdateOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type DataConnectorsCreateOrUpdateResponse = DataConnectorUnion;
+
+// @public
+export interface DataConnectorsDeleteOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface DataConnectorsDisconnectOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface DataConnectorsGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type DataConnectorsGetResponse = DataConnectorUnion;
+
+// @public
+export interface DataConnectorsListNextOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type DataConnectorsListNextResponse = DataConnectorList;
+
+// @public
+export interface DataConnectorsListOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type DataConnectorsListResponse = DataConnectorList;
+
+// @public
+export interface DataConnectorTenantId {
+    tenantId: string;
+}
+
+// @public (undocumented)
+export type DataConnectorUnion = DataConnector | AADDataConnector | MstiDataConnector | MTPDataConnector | AatpDataConnector | ASCDataConnector | AwsCloudTrailDataConnector | AwsS3DataConnector | McasDataConnector | Dynamics365DataConnector | OfficeATPDataConnector | OfficeIRMDataConnector | MdatpDataConnector | OfficeDataConnector | TIDataConnector | TiTaxiiDataConnector | CodelessUiDataConnector | CodelessApiPollingDataConnector;
+
+// @public
+export interface DataConnectorWithAlertsProperties {
+    dataTypes?: AlertsDataTypeOfDataConnector;
+}
+
+// @public
+export interface DataTypeDefinitions {
+    dataType?: string;
+}
+
+// @public
+export type DataTypeState = string;
+
+// @public
+export type DeliveryAction = "Unknown" | "DeliveredAsSpam" | "Delivered" | "Blocked" | "Replaced";
+
+// @public
+export type DeliveryLocation = "Unknown" | "Inbox" | "JunkFolder" | "DeletedFolder" | "Quarantine" | "External" | "Failed" | "Dropped" | "Forwarded";
+
+// @public
+export type DnsEntity = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    readonly dnsServerIpEntityId?: string;
+    readonly domainName?: string;
+    readonly hostIpAddressEntityId?: string;
+    readonly ipAddressEntityIds?: string[];
+};
+
+// @public
+export type DnsEntityProperties = EntityCommonProperties & {
+    readonly dnsServerIpEntityId?: string;
+    readonly domainName?: string;
+    readonly hostIpAddressEntityId?: string;
+    readonly ipAddressEntityIds?: string[];
+};
+
+// @public
+export interface DomainWhois {
+    get(resourceGroupName: string, domain: string, options?: DomainWhoisGetOptionalParams): Promise<DomainWhoisGetResponse>;
+}
+
+// @public
+export interface DomainWhoisGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type DomainWhoisGetResponse = EnrichmentDomainWhois;
+
+// @public
+export type Dynamics365CheckRequirements = DataConnectorsCheckRequirements & {
+    kind: "Dynamics365";
+    tenantId?: string;
+};
+
+// @public
+export type Dynamics365CheckRequirementsProperties = DataConnectorTenantId & {};
+
+// @public
+export type Dynamics365DataConnector = DataConnector & {
+    tenantId?: string;
+    dataTypes?: Dynamics365DataConnectorDataTypes;
+};
+
+// @public
+export interface Dynamics365DataConnectorDataTypes {
+    dynamics365CdsActivities: Dynamics365DataConnectorDataTypesDynamics365CdsActivities;
+}
+
+// @public
+export type Dynamics365DataConnectorDataTypesDynamics365CdsActivities = DataConnectorDataTypeCommon & {};
+
+// @public
+export type Dynamics365DataConnectorProperties = DataConnectorTenantId & {
+    dataTypes: Dynamics365DataConnectorDataTypes;
+};
+
+// @public
+export type ElevationToken = "Default" | "Full" | "Limited";
+
+// @public
+export interface EnrichmentDomainWhois {
+    created?: Date;
+    domain?: string;
+    expires?: Date;
+    parsedWhois?: EnrichmentDomainWhoisDetails;
+    server?: string;
+    updated?: Date;
+}
+
+// @public
+export interface EnrichmentDomainWhoisContact {
+    city?: string;
+    country?: string;
+    email?: string;
+    fax?: string;
+    name?: string;
+    org?: string;
+    phone?: string;
+    postal?: string;
+    state?: string;
+    street?: string[];
+}
+
+// @public
+export interface EnrichmentDomainWhoisContacts {
+    admin?: EnrichmentDomainWhoisContact;
+    billing?: EnrichmentDomainWhoisContact;
+    registrant?: EnrichmentDomainWhoisContact;
+    tech?: EnrichmentDomainWhoisContact;
+}
+
+// @public
+export interface EnrichmentDomainWhoisDetails {
+    contacts?: EnrichmentDomainWhoisContacts;
+    nameServers?: string[];
+    registrar?: EnrichmentDomainWhoisRegistrarDetails;
+    statuses?: string[];
+}
+
+// @public
+export interface EnrichmentDomainWhoisRegistrarDetails {
+    abuseContactEmail?: string;
+    abuseContactPhone?: string;
+    ianaId?: string;
+    name?: string;
+    url?: string;
+    whoisServer?: string;
+}
+
+// @public
+export interface EnrichmentIpGeodata {
+    asn?: string;
+    carrier?: string;
+    city?: string;
+    cityCf?: number;
+    continent?: string;
+    country?: string;
+    countryCf?: number;
+    ipAddr?: string;
+    ipRoutingType?: string;
+    latitude?: string;
+    longitude?: string;
+    organization?: string;
+    organizationType?: string;
+    region?: string;
+    state?: string;
+    stateCf?: number;
+    stateCode?: string;
+}
+
+// @public
+export interface Entities {
+    expand(resourceGroupName: string, workspaceName: string, entityId: string, parameters: EntityExpandParameters, options?: EntitiesExpandOptionalParams): Promise<EntitiesExpandResponse>;
+    get(resourceGroupName: string, workspaceName: string, entityId: string, options?: EntitiesGetOptionalParams): Promise<EntitiesGetResponse>;
+    getInsights(resourceGroupName: string, workspaceName: string, entityId: string, parameters: EntityGetInsightsParameters, options?: EntitiesGetInsightsOptionalParams): Promise<EntitiesGetInsightsResponse>;
+    list(resourceGroupName: string, workspaceName: string, options?: EntitiesListOptionalParams): PagedAsyncIterableIterator<EntityUnion>;
+    queries(resourceGroupName: string, workspaceName: string, entityId: string, kind: EntityItemQueryKind, options?: EntitiesQueriesOptionalParams): Promise<EntitiesQueriesResponse>;
+}
+
+// @public
+export interface EntitiesExpandOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type EntitiesExpandResponse = EntityExpandResponse;
+
+// @public
+export interface EntitiesGetInsightsOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type EntitiesGetInsightsResponse = EntityGetInsightsResponse;
+
+// @public
+export interface EntitiesGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type EntitiesGetResponse = EntityUnion;
+
+// @public
+export interface EntitiesGetTimeline {
+    list(resourceGroupName: string, workspaceName: string, entityId: string, parameters: EntityTimelineParameters, options?: EntitiesGetTimelineListOptionalParams): Promise<EntitiesGetTimelineListResponse>;
+}
+
+// @public
+export interface EntitiesGetTimelineListOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type EntitiesGetTimelineListResponse = EntityTimelineResponse;
+
+// @public
+export interface EntitiesListNextOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type EntitiesListNextResponse = EntityList;
+
+// @public
+export interface EntitiesListOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type EntitiesListResponse = EntityList;
+
+// @public
+export interface EntitiesQueriesOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type EntitiesQueriesResponse = GetQueriesResponse;
+
+// @public
+export interface EntitiesRelations {
+    list(resourceGroupName: string, workspaceName: string, entityId: string, options?: EntitiesRelationsListOptionalParams): PagedAsyncIterableIterator<Relation>;
+}
+
+// @public
+export interface EntitiesRelationsListNextOptionalParams extends coreClient.OperationOptions {
+    filter?: string;
+    orderby?: string;
+    skipToken?: string;
+    top?: number;
+}
+
+// @public
+export type EntitiesRelationsListNextResponse = RelationList;
+
+// @public
+export interface EntitiesRelationsListOptionalParams extends coreClient.OperationOptions {
+    filter?: string;
+    orderby?: string;
+    skipToken?: string;
+    top?: number;
+}
+
+// @public
+export type EntitiesRelationsListResponse = RelationList;
+
+// @public
+export type Entity = Resource & {
+    kind: EntityKind;
+};
+
+// @public
+export type EntityAnalytics = Settings & {
+    readonly isEnabled?: boolean;
+};
+
+// @public
+export interface EntityCommonProperties {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+}
+
+// @public
+export interface EntityEdges {
+    additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    targetEntityId?: string;
+}
+
+// @public
+export interface EntityExpandParameters {
+    endTime?: Date;
+    expansionId?: string;
+    startTime?: Date;
+}
+
+// @public
+export interface EntityExpandResponse {
+    metaData?: ExpansionResultsMetadata;
+    value?: EntityExpandResponseValue;
+}
+
+// @public
+export interface EntityExpandResponseValue {
+    edges?: EntityEdges[];
+    entities?: EntityUnion[];
+}
+
+// @public
+export interface EntityGetInsightsParameters {
+    addDefaultExtendedTimeRange?: boolean;
+    endTime: Date;
+    insightQueryIds?: string[];
+    startTime: Date;
+}
+
+// @public
+export interface EntityGetInsightsResponse {
+    metaData?: GetInsightsResultsMetadata;
+    value?: EntityInsightItem[];
+}
+
+// @public
+export interface EntityInsightItem {
+    chartQueryResults?: InsightsTableResult[];
+    queryId?: string;
+    queryTimeInterval?: EntityInsightItemQueryTimeInterval;
+    tableQueryResults?: InsightsTableResult;
+}
+
+// @public
+export interface EntityInsightItemQueryTimeInterval {
+    endTime?: Date;
+    startTime?: Date;
+}
+
+// @public
+export type EntityItemQueryKind = string;
+
+// @public
+export type EntityKind = string;
+
+// @public
+export interface EntityList {
+    readonly nextLink?: string;
+    value: EntityUnion[];
+}
+
+// @public
+export interface EntityMapping {
+    entityType?: EntityMappingType;
+    fieldMappings?: FieldMapping[];
+}
+
+// @public
+export type EntityMappingType = string;
+
+// @public
+export interface EntityQueries {
+    createOrUpdate(resourceGroupName: string, workspaceName: string, entityQueryId: string, entityQuery: CustomEntityQueryUnion, options?: EntityQueriesCreateOrUpdateOptionalParams): Promise<EntityQueriesCreateOrUpdateResponse>;
+    delete(resourceGroupName: string, workspaceName: string, entityQueryId: string, options?: EntityQueriesDeleteOptionalParams): Promise<void>;
+    get(resourceGroupName: string, workspaceName: string, entityQueryId: string, options?: EntityQueriesGetOptionalParams): Promise<EntityQueriesGetResponse>;
+    list(resourceGroupName: string, workspaceName: string, options?: EntityQueriesListOptionalParams): PagedAsyncIterableIterator<EntityQueryUnion>;
+}
+
+// @public
+export interface EntityQueriesCreateOrUpdateOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type EntityQueriesCreateOrUpdateResponse = EntityQueryUnion;
+
+// @public
+export interface EntityQueriesDeleteOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface EntityQueriesGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type EntityQueriesGetResponse = EntityQueryUnion;
+
+// @public
+export interface EntityQueriesListNextOptionalParams extends coreClient.OperationOptions {
+    kind?: Enum8;
+}
+
+// @public
+export type EntityQueriesListNextResponse = EntityQueryList;
+
+// @public
+export interface EntityQueriesListOptionalParams extends coreClient.OperationOptions {
+    kind?: Enum8;
+}
+
+// @public
+export type EntityQueriesListResponse = EntityQueryList;
+
+// @public
+export type EntityQuery = ResourceWithEtag & {
+    kind: EntityQueryKind;
+};
+
+// @public
+export interface EntityQueryItem {
+    readonly id?: string;
+    kind: "Insight";
+    name?: string;
+    type?: string;
+}
+
+// @public
+export interface EntityQueryItemProperties {
+    dataTypes?: EntityQueryItemPropertiesDataTypesItem[];
+    entitiesFilter?: Record<string, unknown>;
+    inputEntityType?: EntityType;
+    requiredInputFieldsSets?: string[][];
+}
+
+// @public (undocumented)
+export interface EntityQueryItemPropertiesDataTypesItem {
+    dataType?: string;
+}
+
+// @public (undocumented)
+export type EntityQueryItemUnion = EntityQueryItem | InsightQueryItem;
+
+// @public
+export type EntityQueryKind = string;
+
+// @public
+export interface EntityQueryList {
+    readonly nextLink?: string;
+    value: EntityQueryUnion[];
+}
+
+// @public
+export type EntityQueryTemplate = Resource & {
+    kind: EntityQueryTemplateKind;
+};
+
+// @public
+export type EntityQueryTemplateKind = string;
+
+// @public
+export interface EntityQueryTemplateList {
+    readonly nextLink?: string;
+    value: EntityQueryTemplateUnion[];
+}
+
+// @public
+export interface EntityQueryTemplates {
+    get(resourceGroupName: string, workspaceName: string, entityQueryTemplateId: string, options?: EntityQueryTemplatesGetOptionalParams): Promise<EntityQueryTemplatesGetResponse>;
+    list(resourceGroupName: string, workspaceName: string, options?: EntityQueryTemplatesListOptionalParams): PagedAsyncIterableIterator<EntityQueryTemplateUnion>;
+}
+
+// @public
+export interface EntityQueryTemplatesGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type EntityQueryTemplatesGetResponse = EntityQueryTemplateUnion;
+
+// @public
+export interface EntityQueryTemplatesListNextOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type EntityQueryTemplatesListNextResponse = EntityQueryTemplateList;
+
+// @public
+export interface EntityQueryTemplatesListOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type EntityQueryTemplatesListResponse = EntityQueryTemplateList;
+
+// @public (undocumented)
+export type EntityQueryTemplateUnion = EntityQueryTemplate | ActivityEntityQueryTemplate;
+
+// @public (undocumented)
+export type EntityQueryUnion = EntityQuery | ExpansionEntityQuery | ActivityEntityQuery;
+
+// @public
+export interface EntityRelations {
+    getRelation(resourceGroupName: string, workspaceName: string, entityId: string, relationName: string, options?: EntityRelationsGetRelationOptionalParams): Promise<EntityRelationsGetRelationResponse>;
+}
+
+// @public
+export interface EntityRelationsGetRelationOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type EntityRelationsGetRelationResponse = Relation;
+
+// @public
+export interface EntityTimelineItem {
+    kind: "Activity" | "Bookmark" | "SecurityAlert";
+}
+
+// @public (undocumented)
+export type EntityTimelineItemUnion = EntityTimelineItem | ActivityTimelineItem | BookmarkTimelineItem | SecurityAlertTimelineItem;
+
+// @public
+export type EntityTimelineKind = string;
+
+// @public
+export interface EntityTimelineParameters {
+    endTime: Date;
+    kinds?: EntityTimelineKind[];
+    numberOfBucket?: number;
+    startTime: Date;
+}
+
+// @public
+export interface EntityTimelineResponse {
+    metaData?: TimelineResultsMetadata;
+    value?: EntityTimelineItemUnion[];
+}
+
+// @public
+export type EntityType = string;
+
+// @public (undocumented)
+export type EntityUnion = Entity | SecurityAlert | HuntingBookmark | AccountEntity | AzureResourceEntity | CloudApplicationEntity | DnsEntity | FileEntity | FileHashEntity | HostEntity | IoTDeviceEntity | IpEntity | MailboxEntity | MailClusterEntity | MailMessageEntity | MalwareEntity | ProcessEntity | RegistryKeyEntity | RegistryValueEntity | SecurityGroupEntity | SubmissionMailEntity | UrlEntity;
+
+// @public
+export type Enum8 = string;
+
+// @public
+export interface ErrorAdditionalInfo {
+    readonly info?: Record<string, unknown>;
+    readonly type?: string;
+}
+
+// @public
+export interface ErrorDetail {
+    readonly additionalInfo?: ErrorAdditionalInfo[];
+    readonly code?: string;
+    readonly details?: ErrorDetail[];
+    readonly message?: string;
+    readonly target?: string;
+}
+
+// @public
+export interface ErrorResponse {
+    error?: ErrorDetail;
+}
+
+// @public
+export type EventGroupingAggregationKind = string;
+
+// @public
+export interface EventGroupingSettings {
+    aggregationKind?: EventGroupingAggregationKind;
+}
+
+// @public
+export type ExpansionEntityQuery = EntityQuery & {
+    dataSources?: string[];
+    displayName?: string;
+    inputEntityType?: EntityType;
+    inputFields?: string[];
+    outputEntityTypes?: EntityType[];
+    queryTemplate?: string;
+};
+
+// @public
+export interface ExpansionResultAggregation {
+    aggregationType?: string;
+    count: number;
+    displayName?: string;
+    entityKind: EntityKind;
+}
+
+// @public
+export interface ExpansionResultsMetadata {
+    aggregations?: ExpansionResultAggregation[];
+}
+
+// @public
+export type EyesOn = Settings & {
+    readonly isEnabled?: boolean;
+};
+
+// @public
+export interface FieldMapping {
+    columnName?: string;
+    identifier?: string;
+}
+
+// @public
+export type FileEntity = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    readonly directory?: string;
+    readonly fileHashEntityIds?: string[];
+    readonly fileName?: string;
+    readonly hostEntityId?: string;
+};
+
+// @public
+export type FileEntityProperties = EntityCommonProperties & {
+    readonly directory?: string;
+    readonly fileHashEntityIds?: string[];
+    readonly fileName?: string;
+    readonly hostEntityId?: string;
+};
+
+// @public
+export type FileHashAlgorithm = string;
+
+// @public
+export type FileHashEntity = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    readonly algorithm?: FileHashAlgorithm;
+    readonly hashValue?: string;
+};
+
+// @public
+export type FileHashEntityProperties = EntityCommonProperties & {
+    readonly algorithm?: FileHashAlgorithm;
+    readonly hashValue?: string;
+};
+
+// @public
+export type FusionAlertRule = AlertRule & {
+    alertRuleTemplateName?: string;
+    readonly description?: string;
+    readonly displayName?: string;
+    enabled?: boolean;
+    readonly lastModifiedUtc?: Date;
+    readonly severity?: AlertSeverity;
+    readonly tactics?: AttackTactic[];
+};
+
+// @public
+export type FusionAlertRuleTemplate = AlertRuleTemplate & {
+    alertRulesCreatedByTemplateCount?: number;
+    readonly lastUpdatedDateUTC?: Date;
+    readonly createdDateUTC?: Date;
+    description?: string;
+    displayName?: string;
+    requiredDataConnectors?: AlertRuleTemplateDataSource[];
+    status?: TemplateStatus;
+    severity?: AlertSeverity;
+    tactics?: AttackTactic[];
+};
+
+// @public
+export type FusionAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & {
+    severity: AlertSeverity;
+    tactics?: AttackTactic[];
+};
+
+// @public
+export interface GeoLocation {
+    readonly asn?: number;
+    readonly city?: string;
+    readonly countryCode?: string;
+    readonly countryName?: string;
+    readonly latitude?: number;
+    readonly longitude?: number;
+    readonly state?: string;
+}
+
+// @public
+export interface GetInsightsError {
+    errorMessage: string;
+    kind: "Insight";
+    queryId?: string;
+}
+
+// @public
+export interface GetInsightsResultsMetadata {
+    errors?: GetInsightsError[];
+    totalCount: number;
+}
+
+// @public
+export interface GetQueriesResponse {
+    value?: EntityQueryItemUnion[];
+}
+
+// @public
+export interface GraphQueries {
+    baseQuery?: string;
+    legend?: string;
+    metricName?: string;
+}
+
+// @public
+export interface GroupingConfiguration {
+    enabled: boolean;
+    groupByAlertDetails?: AlertDetail[];
+    groupByCustomDetails?: string[];
+    groupByEntities?: EntityMappingType[];
+    lookbackDuration: string;
+    matchingMethod: MatchingMethod;
+    reopenClosedIncident: boolean;
+}
+
+// @public
+export type HostEntity = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    readonly azureID?: string;
+    readonly dnsDomain?: string;
+    readonly hostName?: string;
+    readonly isDomainJoined?: boolean;
+    readonly netBiosName?: string;
+    readonly ntDomain?: string;
+    readonly omsAgentID?: string;
+    osFamily?: OSFamily;
+    readonly osVersion?: string;
+};
+
+// @public
+export type HostEntityProperties = EntityCommonProperties & {
+    readonly azureID?: string;
+    readonly dnsDomain?: string;
+    readonly hostName?: string;
+    readonly isDomainJoined?: boolean;
+    readonly netBiosName?: string;
+    readonly ntDomain?: string;
+    readonly omsAgentID?: string;
+    osFamily?: OSFamily;
+    readonly osVersion?: string;
+};
+
+// @public
+export type HuntingBookmark = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    created?: Date;
+    createdBy?: UserInfo;
+    displayName?: string;
+    eventTime?: Date;
+    labels?: string[];
+    notes?: string;
+    query?: string;
+    queryResult?: string;
+    updated?: Date;
+    updatedBy?: UserInfo;
+    incidentInfo?: IncidentInfo;
+};
+
+// @public
+export type HuntingBookmarkProperties = EntityCommonProperties & {
+    created?: Date;
+    createdBy?: UserInfo;
+    displayName: string;
+    eventTime?: Date;
+    labels?: string[];
+    notes?: string;
+    query: string;
+    queryResult?: string;
+    updated?: Date;
+    updatedBy?: UserInfo;
+    incidentInfo?: IncidentInfo;
+};
+
+// @public
+export type Incident = ResourceWithEtag & {
+    readonly additionalData?: IncidentAdditionalData;
+    classification?: IncidentClassification;
+    classificationComment?: string;
+    classificationReason?: IncidentClassificationReason;
+    readonly createdTimeUtc?: Date;
+    description?: string;
+    firstActivityTimeUtc?: Date;
+    readonly incidentUrl?: string;
+    readonly incidentNumber?: number;
+    labels?: IncidentLabel[];
+    providerName?: string;
+    providerIncidentId?: string;
+    lastActivityTimeUtc?: Date;
+    readonly lastModifiedTimeUtc?: Date;
+    owner?: IncidentOwnerInfo;
+    readonly relatedAnalyticRuleIds?: string[];
+    severity?: IncidentSeverity;
+    status?: IncidentStatus;
+    teamInformation?: TeamInformation;
+    title?: string;
+};
+
+// @public
+export interface IncidentAdditionalData {
+    readonly alertProductNames?: string[];
+    readonly alertsCount?: number;
+    readonly bookmarksCount?: number;
+    readonly commentsCount?: number;
+    readonly tactics?: AttackTactic[];
+}
+
+// @public
+export interface IncidentAlertList {
+    value: SecurityAlert[];
+}
+
+// @public
+export interface IncidentBookmarkList {
+    value: HuntingBookmark[];
+}
+
+// @public
+export type IncidentClassification = string;
+
+// @public
+export type IncidentClassificationReason = string;
+
+// @public
+export type IncidentComment = ResourceWithEtag & {
+    readonly createdTimeUtc?: Date;
+    readonly lastModifiedTimeUtc?: Date;
+    message?: string;
+    readonly author?: ClientInfo;
+};
+
+// @public
+export interface IncidentCommentList {
+    readonly nextLink?: string;
+    value: IncidentComment[];
+}
+
+// @public
+export interface IncidentComments {
+    createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, incidentComment: IncidentComment, options?: IncidentCommentsCreateOrUpdateOptionalParams): Promise<IncidentCommentsCreateOrUpdateResponse>;
+    delete(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options?: IncidentCommentsDeleteOptionalParams): Promise<void>;
+    get(resourceGroupName: string, workspaceName: string, incidentId: string, incidentCommentId: string, options?: IncidentCommentsGetOptionalParams): Promise<IncidentCommentsGetResponse>;
+    list(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentCommentsListOptionalParams): PagedAsyncIterableIterator<IncidentComment>;
+}
+
+// @public
+export interface IncidentCommentsCreateOrUpdateOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type IncidentCommentsCreateOrUpdateResponse = IncidentComment;
+
+// @public
+export interface IncidentCommentsDeleteOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface IncidentCommentsGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type IncidentCommentsGetResponse = IncidentComment;
+
+// @public
+export interface IncidentCommentsListNextOptionalParams extends coreClient.OperationOptions {
+    filter?: string;
+    orderby?: string;
+    skipToken?: string;
+    top?: number;
+}
+
+// @public
+export type IncidentCommentsListNextResponse = IncidentCommentList;
+
+// @public
+export interface IncidentCommentsListOptionalParams extends coreClient.OperationOptions {
+    filter?: string;
+    orderby?: string;
+    skipToken?: string;
+    top?: number;
+}
+
+// @public
+export type IncidentCommentsListResponse = IncidentCommentList;
+
+// @public
+export interface IncidentConfiguration {
+    createIncident: boolean;
+    groupingConfiguration?: GroupingConfiguration;
+}
+
+// @public
+export interface IncidentEntitiesResponse {
+    entities?: EntityUnion[];
+    metaData?: IncidentEntitiesResultsMetadata[];
+}
+
+// @public
+export interface IncidentEntitiesResultsMetadata {
+    count: number;
+    entityKind: EntityKind;
+}
+
+// @public
+export interface IncidentInfo {
+    incidentId?: string;
+    relationName?: string;
+    severity?: IncidentSeverity;
+    title?: string;
+}
+
+// @public
+export interface IncidentLabel {
+    labelName: string;
+    readonly labelType?: IncidentLabelType;
+}
+
+// @public
+export type IncidentLabelType = string;
+
+// @public
+export interface IncidentList {
+    readonly nextLink?: string;
+    value: Incident[];
+}
+
+// @public
+export interface IncidentOwnerInfo {
+    assignedTo?: string;
+    email?: string;
+    objectId?: string;
+    readonly ownerType?: OwnerType;
+    userPrincipalName?: string;
+}
+
+// @public
+export interface IncidentRelations {
+    createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, relation: Relation, options?: IncidentRelationsCreateOrUpdateOptionalParams): Promise<IncidentRelationsCreateOrUpdateResponse>;
+    delete(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options?: IncidentRelationsDeleteOptionalParams): Promise<void>;
+    get(resourceGroupName: string, workspaceName: string, incidentId: string, relationName: string, options?: IncidentRelationsGetOptionalParams): Promise<IncidentRelationsGetResponse>;
+    list(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentRelationsListOptionalParams): PagedAsyncIterableIterator<Relation>;
+}
+
+// @public
+export interface IncidentRelationsCreateOrUpdateOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type IncidentRelationsCreateOrUpdateResponse = Relation;
+
+// @public
+export interface IncidentRelationsDeleteOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface IncidentRelationsGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type IncidentRelationsGetResponse = Relation;
+
+// @public
+export interface IncidentRelationsListNextOptionalParams extends coreClient.OperationOptions {
+    filter?: string;
+    orderby?: string;
+    skipToken?: string;
+    top?: number;
+}
+
+// @public
+export type IncidentRelationsListNextResponse = RelationList;
+
+// @public
+export interface IncidentRelationsListOptionalParams extends coreClient.OperationOptions {
+    filter?: string;
+    orderby?: string;
+    skipToken?: string;
+    top?: number;
+}
+
+// @public
+export type IncidentRelationsListResponse = RelationList;
+
+// @public
+export interface Incidents {
+    createOrUpdate(resourceGroupName: string, workspaceName: string, incidentId: string, incident: Incident, options?: IncidentsCreateOrUpdateOptionalParams): Promise<IncidentsCreateOrUpdateResponse>;
+    createTeam(resourceGroupName: string, workspaceName: string, incidentId: string, teamProperties: TeamProperties, options?: IncidentsCreateTeamOptionalParams): Promise<IncidentsCreateTeamResponse>;
+    delete(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsDeleteOptionalParams): Promise<void>;
+    get(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsGetOptionalParams): Promise<IncidentsGetResponse>;
+    list(resourceGroupName: string, workspaceName: string, options?: IncidentsListOptionalParams): PagedAsyncIterableIterator<Incident>;
+    listAlerts(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsListAlertsOptionalParams): Promise<IncidentsListAlertsResponse>;
+    listBookmarks(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsListBookmarksOptionalParams): Promise<IncidentsListBookmarksResponse>;
+    listEntities(resourceGroupName: string, workspaceName: string, incidentId: string, options?: IncidentsListEntitiesOptionalParams): Promise<IncidentsListEntitiesResponse>;
+}
+
+// @public
+export interface IncidentsCreateOrUpdateOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type IncidentsCreateOrUpdateResponse = Incident;
+
+// @public
+export interface IncidentsCreateTeamOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type IncidentsCreateTeamResponse = TeamInformation;
+
+// @public
+export interface IncidentsDeleteOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type IncidentSeverity = string;
+
+// @public
+export interface IncidentsGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type IncidentsGetResponse = Incident;
+
+// @public
+export interface IncidentsListAlertsOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type IncidentsListAlertsResponse = IncidentAlertList;
+
+// @public
+export interface IncidentsListBookmarksOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type IncidentsListBookmarksResponse = IncidentBookmarkList;
+
+// @public
+export interface IncidentsListEntitiesOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type IncidentsListEntitiesResponse = IncidentEntitiesResponse;
+
+// @public
+export interface IncidentsListNextOptionalParams extends coreClient.OperationOptions {
+    filter?: string;
+    orderby?: string;
+    skipToken?: string;
+    top?: number;
+}
+
+// @public
+export type IncidentsListNextResponse = IncidentList;
+
+// @public
+export interface IncidentsListOptionalParams extends coreClient.OperationOptions {
+    filter?: string;
+    orderby?: string;
+    skipToken?: string;
+    top?: number;
+}
+
+// @public
+export type IncidentsListResponse = IncidentList;
+
+// @public
+export type IncidentStatus = string;
+
+// @public
+export type InsightQueryItem = EntityQueryItem & {
+    kind: "Insight";
+    properties?: InsightQueryItemProperties;
+};
+
+// @public
+export type InsightQueryItemProperties = EntityQueryItemProperties & {
+    displayName?: string;
+    description?: string;
+    baseQuery?: string;
+    tableQuery?: InsightQueryItemPropertiesTableQuery;
+    chartQuery?: Record<string, unknown>;
+    additionalQuery?: InsightQueryItemPropertiesAdditionalQuery;
+    defaultTimeRange?: InsightQueryItemPropertiesDefaultTimeRange;
+    referenceTimeRange?: InsightQueryItemPropertiesReferenceTimeRange;
+};
+
+// @public
+export interface InsightQueryItemPropertiesAdditionalQuery {
+    query?: string;
+    text?: string;
+}
+
+// @public
+export interface InsightQueryItemPropertiesDefaultTimeRange {
+    afterRange?: string;
+    beforeRange?: string;
+}
+
+// @public
+export interface InsightQueryItemPropertiesReferenceTimeRange {
+    beforeRange?: string;
+}
+
+// @public
+export interface InsightQueryItemPropertiesTableQuery {
+    columnsDefinitions?: InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem[];
+    queriesDefinitions?: InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem[];
+}
+
+// @public (undocumented)
+export interface InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem {
+    header?: string;
+    outputType?: OutputType;
+    supportDeepLink?: boolean;
+}
+
+// @public (undocumented)
+export interface InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem {
+    filter?: string;
+    linkColumnsDefinitions?: InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem[];
+    project?: string;
+    summarize?: string;
+}
+
+// @public (undocumented)
+export interface InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem {
+    projectedName?: string;
+    query?: string;
+}
+
+// @public
+export interface InsightsTableResult {
+    columns?: InsightsTableResultColumnsItem[];
+    rows?: string[][];
+}
+
+// @public (undocumented)
+export interface InsightsTableResultColumnsItem {
+    name?: string;
+    type?: string;
+}
+
+// @public
+export interface InstructionSteps {
+    description?: string;
+    instructions?: InstructionStepsInstructionsItem[];
+    title?: string;
+}
+
+// @public (undocumented)
+export type InstructionStepsInstructionsItem = ConnectorInstructionModelBase & {};
+
+// @public
+export type IoTDeviceEntity = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    readonly deviceId?: string;
+    readonly deviceName?: string;
+    readonly source?: string;
+    readonly iotSecurityAgentId?: string;
+    readonly deviceType?: string;
+    readonly vendor?: string;
+    readonly edgeId?: string;
+    readonly macAddress?: string;
+    readonly model?: string;
+    readonly serialNumber?: string;
+    readonly firmwareVersion?: string;
+    readonly operatingSystem?: string;
+    readonly iotHubEntityId?: string;
+    readonly hostEntityId?: string;
+    readonly ipAddressEntityId?: string;
+    readonly threatIntelligence?: ThreatIntelligence[];
+    readonly protocols?: string[];
+};
+
+// @public
+export type IoTDeviceEntityProperties = EntityCommonProperties & {
+    readonly deviceId?: string;
+    readonly deviceName?: string;
+    readonly source?: string;
+    readonly iotSecurityAgentId?: string;
+    readonly deviceType?: string;
+    readonly vendor?: string;
+    readonly edgeId?: string;
+    readonly macAddress?: string;
+    readonly model?: string;
+    readonly serialNumber?: string;
+    readonly firmwareVersion?: string;
+    readonly operatingSystem?: string;
+    readonly iotHubEntityId?: string;
+    readonly hostEntityId?: string;
+    readonly ipAddressEntityId?: string;
+    readonly threatIntelligence?: ThreatIntelligence[];
+    readonly protocols?: string[];
+};
+
+// @public
+export type IpEntity = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    readonly address?: string;
+    readonly location?: GeoLocation;
+    readonly threatIntelligence?: ThreatIntelligence[];
+};
+
+// @public
+export type IpEntityProperties = EntityCommonProperties & {
+    readonly address?: string;
+    readonly location?: GeoLocation;
+    readonly threatIntelligence?: ThreatIntelligence[];
+};
+
+// @public
+export interface IPGeodata {
+    get(resourceGroupName: string, ipAddress: string, options?: IPGeodataGetOptionalParams): Promise<IPGeodataGetResponse>;
+}
+
+// @public
+export interface IPGeodataGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type IPGeodataGetResponse = EnrichmentIpGeodata;
+
+// @public
+export type KillChainIntent = string;
+
+// @public
+export type Kind = string;
+
+// @public
+export enum KnownAlertDetail {
+    DisplayName = "DisplayName",
+    Severity = "Severity"
+}
+
+// @public
+export enum KnownAlertRuleKind {
+    // (undocumented)
+    Fusion = "Fusion",
+    // (undocumented)
+    MicrosoftSecurityIncidentCreation = "MicrosoftSecurityIncidentCreation",
+    // (undocumented)
+    MLBehaviorAnalytics = "MLBehaviorAnalytics",
+    // (undocumented)
+    NRT = "NRT",
+    // (undocumented)
+    Scheduled = "Scheduled",
+    // (undocumented)
+    ThreatIntelligence = "ThreatIntelligence"
+}
+
+// @public
+export enum KnownAlertSeverity {
+    High = "High",
+    Informational = "Informational",
+    Low = "Low",
+    Medium = "Medium"
+}
+
+// @public
+export enum KnownAlertStatus {
+    Dismissed = "Dismissed",
+    InProgress = "InProgress",
+    New = "New",
+    Resolved = "Resolved",
+    Unknown = "Unknown"
+}
+
+// @public
+export enum KnownAntispamMailDirection {
+    Inbound = "Inbound",
+    Intraorg = "Intraorg",
+    Outbound = "Outbound",
+    Unknown = "Unknown"
+}
+
+// @public
+export enum KnownAttackTactic {
+    // (undocumented)
+    Collection = "Collection",
+    // (undocumented)
+    CommandAndControl = "CommandAndControl",
+    // (undocumented)
+    CredentialAccess = "CredentialAccess",
+    // (undocumented)
+    DefenseEvasion = "DefenseEvasion",
+    // (undocumented)
+    Discovery = "Discovery",
+    // (undocumented)
+    Execution = "Execution",
+    // (undocumented)
+    Exfiltration = "Exfiltration",
+    // (undocumented)
+    Impact = "Impact",
+    // (undocumented)
+    InitialAccess = "InitialAccess",
+    // (undocumented)
+    LateralMovement = "LateralMovement",
+    // (undocumented)
+    Persistence = "Persistence",
+    // (undocumented)
+    PreAttack = "PreAttack",
+    // (undocumented)
+    PrivilegeEscalation = "PrivilegeEscalation"
+}
+
+// @public
+export enum KnownAutomationRuleActionType {
+    ModifyProperties = "ModifyProperties",
+    RunPlaybook = "RunPlaybook"
+}
+
+// @public
+export enum KnownAutomationRuleConditionType {
+    Property = "Property"
+}
+
+// @public
+export enum KnownAutomationRulePropertyConditionSupportedOperator {
+    Contains = "Contains",
+    EndsWith = "EndsWith",
+    Equals = "Equals",
+    NotContains = "NotContains",
+    NotEndsWith = "NotEndsWith",
+    NotEquals = "NotEquals",
+    NotStartsWith = "NotStartsWith",
+    StartsWith = "StartsWith"
+}
+
+// @public
+export enum KnownAutomationRulePropertyConditionSupportedProperty {
+    AccountAadTenantId = "AccountAadTenantId",
+    AccountAadUserId = "AccountAadUserId",
+    AccountName = "AccountName",
+    AccountNTDomain = "AccountNTDomain",
+    AccountObjectGuid = "AccountObjectGuid",
+    AccountPuid = "AccountPUID",
+    AccountSid = "AccountSid",
+    AccountUPNSuffix = "AccountUPNSuffix",
+    AzureResourceResourceId = "AzureResourceResourceId",
+    AzureResourceSubscriptionId = "AzureResourceSubscriptionId",
+    CloudApplicationAppId = "CloudApplicationAppId",
+    CloudApplicationAppName = "CloudApplicationAppName",
+    DNSDomainName = "DNSDomainName",
+    FileDirectory = "FileDirectory",
+    FileHashValue = "FileHashValue",
+    FileName = "FileName",
+    HostAzureID = "HostAzureID",
+    HostName = "HostName",
+    HostNetBiosName = "HostNetBiosName",
+    HostNTDomain = "HostNTDomain",
+    HostOSVersion = "HostOSVersion",
+    IncidentDescription = "IncidentDescription",
+    IncidentProviderName = "IncidentProviderName",
+    IncidentRelatedAnalyticRuleIds = "IncidentRelatedAnalyticRuleIds",
+    IncidentSeverity = "IncidentSeverity",
+    IncidentStatus = "IncidentStatus",
+    IncidentTactics = "IncidentTactics",
+    IncidentTitle = "IncidentTitle",
+    IoTDeviceId = "IoTDeviceId",
+    IoTDeviceModel = "IoTDeviceModel",
+    IoTDeviceName = "IoTDeviceName",
+    IoTDeviceOperatingSystem = "IoTDeviceOperatingSystem",
+    IoTDeviceType = "IoTDeviceType",
+    IoTDeviceVendor = "IoTDeviceVendor",
+    IPAddress = "IPAddress",
+    MailboxDisplayName = "MailboxDisplayName",
+    MailboxPrimaryAddress = "MailboxPrimaryAddress",
+    MailboxUPN = "MailboxUPN",
+    MailMessageDeliveryAction = "MailMessageDeliveryAction",
+    MailMessageDeliveryLocation = "MailMessageDeliveryLocation",
+    MailMessageP1Sender = "MailMessageP1Sender",
+    MailMessageP2Sender = "MailMessageP2Sender",
+    MailMessageRecipient = "MailMessageRecipient",
+    MailMessageSenderIP = "MailMessageSenderIP",
+    MailMessageSubject = "MailMessageSubject",
+    MalwareCategory = "MalwareCategory",
+    MalwareName = "MalwareName",
+    ProcessCommandLine = "ProcessCommandLine",
+    ProcessId = "ProcessId",
+    RegistryKey = "RegistryKey",
+    RegistryValueData = "RegistryValueData",
+    Url = "Url"
+}
+
+// @public
+export enum KnownConfidenceLevel {
+    High = "High",
+    Low = "Low",
+    Unknown = "Unknown"
+}
+
+// @public
+export enum KnownConfidenceScoreStatus {
+    Final = "Final",
+    InProcess = "InProcess",
+    NotApplicable = "NotApplicable",
+    NotFinal = "NotFinal"
+}
+
+// @public
+export enum KnownConnectAuthKind {
+    // (undocumented)
+    APIKey = "APIKey",
+    // (undocumented)
+    Basic = "Basic",
+    // (undocumented)
+    OAuth2 = "OAuth2"
+}
+
+// @public
+export enum KnownConnectivityType {
+    // (undocumented)
+    IsConnectedQuery = "IsConnectedQuery"
+}
+
+// @public
+export enum KnownContentType {
+    // (undocumented)
+    AnalyticRule = "AnalyticRule",
+    // (undocumented)
+    Workbook = "Workbook"
+}
+
+// @public
+export enum KnownCreatedByType {
+    // (undocumented)
+    Application = "Application",
+    // (undocumented)
+    Key = "Key",
+    // (undocumented)
+    ManagedIdentity = "ManagedIdentity",
+    // (undocumented)
+    User = "User"
+}
+
+// @public
+export enum KnownCustomEntityQueryKind {
+    // (undocumented)
+    Activity = "Activity"
+}
+
+// @public
+export enum KnownDataConnectorAuthorizationState {
+    // (undocumented)
+    Invalid = "Invalid",
+    // (undocumented)
+    Valid = "Valid"
+}
+
+// @public
+export enum KnownDataConnectorKind {
+    // (undocumented)
+    AmazonWebServicesCloudTrail = "AmazonWebServicesCloudTrail",
+    // (undocumented)
+    AmazonWebServicesS3 = "AmazonWebServicesS3",
+    // (undocumented)
+    APIPolling = "APIPolling",
+    // (undocumented)
+    AzureActiveDirectory = "AzureActiveDirectory",
+    // (undocumented)
+    AzureAdvancedThreatProtection = "AzureAdvancedThreatProtection",
+    // (undocumented)
+    AzureSecurityCenter = "AzureSecurityCenter",
+    // (undocumented)
+    Dynamics365 = "Dynamics365",
+    // (undocumented)
+    GenericUI = "GenericUI",
+    // (undocumented)
+    MicrosoftCloudAppSecurity = "MicrosoftCloudAppSecurity",
+    // (undocumented)
+    MicrosoftDefenderAdvancedThreatProtection = "MicrosoftDefenderAdvancedThreatProtection",
+    // (undocumented)
+    MicrosoftThreatIntelligence = "MicrosoftThreatIntelligence",
+    // (undocumented)
+    MicrosoftThreatProtection = "MicrosoftThreatProtection",
+    // (undocumented)
+    Office365 = "Office365",
+    // (undocumented)
+    OfficeATP = "OfficeATP",
+    // (undocumented)
+    OfficeIRM = "OfficeIRM",
+    // (undocumented)
+    ThreatIntelligence = "ThreatIntelligence",
+    // (undocumented)
+    ThreatIntelligenceTaxii = "ThreatIntelligenceTaxii"
+}
+
+// @public
+export enum KnownDataConnectorLicenseState {
+    // (undocumented)
+    Invalid = "Invalid",
+    // (undocumented)
+    Unknown = "Unknown",
+    // (undocumented)
+    Valid = "Valid"
+}
+
+// @public
+export enum KnownDataTypeState {
+    // (undocumented)
+    Disabled = "Disabled",
+    // (undocumented)
+    Enabled = "Enabled"
+}
+
+// @public
+export enum KnownEntityItemQueryKind {
+    Insight = "Insight"
+}
+
+// @public
+export enum KnownEntityKind {
+    Account = "Account",
+    AzureResource = "AzureResource",
+    Bookmark = "Bookmark",
+    CloudApplication = "CloudApplication",
+    DnsResolution = "DnsResolution",
+    File = "File",
+    FileHash = "FileHash",
+    Host = "Host",
+    IoTDevice = "IoTDevice",
+    Ip = "Ip",
+    Mailbox = "Mailbox",
+    MailCluster = "MailCluster",
+    MailMessage = "MailMessage",
+    Malware = "Malware",
+    Process = "Process",
+    RegistryKey = "RegistryKey",
+    RegistryValue = "RegistryValue",
+    SecurityAlert = "SecurityAlert",
+    SecurityGroup = "SecurityGroup",
+    SubmissionMail = "SubmissionMail",
+    Url = "Url"
+}
+
+// @public
+export enum KnownEntityMappingType {
+    Account = "Account",
+    AzureResource = "AzureResource",
+    CloudApplication = "CloudApplication",
+    DNS = "DNS",
+    File = "File",
+    FileHash = "FileHash",
+    Host = "Host",
+    IP = "IP",
+    Mailbox = "Mailbox",
+    MailCluster = "MailCluster",
+    MailMessage = "MailMessage",
+    Malware = "Malware",
+    Process = "Process",
+    RegistryKey = "RegistryKey",
+    RegistryValue = "RegistryValue",
+    SecurityGroup = "SecurityGroup",
+    SubmissionMail = "SubmissionMail",
+    URL = "URL"
+}
+
+// @public
+export enum KnownEntityQueryKind {
+    // (undocumented)
+    Activity = "Activity",
+    // (undocumented)
+    Expansion = "Expansion",
+    // (undocumented)
+    Insight = "Insight"
+}
+
+// @public
+export enum KnownEntityQueryTemplateKind {
+    // (undocumented)
+    Activity = "Activity"
+}
+
+// @public
+export enum KnownEntityTimelineKind {
+    Activity = "Activity",
+    Bookmark = "Bookmark",
+    SecurityAlert = "SecurityAlert"
+}
+
+// @public
+export enum KnownEntityType {
+    Account = "Account",
+    AzureResource = "AzureResource",
+    CloudApplication = "CloudApplication",
+    DNS = "DNS",
+    File = "File",
+    FileHash = "FileHash",
+    Host = "Host",
+    HuntingBookmark = "HuntingBookmark",
+    IoTDevice = "IoTDevice",
+    IP = "IP",
+    Mailbox = "Mailbox",
+    MailCluster = "MailCluster",
+    MailMessage = "MailMessage",
+    Malware = "Malware",
+    Process = "Process",
+    RegistryKey = "RegistryKey",
+    RegistryValue = "RegistryValue",
+    SecurityAlert = "SecurityAlert",
+    SecurityGroup = "SecurityGroup",
+    SubmissionMail = "SubmissionMail",
+    URL = "URL"
+}
+
+// @public
+export enum KnownEnum8 {
+    // (undocumented)
+    Activity = "Activity",
+    // (undocumented)
+    Expansion = "Expansion"
+}
+
+// @public
+export enum KnownEventGroupingAggregationKind {
+    // (undocumented)
+    AlertPerResult = "AlertPerResult",
+    // (undocumented)
+    SingleAlert = "SingleAlert"
+}
+
+// @public
+export enum KnownFileHashAlgorithm {
+    MD5 = "MD5",
+    SHA1 = "SHA1",
+    SHA256 = "SHA256",
+    SHA256AC = "SHA256AC",
+    Unknown = "Unknown"
+}
+
+// @public
+export enum KnownIncidentClassification {
+    BenignPositive = "BenignPositive",
+    FalsePositive = "FalsePositive",
+    TruePositive = "TruePositive",
+    Undetermined = "Undetermined"
+}
+
+// @public
+export enum KnownIncidentClassificationReason {
+    InaccurateData = "InaccurateData",
+    IncorrectAlertLogic = "IncorrectAlertLogic",
+    SuspiciousActivity = "SuspiciousActivity",
+    SuspiciousButExpected = "SuspiciousButExpected"
+}
+
+// @public
+export enum KnownIncidentLabelType {
+    System = "System",
+    User = "User"
+}
+
+// @public
+export enum KnownIncidentSeverity {
+    High = "High",
+    Informational = "Informational",
+    Low = "Low",
+    Medium = "Medium"
+}
+
+// @public
+export enum KnownIncidentStatus {
+    Active = "Active",
+    Closed = "Closed",
+    New = "New"
+}
+
+// @public
+export enum KnownKillChainIntent {
+    Collection = "Collection",
+    CommandAndControl = "CommandAndControl",
+    CredentialAccess = "CredentialAccess",
+    DefenseEvasion = "DefenseEvasion",
+    Discovery = "Discovery",
+    Execution = "Execution",
+    Exfiltration = "Exfiltration",
+    Exploitation = "Exploitation",
+    Impact = "Impact",
+    LateralMovement = "LateralMovement",
+    Persistence = "Persistence",
+    PrivilegeEscalation = "PrivilegeEscalation",
+    Probing = "Probing",
+    Unknown = "Unknown"
+}
+
+// @public
+export enum KnownKind {
+    // (undocumented)
+    AnalyticsRule = "AnalyticsRule",
+    // (undocumented)
+    AnalyticsRuleTemplate = "AnalyticsRuleTemplate",
+    // (undocumented)
+    DataConnector = "DataConnector",
+    // (undocumented)
+    DataType = "DataType",
+    // (undocumented)
+    HuntingQuery = "HuntingQuery",
+    // (undocumented)
+    InvestigationQuery = "InvestigationQuery",
+    // (undocumented)
+    Parser = "Parser",
+    // (undocumented)
+    Playbook = "Playbook",
+    // (undocumented)
+    PlaybookTemplate = "PlaybookTemplate",
+    // (undocumented)
+    Solution = "Solution",
+    // (undocumented)
+    Watchlist = "Watchlist",
+    // (undocumented)
+    WatchlistTemplate = "WatchlistTemplate",
+    // (undocumented)
+    Workbook = "Workbook",
+    // (undocumented)
+    WorkbookTemplate = "WorkbookTemplate"
+}
+
+// @public
+export enum KnownMatchingMethod {
+    AllEntities = "AllEntities",
+    AnyAlert = "AnyAlert",
+    Selected = "Selected"
+}
+
+// @public
+export enum KnownMicrosoftSecurityProductName {
+    // (undocumented)
+    AzureActiveDirectoryIdentityProtection = "Azure Active Directory Identity Protection",
+    // (undocumented)
+    AzureAdvancedThreatProtection = "Azure Advanced Threat Protection",
+    // (undocumented)
+    AzureSecurityCenter = "Azure Security Center",
+    // (undocumented)
+    AzureSecurityCenterForIoT = "Azure Security Center for IoT",
+    // (undocumented)
+    MicrosoftCloudAppSecurity = "Microsoft Cloud App Security",
+    // (undocumented)
+    MicrosoftDefenderAdvancedThreatProtection = "Microsoft Defender Advanced Threat Protection",
+    // (undocumented)
+    Office365AdvancedThreatProtection = "Office 365 Advanced Threat Protection"
+}
+
+// @public
+export enum KnownOperator {
+    // (undocumented)
+    AND = "AND",
+    // (undocumented)
+    OR = "OR"
+}
+
+// @public
+export enum KnownOutputType {
+    // (undocumented)
+    Date = "Date",
+    // (undocumented)
+    Entity = "Entity",
+    // (undocumented)
+    Number = "Number",
+    // (undocumented)
+    String = "String"
+}
+
+// @public
+export enum KnownOwnerType {
+    Group = "Group",
+    Unknown = "Unknown",
+    User = "User"
+}
+
+// @public
+export enum KnownPermissionProviderScope {
+    // (undocumented)
+    ResourceGroup = "ResourceGroup",
+    // (undocumented)
+    Subscription = "Subscription",
+    // (undocumented)
+    Workspace = "Workspace"
+}
+
+// @public
+export enum KnownPollingFrequency {
+    OnceADay = "OnceADay",
+    OnceAMinute = "OnceAMinute",
+    OnceAnHour = "OnceAnHour"
+}
+
+// @public
+export enum KnownProviderName {
+    // (undocumented)
+    MicrosoftAadiamDiagnosticSettings = "microsoft.aadiam/diagnosticSettings",
+    // (undocumented)
+    MicrosoftAuthorizationPolicyAssignments = "Microsoft.Authorization/policyAssignments",
+    // (undocumented)
+    MicrosoftOperationalInsightsSolutions = "Microsoft.OperationalInsights/solutions",
+    // (undocumented)
+    MicrosoftOperationalInsightsWorkspaces = "Microsoft.OperationalInsights/workspaces",
+    // (undocumented)
+    MicrosoftOperationalInsightsWorkspacesDatasources = "Microsoft.OperationalInsights/workspaces/datasources",
+    // (undocumented)
+    MicrosoftOperationalInsightsWorkspacesSharedKeys = "Microsoft.OperationalInsights/workspaces/sharedKeys"
+}
+
+// @public
+export enum KnownRegistryHive {
+    HkeyA = "HKEY_A",
+    HkeyClassesRoot = "HKEY_CLASSES_ROOT",
+    HkeyCurrentConfig = "HKEY_CURRENT_CONFIG",
+    HkeyCurrentUser = "HKEY_CURRENT_USER",
+    HkeyCurrentUserLocalSettings = "HKEY_CURRENT_USER_LOCAL_SETTINGS",
+    HkeyLocalMachine = "HKEY_LOCAL_MACHINE",
+    HkeyPerformanceData = "HKEY_PERFORMANCE_DATA",
+    HkeyPerformanceNlstext = "HKEY_PERFORMANCE_NLSTEXT",
+    HkeyPerformanceText = "HKEY_PERFORMANCE_TEXT",
+    HkeyUsers = "HKEY_USERS"
+}
+
+// @public
+export enum KnownRegistryValueKind {
+    Binary = "Binary",
+    DWord = "DWord",
+    ExpandString = "ExpandString",
+    MultiString = "MultiString",
+    None = "None",
+    QWord = "QWord",
+    String = "String",
+    Unknown = "Unknown"
+}
+
+// @public
+export enum KnownRepoType {
+    // (undocumented)
+    DevOps = "DevOps",
+    // (undocumented)
+    Github = "Github"
+}
+
+// @public
+export enum KnownSettingKind {
+    // (undocumented)
+    Anomalies = "Anomalies",
+    // (undocumented)
+    EntityAnalytics = "EntityAnalytics",
+    // (undocumented)
+    EyesOn = "EyesOn",
+    // (undocumented)
+    Ueba = "Ueba"
+}
+
+// @public
+export enum KnownSettingType {
+    // (undocumented)
+    CopyableLabel = "CopyableLabel",
+    // (undocumented)
+    InfoMessage = "InfoMessage",
+    // (undocumented)
+    InstructionStepsGroup = "InstructionStepsGroup"
+}
+
+// @public
+export enum KnownSkuKind {
+    // (undocumented)
+    CapacityReservation = "CapacityReservation",
+    // (undocumented)
+    PerGB = "PerGB"
+}
+
+// @public
+export enum KnownSource {
+    // (undocumented)
+    LocalFile = "Local file",
+    // (undocumented)
+    RemoteStorage = "Remote storage"
+}
+
+// @public
+export enum KnownSourceKind {
+    // (undocumented)
+    Community = "Community",
+    // (undocumented)
+    LocalWorkspace = "LocalWorkspace",
+    // (undocumented)
+    Solution = "Solution",
+    // (undocumented)
+    SourceRepository = "SourceRepository"
+}
+
+// @public
+export enum KnownSupportTier {
+    // (undocumented)
+    Community = "Community",
+    // (undocumented)
+    Microsoft = "Microsoft",
+    // (undocumented)
+    Partner = "Partner"
+}
+
+// @public
+export enum KnownTemplateStatus {
+    Available = "Available",
+    Installed = "Installed",
+    NotAvailable = "NotAvailable"
+}
+
+// @public
+export enum KnownThreatIntelligenceResourceKindEnum {
+    Indicator = "indicator"
+}
+
+// @public
+export enum KnownThreatIntelligenceSortingCriteriaEnum {
+    // (undocumented)
+    Ascending = "ascending",
+    // (undocumented)
+    Descending = "descending",
+    // (undocumented)
+    Unsorted = "unsorted"
+}
+
+// @public
+export enum KnownTriggersOn {
+    Incidents = "Incidents"
+}
+
+// @public
+export enum KnownTriggersWhen {
+    Created = "Created"
+}
+
+// @public
+export enum KnownUebaDataSources {
+    // (undocumented)
+    AuditLogs = "AuditLogs",
+    // (undocumented)
+    AzureActivity = "AzureActivity",
+    // (undocumented)
+    SecurityEvent = "SecurityEvent",
+    // (undocumented)
+    SigninLogs = "SigninLogs"
+}
+
+// @public
+export interface LastDataReceivedDataType {
+    lastDataReceivedQuery?: string;
+    name?: string;
+}
+
+// @public
+export type MailboxEntity = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    readonly mailboxPrimaryAddress?: string;
+    readonly displayName?: string;
+    readonly upn?: string;
+    readonly externalDirectoryObjectId?: string;
+};
+
+// @public
+export type MailboxEntityProperties = EntityCommonProperties & {
+    readonly mailboxPrimaryAddress?: string;
+    readonly displayName?: string;
+    readonly upn?: string;
+    readonly externalDirectoryObjectId?: string;
+};
+
+// @public
+export type MailClusterEntity = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    readonly networkMessageIds?: string[];
+    readonly countByDeliveryStatus?: Record<string, unknown>;
+    readonly countByThreatType?: Record<string, unknown>;
+    readonly countByProtectionStatus?: Record<string, unknown>;
+    readonly threats?: string[];
+    readonly query?: string;
+    readonly queryTime?: Date;
+    readonly mailCount?: number;
+    readonly isVolumeAnomaly?: boolean;
+    readonly source?: string;
+    readonly clusterSourceIdentifier?: string;
+    readonly clusterSourceType?: string;
+    readonly clusterQueryStartTime?: Date;
+    readonly clusterQueryEndTime?: Date;
+    readonly clusterGroup?: string;
+};
+
+// @public
+export type MailClusterEntityProperties = EntityCommonProperties & {
+    readonly networkMessageIds?: string[];
+    readonly countByDeliveryStatus?: Record<string, unknown>;
+    readonly countByThreatType?: Record<string, unknown>;
+    readonly countByProtectionStatus?: Record<string, unknown>;
+    readonly threats?: string[];
+    readonly query?: string;
+    readonly queryTime?: Date;
+    readonly mailCount?: number;
+    readonly isVolumeAnomaly?: boolean;
+    readonly source?: string;
+    readonly clusterSourceIdentifier?: string;
+    readonly clusterSourceType?: string;
+    readonly clusterQueryStartTime?: Date;
+    readonly clusterQueryEndTime?: Date;
+    readonly clusterGroup?: string;
+};
+
+// @public
+export type MailMessageEntity = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    readonly fileEntityIds?: string[];
+    readonly recipient?: string;
+    readonly urls?: string[];
+    readonly threats?: string[];
+    readonly p1Sender?: string;
+    readonly p1SenderDisplayName?: string;
+    readonly p1SenderDomain?: string;
+    readonly senderIP?: string;
+    readonly p2Sender?: string;
+    readonly p2SenderDisplayName?: string;
+    readonly p2SenderDomain?: string;
+    readonly receiveDate?: Date;
+    readonly networkMessageId?: string;
+    readonly internetMessageId?: string;
+    readonly subject?: string;
+    readonly language?: string;
+    readonly threatDetectionMethods?: string[];
+    bodyFingerprintBin1?: number;
+    bodyFingerprintBin2?: number;
+    bodyFingerprintBin3?: number;
+    bodyFingerprintBin4?: number;
+    bodyFingerprintBin5?: number;
+    antispamDirection?: AntispamMailDirection;
+    deliveryAction?: DeliveryAction;
+    deliveryLocation?: DeliveryLocation;
+};
+
+// @public
+export type MailMessageEntityProperties = EntityCommonProperties & {
+    readonly fileEntityIds?: string[];
+    readonly recipient?: string;
+    readonly urls?: string[];
+    readonly threats?: string[];
+    readonly p1Sender?: string;
+    readonly p1SenderDisplayName?: string;
+    readonly p1SenderDomain?: string;
+    readonly senderIP?: string;
+    readonly p2Sender?: string;
+    readonly p2SenderDisplayName?: string;
+    readonly p2SenderDomain?: string;
+    readonly receiveDate?: Date;
+    readonly networkMessageId?: string;
+    readonly internetMessageId?: string;
+    readonly subject?: string;
+    readonly language?: string;
+    readonly threatDetectionMethods?: string[];
+    bodyFingerprintBin1?: number;
+    bodyFingerprintBin2?: number;
+    bodyFingerprintBin3?: number;
+    bodyFingerprintBin4?: number;
+    bodyFingerprintBin5?: number;
+    antispamDirection?: AntispamMailDirection;
+    deliveryAction?: DeliveryAction;
+    deliveryLocation?: DeliveryLocation;
+};
+
+// @public
+export type MalwareEntity = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    readonly category?: string;
+    readonly fileEntityIds?: string[];
+    readonly malwareName?: string;
+    readonly processEntityIds?: string[];
+};
+
+// @public
+export type MalwareEntityProperties = EntityCommonProperties & {
+    readonly category?: string;
+    readonly fileEntityIds?: string[];
+    readonly malwareName?: string;
+    readonly processEntityIds?: string[];
+};
+
+// @public
+export type MatchingMethod = string;
+
+// @public
+export type McasCheckRequirements = DataConnectorsCheckRequirements & {
+    kind: "MicrosoftCloudAppSecurity";
+    tenantId?: string;
+};
+
+// @public
+export type McasCheckRequirementsProperties = DataConnectorTenantId & {};
+
+// @public
+export type McasDataConnector = DataConnector & {
+    tenantId?: string;
+    dataTypes?: McasDataConnectorDataTypes;
+};
+
+// @public
+export type McasDataConnectorDataTypes = AlertsDataTypeOfDataConnector & {
+    discoveryLogs?: DataConnectorDataTypeCommon;
+};
+
+// @public
+export type McasDataConnectorProperties = DataConnectorTenantId & {
+    dataTypes: McasDataConnectorDataTypes;
+};
+
+// @public
+export type MdatpCheckRequirements = DataConnectorsCheckRequirements & {
+    kind: "MicrosoftDefenderAdvancedThreatProtection";
+    tenantId?: string;
+};
+
+// @public
+export type MdatpCheckRequirementsProperties = DataConnectorTenantId & {};
+
+// @public
+export type MdatpDataConnector = DataConnector & {
+    tenantId?: string;
+    dataTypes?: AlertsDataTypeOfDataConnector;
+};
+
+// @public
+export type MdatpDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {};
+
+// @public
+export interface Metadata {
+    create(resourceGroupName: string, workspaceName: string, metadataName: string, metadata: MetadataModel, options?: MetadataCreateOptionalParams): Promise<MetadataCreateResponse>;
+    delete(resourceGroupName: string, workspaceName: string, metadataName: string, options?: MetadataDeleteOptionalParams): Promise<void>;
+    get(resourceGroupName: string, workspaceName: string, metadataName: string, options?: MetadataGetOptionalParams): Promise<MetadataGetResponse>;
+    list(resourceGroupName: string, workspaceName: string, options?: MetadataListOptionalParams): PagedAsyncIterableIterator<MetadataModel>;
+    update(resourceGroupName: string, workspaceName: string, metadataName: string, metadataPatch: MetadataPatch, options?: MetadataUpdateOptionalParams): Promise<MetadataUpdateResponse>;
+}
+
+// @public
+export interface MetadataAuthor {
+    email?: string;
+    link?: string;
+    name?: string;
+}
+
+// @public
+export interface MetadataCategories {
+    domains?: string[];
+    verticals?: string[];
+}
+
+// @public
+export interface MetadataCreateOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type MetadataCreateResponse = MetadataModel;
+
+// @public
+export interface MetadataDeleteOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface MetadataDependencies {
+    contentId?: string;
+    criteria?: MetadataDependencies[];
+    kind?: Kind;
+    name?: string;
+    operator?: Operator;
+    version?: string;
+}
+
+// @public
+export interface MetadataGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type MetadataGetResponse = MetadataModel;
+
+// @public
+export interface MetadataList {
+    readonly nextLink?: string;
+    value: MetadataModel[];
+}
+
+// @public
+export interface MetadataListNextOptionalParams extends coreClient.OperationOptions {
+    filter?: string;
+    orderby?: string;
+    skip?: number;
+    top?: number;
+}
+
+// @public
+export type MetadataListNextResponse = MetadataList;
+
+// @public
+export interface MetadataListOptionalParams extends coreClient.OperationOptions {
+    filter?: string;
+    orderby?: string;
+    skip?: number;
+    top?: number;
+}
+
+// @public
+export type MetadataListResponse = MetadataList;
+
+// @public
+export type MetadataModel = ResourceWithEtag & {
+    contentId?: string;
+    parentId?: string;
+    version?: string;
+    kind?: Kind;
+    source?: MetadataSource;
+    author?: MetadataAuthor;
+    support?: MetadataSupport;
+    dependencies?: MetadataDependencies;
+    categories?: MetadataCategories;
+    providers?: string[];
+    firstPublishDate?: Date;
+    lastPublishDate?: Date;
+};
+
+// @public
+export type MetadataPatch = ResourceWithEtag & {
+    contentId?: string;
+    parentId?: string;
+    version?: string;
+    kind?: Kind;
+    source?: MetadataSource;
+    author?: MetadataAuthor;
+    support?: MetadataSupport;
+    dependencies?: MetadataDependencies;
+    categories?: MetadataCategories;
+    providers?: string[];
+    firstPublishDate?: Date;
+    lastPublishDate?: Date;
+};
+
+// @public
+export interface MetadataSource {
+    kind: SourceKind;
+    name?: string;
+    sourceId?: string;
+}
+
+// @public
+export interface MetadataSupport {
+    email?: string;
+    link?: string;
+    name?: string;
+    tier: SupportTier;
+}
+
+// @public
+export interface MetadataUpdateOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type MetadataUpdateResponse = MetadataModel;
+
+// @public
+export type MicrosoftSecurityIncidentCreationAlertRule = AlertRule & {
+    displayNamesFilter?: string[];
+    displayNamesExcludeFilter?: string[];
+    productFilter?: MicrosoftSecurityProductName;
+    severitiesFilter?: AlertSeverity[];
+    alertRuleTemplateName?: string;
+    description?: string;
+    displayName?: string;
+    enabled?: boolean;
+    readonly lastModifiedUtc?: Date;
+};
+
+// @public
+export interface MicrosoftSecurityIncidentCreationAlertRuleCommonProperties {
+    displayNamesExcludeFilter?: string[];
+    displayNamesFilter?: string[];
+    productFilter: MicrosoftSecurityProductName;
+    severitiesFilter?: AlertSeverity[];
+}
+
+// @public
+export type MicrosoftSecurityIncidentCreationAlertRuleProperties = MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & {
+    alertRuleTemplateName?: string;
+    description?: string;
+    displayName: string;
+    enabled: boolean;
+    readonly lastModifiedUtc?: Date;
+};
+
+// @public
+export type MicrosoftSecurityIncidentCreationAlertRuleTemplate = AlertRuleTemplate & {
+    alertRulesCreatedByTemplateCount?: number;
+    readonly lastUpdatedDateUTC?: Date;
+    readonly createdDateUTC?: Date;
+    description?: string;
+    displayName?: string;
+    requiredDataConnectors?: AlertRuleTemplateDataSource[];
+    status?: TemplateStatus;
+    displayNamesFilter?: string[];
+    displayNamesExcludeFilter?: string[];
+    productFilter?: MicrosoftSecurityProductName;
+    severitiesFilter?: AlertSeverity[];
+};
+
+// @public
+export type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & {};
+
+// @public
+export type MicrosoftSecurityProductName = string;
+
+// @public
+export type MLBehaviorAnalyticsAlertRule = AlertRule & {
+    alertRuleTemplateName?: string;
+    readonly description?: string;
+    readonly displayName?: string;
+    enabled?: boolean;
+    readonly lastModifiedUtc?: Date;
+    readonly severity?: AlertSeverity;
+    readonly tactics?: AttackTactic[];
+};
+
+// @public
+export type MLBehaviorAnalyticsAlertRuleTemplate = AlertRuleTemplate & {
+    alertRulesCreatedByTemplateCount?: number;
+    readonly lastUpdatedDateUTC?: Date;
+    readonly createdDateUTC?: Date;
+    description?: string;
+    displayName?: string;
+    requiredDataConnectors?: AlertRuleTemplateDataSource[];
+    status?: TemplateStatus;
+    severity?: AlertSeverity;
+    tactics?: AttackTactic[];
+};
+
+// @public
+export type MLBehaviorAnalyticsAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & {
+    severity: AlertSeverity;
+    tactics?: AttackTactic[];
+};
+
+// @public
+export type MstiCheckRequirements = DataConnectorsCheckRequirements & {
+    kind: "MicrosoftThreatIntelligence";
+    tenantId?: string;
+};
+
+// @public
+export type MstiCheckRequirementsProperties = DataConnectorTenantId & {};
+
+// @public
+export type MstiDataConnector = DataConnector & {
+    tenantId?: string;
+    dataTypes?: MstiDataConnectorDataTypes;
+};
+
+// @public
+export interface MstiDataConnectorDataTypes {
+    bingSafetyPhishingURL: MstiDataConnectorDataTypesBingSafetyPhishingURL;
+    microsoftEmergingThreatFeed: MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed;
+}
+
+// @public
+export type MstiDataConnectorDataTypesBingSafetyPhishingURL = DataConnectorDataTypeCommon & {
+    lookbackPeriod: string;
+};
+
+// @public
+export type MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed = DataConnectorDataTypeCommon & {
+    lookbackPeriod: string;
+};
+
+// @public
+export type MstiDataConnectorProperties = DataConnectorTenantId & {
+    dataTypes: MstiDataConnectorDataTypes;
+};
+
+// @public
+export type MtpCheckRequirements = DataConnectorsCheckRequirements & {
+    kind: "MicrosoftThreatProtection";
+    tenantId?: string;
+};
+
+// @public
+export type MTPCheckRequirementsProperties = DataConnectorTenantId & {};
+
+// @public
+export type MTPDataConnector = DataConnector & {
+    tenantId?: string;
+    dataTypes?: MTPDataConnectorDataTypes;
+};
+
+// @public
+export interface MTPDataConnectorDataTypes {
+    incidents: MTPDataConnectorDataTypesIncidents;
+}
+
+// @public
+export type MTPDataConnectorDataTypesIncidents = DataConnectorDataTypeCommon & {};
+
+// @public
+export type MTPDataConnectorProperties = DataConnectorTenantId & {
+    dataTypes: MTPDataConnectorDataTypes;
+};
+
+// @public
+export type NrtAlertRule = AlertRule & {
+    alertRuleTemplateName?: string;
+    templateVersion?: string;
+    description?: string;
+    query?: string;
+    displayName?: string;
+    enabled?: boolean;
+    readonly lastModifiedUtc?: Date;
+    suppressionDuration?: string;
+    suppressionEnabled?: boolean;
+    severity?: AlertSeverity;
+    tactics?: AttackTactic[];
+    incidentConfiguration?: IncidentConfiguration;
+    customDetails?: {
+        [propertyName: string]: string;
+    };
+    entityMappings?: EntityMapping[];
+    alertDetailsOverride?: AlertDetailsOverride;
+};
+
+// @public
+export type NrtAlertRuleProperties = QueryBasedAlertRuleProperties & {};
+
+// @public
+export type NrtAlertRuleTemplate = AlertRuleTemplate & {
+    alertRulesCreatedByTemplateCount?: number;
+    readonly lastUpdatedDateUTC?: Date;
+    readonly createdDateUTC?: Date;
+    description?: string;
+    displayName?: string;
+    requiredDataConnectors?: AlertRuleTemplateDataSource[];
+    status?: TemplateStatus;
+    query?: string;
+    severity?: AlertSeverity;
+    tactics?: AttackTactic[];
+    version?: string;
+    customDetails?: {
+        [propertyName: string]: string;
+    };
+    entityMappings?: EntityMapping[];
+    alertDetailsOverride?: AlertDetailsOverride;
+};
+
+// @public
+export type NrtAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & QueryBasedAlertRuleTemplateProperties & {};
+
+// @public
+export type OfficeATPCheckRequirements = DataConnectorsCheckRequirements & {
+    kind: "OfficeATP";
+    tenantId?: string;
+};
+
+// @public
+export type OfficeATPCheckRequirementsProperties = DataConnectorTenantId & {};
+
+// @public
+export type OfficeATPDataConnector = DataConnector & {
+    tenantId?: string;
+    dataTypes?: AlertsDataTypeOfDataConnector;
+};
+
+// @public
+export type OfficeATPDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {};
+
+// @public
+export type OfficeConsent = Resource & {
+    tenantId?: string;
+    consentId?: string;
+};
+
+// @public
+export interface OfficeConsentList {
+    readonly nextLink?: string;
+    value: OfficeConsent[];
+}
+
+// @public
+export interface OfficeConsents {
+    delete(resourceGroupName: string, workspaceName: string, consentId: string, options?: OfficeConsentsDeleteOptionalParams): Promise<void>;
+    get(resourceGroupName: string, workspaceName: string, consentId: string, options?: OfficeConsentsGetOptionalParams): Promise<OfficeConsentsGetResponse>;
+    list(resourceGroupName: string, workspaceName: string, options?: OfficeConsentsListOptionalParams): PagedAsyncIterableIterator<OfficeConsent>;
+}
+
+// @public
+export interface OfficeConsentsDeleteOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface OfficeConsentsGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type OfficeConsentsGetResponse = OfficeConsent;
+
+// @public
+export interface OfficeConsentsListNextOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type OfficeConsentsListNextResponse = OfficeConsentList;
+
+// @public
+export interface OfficeConsentsListOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type OfficeConsentsListResponse = OfficeConsentList;
+
+// @public
+export type OfficeDataConnector = DataConnector & {
+    tenantId?: string;
+    dataTypes?: OfficeDataConnectorDataTypes;
+};
+
+// @public
+export interface OfficeDataConnectorDataTypes {
+    exchange: OfficeDataConnectorDataTypesExchange;
+    sharePoint: OfficeDataConnectorDataTypesSharePoint;
+    teams: OfficeDataConnectorDataTypesTeams;
+}
+
+// @public
+export type OfficeDataConnectorDataTypesExchange = DataConnectorDataTypeCommon & {};
+
+// @public
+export type OfficeDataConnectorDataTypesSharePoint = DataConnectorDataTypeCommon & {};
+
+// @public
+export type OfficeDataConnectorDataTypesTeams = DataConnectorDataTypeCommon & {};
+
+// @public
+export type OfficeDataConnectorProperties = DataConnectorTenantId & {
+    dataTypes: OfficeDataConnectorDataTypes;
+};
+
+// @public
+export type OfficeIRMCheckRequirements = DataConnectorsCheckRequirements & {
+    kind: "OfficeIRM";
+    tenantId?: string;
+};
+
+// @public
+export type OfficeIRMCheckRequirementsProperties = DataConnectorTenantId & {};
+
+// @public
+export type OfficeIRMDataConnector = DataConnector & {
+    tenantId?: string;
+    dataTypes?: AlertsDataTypeOfDataConnector;
+};
+
+// @public
+export type OfficeIRMDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {};
+
+// @public
+export interface Operation {
+    display?: OperationDisplay;
+    isDataAction?: boolean;
+    name?: string;
+    origin?: string;
+}
+
+// @public
+export interface OperationDisplay {
+    description?: string;
+    operation?: string;
+    provider?: string;
+    resource?: string;
+}
+
+// @public
+export interface Operations {
+    list(options?: OperationsListOptionalParams): PagedAsyncIterableIterator<Operation>;
+}
+
+// @public
+export interface OperationsList {
+    readonly nextLink?: string;
+    value: Operation[];
+}
+
+// @public
+export interface OperationsListNextOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type OperationsListNextResponse = OperationsList;
+
+// @public
+export interface OperationsListOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type OperationsListResponse = OperationsList;
+
+// @public
+export type Operator = string;
+
+// @public
+export type OSFamily = "Linux" | "Windows" | "Android" | "IOS" | "Unknown";
+
+// @public
+export type OutputType = string;
+
+// @public
+export type OwnerType = string;
+
+// @public
+export type PermissionProviderScope = string;
+
+// @public
+interface Permissions_2 {
+    customs?: PermissionsCustomsItem[];
+    resourceProvider?: PermissionsResourceProviderItem[];
+}
+export { Permissions_2 as Permissions }
+
+// @public (undocumented)
+export type PermissionsCustomsItem = Customs & {};
+
+// @public (undocumented)
+export type PermissionsResourceProviderItem = ResourceProvider & {};
+
+// @public
+export type PollingFrequency = string;
+
+// @public
+export type ProcessEntity = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    readonly accountEntityId?: string;
+    readonly commandLine?: string;
+    readonly creationTimeUtc?: Date;
+    elevationToken?: ElevationToken;
+    readonly hostEntityId?: string;
+    readonly hostLogonSessionEntityId?: string;
+    readonly imageFileEntityId?: string;
+    readonly parentProcessEntityId?: string;
+    readonly processId?: string;
+};
+
+// @public
+export type ProcessEntityProperties = EntityCommonProperties & {
+    readonly accountEntityId?: string;
+    readonly commandLine?: string;
+    readonly creationTimeUtc?: Date;
+    elevationToken?: ElevationToken;
+    readonly hostEntityId?: string;
+    readonly hostLogonSessionEntityId?: string;
+    readonly imageFileEntityId?: string;
+    readonly parentProcessEntityId?: string;
+    readonly processId?: string;
+};
+
+// @public
+export interface ProductSettings {
+    delete(resourceGroupName: string, workspaceName: string, settingsName: string, options?: ProductSettingsDeleteOptionalParams): Promise<void>;
+    get(resourceGroupName: string, workspaceName: string, settingsName: string, options?: ProductSettingsGetOptionalParams): Promise<ProductSettingsGetResponse>;
+    list(resourceGroupName: string, workspaceName: string, options?: ProductSettingsListOptionalParams): Promise<ProductSettingsListResponse>;
+    update(resourceGroupName: string, workspaceName: string, settingsName: string, settings: SettingsUnion, options?: ProductSettingsUpdateOptionalParams): Promise<ProductSettingsUpdateResponse>;
+}
+
+// @public
+export interface ProductSettingsDeleteOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface ProductSettingsGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type ProductSettingsGetResponse = SettingsUnion;
+
+// @public
+export interface ProductSettingsListOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type ProductSettingsListResponse = SettingList;
+
+// @public
+export interface ProductSettingsUpdateOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type ProductSettingsUpdateResponse = SettingsUnion;
+
+// @public
+export type ProviderName = string;
+
+// @public
+export interface QueryBasedAlertRuleProperties {
+    alertDetailsOverride?: AlertDetailsOverride;
+    alertRuleTemplateName?: string;
+    customDetails?: {
+        [propertyName: string]: string;
+    };
+    description?: string;
+    displayName: string;
+    enabled: boolean;
+    entityMappings?: EntityMapping[];
+    incidentConfiguration?: IncidentConfiguration;
+    readonly lastModifiedUtc?: Date;
+    query?: string;
+    severity?: AlertSeverity;
+    suppressionDuration: string;
+    suppressionEnabled: boolean;
+    tactics?: AttackTactic[];
+    templateVersion?: string;
+}
+
+// @public
+export interface QueryBasedAlertRuleTemplateProperties {
+    alertDetailsOverride?: AlertDetailsOverride;
+    customDetails?: {
+        [propertyName: string]: string;
+    };
+    entityMappings?: EntityMapping[];
+    query?: string;
+    severity?: AlertSeverity;
+    tactics?: AttackTactic[];
+    version?: string;
+}
+
+// @public
+export type RegistryHive = string;
+
+// @public
+export type RegistryKeyEntity = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    readonly hive?: RegistryHive;
+    readonly key?: string;
+};
+
+// @public
+export type RegistryKeyEntityProperties = EntityCommonProperties & {
+    readonly hive?: RegistryHive;
+    readonly key?: string;
+};
+
+// @public
+export type RegistryValueEntity = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    readonly keyEntityId?: string;
+    readonly valueData?: string;
+    readonly valueName?: string;
+    readonly valueType?: RegistryValueKind;
+};
+
+// @public
+export type RegistryValueEntityProperties = EntityCommonProperties & {
+    readonly keyEntityId?: string;
+    readonly valueData?: string;
+    readonly valueName?: string;
+    readonly valueType?: RegistryValueKind;
+};
+
+// @public
+export type RegistryValueKind = string;
+
+// @public
+export type Relation = ResourceWithEtag & {
+    relatedResourceId?: string;
+    readonly relatedResourceName?: string;
+    readonly relatedResourceType?: string;
+    readonly relatedResourceKind?: string;
+};
+
+// @public
+export interface RelationList {
+    readonly nextLink?: string;
+    value: Relation[];
+}
+
+// @public
+export interface Repo {
+    branches?: string[];
+    fullName?: string;
+    url?: string;
+}
+
+// @public
+export interface RepoList {
+    readonly nextLink?: string;
+    value: Repo[];
+}
+
+// @public
+export interface Repository {
+    branch?: string;
+    deploymentLogsUrl?: string;
+    displayUrl?: string;
+    pathMapping?: ContentPathMap[];
+    url?: string;
+}
+
+// @public
+export type RepoType = string;
+
+// @public
+export interface RequiredPermissions {
+    action?: boolean;
+    delete?: boolean;
+    read?: boolean;
+    write?: boolean;
+}
+
+// @public
+export interface Resource {
+    readonly id?: string;
+    readonly name?: string;
+    readonly systemData?: SystemData;
+    readonly type?: string;
+}
+
+// @public
+export interface ResourceProvider {
+    permissionsDisplayText?: string;
+    provider?: ProviderName;
+    providerDisplayName?: string;
+    requiredPermissions?: RequiredPermissions;
+    scope?: PermissionProviderScope;
+}
+
+// @public
+export type ResourceWithEtag = Resource & {
+    etag?: string;
+};
+
+// @public
+export interface SampleQueries {
+    description?: string;
+    query?: string;
+}
+
+// @public
+export type ScheduledAlertRule = AlertRule & {
+    queryFrequency?: string;
+    queryPeriod?: string;
+    triggerOperator?: TriggerOperator;
+    triggerThreshold?: number;
+    eventGroupingSettings?: EventGroupingSettings;
+    alertRuleTemplateName?: string;
+    templateVersion?: string;
+    description?: string;
+    query?: string;
+    displayName?: string;
+    enabled?: boolean;
+    readonly lastModifiedUtc?: Date;
+    suppressionDuration?: string;
+    suppressionEnabled?: boolean;
+    severity?: AlertSeverity;
+    tactics?: AttackTactic[];
+    incidentConfiguration?: IncidentConfiguration;
+    customDetails?: {
+        [propertyName: string]: string;
+    };
+    entityMappings?: EntityMapping[];
+    alertDetailsOverride?: AlertDetailsOverride;
+};
+
+// @public
+export interface ScheduledAlertRuleCommonProperties {
+    eventGroupingSettings?: EventGroupingSettings;
+    queryFrequency?: string;
+    queryPeriod?: string;
+    triggerOperator?: TriggerOperator;
+    triggerThreshold?: number;
+}
+
+// @public
+export type ScheduledAlertRuleProperties = ScheduledAlertRuleCommonProperties & QueryBasedAlertRuleProperties & {};
+
+// @public
+export type ScheduledAlertRuleTemplate = AlertRuleTemplate & {
+    alertRulesCreatedByTemplateCount?: number;
+    readonly lastUpdatedDateUTC?: Date;
+    readonly createdDateUTC?: Date;
+    description?: string;
+    displayName?: string;
+    requiredDataConnectors?: AlertRuleTemplateDataSource[];
+    status?: TemplateStatus;
+    query?: string;
+    severity?: AlertSeverity;
+    tactics?: AttackTactic[];
+    version?: string;
+    customDetails?: {
+        [propertyName: string]: string;
+    };
+    entityMappings?: EntityMapping[];
+    alertDetailsOverride?: AlertDetailsOverride;
+    queryFrequency?: string;
+    queryPeriod?: string;
+    triggerOperator?: TriggerOperator;
+    triggerThreshold?: number;
+    eventGroupingSettings?: EventGroupingSettings;
+};
+
+// @public
+export type ScheduledAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & QueryBasedAlertRuleTemplateProperties & ScheduledAlertRuleCommonProperties & {};
+
+// @public
+export type SecurityAlert = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    readonly alertDisplayName?: string;
+    readonly alertType?: string;
+    readonly compromisedEntity?: string;
+    readonly confidenceLevel?: ConfidenceLevel;
+    readonly confidenceReasons?: SecurityAlertPropertiesConfidenceReasonsItem[];
+    readonly confidenceScore?: number;
+    readonly confidenceScoreStatus?: ConfidenceScoreStatus;
+    readonly description?: string;
+    readonly endTimeUtc?: Date;
+    readonly intent?: KillChainIntent;
+    readonly providerAlertId?: string;
+    readonly processingEndTime?: Date;
+    readonly productComponentName?: string;
+    readonly productName?: string;
+    readonly productVersion?: string;
+    readonly remediationSteps?: string[];
+    severity?: AlertSeverity;
+    readonly startTimeUtc?: Date;
+    readonly status?: AlertStatus;
+    readonly systemAlertId?: string;
+    readonly tactics?: AttackTactic[];
+    readonly timeGenerated?: Date;
+    readonly vendorName?: string;
+    readonly alertLink?: string;
+    readonly resourceIdentifiers?: Record<string, unknown>[];
+};
+
+// @public
+export type SecurityAlertProperties = EntityCommonProperties & {
+    readonly alertDisplayName?: string;
+    readonly alertType?: string;
+    readonly compromisedEntity?: string;
+    readonly confidenceLevel?: ConfidenceLevel;
+    readonly confidenceReasons?: SecurityAlertPropertiesConfidenceReasonsItem[];
+    readonly confidenceScore?: number;
+    readonly confidenceScoreStatus?: ConfidenceScoreStatus;
+    readonly description?: string;
+    readonly endTimeUtc?: Date;
+    readonly intent?: KillChainIntent;
+    readonly providerAlertId?: string;
+    readonly processingEndTime?: Date;
+    readonly productComponentName?: string;
+    readonly productName?: string;
+    readonly productVersion?: string;
+    readonly remediationSteps?: string[];
+    severity?: AlertSeverity;
+    readonly startTimeUtc?: Date;
+    readonly status?: AlertStatus;
+    readonly systemAlertId?: string;
+    readonly tactics?: AttackTactic[];
+    readonly timeGenerated?: Date;
+    readonly vendorName?: string;
+    readonly alertLink?: string;
+    readonly resourceIdentifiers?: Record<string, unknown>[];
+};
+
+// @public
+export interface SecurityAlertPropertiesConfidenceReasonsItem {
+    readonly reason?: string;
+    readonly reasonType?: string;
+}
+
+// @public
+export type SecurityAlertTimelineItem = EntityTimelineItem & {
+    kind: "SecurityAlert";
+    azureResourceId: string;
+    productName?: string;
+    description?: string;
+    displayName: string;
+    severity: AlertSeverity;
+    endTimeUtc: Date;
+    startTimeUtc: Date;
+    timeGenerated: Date;
+    alertType: string;
+};
+
+// @public
+export type SecurityGroupEntity = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    readonly distinguishedName?: string;
+    readonly objectGuid?: string;
+    readonly sid?: string;
+};
+
+// @public
+export type SecurityGroupEntityProperties = EntityCommonProperties & {
+    readonly distinguishedName?: string;
+    readonly objectGuid?: string;
+    readonly sid?: string;
+};
+
+// @public (undocumented)
+export class SecurityInsights extends coreClient.ServiceClient {
+    // (undocumented)
+    $host: string;
+    constructor(credentials: coreAuth.TokenCredential, subscriptionId: string, options?: SecurityInsightsOptionalParams);
+    // (undocumented)
+    actions: Actions;
+    // (undocumented)
+    alertRules: AlertRules;
+    // (undocumented)
+    alertRuleTemplates: AlertRuleTemplates;
+    // (undocumented)
+    apiVersion: string;
+    // (undocumented)
+    automationRules: AutomationRules;
+    // (undocumented)
+    bookmarkOperations: BookmarkOperations;
+    // (undocumented)
+    bookmarkRelations: BookmarkRelations;
+    // (undocumented)
+    bookmarks: Bookmarks;
+    // (undocumented)
+    dataConnectors: DataConnectors;
+    // (undocumented)
+    dataConnectorsCheckRequirementsOperations: DataConnectorsCheckRequirementsOperations;
+    // (undocumented)
+    domainWhois: DomainWhois;
+    // (undocumented)
+    entities: Entities;
+    // (undocumented)
+    entitiesGetTimeline: EntitiesGetTimeline;
+    // (undocumented)
+    entitiesRelations: EntitiesRelations;
+    // (undocumented)
+    entityQueries: EntityQueries;
+    // (undocumented)
+    entityQueryTemplates: EntityQueryTemplates;
+    // (undocumented)
+    entityRelations: EntityRelations;
+    // (undocumented)
+    incidentComments: IncidentComments;
+    // (undocumented)
+    incidentRelations: IncidentRelations;
+    // (undocumented)
+    incidents: Incidents;
+    // (undocumented)
+    iPGeodata: IPGeodata;
+    // (undocumented)
+    metadata: Metadata;
+    // (undocumented)
+    officeConsents: OfficeConsents;
+    // (undocumented)
+    operations: Operations;
+    // (undocumented)
+    productSettings: ProductSettings;
+    // (undocumented)
+    sentinelOnboardingStates: SentinelOnboardingStates;
+    // (undocumented)
+    sourceControlOperations: SourceControlOperations;
+    // (undocumented)
+    sourceControls: SourceControls;
+    // (undocumented)
+    subscriptionId: string;
+    // (undocumented)
+    threatIntelligenceIndicator: ThreatIntelligenceIndicator;
+    // (undocumented)
+    threatIntelligenceIndicatorMetrics: ThreatIntelligenceIndicatorMetrics;
+    // (undocumented)
+    threatIntelligenceIndicators: ThreatIntelligenceIndicators;
+    // (undocumented)
+    watchlistItems: WatchlistItems;
+    // (undocumented)
+    watchlists: Watchlists;
+}
+
+// @public
+export interface SecurityInsightsOptionalParams extends coreClient.ServiceClientOptions {
+    $host?: string;
+    apiVersion?: string;
+    endpoint?: string;
+}
+
+// @public
+export type SentinelOnboardingState = ResourceWithEtag & {
+    customerManagedKey?: boolean;
+};
+
+// @public
+export interface SentinelOnboardingStates {
+    create(resourceGroupName: string, workspaceName: string, sentinelOnboardingStateName: string, options?: SentinelOnboardingStatesCreateOptionalParams): Promise<SentinelOnboardingStatesCreateResponse>;
+    delete(resourceGroupName: string, workspaceName: string, sentinelOnboardingStateName: string, options?: SentinelOnboardingStatesDeleteOptionalParams): Promise<void>;
+    get(resourceGroupName: string, workspaceName: string, sentinelOnboardingStateName: string, options?: SentinelOnboardingStatesGetOptionalParams): Promise<SentinelOnboardingStatesGetResponse>;
+    list(resourceGroupName: string, workspaceName: string, options?: SentinelOnboardingStatesListOptionalParams): Promise<SentinelOnboardingStatesListResponse>;
+}
+
+// @public
+export interface SentinelOnboardingStatesCreateOptionalParams extends coreClient.OperationOptions {
+    sentinelOnboardingStateParameter?: SentinelOnboardingState;
+}
+
+// @public
+export type SentinelOnboardingStatesCreateResponse = SentinelOnboardingState;
+
+// @public
+export interface SentinelOnboardingStatesDeleteOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface SentinelOnboardingStatesGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type SentinelOnboardingStatesGetResponse = SentinelOnboardingState;
+
+// @public
+export interface SentinelOnboardingStatesList {
+    value: SentinelOnboardingState[];
+}
+
+// @public
+export interface SentinelOnboardingStatesListOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type SentinelOnboardingStatesListResponse = SentinelOnboardingStatesList;
+
+// @public
+export type SettingKind = string;
+
+// @public
+export interface SettingList {
+    value: SettingsUnion[];
+}
+
+// @public
+export type Settings = ResourceWithEtag & {
+    kind: SettingKind;
+};
+
+// @public (undocumented)
+export type SettingsUnion = Settings | Anomalies | EyesOn | EntityAnalytics | Ueba;
+
+// @public
+export type SettingType = string;
+
+// @public
+export interface Sku {
+    capacityReservationLevel?: number;
+    name?: SkuKind;
+}
+
+// @public
+export type SkuKind = string;
+
+// @public
+export type Source = string;
+
+// @public
+export type SourceControl = ResourceWithEtag & {
+    idPropertiesId?: string;
+    displayName?: string;
+    description?: string;
+    repoType?: RepoType;
+    contentTypes?: ContentType[];
+    repository?: Repository;
+};
+
+// @public
+export interface SourceControlList {
+    readonly nextLink?: string;
+    value: SourceControl[];
+}
+
+// @public
+export interface SourceControlListRepositoriesNextOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type SourceControlListRepositoriesNextResponse = RepoList;
+
+// @public
+export interface SourceControlListRepositoriesOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type SourceControlListRepositoriesResponse = RepoList;
+
+// @public
+export interface SourceControlOperations {
+    listRepositories(resourceGroupName: string, workspaceName: string, repoType: RepoType, options?: SourceControlListRepositoriesOptionalParams): PagedAsyncIterableIterator<Repo>;
+}
+
+// @public
+export interface SourceControls {
+    create(resourceGroupName: string, workspaceName: string, sourceControlId: string, sourceControl: SourceControl, options?: SourceControlsCreateOptionalParams): Promise<SourceControlsCreateResponse>;
+    delete(resourceGroupName: string, workspaceName: string, sourceControlId: string, options?: SourceControlsDeleteOptionalParams): Promise<void>;
+    get(resourceGroupName: string, workspaceName: string, sourceControlId: string, options?: SourceControlsGetOptionalParams): Promise<SourceControlsGetResponse>;
+    list(resourceGroupName: string, workspaceName: string, options?: SourceControlsListOptionalParams): PagedAsyncIterableIterator<SourceControl>;
+}
+
+// @public
+export interface SourceControlsCreateOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type SourceControlsCreateResponse = SourceControl;
+
+// @public
+export interface SourceControlsDeleteOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface SourceControlsGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type SourceControlsGetResponse = SourceControl;
+
+// @public
+export interface SourceControlsListNextOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type SourceControlsListNextResponse = SourceControlList;
+
+// @public
+export interface SourceControlsListOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type SourceControlsListResponse = SourceControlList;
+
+// @public
+export type SourceKind = string;
+
+// @public
+export type SubmissionMailEntity = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    readonly networkMessageId?: string;
+    readonly submissionId?: string;
+    readonly submitter?: string;
+    readonly submissionDate?: Date;
+    readonly timestamp?: Date;
+    readonly recipient?: string;
+    readonly sender?: string;
+    readonly senderIp?: string;
+    readonly subject?: string;
+    readonly reportType?: string;
+};
+
+// @public
+export type SubmissionMailEntityProperties = EntityCommonProperties & {
+    readonly networkMessageId?: string;
+    readonly submissionId?: string;
+    readonly submitter?: string;
+    readonly submissionDate?: Date;
+    readonly timestamp?: Date;
+    readonly recipient?: string;
+    readonly sender?: string;
+    readonly senderIp?: string;
+    readonly subject?: string;
+    readonly reportType?: string;
+};
+
+// @public
+export type SupportTier = string;
+
+// @public
+export interface SystemData {
+    createdAt?: Date;
+    createdBy?: string;
+    createdByType?: CreatedByType;
+    lastModifiedAt?: Date;
+    lastModifiedBy?: string;
+    lastModifiedByType?: CreatedByType;
+}
+
+// @public
+export interface TeamInformation {
+    readonly description?: string;
+    readonly name?: string;
+    readonly primaryChannelUrl?: string;
+    readonly teamCreationTimeUtc?: Date;
+    readonly teamId?: string;
+}
+
+// @public
+export interface TeamProperties {
+    groupIds?: string[];
+    memberIds?: string[];
+    teamDescription?: string;
+    teamName: string;
+}
+
+// @public
+export type TemplateStatus = string;
+
+// @public
+export interface ThreatIntelligence {
+    readonly confidence?: number;
+    readonly providerName?: string;
+    readonly reportLink?: string;
+    readonly threatDescription?: string;
+    readonly threatName?: string;
+    readonly threatType?: string;
+}
+
+// @public
+export type ThreatIntelligenceAlertRule = AlertRule & {
+    alertRuleTemplateName?: string;
+    readonly description?: string;
+    readonly displayName?: string;
+    enabled?: boolean;
+    readonly lastModifiedUtc?: Date;
+    readonly severity?: AlertSeverity;
+    readonly tactics?: AttackTactic[];
+};
+
+// @public
+export type ThreatIntelligenceAlertRuleTemplate = AlertRuleTemplate & {
+    alertRulesCreatedByTemplateCount?: number;
+    readonly lastUpdatedDateUTC?: Date;
+    readonly createdDateUTC?: Date;
+    description?: string;
+    displayName?: string;
+    requiredDataConnectors?: AlertRuleTemplateDataSource[];
+    status?: TemplateStatus;
+    severity?: AlertSeverity;
+    tactics?: AttackTactic[];
+};
+
+// @public
+export type ThreatIntelligenceAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & {
+    severity: AlertSeverity;
+    tactics?: AttackTactic[];
+};
+
+// @public
+export interface ThreatIntelligenceAppendTags {
+    threatIntelligenceTags?: string[];
+}
+
+// @public
+export interface ThreatIntelligenceExternalReference {
+    description?: string;
+    externalId?: string;
+    hashes?: {
+        [propertyName: string]: string;
+    };
+    sourceName?: string;
+    url?: string;
+}
+
+// @public
+export interface ThreatIntelligenceFilteringCriteria {
+    ids?: string[];
+    includeDisabled?: boolean;
+    keywords?: string[];
+    maxConfidence?: number;
+    maxValidUntil?: string;
+    minConfidence?: number;
+    minValidUntil?: string;
+    pageSize?: number;
+    patternTypes?: string[];
+    skipToken?: string;
+    sortBy?: ThreatIntelligenceSortingCriteria[];
+    sources?: string[];
+    threatTypes?: string[];
+}
+
+// @public
+export interface ThreatIntelligenceGranularMarkingModel {
+    language?: string;
+    markingRef?: number;
+    selectors?: string[];
+}
+
+// @public
+export interface ThreatIntelligenceIndicator {
+    appendTags(resourceGroupName: string, workspaceName: string, name: string, threatIntelligenceAppendTags: ThreatIntelligenceAppendTags, options?: ThreatIntelligenceIndicatorAppendTagsOptionalParams): Promise<void>;
+    create(resourceGroupName: string, workspaceName: string, name: string, threatIntelligenceProperties: ThreatIntelligenceIndicatorModelForRequestBody, options?: ThreatIntelligenceIndicatorCreateOptionalParams): Promise<ThreatIntelligenceIndicatorCreateResponse>;
+    createIndicator(resourceGroupName: string, workspaceName: string, threatIntelligenceProperties: ThreatIntelligenceIndicatorModelForRequestBody, options?: ThreatIntelligenceIndicatorCreateIndicatorOptionalParams): Promise<ThreatIntelligenceIndicatorCreateIndicatorResponse>;
+    delete(resourceGroupName: string, workspaceName: string, name: string, options?: ThreatIntelligenceIndicatorDeleteOptionalParams): Promise<void>;
+    get(resourceGroupName: string, workspaceName: string, name: string, options?: ThreatIntelligenceIndicatorGetOptionalParams): Promise<ThreatIntelligenceIndicatorGetResponse>;
+    listQueryIndicators(resourceGroupName: string, workspaceName: string, threatIntelligenceFilteringCriteria: ThreatIntelligenceFilteringCriteria, options?: ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams): PagedAsyncIterableIterator<ThreatIntelligenceInformationUnion>;
+    replaceTags(resourceGroupName: string, workspaceName: string, name: string, threatIntelligenceReplaceTags: ThreatIntelligenceIndicatorModelForRequestBody, options?: ThreatIntelligenceIndicatorReplaceTagsOptionalParams): Promise<ThreatIntelligenceIndicatorReplaceTagsResponse>;
+}
+
+// @public
+export interface ThreatIntelligenceIndicatorAppendTagsOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface ThreatIntelligenceIndicatorCreateIndicatorOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type ThreatIntelligenceIndicatorCreateIndicatorResponse = ThreatIntelligenceInformationUnion;
+
+// @public
+export interface ThreatIntelligenceIndicatorCreateOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type ThreatIntelligenceIndicatorCreateResponse = ThreatIntelligenceInformationUnion;
+
+// @public
+export interface ThreatIntelligenceIndicatorDeleteOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface ThreatIntelligenceIndicatorGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type ThreatIntelligenceIndicatorGetResponse = ThreatIntelligenceInformationUnion;
+
+// @public
+export interface ThreatIntelligenceIndicatorMetrics {
+    list(resourceGroupName: string, workspaceName: string, options?: ThreatIntelligenceIndicatorMetricsListOptionalParams): Promise<ThreatIntelligenceIndicatorMetricsListResponse>;
+}
+
+// @public
+export interface ThreatIntelligenceIndicatorMetricsListOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type ThreatIntelligenceIndicatorMetricsListResponse = ThreatIntelligenceMetricsList;
+
+// @public
+export type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    threatIntelligenceTags?: string[];
+    lastUpdatedTimeUtc?: string;
+    source?: string;
+    displayName?: string;
+    description?: string;
+    indicatorTypes?: string[];
+    pattern?: string;
+    patternType?: string;
+    patternVersion?: string;
+    killChainPhases?: ThreatIntelligenceKillChainPhase[];
+    parsedPattern?: ThreatIntelligenceParsedPattern[];
+    externalId?: string;
+    createdByRef?: string;
+    defanged?: boolean;
+    externalLastUpdatedTimeUtc?: string;
+    externalReferences?: ThreatIntelligenceExternalReference[];
+    granularMarkings?: ThreatIntelligenceGranularMarkingModel[];
+    labels?: string[];
+    revoked?: boolean;
+    confidence?: number;
+    objectMarkingRefs?: string[];
+    language?: string;
+    threatTypes?: string[];
+    validFrom?: string;
+    validUntil?: string;
+    created?: string;
+    modified?: string;
+    extensions?: {
+        [propertyName: string]: any;
+    };
+};
+
+// @public
+export type ThreatIntelligenceIndicatorModelForRequestBody = ThreatIntelligenceResourceKind & {
+    etag?: string;
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    threatIntelligenceTags?: string[];
+    lastUpdatedTimeUtc?: string;
+    source?: string;
+    displayName?: string;
+    description?: string;
+    indicatorTypes?: string[];
+    pattern?: string;
+    patternType?: string;
+    patternVersion?: string;
+    killChainPhases?: ThreatIntelligenceKillChainPhase[];
+    parsedPattern?: ThreatIntelligenceParsedPattern[];
+    externalId?: string;
+    createdByRef?: string;
+    defanged?: boolean;
+    externalLastUpdatedTimeUtc?: string;
+    externalReferences?: ThreatIntelligenceExternalReference[];
+    granularMarkings?: ThreatIntelligenceGranularMarkingModel[];
+    labels?: string[];
+    revoked?: boolean;
+    confidence?: number;
+    objectMarkingRefs?: string[];
+    language?: string;
+    threatTypes?: string[];
+    validFrom?: string;
+    validUntil?: string;
+    created?: string;
+    modified?: string;
+    extensions?: {
+        [propertyName: string]: any;
+    };
+};
+
+// @public
+export type ThreatIntelligenceIndicatorProperties = EntityCommonProperties & {
+    threatIntelligenceTags?: string[];
+    lastUpdatedTimeUtc?: string;
+    source?: string;
+    displayName?: string;
+    description?: string;
+    indicatorTypes?: string[];
+    pattern?: string;
+    patternType?: string;
+    patternVersion?: string;
+    killChainPhases?: ThreatIntelligenceKillChainPhase[];
+    parsedPattern?: ThreatIntelligenceParsedPattern[];
+    externalId?: string;
+    createdByRef?: string;
+    defanged?: boolean;
+    externalLastUpdatedTimeUtc?: string;
+    externalReferences?: ThreatIntelligenceExternalReference[];
+    granularMarkings?: ThreatIntelligenceGranularMarkingModel[];
+    labels?: string[];
+    revoked?: boolean;
+    confidence?: number;
+    objectMarkingRefs?: string[];
+    language?: string;
+    threatTypes?: string[];
+    validFrom?: string;
+    validUntil?: string;
+    created?: string;
+    modified?: string;
+    extensions?: {
+        [propertyName: string]: any;
+    };
+};
+
+// @public
+export interface ThreatIntelligenceIndicatorQueryIndicatorsNextOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type ThreatIntelligenceIndicatorQueryIndicatorsNextResponse = ThreatIntelligenceInformationList;
+
+// @public
+export interface ThreatIntelligenceIndicatorQueryIndicatorsOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type ThreatIntelligenceIndicatorQueryIndicatorsResponse = ThreatIntelligenceInformationList;
+
+// @public
+export interface ThreatIntelligenceIndicatorReplaceTagsOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type ThreatIntelligenceIndicatorReplaceTagsResponse = ThreatIntelligenceInformationUnion;
+
+// @public
+export interface ThreatIntelligenceIndicators {
+    list(resourceGroupName: string, workspaceName: string, options?: ThreatIntelligenceIndicatorsListOptionalParams): PagedAsyncIterableIterator<ThreatIntelligenceInformationUnion>;
+}
+
+// @public
+export interface ThreatIntelligenceIndicatorsListNextOptionalParams extends coreClient.OperationOptions {
+    filter?: string;
+    orderby?: string;
+    skipToken?: string;
+    top?: number;
+}
+
+// @public
+export type ThreatIntelligenceIndicatorsListNextResponse = ThreatIntelligenceInformationList;
+
+// @public
+export interface ThreatIntelligenceIndicatorsListOptionalParams extends coreClient.OperationOptions {
+    filter?: string;
+    orderby?: string;
+    skipToken?: string;
+    top?: number;
+}
+
+// @public
+export type ThreatIntelligenceIndicatorsListResponse = ThreatIntelligenceInformationList;
+
+// @public
+export type ThreatIntelligenceInformation = ResourceWithEtag & ThreatIntelligenceResourceKind & {};
+
+// @public
+export interface ThreatIntelligenceInformationList {
+    readonly nextLink?: string;
+    value: ThreatIntelligenceInformationUnion[];
+}
+
+// @public (undocumented)
+export type ThreatIntelligenceInformationUnion = ThreatIntelligenceInformation | ThreatIntelligenceIndicatorModel;
+
+// @public
+export interface ThreatIntelligenceKillChainPhase {
+    killChainName?: string;
+    phaseName?: string;
+}
+
+// @public
+export interface ThreatIntelligenceMetric {
+    lastUpdatedTimeUtc?: string;
+    patternTypeMetrics?: ThreatIntelligenceMetricEntity[];
+    sourceMetrics?: ThreatIntelligenceMetricEntity[];
+    threatTypeMetrics?: ThreatIntelligenceMetricEntity[];
+}
+
+// @public
+export interface ThreatIntelligenceMetricEntity {
+    metricName?: string;
+    metricValue?: number;
+}
+
+// @public
+export interface ThreatIntelligenceMetrics {
+    properties?: ThreatIntelligenceMetric;
+}
+
+// @public
+export interface ThreatIntelligenceMetricsList {
+    value: ThreatIntelligenceMetrics[];
+}
+
+// @public
+export interface ThreatIntelligenceParsedPattern {
+    patternTypeKey?: string;
+    patternTypeValues?: ThreatIntelligenceParsedPatternTypeValue[];
+}
+
+// @public
+export interface ThreatIntelligenceParsedPatternTypeValue {
+    value?: string;
+    valueType?: string;
+}
+
+// @public
+export interface ThreatIntelligenceResourceKind {
+    kind: ThreatIntelligenceResourceKindEnum;
+}
+
+// @public
+export type ThreatIntelligenceResourceKindEnum = string;
+
+// @public
+export interface ThreatIntelligenceSortingCriteria {
+    itemKey?: string;
+    sortOrder?: ThreatIntelligenceSortingCriteriaEnum;
+}
+
+// @public
+export type ThreatIntelligenceSortingCriteriaEnum = string;
+
+// @public
+export type TICheckRequirements = DataConnectorsCheckRequirements & {
+    kind: "ThreatIntelligence";
+    tenantId?: string;
+};
+
+// @public
+export type TICheckRequirementsProperties = DataConnectorTenantId & {};
+
+// @public
+export type TIDataConnector = DataConnector & {
+    tenantId?: string;
+    tipLookbackPeriod?: Date;
+    dataTypes?: TIDataConnectorDataTypes;
+};
+
+// @public
+export interface TIDataConnectorDataTypes {
+    indicators: TIDataConnectorDataTypesIndicators;
+}
+
+// @public
+export type TIDataConnectorDataTypesIndicators = DataConnectorDataTypeCommon & {};
+
+// @public
+export type TIDataConnectorProperties = DataConnectorTenantId & {
+    tipLookbackPeriod?: Date;
+    dataTypes: TIDataConnectorDataTypes;
+};
+
+// @public
+export interface TimelineAggregation {
+    count: number;
+    kind: EntityTimelineKind;
+}
+
+// @public
+export interface TimelineError {
+    errorMessage: string;
+    kind: EntityTimelineKind;
+    queryId?: string;
+}
+
+// @public
+export interface TimelineResultsMetadata {
+    aggregations: TimelineAggregation[];
+    errors?: TimelineError[];
+    totalCount: number;
+}
+
+// @public
+export type TiTaxiiCheckRequirements = DataConnectorsCheckRequirements & {
+    kind: "ThreatIntelligenceTaxii";
+    tenantId?: string;
+};
+
+// @public
+export type TiTaxiiCheckRequirementsProperties = DataConnectorTenantId & {};
+
+// @public
+export type TiTaxiiDataConnector = DataConnector & {
+    tenantId?: string;
+    workspaceId?: string;
+    friendlyName?: string;
+    taxiiServer?: string;
+    collectionId?: string;
+    userName?: string;
+    password?: string;
+    taxiiLookbackPeriod?: Date;
+    pollingFrequency?: PollingFrequency;
+    dataTypes?: TiTaxiiDataConnectorDataTypes;
+};
+
+// @public
+export interface TiTaxiiDataConnectorDataTypes {
+    taxiiClient: TiTaxiiDataConnectorDataTypesTaxiiClient;
+}
+
+// @public
+export type TiTaxiiDataConnectorDataTypesTaxiiClient = DataConnectorDataTypeCommon & {};
+
+// @public
+export type TiTaxiiDataConnectorProperties = DataConnectorTenantId & {
+    workspaceId?: string;
+    friendlyName?: string;
+    taxiiServer?: string;
+    collectionId?: string;
+    userName?: string;
+    password?: string;
+    taxiiLookbackPeriod?: Date;
+    pollingFrequency: PollingFrequency | null;
+    dataTypes: TiTaxiiDataConnectorDataTypes;
+};
+
+// @public
+export type TriggerOperator = "GreaterThan" | "LessThan" | "Equal" | "NotEqual";
+
+// @public
+export type TriggersOn = string;
+
+// @public
+export type TriggersWhen = string;
+
+// @public
+export type Ueba = Settings & {
+    dataSources?: UebaDataSources[];
+};
+
+// @public
+export type UebaDataSources = string;
+
+// @public
+export type UrlEntity = Entity & {
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    readonly friendlyName?: string;
+    readonly url?: string;
+};
+
+// @public
+export type UrlEntityProperties = EntityCommonProperties & {
+    readonly url?: string;
+};
+
+// @public
+export interface UserInfo {
+    readonly email?: string;
+    readonly name?: string;
+    objectId?: string;
+}
+
+// @public
+export type Watchlist = ResourceWithEtag & {
+    watchlistId?: string;
+    displayName?: string;
+    provider?: string;
+    source?: Source;
+    created?: Date;
+    updated?: Date;
+    createdBy?: UserInfo;
+    updatedBy?: UserInfo;
+    description?: string;
+    watchlistType?: string;
+    watchlistAlias?: string;
+    isDeleted?: boolean;
+    labels?: string[];
+    defaultDuration?: string;
+    tenantId?: string;
+    numberOfLinesToSkip?: number;
+    rawContent?: string;
+    itemsSearchKey?: string;
+    contentType?: string;
+    uploadStatus?: string;
+    watchlistItemsCount?: number;
+};
+
+// @public
+export type WatchlistItem = ResourceWithEtag & {
+    watchlistItemType?: string;
+    watchlistItemId?: string;
+    tenantId?: string;
+    isDeleted?: boolean;
+    created?: Date;
+    updated?: Date;
+    createdBy?: UserInfo;
+    updatedBy?: UserInfo;
+    itemsKeyValue?: Record<string, unknown>;
+    entityMapping?: Record<string, unknown>;
+};
+
+// @public
+export interface WatchlistItemList {
+    readonly nextLink?: string;
+    value: WatchlistItem[];
+}
+
+// @public
+export interface WatchlistItems {
+    createOrUpdate(resourceGroupName: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, watchlistItem: WatchlistItem, options?: WatchlistItemsCreateOrUpdateOptionalParams): Promise<WatchlistItemsCreateOrUpdateResponse>;
+    delete(resourceGroupName: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, options?: WatchlistItemsDeleteOptionalParams): Promise<void>;
+    get(resourceGroupName: string, workspaceName: string, watchlistAlias: string, watchlistItemId: string, options?: WatchlistItemsGetOptionalParams): Promise<WatchlistItemsGetResponse>;
+    list(resourceGroupName: string, workspaceName: string, watchlistAlias: string, options?: WatchlistItemsListOptionalParams): PagedAsyncIterableIterator<WatchlistItem>;
+}
+
+// @public
+export interface WatchlistItemsCreateOrUpdateOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type WatchlistItemsCreateOrUpdateResponse = WatchlistItem;
+
+// @public
+export interface WatchlistItemsDeleteOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface WatchlistItemsGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type WatchlistItemsGetResponse = WatchlistItem;
+
+// @public
+export interface WatchlistItemsListNextOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type WatchlistItemsListNextResponse = WatchlistItemList;
+
+// @public
+export interface WatchlistItemsListOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type WatchlistItemsListResponse = WatchlistItemList;
+
+// @public
+export interface WatchlistList {
+    readonly nextLink?: string;
+    value: Watchlist[];
+}
+
+// @public
+export interface Watchlists {
+    createOrUpdate(resourceGroupName: string, workspaceName: string, watchlistAlias: string, watchlist: Watchlist, options?: WatchlistsCreateOrUpdateOptionalParams): Promise<WatchlistsCreateOrUpdateResponse>;
+    delete(resourceGroupName: string, workspaceName: string, watchlistAlias: string, options?: WatchlistsDeleteOptionalParams): Promise<void>;
+    get(resourceGroupName: string, workspaceName: string, watchlistAlias: string, options?: WatchlistsGetOptionalParams): Promise<WatchlistsGetResponse>;
+    list(resourceGroupName: string, workspaceName: string, options?: WatchlistsListOptionalParams): PagedAsyncIterableIterator<Watchlist>;
+}
+
+// @public
+export interface WatchlistsCreateOrUpdateOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type WatchlistsCreateOrUpdateResponse = Watchlist;
+
+// @public
+export interface WatchlistsDeleteOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export interface WatchlistsGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type WatchlistsGetResponse = Watchlist;
+
+// @public
+export interface WatchlistsListNextOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type WatchlistsListNextResponse = WatchlistList;
+
+// @public
+export interface WatchlistsListOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type WatchlistsListResponse = WatchlistList;
+
+// (No @packageDocumentation comment for this package)
+
+```