@azure/arm-securityinsight 1.0.0-beta.3 → 1.0.0-beta.5

package/dist-esm/src/models/index.d.ts

@@ -1,15 +1,16 @@
 import * as coreClient from "@azure/core-client";
-export declare type AutomationRuleConditionUnion = AutomationRuleCondition | PropertyConditionProperties;
+export declare type AutomationRuleConditionUnion = AutomationRuleCondition | BooleanConditionProperties | PropertyArrayChangedConditionProperties | PropertyArrayConditionProperties | PropertyChangedConditionProperties | PropertyConditionProperties;
 export declare type AutomationRuleActionUnion = AutomationRuleAction | AutomationRuleModifyPropertiesAction | AutomationRuleRunPlaybookAction;
-export declare type EntityTimelineItemUnion = EntityTimelineItem | ActivityTimelineItem | BookmarkTimelineItem | SecurityAlertTimelineItem;
+export declare type EntityTimelineItemUnion = EntityTimelineItem | ActivityTimelineItem | BookmarkTimelineItem | AnomalyTimelineItem | SecurityAlertTimelineItem;
 export declare type EntityQueryItemUnion = EntityQueryItem | InsightQueryItem;
 export declare type DataConnectorsCheckRequirementsUnion = DataConnectorsCheckRequirements | AADCheckRequirements | AatpCheckRequirements | ASCCheckRequirements | AwsCloudTrailCheckRequirements | AwsS3CheckRequirements | Dynamics365CheckRequirements | McasCheckRequirements | MdatpCheckRequirements | MstiCheckRequirements | MtpCheckRequirements | OfficeATPCheckRequirements | OfficeIRMCheckRequirements | Office365ProjectCheckRequirements | OfficePowerBICheckRequirements | TICheckRequirements | TiTaxiiCheckRequirements | IoTCheckRequirements;
 export declare type AlertRuleTemplateUnion = AlertRuleTemplate | MLBehaviorAnalyticsAlertRuleTemplate | FusionAlertRuleTemplate | ThreatIntelligenceAlertRuleTemplate | MicrosoftSecurityIncidentCreationAlertRuleTemplate | ScheduledAlertRuleTemplate | NrtAlertRuleTemplate;
-export declare type EntityUnion = Entity | SecurityAlert | HuntingBookmark | AccountEntity | AzureResourceEntity | CloudApplicationEntity | DnsEntity | FileEntity | FileHashEntity | HostEntity | IoTDeviceEntity | IpEntity | MailboxEntity | MailClusterEntity | MailMessageEntity | MalwareEntity | ProcessEntity | RegistryKeyEntity | RegistryValueEntity | SecurityGroupEntity | SubmissionMailEntity | UrlEntity;
+export declare type EntityUnion = Entity | SecurityAlert | HuntingBookmark | AccountEntity | AzureResourceEntity | CloudApplicationEntity | DnsEntity | FileEntity | FileHashEntity | HostEntity | IoTDeviceEntity | IpEntity | MailboxEntity | MailClusterEntity | MailMessageEntity | MalwareEntity | ProcessEntity | RegistryKeyEntity | RegistryValueEntity | SecurityGroupEntity | SubmissionMailEntity | UrlEntity | NicEntity;
 export declare type EntityQueryTemplateUnion = EntityQueryTemplate | ActivityEntityQueryTemplate;
 export declare type AlertRuleUnion = AlertRule | MLBehaviorAnalyticsAlertRule | FusionAlertRule | ThreatIntelligenceAlertRule | MicrosoftSecurityIncidentCreationAlertRule | ScheduledAlertRule | NrtAlertRule;
 export declare type EntityQueryUnion = EntityQuery | ExpansionEntityQuery | ActivityEntityQuery;
 export declare type CustomEntityQueryUnion = CustomEntityQuery | ActivityCustomEntityQuery;
+export declare type SecurityMLAnalyticsSettingUnion = SecurityMLAnalyticsSetting | AnomalySecurityMLAnalyticsSettings;
 export declare type SettingsUnion = Settings | Anomalies | EyesOn | EntityAnalytics | Ueba;
 export declare type ThreatIntelligenceInformationUnion = ThreatIntelligenceInformation | ThreatIntelligenceIndicatorModel;
 export declare type DataConnectorUnion = DataConnector | AADDataConnector | MstiDataConnector | MTPDataConnector | AatpDataConnector | ASCDataConnector | AwsCloudTrailDataConnector | AwsS3DataConnector | McasDataConnector | Dynamics365DataConnector | OfficeATPDataConnector | Office365ProjectDataConnector | OfficePowerBIDataConnector | OfficeIRMDataConnector | MdatpDataConnector | OfficeDataConnector | TIDataConnector | TiTaxiiDataConnector | IoTDataConnector | CodelessUiDataConnector | CodelessApiPollingDataConnector;
@@ -104,23 +105,23 @@ export interface AlertRuleTemplatesList {
     /** Array of alert rule templates. */
     value: AlertRuleTemplateUnion[];
 }
-/** Describes automation rule triggering logic */
+/** Describes automation rule triggering logic. */
 export interface AutomationRuleTriggeringLogic {
-    /** Determines whether the automation rule is enabled or disabled */
+    /** Determines whether the automation rule is enabled or disabled. */
     isEnabled: boolean;
     /** Determines when the automation rule should automatically expire and be disabled. */
     expirationTimeUtc?: Date;
     triggersOn: TriggersOn;
     triggersWhen: TriggersWhen;
-    /** The conditions to evaluate to determine if the automation rule should be triggered on a given object */
+    /** The conditions to evaluate to determine if the automation rule should be triggered on a given object. */
     conditions?: AutomationRuleConditionUnion[];
 }
-/** Describes an automation rule condition */
+/** Describes an automation rule condition. */
 export interface AutomationRuleCondition {
     /** Polymorphic discriminator, which specifies the different types this object can be */
-    conditionType: "Property";
+    conditionType: "Boolean" | "PropertyArrayChanged" | "PropertyArray" | "PropertyChanged" | "Property";
 }
-/** Describes an automation rule action */
+/** Describes an automation rule action. */
 export interface AutomationRuleAction {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     actionType: "ModifyProperties" | "RunPlaybook";
@@ -143,7 +144,7 @@ export interface AutomationRulesList {
 }
 export interface ManualTriggerRequestBody {
     tenantId?: string;
-    logicAppsResourceId?: string;
+    logicAppsResourceId: string;
 }
 /** List all the bookmarks. */
 export interface BookmarkList {
@@ -451,7 +452,7 @@ export interface TimelineError {
 /** Entity timeline Item. */
 export interface EntityTimelineItem {
     /** Polymorphic discriminator, which specifies the different types this object can be */
-    kind: "Activity" | "Bookmark" | "SecurityAlert";
+    kind: "Activity" | "Bookmark" | "Anomaly" | "SecurityAlert";
 }
 /** Retrieve queries for entity result operation response. */
 export interface GetQueriesResponse {
@@ -495,12 +496,12 @@ export interface GetInsightsResultsMetadata {
     /** the total items found for the insights request */
     totalCount: number;
     /** information about the failed queries */
-    errors?: GetInsightsError[];
+    errors?: GetInsightsErrorKind[];
 }
 /** GetInsights Query Errors. */
-export interface GetInsightsError {
+export interface GetInsightsErrorKind {
     /** the query kind */
-    kind: "Insight";
+    kind: GetInsightsError;
     /** the query id */
     queryId?: string;
     /** the error message */
@@ -557,6 +558,45 @@ export interface EntityQueryTemplateList {
     /** Array of entity query templates. */
     value: EntityQueryTemplateUnion[];
 }
+/** List all the file imports. */
+export interface FileImportList {
+    /**
+     * URL to fetch the next set of file imports.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly nextLink?: string;
+    /** Array of file imports. */
+    value: FileImport[];
+}
+/** Represents a file. */
+export interface FileMetadata {
+    /** The format of the file */
+    fileFormat?: FileFormat;
+    /** The name of the file. */
+    fileName?: string;
+    /** The size of the file. */
+    fileSize?: number;
+    /**
+     * A URI with a valid SAS token to allow uploading / downloading the file.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly fileContentUri?: string;
+    /**
+     * Indicates whether the file was deleted from the storage account.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly deleteStatus?: DeleteStatus;
+}
+/** Describes an error encountered in the file during validation. */
+export interface ValidationError {
+    /** The number of the record that has the error. */
+    recordIndex?: number;
+    /**
+     * A list of descriptions of the error.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly errorMessages?: string[];
+}
 /** List all the incidents. */
 export interface IncidentList {
     /**
@@ -625,11 +665,8 @@ export interface IncidentOwnerInfo {
     objectId?: string;
     /** The user principal name of the user the incident is assigned to. */
     userPrincipalName?: string;
-    /**
-     * The type of the owner the incident is assigned to.
-     * NOTE: This property will not be serialized. It can only be populated by the server.
-     */
-    readonly ownerType?: OwnerType;
+    /** The type of the owner the incident is assigned to. */
+    ownerType?: OwnerType;
 }
 /** Describes team information */
 export interface TeamInformation {
@@ -808,6 +845,16 @@ export interface SentinelOnboardingStatesList {
     /** Array of Sentinel onboarding states */
     value: SentinelOnboardingState[];
 }
+/** List all the SecurityMLAnalyticsSettings */
+export interface SecurityMLAnalyticsSettingsList {
+    /**
+     * URL to fetch the next set of SecurityMLAnalyticsSettings.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly nextLink?: string;
+    /** Array of SecurityMLAnalyticsSettings */
+    value: SecurityMLAnalyticsSettingUnion[];
+}
 /** List of all the settings. */
 export interface SettingList {
     /** Array of settings. */
@@ -1076,6 +1123,12 @@ export interface DataConnectorConnectBody {
     kind?: ConnectAuthKind;
     /** The API key of the audit server. */
     apiKey?: string;
+    /** Used in v2 logs connector. Represents the data collection ingestion endpoint in log analytics. */
+    dataCollectionEndpoint?: string;
+    /** Used in v2 logs connector. The data collection rule immutable id, the rule defines the transformation and data destination. */
+    dataCollectionRuleImmutableId?: string;
+    /** Used in v2 logs connector. The stream we are sending the data to, this is the name of the streamDeclarations defined in the DCR. */
+    outputStream?: string;
     /** The client secret of the OAuth 2.0 application. */
     clientSecret?: string;
     /** The client id of the OAuth 2.0 application. */
@@ -1178,6 +1231,8 @@ export interface QueryBasedAlertRuleTemplateProperties {
     entityMappings?: EntityMapping[];
     /** The alert details override settings */
     alertDetailsOverride?: AlertDetailsOverride;
+    /** The event grouping settings. */
+    eventGroupingSettings?: EventGroupingSettings;
 }
 /** Single entity mapping for the alert rule */
 export interface EntityMapping {
@@ -1204,6 +1259,11 @@ export interface AlertDetailsOverride {
     /** the column name to take the alert severity from */
     alertSeverityColumnName?: string;
 }
+/** Event grouping settings property bag. */
+export interface EventGroupingSettings {
+    /** The event grouping aggregation kinds */
+    aggregationKind?: EventGroupingAggregationKind;
+}
 /** Represents a supported source signal configuration in Fusion detection. */
 export interface FusionSourceSettings {
     /** Determines whether this source signal is enabled or disabled in Fusion detection. */
@@ -1337,10 +1397,9 @@ export interface ScheduledAlertRuleCommonProperties {
     /** The alert details override settings */
     alertDetailsOverride?: AlertDetailsOverride;
 }
-/** Event grouping settings property bag. */
-export interface EventGroupingSettings {
-    /** The event grouping aggregation kinds */
-    aggregationKind?: EventGroupingAggregationKind;
+export interface AutomationRuleBooleanCondition {
+    operator?: AutomationRuleBooleanConditionSupportedOperator;
+    innerConditions?: AutomationRuleConditionUnion[];
 }
 export interface IncidentPropertiesAction {
     /** The severity of the incident */
@@ -1351,23 +1410,38 @@ export interface IncidentPropertiesAction {
     classification?: IncidentClassification;
     /** The classification reason the incident was closed with */
     classificationReason?: IncidentClassificationReason;
-    /** Describes the reason the incident was closed */
+    /** Describes the reason the incident was closed. */
     classificationComment?: string;
     /** Information on the user an incident is assigned to */
     owner?: IncidentOwnerInfo;
-    /** List of labels to add to the incident */
+    /** List of labels to add to the incident. */
     labels?: IncidentLabel[];
 }
+export interface AutomationRulePropertyArrayChangedValuesCondition {
+    arrayType?: AutomationRulePropertyArrayChangedConditionSupportedArrayType;
+    changeType?: AutomationRulePropertyArrayChangedConditionSupportedChangeType;
+}
+export interface AutomationRulePropertyArrayValuesCondition {
+    arrayType?: AutomationRulePropertyArrayConditionSupportedArrayType;
+    arrayConditionType?: AutomationRulePropertyArrayConditionSupportedArrayConditionType;
+    itemConditions?: AutomationRuleConditionUnion[];
+}
+export interface AutomationRulePropertyValuesChangedCondition {
+    propertyName?: AutomationRulePropertyChangedConditionSupportedPropertyType;
+    changeType?: AutomationRulePropertyChangedConditionSupportedChangedType;
+    operator?: AutomationRulePropertyConditionSupportedOperator;
+    propertyValues?: string[];
+}
 export interface AutomationRulePropertyValuesCondition {
-    /** The property to evaluate in an automation rule property condition */
+    /** The property to evaluate in an automation rule property condition. */
     propertyName?: AutomationRulePropertyConditionSupportedProperty;
     operator?: AutomationRulePropertyConditionSupportedOperator;
     propertyValues?: string[];
 }
 export interface PlaybookActionProperties {
-    /** The resource id of the playbook resource */
+    /** The resource id of the playbook resource. */
     logicAppResourceId?: string;
-    /** The tenant id of the playbook resource */
+    /** The tenant id of the playbook resource. */
     tenantId?: string;
 }
 /** An properties abstract Query item for entity */
@@ -1452,12 +1526,12 @@ export interface DataTypeDefinitions {
     /** The data type name */
     dataType?: string;
 }
-/** The pricing tier of the solution */
-export interface Sku {
-    /** The kind of the tier */
-    name?: SkuKind;
-    /** The amount of reservation level */
-    capacityReservationLevel?: number;
+/** security ml analytics settings data sources */
+export interface SecurityMLAnalyticsSettingsDataSource {
+    /** The connector id that provides the following data types */
+    connectorId?: string;
+    /** The data types used by the security ml analytics settings */
+    dataTypes?: string[];
 }
 /** Properties data connector on tenant level. */
 export interface DataConnectorTenantId {
@@ -1826,62 +1900,142 @@ export interface GeoLocation {
     readonly state?: string;
 }
 /** An azure resource object with an Etag property */
-export declare type ResourceWithEtag = Resource & {
+export interface ResourceWithEtag extends Resource {
     /** Etag of the azure resource */
     etag?: string;
-};
+}
 /** Alert rule template. */
-export declare type AlertRuleTemplate = Resource & {
+export interface AlertRuleTemplate extends Resource {
     /** The kind of the alert rule */
     kind: AlertRuleKind;
-};
+}
 /** Specific entity. */
-export declare type Entity = Resource & {
+export interface Entity extends Resource {
     /** The kind of the entity. */
     kind: EntityKind;
-};
+}
 /** Specific entity query template. */
-export declare type EntityQueryTemplate = Resource & {
+export interface EntityQueryTemplate extends Resource {
     /** the entity query template kind */
     kind: EntityQueryTemplateKind;
-};
+}
+/** Represents a file import in Azure Security Insights. */
+export interface FileImport extends Resource {
+    /** Describes how to ingest the records in the file. */
+    ingestionMode?: IngestionMode;
+    /** The content type of this file. */
+    contentType?: FileImportContentType;
+    /**
+     * The time the file was imported.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly createdTimeUTC?: Date;
+    /**
+     * Represents the error file (if the import was ingested with errors or failed the validation).
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly errorFile?: FileMetadata;
+    /**
+     * An ordered list of some of the errors that were encountered during validation.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly errorsPreview?: ValidationError[];
+    /** Represents the imported file. */
+    importFile?: FileMetadata;
+    /**
+     * The number of records that have been successfully ingested.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly ingestedRecordCount?: number;
+    /** The source for the data in the file. */
+    source?: string;
+    /**
+     * The state of the file import.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly state?: FileImportState;
+    /**
+     * The number of records in the file.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly totalRecordCount?: number;
+    /**
+     * The number of records that have passed validation.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly validRecordCount?: number;
+    /**
+     * The time the files associated with this import are deleted from the storage account.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly filesValidUntilTimeUTC?: Date;
+    /**
+     * The time the file import record is soft deleted from the database and history.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly importValidUntilTimeUTC?: Date;
+}
 /** Consent for Office365 tenant that already made. */
-export declare type OfficeConsent = Resource & {
+export interface OfficeConsent extends Resource {
     /** The tenantId of the Office365 with the consent. */
     tenantId?: string;
     /** Help to easily cascade among the data layers. */
     consentId?: string;
-};
+}
 /** Action property bag. */
-export declare type ActionResponseProperties = ActionPropertiesBase & {
+export interface ActionResponseProperties extends ActionPropertiesBase {
     /** The name of the logic app's workflow. */
     workflowId?: string;
-};
+}
 /** Action property bag. */
-export declare type ActionRequestProperties = ActionPropertiesBase & {
+export interface ActionRequestProperties extends ActionPropertiesBase {
     /** Logic App Callback URL for this specific workflow. */
     triggerUri: string;
-};
+}
+/** Describes an automation rule condition that applies a boolean operator (e.g AND, OR) to conditions */
+export interface BooleanConditionProperties extends AutomationRuleCondition {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    conditionType: "Boolean";
+    conditionProperties?: AutomationRuleBooleanCondition;
+}
+/** Describes an automation rule condition that evaluates an array property's value change */
+export interface PropertyArrayChangedConditionProperties extends AutomationRuleCondition {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    conditionType: "PropertyArrayChanged";
+    conditionProperties?: AutomationRulePropertyArrayChangedValuesCondition;
+}
+/** Describes an automation rule condition that evaluates an array property's value */
+export interface PropertyArrayConditionProperties extends AutomationRuleCondition {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    conditionType: "PropertyArray";
+    conditionProperties?: AutomationRulePropertyArrayValuesCondition;
+}
+/** Describes an automation rule condition that evaluates a property's value change */
+export interface PropertyChangedConditionProperties extends AutomationRuleCondition {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    conditionType: "PropertyChanged";
+    conditionProperties?: AutomationRulePropertyValuesChangedCondition;
+}
 /** Describes an automation rule condition that evaluates a property's value */
-export declare type PropertyConditionProperties = AutomationRuleCondition & {
+export interface PropertyConditionProperties extends AutomationRuleCondition {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     conditionType: "Property";
     conditionProperties?: AutomationRulePropertyValuesCondition;
-};
+}
 /** Describes an automation rule action to modify an object's properties */
-export declare type AutomationRuleModifyPropertiesAction = AutomationRuleAction & {
+export interface AutomationRuleModifyPropertiesAction extends AutomationRuleAction {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     actionType: "ModifyProperties";
     actionConfiguration?: IncidentPropertiesAction;
-};
+}
 /** Describes an automation rule action to run a playbook */
-export declare type AutomationRuleRunPlaybookAction = AutomationRuleAction & {
+export interface AutomationRuleRunPlaybookAction extends AutomationRuleAction {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     actionType: "RunPlaybook";
     actionConfiguration?: PlaybookActionProperties;
-};
+}
 /** Represents Activity timeline item. */
-export declare type ActivityTimelineItem = EntityTimelineItem & {
+export interface ActivityTimelineItem extends EntityTimelineItem {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "Activity";
     /** The activity query id. */
@@ -1898,9 +2052,9 @@ export declare type ActivityTimelineItem = EntityTimelineItem & {
     content: string;
     /** The activity timeline title. */
     title: string;
-};
+}
 /** Represents bookmark timeline item. */
-export declare type BookmarkTimelineItem = EntityTimelineItem & {
+export interface BookmarkTimelineItem extends EntityTimelineItem {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "Bookmark";
     /** The bookmark azure resource id. */
@@ -1919,9 +2073,36 @@ export declare type BookmarkTimelineItem = EntityTimelineItem & {
     createdBy?: UserInfo;
     /** List of labels relevant to this bookmark */
     labels?: string[];
-};
+}
+/** Represents anomaly timeline item. */
+export interface AnomalyTimelineItem extends EntityTimelineItem {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Anomaly";
+    /** The anomaly azure resource id. */
+    azureResourceId: string;
+    /** The anomaly product name. */
+    productName?: string;
+    /** The anomaly description. */
+    description?: string;
+    /** The anomaly name. */
+    displayName: string;
+    /** The anomaly end time. */
+    endTimeUtc: Date;
+    /** The anomaly start time. */
+    startTimeUtc: Date;
+    /** The anomaly generated time. */
+    timeGenerated: Date;
+    /** The name of the anomaly vendor. */
+    vendor?: string;
+    /** The intent of the anomaly. */
+    intent?: string;
+    /** The techniques of the anomaly. */
+    techniques?: string[];
+    /** The reasons that cause the anomaly. */
+    reasons?: string[];
+}
 /** Represents security alert timeline item. */
-export declare type SecurityAlertTimelineItem = EntityTimelineItem & {
+export interface SecurityAlertTimelineItem extends EntityTimelineItem {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "SecurityAlert";
     /** The alert azure resource id. */
@@ -1942,16 +2123,16 @@ export declare type SecurityAlertTimelineItem = EntityTimelineItem & {
     timeGenerated: Date;
     /** The name of the alert type. */
     alertType: string;
-};
+}
 /** Represents Insight Query. */
-export declare type InsightQueryItem = EntityQueryItem & {
+export interface InsightQueryItem extends EntityQueryItem {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "Insight";
     /** Properties bag for InsightQueryItem */
     properties?: InsightQueryItemProperties;
-};
+}
 /** SecurityAlert entity property bag. */
-export declare type SecurityAlertProperties = EntityCommonProperties & {
+export interface SecurityAlertProperties extends EntityCommonProperties {
     /**
      * The display name of the alert.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2074,9 +2255,9 @@ export declare type SecurityAlertProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly resourceIdentifiers?: Record<string, unknown>[];
-};
+}
 /** Describes bookmark properties */
-export declare type HuntingBookmarkProperties = EntityCommonProperties & {
+export interface HuntingBookmarkProperties extends EntityCommonProperties {
     /** The time the bookmark was created */
     created?: Date;
     /** Describes a user that created the bookmark */
@@ -2099,9 +2280,9 @@ export declare type HuntingBookmarkProperties = EntityCommonProperties & {
     updatedBy?: UserInfo;
     /** Describes an incident that relates to bookmark */
     incidentInfo?: IncidentInfo;
-};
+}
 /** Describes threat intelligence entity properties */
-export declare type ThreatIntelligenceIndicatorProperties = EntityCommonProperties & {
+export interface ThreatIntelligenceIndicatorProperties extends EntityCommonProperties {
     /** List of tags */
     threatIntelligenceTags?: string[];
     /** Last updated time in UTC */
@@ -2160,9 +2341,9 @@ export declare type ThreatIntelligenceIndicatorProperties = EntityCommonProperti
     extensions?: {
         [propertyName: string]: any;
     };
-};
+}
 /** Account entity property bag. */
-export declare type AccountEntityProperties = EntityCommonProperties & {
+export interface AccountEntityProperties extends EntityCommonProperties {
     /**
      * The Azure Active Directory tenant id.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2223,9 +2404,9 @@ export declare type AccountEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly dnsDomain?: string;
-};
+}
 /** AzureResource entity property bag. */
-export declare type AzureResourceEntityProperties = EntityCommonProperties & {
+export interface AzureResourceEntityProperties extends EntityCommonProperties {
     /**
      * The azure resource id of the resource
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2236,9 +2417,9 @@ export declare type AzureResourceEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly subscriptionId?: string;
-};
+}
 /** CloudApplication entity property bag. */
-export declare type CloudApplicationEntityProperties = EntityCommonProperties & {
+export interface CloudApplicationEntityProperties extends EntityCommonProperties {
     /**
      * The technical identifier of the application.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2254,9 +2435,9 @@ export declare type CloudApplicationEntityProperties = EntityCommonProperties &
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly instanceName?: string;
-};
+}
 /** Dns entity property bag. */
-export declare type DnsEntityProperties = EntityCommonProperties & {
+export interface DnsEntityProperties extends EntityCommonProperties {
     /**
      * An ip entity id for the dns server resolving the request
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2277,9 +2458,9 @@ export declare type DnsEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly ipAddressEntityIds?: string[];
-};
+}
 /** File entity property bag. */
-export declare type FileEntityProperties = EntityCommonProperties & {
+export interface FileEntityProperties extends EntityCommonProperties {
     /**
      * The full path to the file.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2300,9 +2481,9 @@ export declare type FileEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly hostEntityId?: string;
-};
+}
 /** FileHash entity property bag. */
-export declare type FileHashEntityProperties = EntityCommonProperties & {
+export interface FileHashEntityProperties extends EntityCommonProperties {
     /**
      * The hash algorithm type.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2313,9 +2494,9 @@ export declare type FileHashEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly hashValue?: string;
-};
+}
 /** Host entity property bag. */
-export declare type HostEntityProperties = EntityCommonProperties & {
+export interface HostEntityProperties extends EntityCommonProperties {
     /**
      * The azure resource id of the VM.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2358,9 +2539,9 @@ export declare type HostEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly osVersion?: string;
-};
+}
 /** IoTDevice entity property bag. */
-export declare type IoTDeviceEntityProperties = EntityCommonProperties & {
+export interface IoTDeviceEntityProperties extends EntityCommonProperties {
     /**
      * The ID of the IoT Device in the IoT Hub
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2446,9 +2627,61 @@ export declare type IoTDeviceEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly protocols?: string[];
-};
+    /**
+     * A list of owners of the IoTDevice entity.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly owners?: string[];
+    /**
+     * A list of Nic entity ids of the IoTDevice entity.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly nicEntityIds?: string[];
+    /**
+     * The site of the device
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly site?: string;
+    /**
+     * The zone location of the device within a site
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly zone?: string;
+    /**
+     * The sensor the device is monitored by
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly sensor?: string;
+    /**
+     * The subType of the device ('PLC', 'HMI', 'EWS', etc.)
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly deviceSubType?: string;
+    /** Device importance, determines if the device classified as 'crown jewel' */
+    importance?: DeviceImportance;
+    /**
+     * The Purdue Layer of the device
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly purdueLayer?: string;
+    /**
+     * Determines whether the device classified as authorized device
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly isAuthorized?: boolean;
+    /**
+     * Determines whether the device classified as programming device
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly isProgramming?: boolean;
+    /**
+     * Is the device classified as a scanner device
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly isScanner?: boolean;
+}
 /** Ip entity property bag. */
-export declare type IpEntityProperties = EntityCommonProperties & {
+export interface IpEntityProperties extends EntityCommonProperties {
     /**
      * The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2464,9 +2697,9 @@ export declare type IpEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly threatIntelligence?: ThreatIntelligence[];
-};
+}
 /** Mailbox entity property bag. */
-export declare type MailboxEntityProperties = EntityCommonProperties & {
+export interface MailboxEntityProperties extends EntityCommonProperties {
     /**
      * The mailbox's primary address
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2487,9 +2720,9 @@ export declare type MailboxEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly externalDirectoryObjectId?: string;
-};
+}
 /** Mail cluster entity property bag. */
-export declare type MailClusterEntityProperties = EntityCommonProperties & {
+export interface MailClusterEntityProperties extends EntityCommonProperties {
     /**
      * The mail message IDs that are part of the mail cluster
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2565,9 +2798,9 @@ export declare type MailClusterEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly clusterGroup?: string;
-};
+}
 /** Mail message entity property bag. */
-export declare type MailMessageEntityProperties = EntityCommonProperties & {
+export interface MailMessageEntityProperties extends EntityCommonProperties {
     /**
      * The File entity ids of this mail message's attachments
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2669,9 +2902,9 @@ export declare type MailMessageEntityProperties = EntityCommonProperties & {
     deliveryAction?: DeliveryAction;
     /** The delivery location of this mail message like Inbox, JunkFolder etc */
     deliveryLocation?: DeliveryLocation;
-};
+}
 /** Malware entity property bag. */
-export declare type MalwareEntityProperties = EntityCommonProperties & {
+export interface MalwareEntityProperties extends EntityCommonProperties {
     /**
      * The malware category by the vendor, e.g. Trojan
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2692,9 +2925,9 @@ export declare type MalwareEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly processEntityIds?: string[];
-};
+}
 /** Process entity property bag. */
-export declare type ProcessEntityProperties = EntityCommonProperties & {
+export interface ProcessEntityProperties extends EntityCommonProperties {
     /**
      * The account entity id running the processes.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2737,9 +2970,9 @@ export declare type ProcessEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly processId?: string;
-};
+}
 /** RegistryKey entity property bag. */
-export declare type RegistryKeyEntityProperties = EntityCommonProperties & {
+export interface RegistryKeyEntityProperties extends EntityCommonProperties {
     /**
      * the hive that holds the registry key.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2750,9 +2983,9 @@ export declare type RegistryKeyEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly key?: string;
-};
+}
 /** RegistryValue entity property bag. */
-export declare type RegistryValueEntityProperties = EntityCommonProperties & {
+export interface RegistryValueEntityProperties extends EntityCommonProperties {
     /**
      * The registry key entity id.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2773,9 +3006,9 @@ export declare type RegistryValueEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly valueType?: RegistryValueKind;
-};
+}
 /** SecurityGroup entity property bag. */
-export declare type SecurityGroupEntityProperties = EntityCommonProperties & {
+export interface SecurityGroupEntityProperties extends EntityCommonProperties {
     /**
      * The group distinguished name
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2791,9 +3024,9 @@ export declare type SecurityGroupEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly sid?: string;
-};
+}
 /** Submission mail entity property bag. */
-export declare type SubmissionMailEntityProperties = EntityCommonProperties & {
+export interface SubmissionMailEntityProperties extends EntityCommonProperties {
     /**
      * The network message id of email to which submission belongs
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2844,139 +3077,157 @@ export declare type SubmissionMailEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly reportType?: string;
-};
+}
 /** Url entity property bag. */
-export declare type UrlEntityProperties = EntityCommonProperties & {
+export interface UrlEntityProperties extends EntityCommonProperties {
     /**
      * A full URL the entity points to
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly url?: string;
-};
+}
+/** Nic entity property bag. */
+export interface NicEntityProperties extends EntityCommonProperties {
+    /**
+     * The MAC address of this network interface
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly macAddress?: string;
+    /**
+     * The IP entity id of this network interface
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly ipAddressEntityId?: string;
+    /**
+     * A list of VLANs of the network interface entity.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly vlans?: string[];
+}
 /** Represents AAD (Azure Active Directory) requirements check request. */
-export declare type AADCheckRequirements = DataConnectorsCheckRequirements & {
+export interface AADCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "AzureActiveDirectory";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 /** Represents AATP (Azure Advanced Threat Protection) requirements check request. */
-export declare type AatpCheckRequirements = DataConnectorsCheckRequirements & {
+export interface AatpCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "AzureAdvancedThreatProtection";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 /** Represents ASC (Azure Security Center) requirements check request. */
-export declare type ASCCheckRequirements = DataConnectorsCheckRequirements & {
+export interface ASCCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "AzureSecurityCenter";
     /** The subscription id to connect to, and get the data from. */
     subscriptionId?: string;
-};
+}
 /** Amazon Web Services CloudTrail requirements check request. */
-export declare type AwsCloudTrailCheckRequirements = DataConnectorsCheckRequirements & {
+export interface AwsCloudTrailCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "AmazonWebServicesCloudTrail";
-};
+}
 /** Amazon Web Services S3 requirements check request. */
-export declare type AwsS3CheckRequirements = DataConnectorsCheckRequirements & {
+export interface AwsS3CheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "AmazonWebServicesS3";
-};
+}
 /** Represents Dynamics365 requirements check request. */
-export declare type Dynamics365CheckRequirements = DataConnectorsCheckRequirements & {
+export interface Dynamics365CheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "Dynamics365";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 /** Represents MCAS (Microsoft Cloud App Security) requirements check request. */
-export declare type McasCheckRequirements = DataConnectorsCheckRequirements & {
+export interface McasCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "MicrosoftCloudAppSecurity";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 /** Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request. */
-export declare type MdatpCheckRequirements = DataConnectorsCheckRequirements & {
+export interface MdatpCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "MicrosoftDefenderAdvancedThreatProtection";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 /** Represents Microsoft Threat Intelligence requirements check request. */
-export declare type MstiCheckRequirements = DataConnectorsCheckRequirements & {
+export interface MstiCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "MicrosoftThreatIntelligence";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 /** Represents MTP (Microsoft Threat Protection) requirements check request. */
-export declare type MtpCheckRequirements = DataConnectorsCheckRequirements & {
+export interface MtpCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "MicrosoftThreatProtection";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 /** Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request. */
-export declare type OfficeATPCheckRequirements = DataConnectorsCheckRequirements & {
+export interface OfficeATPCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "OfficeATP";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 /** Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request. */
-export declare type OfficeIRMCheckRequirements = DataConnectorsCheckRequirements & {
+export interface OfficeIRMCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "OfficeIRM";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 /** Represents Office365 Project requirements check request. */
-export declare type Office365ProjectCheckRequirements = DataConnectorsCheckRequirements & {
+export interface Office365ProjectCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "Office365Project";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 /** Represents Office PowerBI requirements check request. */
-export declare type OfficePowerBICheckRequirements = DataConnectorsCheckRequirements & {
+export interface OfficePowerBICheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "OfficePowerBI";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 /** Threat Intelligence Platforms data connector check requirements */
-export declare type TICheckRequirements = DataConnectorsCheckRequirements & {
+export interface TICheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "ThreatIntelligence";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 /** Threat Intelligence TAXII data connector check requirements */
-export declare type TiTaxiiCheckRequirements = DataConnectorsCheckRequirements & {
+export interface TiTaxiiCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "ThreatIntelligenceTaxii";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 /** Represents IoT requirements check request. */
-export declare type IoTCheckRequirements = DataConnectorsCheckRequirements & {
+export interface IoTCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "IOT";
     /** The subscription id to connect to, and get the data from. */
     subscriptionId?: string;
-};
+}
 /** Alert rule template with MITRE property bag. */
-export declare type AlertRuleTemplateWithMitreProperties = AlertRuleTemplatePropertiesBase & {
+export interface AlertRuleTemplateWithMitreProperties extends AlertRuleTemplatePropertiesBase {
     /** The tactics of the alert rule */
     tactics?: AttackTactic[];
     /** The techniques of the alert rule */
     techniques?: string[];
-};
+}
 /** MicrosoftSecurityIncidentCreation rule template properties */
-export declare type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & {
+export interface MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties extends AlertRuleTemplatePropertiesBase {
     /** the alerts' displayNames on which the cases will be generated */
     displayNamesFilter?: string[];
     /** the alerts' displayNames on which the cases will not be generated */
@@ -2985,11 +3236,12 @@ export declare type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties
     productFilter?: MicrosoftSecurityProductName;
     /** the alerts' severities on which the cases will be generated */
     severitiesFilter?: AlertSeverity[];
-};
+}
 /** NRT alert rule template properties */
-export declare type NrtAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & QueryBasedAlertRuleTemplateProperties & {};
+export interface NrtAlertRuleTemplateProperties extends AlertRuleTemplateWithMitreProperties, QueryBasedAlertRuleTemplateProperties {
+}
 /** MicrosoftSecurityIncidentCreation rule property bag. */
-export declare type MicrosoftSecurityIncidentCreationAlertRuleProperties = MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & {
+export interface MicrosoftSecurityIncidentCreationAlertRuleProperties extends MicrosoftSecurityIncidentCreationAlertRuleCommonProperties {
     /** The Name of the alert rule template used to create this rule. */
     alertRuleTemplateName?: string;
     /** The description of the alert rule. */
@@ -3003,9 +3255,9 @@ export declare type MicrosoftSecurityIncidentCreationAlertRuleProperties = Micro
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly lastModifiedUtc?: Date;
-};
+}
 /** Scheduled alert rule base property bag. */
-export declare type ScheduledAlertRuleProperties = ScheduledAlertRuleCommonProperties & {
+export interface ScheduledAlertRuleProperties extends ScheduledAlertRuleCommonProperties {
     /** The Name of the alert rule template used to create this rule. */
     alertRuleTemplateName?: string;
     /** The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2> */
@@ -3031,9 +3283,9 @@ export declare type ScheduledAlertRuleProperties = ScheduledAlertRuleCommonPrope
     techniques?: string[];
     /** The settings of the incidents that created from alerts triggered by this analytics rule */
     incidentConfiguration?: IncidentConfiguration;
-};
+}
 /** Represents Insight Query. */
-export declare type InsightQueryItemProperties = EntityQueryItemProperties & {
+export interface InsightQueryItemProperties extends EntityQueryItemProperties {
     /** The insight display name. */
     displayName?: string;
     /** The insight description. */
@@ -3050,87 +3302,105 @@ export declare type InsightQueryItemProperties = EntityQueryItemProperties & {
     defaultTimeRange?: InsightQueryItemPropertiesDefaultTimeRange;
     /** The insight chart query. */
     referenceTimeRange?: InsightQueryItemPropertiesReferenceTimeRange;
-};
+}
 /** AAD (Azure Active Directory) requirements check properties. */
-export declare type AADCheckRequirementsProperties = DataConnectorTenantId & {};
+export interface AADCheckRequirementsProperties extends DataConnectorTenantId {
+}
 /** AATP (Azure Advanced Threat Protection) requirements check properties. */
-export declare type AatpCheckRequirementsProperties = DataConnectorTenantId & {};
+export interface AatpCheckRequirementsProperties extends DataConnectorTenantId {
+}
 /** Dynamics365 requirements check properties. */
-export declare type Dynamics365CheckRequirementsProperties = DataConnectorTenantId & {};
+export interface Dynamics365CheckRequirementsProperties extends DataConnectorTenantId {
+}
 /** MCAS (Microsoft Cloud App Security) requirements check properties. */
-export declare type McasCheckRequirementsProperties = DataConnectorTenantId & {};
+export interface McasCheckRequirementsProperties extends DataConnectorTenantId {
+}
 /** MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. */
-export declare type MdatpCheckRequirementsProperties = DataConnectorTenantId & {};
+export interface MdatpCheckRequirementsProperties extends DataConnectorTenantId {
+}
 /** Microsoft Threat Intelligence requirements check properties. */
-export declare type MstiCheckRequirementsProperties = DataConnectorTenantId & {};
+export interface MstiCheckRequirementsProperties extends DataConnectorTenantId {
+}
 /** MTP (Microsoft Threat Protection) requirements check properties. */
-export declare type MTPCheckRequirementsProperties = DataConnectorTenantId & {};
+export interface MTPCheckRequirementsProperties extends DataConnectorTenantId {
+}
 /** OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. */
-export declare type OfficeATPCheckRequirementsProperties = DataConnectorTenantId & {};
+export interface OfficeATPCheckRequirementsProperties extends DataConnectorTenantId {
+}
 /** OfficeIRM (Microsoft Insider Risk Management) requirements check properties. */
-export declare type OfficeIRMCheckRequirementsProperties = DataConnectorTenantId & {};
+export interface OfficeIRMCheckRequirementsProperties extends DataConnectorTenantId {
+}
 /** Office365 Project requirements check properties. */
-export declare type Office365ProjectCheckRequirementsProperties = DataConnectorTenantId & {};
+export interface Office365ProjectCheckRequirementsProperties extends DataConnectorTenantId {
+}
 /** Office PowerBI requirements check properties. */
-export declare type OfficePowerBICheckRequirementsProperties = DataConnectorTenantId & {};
+export interface OfficePowerBICheckRequirementsProperties extends DataConnectorTenantId {
+}
 /** Threat Intelligence Platforms data connector required properties. */
-export declare type TICheckRequirementsProperties = DataConnectorTenantId & {};
+export interface TICheckRequirementsProperties extends DataConnectorTenantId {
+}
 /** Threat Intelligence TAXII data connector required properties. */
-export declare type TiTaxiiCheckRequirementsProperties = DataConnectorTenantId & {};
+export interface TiTaxiiCheckRequirementsProperties extends DataConnectorTenantId {
+}
 /** AAD (Azure Active Directory) data connector properties. */
-export declare type AADDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {};
+export interface AADDataConnectorProperties extends DataConnectorTenantId, DataConnectorWithAlertsProperties {
+}
 /** Microsoft Threat Intelligence data connector properties. */
-export declare type MstiDataConnectorProperties = DataConnectorTenantId & {
+export interface MstiDataConnectorProperties extends DataConnectorTenantId {
     /** The available data types for the connector. */
     dataTypes: MstiDataConnectorDataTypes;
-};
+}
 /** MTP (Microsoft Threat Protection) data connector properties. */
-export declare type MTPDataConnectorProperties = DataConnectorTenantId & {
+export interface MTPDataConnectorProperties extends DataConnectorTenantId {
     /** The available data types for the connector. */
     dataTypes: MTPDataConnectorDataTypes;
-};
+}
 /** AATP (Azure Advanced Threat Protection) data connector properties. */
-export declare type AatpDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {};
+export interface AatpDataConnectorProperties extends DataConnectorTenantId, DataConnectorWithAlertsProperties {
+}
 /** MCAS (Microsoft Cloud App Security) data connector properties. */
-export declare type McasDataConnectorProperties = DataConnectorTenantId & {
+export interface McasDataConnectorProperties extends DataConnectorTenantId {
     /** The available data types for the connector. */
     dataTypes: McasDataConnectorDataTypes;
-};
+}
 /** Dynamics365 data connector properties. */
-export declare type Dynamics365DataConnectorProperties = DataConnectorTenantId & {
+export interface Dynamics365DataConnectorProperties extends DataConnectorTenantId {
     /** The available data types for the connector. */
     dataTypes: Dynamics365DataConnectorDataTypes;
-};
+}
 /** OfficeATP (Office 365 Advanced Threat Protection) data connector properties. */
-export declare type OfficeATPDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {};
+export interface OfficeATPDataConnectorProperties extends DataConnectorTenantId, DataConnectorWithAlertsProperties {
+}
 /** Office Microsoft Project data connector properties. */
-export declare type Office365ProjectDataConnectorProperties = DataConnectorTenantId & {
+export interface Office365ProjectDataConnectorProperties extends DataConnectorTenantId {
     /** The available data types for the connector. */
     dataTypes: Office365ProjectConnectorDataTypes;
-};
+}
 /** Office Microsoft PowerBI data connector properties. */
-export declare type OfficePowerBIDataConnectorProperties = DataConnectorTenantId & {
+export interface OfficePowerBIDataConnectorProperties extends DataConnectorTenantId {
     /** The available data types for the connector. */
     dataTypes: OfficePowerBIConnectorDataTypes;
-};
+}
 /** OfficeIRM (Microsoft Insider Risk Management) data connector properties. */
-export declare type OfficeIRMDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {};
+export interface OfficeIRMDataConnectorProperties extends DataConnectorTenantId, DataConnectorWithAlertsProperties {
+}
 /** MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. */
-export declare type MdatpDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {};
+export interface MdatpDataConnectorProperties extends DataConnectorTenantId, DataConnectorWithAlertsProperties {
+}
 /** Office data connector properties. */
-export declare type OfficeDataConnectorProperties = DataConnectorTenantId & {
+export interface OfficeDataConnectorProperties extends DataConnectorTenantId {
     /** The available data types for the connector. */
     dataTypes: OfficeDataConnectorDataTypes;
-};
+}
 /** TI (Threat Intelligence) data connector properties. */
-export declare type TIDataConnectorProperties = DataConnectorTenantId & {
+export interface TIDataConnectorProperties extends DataConnectorTenantId {
     /** The lookback period for the feed to be imported. */
     tipLookbackPeriod?: Date;
     /** The available data types for the connector. */
     dataTypes: TIDataConnectorDataTypes;
-};
+}
 /** Threat Intelligence TAXII data connector properties. */
-export declare type TiTaxiiDataConnectorProperties = DataConnectorTenantId & {
+export interface TiTaxiiDataConnectorProperties extends DataConnectorTenantId {
     /** The workspace id. */
     workspaceId?: string;
     /** The friendly name for the TAXII server. */
@@ -3149,98 +3419,117 @@ export declare type TiTaxiiDataConnectorProperties = DataConnectorTenantId & {
     pollingFrequency: PollingFrequency | null;
     /** The available data types for Threat Intelligence TAXII data connector. */
     dataTypes: TiTaxiiDataConnectorDataTypes;
-};
+}
 /** ASC (Azure Security Center) data connector properties. */
-export declare type ASCDataConnectorProperties = DataConnectorWithAlertsProperties & {
+export interface ASCDataConnectorProperties extends DataConnectorWithAlertsProperties {
     /** The subscription id to connect to, and get the data from. */
     subscriptionId?: string;
-};
+}
 /** IoT data connector properties. */
-export declare type IoTDataConnectorProperties = DataConnectorWithAlertsProperties & {
+export interface IoTDataConnectorProperties extends DataConnectorWithAlertsProperties {
     /** The subscription id to connect to, and get the data from. */
     subscriptionId?: string;
-};
+}
 /** The available data types for MCAS (Microsoft Cloud App Security) data connector. */
-export declare type McasDataConnectorDataTypes = AlertsDataTypeOfDataConnector & {
+export interface McasDataConnectorDataTypes extends AlertsDataTypeOfDataConnector {
     /** Discovery log data type connection. */
     discoveryLogs?: DataConnectorDataTypeCommon;
-};
+}
 /** Data type for Microsoft Threat Intelligence Platforms data connector. */
-export declare type MstiDataConnectorDataTypesBingSafetyPhishingURL = DataConnectorDataTypeCommon & {
+export interface MstiDataConnectorDataTypesBingSafetyPhishingURL extends DataConnectorDataTypeCommon {
     /** lookback period */
     lookbackPeriod: string;
-};
+}
 /** Data type for Microsoft Threat Intelligence Platforms data connector. */
-export declare type MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed = DataConnectorDataTypeCommon & {
+export interface MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed extends DataConnectorDataTypeCommon {
     /** lookback period */
     lookbackPeriod: string;
-};
+}
 /** Data type for Microsoft Threat Protection Platforms data connector. */
-export declare type MTPDataConnectorDataTypesIncidents = DataConnectorDataTypeCommon & {};
+export interface MTPDataConnectorDataTypesIncidents extends DataConnectorDataTypeCommon {
+}
 /** Logs data type. */
-export declare type AwsCloudTrailDataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {};
+export interface AwsCloudTrailDataConnectorDataTypesLogs extends DataConnectorDataTypeCommon {
+}
 /** Logs data type. */
-export declare type AwsS3DataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {};
+export interface AwsS3DataConnectorDataTypesLogs extends DataConnectorDataTypeCommon {
+}
 /** Common Data Service data type connection. */
-export declare type Dynamics365DataConnectorDataTypesDynamics365CdsActivities = DataConnectorDataTypeCommon & {};
+export interface Dynamics365DataConnectorDataTypesDynamics365CdsActivities extends DataConnectorDataTypeCommon {
+}
 /** Logs data type. */
-export declare type Office365ProjectConnectorDataTypesLogs = DataConnectorDataTypeCommon & {};
+export interface Office365ProjectConnectorDataTypesLogs extends DataConnectorDataTypeCommon {
+}
 /** Logs data type. */
-export declare type OfficePowerBIConnectorDataTypesLogs = DataConnectorDataTypeCommon & {};
+export interface OfficePowerBIConnectorDataTypesLogs extends DataConnectorDataTypeCommon {
+}
 /** Exchange data type connection. */
-export declare type OfficeDataConnectorDataTypesExchange = DataConnectorDataTypeCommon & {};
+export interface OfficeDataConnectorDataTypesExchange extends DataConnectorDataTypeCommon {
+}
 /** SharePoint data type connection. */
-export declare type OfficeDataConnectorDataTypesSharePoint = DataConnectorDataTypeCommon & {};
+export interface OfficeDataConnectorDataTypesSharePoint extends DataConnectorDataTypeCommon {
+}
 /** Teams data type connection. */
-export declare type OfficeDataConnectorDataTypesTeams = DataConnectorDataTypeCommon & {};
+export interface OfficeDataConnectorDataTypesTeams extends DataConnectorDataTypeCommon {
+}
 /** Data type for indicators connection. */
-export declare type TIDataConnectorDataTypesIndicators = DataConnectorDataTypeCommon & {};
+export interface TIDataConnectorDataTypesIndicators extends DataConnectorDataTypeCommon {
+}
 /** Data type for TAXII connector. */
-export declare type TiTaxiiDataConnectorDataTypesTaxiiClient = DataConnectorDataTypeCommon & {};
-export declare type CodelessUiConnectorConfigPropertiesGraphQueriesItem = GraphQueries & {};
-export declare type CodelessUiConnectorConfigPropertiesSampleQueriesItem = SampleQueries & {};
-export declare type CodelessUiConnectorConfigPropertiesDataTypesItem = LastDataReceivedDataType & {};
-export declare type CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem = ConnectivityCriteria & {};
-export declare type PermissionsResourceProviderItem = ResourceProvider & {};
+export interface TiTaxiiDataConnectorDataTypesTaxiiClient extends DataConnectorDataTypeCommon {
+}
+export interface CodelessUiConnectorConfigPropertiesGraphQueriesItem extends GraphQueries {
+}
+export interface CodelessUiConnectorConfigPropertiesSampleQueriesItem extends SampleQueries {
+}
+export interface CodelessUiConnectorConfigPropertiesDataTypesItem extends LastDataReceivedDataType {
+}
+export interface CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem extends ConnectivityCriteria {
+}
+export interface PermissionsResourceProviderItem extends ResourceProvider {
+}
 /** Customs permissions required for the connector */
-export declare type Customs = CustomsPermission & {};
-export declare type CodelessUiConnectorConfigPropertiesInstructionStepsItem = InstructionSteps & {};
-export declare type InstructionStepsInstructionsItem = ConnectorInstructionModelBase & {};
+export interface Customs extends CustomsPermission {
+}
+export interface CodelessUiConnectorConfigPropertiesInstructionStepsItem extends InstructionSteps {
+}
+export interface InstructionStepsInstructionsItem extends ConnectorInstructionModelBase {
+}
 /** Alert rule. */
-export declare type AlertRule = ResourceWithEtag & {
+export interface AlertRule extends ResourceWithEtag {
     /** The kind of the alert rule */
     kind: AlertRuleKind;
-};
+}
 /** Action for alert rule. */
-export declare type ActionResponse = ResourceWithEtag & {
+export interface ActionResponse extends ResourceWithEtag {
     /** Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. */
     logicAppResourceId?: string;
     /** The name of the logic app's workflow. */
     workflowId?: string;
-};
+}
 /** Action for alert rule. */
-export declare type ActionRequest = ResourceWithEtag & {
+export interface ActionRequest extends ResourceWithEtag {
     /** Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. */
     logicAppResourceId?: string;
     /** Logic App Callback URL for this specific workflow. */
     triggerUri?: string;
-};
-export declare type AutomationRule = ResourceWithEtag & {
-    /** The display name of the automation rule */
+}
+export interface AutomationRule extends ResourceWithEtag {
+    /** The display name of the automation rule. */
     displayName: string;
-    /** The order of execution of the automation rule */
+    /** The order of execution of the automation rule. */
     order: number;
-    /** Describes automation rule triggering logic */
+    /** Describes automation rule triggering logic. */
     triggeringLogic: AutomationRuleTriggeringLogic;
-    /** The actions to execute when the automation rule is triggered */
+    /** The actions to execute when the automation rule is triggered. */
     actions: AutomationRuleActionUnion[];
     /**
-     * The last time the automation rule was updated
+     * The last time the automation rule was updated.
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly lastModifiedTimeUtc?: Date;
     /**
-     * The time the automation rule was created
+     * The time the automation rule was created.
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly createdTimeUtc?: Date;
@@ -3254,9 +3543,9 @@ export declare type AutomationRule = ResourceWithEtag & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly createdBy?: ClientInfo;
-};
+}
 /** Represents a bookmark in Azure Security Insights. */
-export declare type Bookmark = ResourceWithEtag & {
+export interface Bookmark extends ResourceWithEtag {
     /** The time the bookmark was created */
     created?: Date;
     /** Describes a user that created the bookmark */
@@ -3289,9 +3578,9 @@ export declare type Bookmark = ResourceWithEtag & {
     tactics?: AttackTactic[];
     /** A list of relevant mitre techniques */
     techniques?: string[];
-};
+}
 /** Represents a relation between two resources */
-export declare type Relation = ResourceWithEtag & {
+export interface Relation extends ResourceWithEtag {
     /** The resource ID of the related resource */
     relatedResourceId?: string;
     /**
@@ -3309,19 +3598,19 @@ export declare type Relation = ResourceWithEtag & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly relatedResourceKind?: string;
-};
+}
 /** Specific entity query. */
-export declare type EntityQuery = ResourceWithEtag & {
+export interface EntityQuery extends ResourceWithEtag {
     /** the entity query kind */
     kind: EntityQueryKind;
-};
+}
 /** Specific entity query that supports put requests. */
-export declare type CustomEntityQuery = ResourceWithEtag & {
+export interface CustomEntityQuery extends ResourceWithEtag {
     /** the entity query kind */
     kind: CustomEntityQueryKind;
-};
+}
 /** Represents an incident in Azure Security Insights. */
-export declare type Incident = ResourceWithEtag & {
+export interface Incident extends ResourceWithEtag {
     /**
      * Additional data on the incident
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -3380,9 +3669,9 @@ export declare type Incident = ResourceWithEtag & {
     teamInformation?: TeamInformation;
     /** The title of the incident */
     title?: string;
-};
+}
 /** Represents an incident comment */
-export declare type IncidentComment = ResourceWithEtag & {
+export interface IncidentComment extends ResourceWithEtag {
     /**
      * The time the comment was created
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -3400,9 +3689,9 @@ export declare type IncidentComment = ResourceWithEtag & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly author?: ClientInfo;
-};
+}
 /** Metadata resource definition. */
-export declare type MetadataModel = ResourceWithEtag & {
+export interface MetadataModel extends ResourceWithEtag {
     /** Static ID for the content.  Used to identify dependencies and content from solutions or community.  Hard-coded/static for out of the box content and solutions. Dynamic for user-created.  This is the resource name */
     contentId?: string;
     /** Full parent resource ID of the content item the metadata is for.  This is the full resource ID including the scope (subscription and resource group) */
@@ -3441,9 +3730,9 @@ export declare type MetadataModel = ResourceWithEtag & {
     previewImages?: string[];
     /** preview image file names. These will be taken from the solution artifacts. used for dark theme support */
     previewImagesDark?: string[];
-};
+}
 /** Metadata patch request body. */
-export declare type MetadataPatch = ResourceWithEtag & {
+export interface MetadataPatch extends ResourceWithEtag {
     /** Static ID for the content.  Used to identify dependencies and content from solutions or community.  Hard-coded/static for out of the box content and solutions. Dynamic for user-created.  This is the resource name */
     contentId?: string;
     /** Full parent resource ID of the content item the metadata is for.  This is the full resource ID including the scope (subscription and resource group) */
@@ -3482,19 +3771,24 @@ export declare type MetadataPatch = ResourceWithEtag & {
     previewImages?: string[];
     /** preview image file names. These will be taken from the solution artifacts. used for dark theme support */
     previewImagesDark?: string[];
-};
+}
 /** Sentinel onboarding state */
-export declare type SentinelOnboardingState = ResourceWithEtag & {
+export interface SentinelOnboardingState extends ResourceWithEtag {
     /** Flag that indicates the status of the CMK setting */
     customerManagedKey?: boolean;
-};
+}
+/** Security ML Analytics Setting */
+export interface SecurityMLAnalyticsSetting extends ResourceWithEtag {
+    /** The kind of security ML Analytics Settings */
+    kind: SecurityMLAnalyticsSettingsKind;
+}
 /** The Setting. */
-export declare type Settings = ResourceWithEtag & {
+export interface Settings extends ResourceWithEtag {
     /** The kind of the setting */
     kind: SettingKind;
-};
+}
 /** Represents a SourceControl in Azure Security Insights. */
-export declare type SourceControl = ResourceWithEtag & {
+export interface SourceControl extends ResourceWithEtag {
     /** The id (a Guid) of the source control */
     idPropertiesId?: string;
     /** The version number associated with the source control */
@@ -3513,14 +3807,14 @@ export declare type SourceControl = ResourceWithEtag & {
     repositoryResourceInfo?: RepositoryResourceInfo;
     /** Information regarding the latest deployment for the source control. */
     lastDeploymentInfo?: DeploymentInfo;
-};
+}
 /** Threat intelligence information object. */
-export declare type ThreatIntelligenceInformation = ResourceWithEtag & {
+export interface ThreatIntelligenceInformation extends ResourceWithEtag {
     /** The kind of the entity. */
     kind: ThreatIntelligenceResourceKindEnum;
-};
+}
 /** Represents a Watchlist in Azure Security Insights. */
-export declare type Watchlist = ResourceWithEtag & {
+export interface Watchlist extends ResourceWithEtag {
     /** The id (a Guid) of the watchlist */
     watchlistId?: string;
     /** The display name of the watchlist */
@@ -3557,22 +3851,15 @@ export declare type Watchlist = ResourceWithEtag & {
     numberOfLinesToSkip?: number;
     /** The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint */
     rawContent?: string;
-    /** The Shared Access Signature (SAS) URI under which the large csv watchlist file is located and from which the watchlist and its items will be created */
-    sasUri?: string;
     /** The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address. */
     itemsSearchKey?: string;
     /** The content type of the raw content. Example : text/csv or text/tsv */
     contentType?: string;
     /** The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted */
     uploadStatus?: string;
-    /**
-     * The provisioning state of the watchlist resource.
-     * NOTE: This property will not be serialized. It can only be populated by the server.
-     */
-    readonly provisioningState?: ProvisioningState;
-};
+}
 /** Represents a Watchlist item in Azure Security Insights. */
-export declare type WatchlistItem = ResourceWithEtag & {
+export interface WatchlistItem extends ResourceWithEtag {
     /** The type of the watchlist item */
     watchlistItemType?: string;
     /** The id (a Guid) of the watchlist item */
@@ -3597,14 +3884,16 @@ export declare type WatchlistItem = ResourceWithEtag & {
     entityMapping?: {
         [propertyName: string]: any;
     };
-};
+}
 /** Data connector */
-export declare type DataConnector = ResourceWithEtag & {
+export interface DataConnector extends ResourceWithEtag {
     /** The data connector kind */
     kind: DataConnectorKind;
-};
+}
 /** Represents MLBehaviorAnalytics alert rule template. */
-export declare type MLBehaviorAnalyticsAlertRuleTemplate = AlertRuleTemplate & {
+export interface MLBehaviorAnalyticsAlertRuleTemplate extends AlertRuleTemplate {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "MLBehaviorAnalytics";
     /** the number of alert rules that were created by this template */
     alertRulesCreatedByTemplateCount?: number;
     /**
@@ -3631,9 +3920,11 @@ export declare type MLBehaviorAnalyticsAlertRuleTemplate = AlertRuleTemplate & {
     techniques?: string[];
     /** The severity for alerts created by this alert rule. */
     severity?: AlertSeverity;
-};
+}
 /** Represents Fusion alert rule template. */
-export declare type FusionAlertRuleTemplate = AlertRuleTemplate & {
+export interface FusionAlertRuleTemplate extends AlertRuleTemplate {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Fusion";
     /** the number of alert rules that were created by this template */
     alertRulesCreatedByTemplateCount?: number;
     /**
@@ -3662,9 +3953,11 @@ export declare type FusionAlertRuleTemplate = AlertRuleTemplate & {
     techniques?: string[];
     /** All supported source signal configurations consumed in fusion detection. */
     sourceSettings?: FusionTemplateSourceSetting[];
-};
+}
 /** Represents Threat Intelligence alert rule template. */
-export declare type ThreatIntelligenceAlertRuleTemplate = AlertRuleTemplate & {
+export interface ThreatIntelligenceAlertRuleTemplate extends AlertRuleTemplate {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "ThreatIntelligence";
     /** the number of alert rules that were created by this template */
     alertRulesCreatedByTemplateCount?: number;
     /**
@@ -3691,9 +3984,11 @@ export declare type ThreatIntelligenceAlertRuleTemplate = AlertRuleTemplate & {
     techniques?: string[];
     /** The severity for alerts created by this alert rule. */
     severity?: AlertSeverity;
-};
+}
 /** Represents MicrosoftSecurityIncidentCreation rule template. */
-export declare type MicrosoftSecurityIncidentCreationAlertRuleTemplate = AlertRuleTemplate & {
+export interface MicrosoftSecurityIncidentCreationAlertRuleTemplate extends AlertRuleTemplate {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "MicrosoftSecurityIncidentCreation";
     /** the number of alert rules that were created by this template */
     alertRulesCreatedByTemplateCount?: number;
     /**
@@ -3722,9 +4017,11 @@ export declare type MicrosoftSecurityIncidentCreationAlertRuleTemplate = AlertRu
     productFilter?: MicrosoftSecurityProductName;
     /** the alerts' severities on which the cases will be generated */
     severitiesFilter?: AlertSeverity[];
-};
+}
 /** Represents scheduled alert rule template. */
-export declare type ScheduledAlertRuleTemplate = AlertRuleTemplate & {
+export interface ScheduledAlertRuleTemplate extends AlertRuleTemplate {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Scheduled";
     /** the number of alert rules that were created by this template */
     alertRulesCreatedByTemplateCount?: number;
     /**
@@ -3773,9 +4070,11 @@ export declare type ScheduledAlertRuleTemplate = AlertRuleTemplate & {
     entityMappings?: EntityMapping[];
     /** The alert details override settings */
     alertDetailsOverride?: AlertDetailsOverride;
-};
+}
 /** Represents NRT alert rule template. */
-export declare type NrtAlertRuleTemplate = AlertRuleTemplate & {
+export interface NrtAlertRuleTemplate extends AlertRuleTemplate {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "NRT";
     /** the number of alert rules that were created by this template */
     alertRulesCreatedByTemplateCount?: number;
     /**
@@ -3814,9 +4113,13 @@ export declare type NrtAlertRuleTemplate = AlertRuleTemplate & {
     entityMappings?: EntityMapping[];
     /** The alert details override settings */
     alertDetailsOverride?: AlertDetailsOverride;
-};
+    /** The event grouping settings. */
+    eventGroupingSettings?: EventGroupingSettings;
+}
 /** Represents a security alert entity. */
-export declare type SecurityAlert = Entity & {
+export interface SecurityAlert extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "SecurityAlert";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -3951,9 +4254,11 @@ export declare type SecurityAlert = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly resourceIdentifiers?: Record<string, unknown>[];
-};
+}
 /** Represents a Hunting bookmark entity. */
-export declare type HuntingBookmark = Entity & {
+export interface HuntingBookmark extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Bookmark";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -3988,9 +4293,11 @@ export declare type HuntingBookmark = Entity & {
     updatedBy?: UserInfo;
     /** Describes an incident that relates to bookmark */
     incidentInfo?: IncidentInfo;
-};
+}
 /** Represents an account entity. */
-export declare type AccountEntity = Entity & {
+export interface AccountEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Account";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4063,9 +4370,11 @@ export declare type AccountEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly dnsDomain?: string;
-};
+}
 /** Represents an azure resource entity. */
-export declare type AzureResourceEntity = Entity & {
+export interface AzureResourceEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "AzureResource";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4088,9 +4397,11 @@ export declare type AzureResourceEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly subscriptionId?: string;
-};
+}
 /** Represents a cloud application entity. */
-export declare type CloudApplicationEntity = Entity & {
+export interface CloudApplicationEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "CloudApplication";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4118,9 +4429,11 @@ export declare type CloudApplicationEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly instanceName?: string;
-};
+}
 /** Represents a dns entity. */
-export declare type DnsEntity = Entity & {
+export interface DnsEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "DnsResolution";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4153,9 +4466,11 @@ export declare type DnsEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly ipAddressEntityIds?: string[];
-};
+}
 /** Represents a file entity. */
-export declare type FileEntity = Entity & {
+export interface FileEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "File";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4188,9 +4503,11 @@ export declare type FileEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly hostEntityId?: string;
-};
+}
 /** Represents a file hash entity. */
-export declare type FileHashEntity = Entity & {
+export interface FileHashEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "FileHash";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4213,9 +4530,11 @@ export declare type FileHashEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly hashValue?: string;
-};
+}
 /** Represents a host entity. */
-export declare type HostEntity = Entity & {
+export interface HostEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Host";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4270,9 +4589,11 @@ export declare type HostEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly osVersion?: string;
-};
+}
 /** Represents an IoT device entity. */
-export declare type IoTDeviceEntity = Entity & {
+export interface IoTDeviceEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "IoTDevice";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4370,9 +4691,63 @@ export declare type IoTDeviceEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly protocols?: string[];
-};
+    /**
+     * A list of owners of the IoTDevice entity.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly owners?: string[];
+    /**
+     * A list of Nic entity ids of the IoTDevice entity.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly nicEntityIds?: string[];
+    /**
+     * The site of the device
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly site?: string;
+    /**
+     * The zone location of the device within a site
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly zone?: string;
+    /**
+     * The sensor the device is monitored by
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly sensor?: string;
+    /**
+     * The subType of the device ('PLC', 'HMI', 'EWS', etc.)
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly deviceSubType?: string;
+    /** Device importance, determines if the device classified as 'crown jewel' */
+    importance?: DeviceImportance;
+    /**
+     * The Purdue Layer of the device
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly purdueLayer?: string;
+    /**
+     * Determines whether the device classified as authorized device
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly isAuthorized?: boolean;
+    /**
+     * Determines whether the device classified as programming device
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly isProgramming?: boolean;
+    /**
+     * Is the device classified as a scanner device
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly isScanner?: boolean;
+}
 /** Represents an ip entity. */
-export declare type IpEntity = Entity & {
+export interface IpEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Ip";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4400,9 +4775,11 @@ export declare type IpEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly threatIntelligence?: ThreatIntelligence[];
-};
+}
 /** Represents a mailbox entity. */
-export declare type MailboxEntity = Entity & {
+export interface MailboxEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Mailbox";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4435,9 +4812,11 @@ export declare type MailboxEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly externalDirectoryObjectId?: string;
-};
+}
 /** Represents a mail cluster entity. */
-export declare type MailClusterEntity = Entity & {
+export interface MailClusterEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "MailCluster";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4525,9 +4904,11 @@ export declare type MailClusterEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly clusterGroup?: string;
-};
+}
 /** Represents a mail message entity. */
-export declare type MailMessageEntity = Entity & {
+export interface MailMessageEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "MailMessage";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4641,9 +5022,11 @@ export declare type MailMessageEntity = Entity & {
     deliveryAction?: DeliveryAction;
     /** The delivery location of this mail message like Inbox, JunkFolder etc */
     deliveryLocation?: DeliveryLocation;
-};
+}
 /** Represents a malware entity. */
-export declare type MalwareEntity = Entity & {
+export interface MalwareEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Malware";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4676,9 +5059,11 @@ export declare type MalwareEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly processEntityIds?: string[];
-};
+}
 /** Represents a process entity. */
-export declare type ProcessEntity = Entity & {
+export interface ProcessEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Process";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4733,9 +5118,11 @@ export declare type ProcessEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly processId?: string;
-};
+}
 /** Represents a registry key entity. */
-export declare type RegistryKeyEntity = Entity & {
+export interface RegistryKeyEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "RegistryKey";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4758,9 +5145,11 @@ export declare type RegistryKeyEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly key?: string;
-};
+}
 /** Represents a registry value entity. */
-export declare type RegistryValueEntity = Entity & {
+export interface RegistryValueEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "RegistryValue";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4793,9 +5182,11 @@ export declare type RegistryValueEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly valueType?: RegistryValueKind;
-};
+}
 /** Represents a security group entity. */
-export declare type SecurityGroupEntity = Entity & {
+export interface SecurityGroupEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "SecurityGroup";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4823,9 +5214,11 @@ export declare type SecurityGroupEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly sid?: string;
-};
+}
 /** Represents a submission mail entity. */
-export declare type SubmissionMailEntity = Entity & {
+export interface SubmissionMailEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "SubmissionMail";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4888,9 +5281,11 @@ export declare type SubmissionMailEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly reportType?: string;
-};
+}
 /** Represents a url entity. */
-export declare type UrlEntity = Entity & {
+export interface UrlEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Url";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4908,9 +5303,43 @@ export declare type UrlEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly url?: string;
-};
+}
+/** Represents an network interface entity. */
+export interface NicEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Nic";
+    /**
+     * A bag of custom fields that should be part of the entity and will be presented to the user.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    /**
+     * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly friendlyName?: string;
+    /**
+     * The MAC address of this network interface
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly macAddress?: string;
+    /**
+     * The IP entity id of this network interface
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly ipAddressEntityId?: string;
+    /**
+     * A list of VLANs of the network interface entity.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly vlans?: string[];
+}
 /** Represents Activity entity query. */
-export declare type ActivityEntityQueryTemplate = EntityQueryTemplate & {
+export interface ActivityEntityQueryTemplate extends EntityQueryTemplate {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Activity";
     /** The entity query title */
     title?: string;
     /** The entity query content to display in timeline */
@@ -4929,20 +5358,23 @@ export declare type ActivityEntityQueryTemplate = EntityQueryTemplate & {
     entitiesFilter?: {
         [propertyName: string]: string[];
     };
-};
+}
 /** MLBehaviorAnalytics alert rule template properties. */
-export declare type MLBehaviorAnalyticsAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & {
+export interface MLBehaviorAnalyticsAlertRuleTemplateProperties extends AlertRuleTemplateWithMitreProperties {
     /** The severity for alerts created by this alert rule. */
     severity: AlertSeverity;
-};
+}
 /** Threat Intelligence alert rule template properties */
-export declare type ThreatIntelligenceAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & {
+export interface ThreatIntelligenceAlertRuleTemplateProperties extends AlertRuleTemplateWithMitreProperties {
     /** The severity for alerts created by this alert rule. */
     severity: AlertSeverity;
-};
-export declare type PermissionsCustomsItem = Customs & {};
+}
+export interface PermissionsCustomsItem extends Customs {
+}
 /** Represents MLBehaviorAnalytics alert rule. */
-export declare type MLBehaviorAnalyticsAlertRule = AlertRule & {
+export interface MLBehaviorAnalyticsAlertRule extends AlertRule {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "MLBehaviorAnalytics";
     /** The Name of the alert rule template used to create this rule. */
     alertRuleTemplateName?: string;
     /**
@@ -4977,9 +5409,11 @@ export declare type MLBehaviorAnalyticsAlertRule = AlertRule & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly techniques?: string[];
-};
+}
 /** Represents Fusion alert rule. */
-export declare type FusionAlertRule = AlertRule & {
+export interface FusionAlertRule extends AlertRule {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Fusion";
     /** The Name of the alert rule template used to create this rule. */
     alertRuleTemplateName?: string;
     /**
@@ -5018,9 +5452,11 @@ export declare type FusionAlertRule = AlertRule & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly techniques?: string[];
-};
+}
 /** Represents Threat Intelligence alert rule. */
-export declare type ThreatIntelligenceAlertRule = AlertRule & {
+export interface ThreatIntelligenceAlertRule extends AlertRule {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "ThreatIntelligence";
     /** The Name of the alert rule template used to create this rule. */
     alertRuleTemplateName?: string;
     /**
@@ -5055,9 +5491,11 @@ export declare type ThreatIntelligenceAlertRule = AlertRule & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly techniques?: string[];
-};
+}
 /** Represents MicrosoftSecurityIncidentCreation rule. */
-export declare type MicrosoftSecurityIncidentCreationAlertRule = AlertRule & {
+export interface MicrosoftSecurityIncidentCreationAlertRule extends AlertRule {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "MicrosoftSecurityIncidentCreation";
     /** the alerts' displayNames on which the cases will be generated */
     displayNamesFilter?: string[];
     /** the alerts' displayNames on which the cases will not be generated */
@@ -5079,9 +5517,11 @@ export declare type MicrosoftSecurityIncidentCreationAlertRule = AlertRule & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly lastModifiedUtc?: Date;
-};
+}
 /** Represents scheduled alert rule. */
-export declare type ScheduledAlertRule = AlertRule & {
+export interface ScheduledAlertRule extends AlertRule {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Scheduled";
     /** The query that creates alerts for this rule. */
     query?: string;
     /** The frequency (in ISO 8601 duration format) for this alert rule to run. */
@@ -5129,9 +5569,11 @@ export declare type ScheduledAlertRule = AlertRule & {
     techniques?: string[];
     /** The settings of the incidents that created from alerts triggered by this analytics rule */
     incidentConfiguration?: IncidentConfiguration;
-};
+}
 /** Represents NRT alert rule. */
-export declare type NrtAlertRule = AlertRule & {
+export interface NrtAlertRule extends AlertRule {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "NRT";
     /** The Name of the alert rule template used to create this rule. */
     alertRuleTemplateName?: string;
     /** The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2> */
@@ -5169,9 +5611,13 @@ export declare type NrtAlertRule = AlertRule & {
     entityMappings?: EntityMapping[];
     /** The alert details override settings */
     alertDetailsOverride?: AlertDetailsOverride;
-};
+    /** The event grouping settings. */
+    eventGroupingSettings?: EventGroupingSettings;
+}
 /** Represents Expansion entity query. */
-export declare type ExpansionEntityQuery = EntityQuery & {
+export interface ExpansionEntityQuery extends EntityQuery {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Expansion";
     /** List of the data sources that are required to run the query */
     dataSources?: string[];
     /** The query display name */
@@ -5184,9 +5630,11 @@ export declare type ExpansionEntityQuery = EntityQuery & {
     outputEntityTypes?: EntityType[];
     /** The template query string to be parsed and formatted */
     queryTemplate?: string;
-};
+}
 /** Represents Activity entity query. */
-export declare type ActivityEntityQuery = EntityQuery & {
+export interface ActivityEntityQuery extends EntityQuery {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Activity";
     /** The entity query title */
     title?: string;
     /** The entity query content to display in timeline */
@@ -5217,9 +5665,11 @@ export declare type ActivityEntityQuery = EntityQuery & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly lastModifiedTimeUtc?: Date;
-};
+}
 /** Represents Activity entity query. */
-export declare type ActivityCustomEntityQuery = CustomEntityQuery & {
+export interface ActivityCustomEntityQuery extends CustomEntityQuery {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Activity";
     /** The entity query title */
     title?: string;
     /** The entity query content to display in timeline */
@@ -5250,38 +5700,81 @@ export declare type ActivityCustomEntityQuery = CustomEntityQuery & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly lastModifiedTimeUtc?: Date;
-};
-/** Settings with single toggle. */
-export declare type Anomalies = Settings & {
+}
+/** Represents Anomaly Security ML Analytics Settings */
+export interface AnomalySecurityMLAnalyticsSettings extends SecurityMLAnalyticsSetting {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Anomaly";
+    /** The description of the SecurityMLAnalyticsSettings. */
+    description?: string;
+    /** The display name for settings created by this SecurityMLAnalyticsSettings. */
+    displayName?: string;
+    /** Determines whether this settings is enabled or disabled. */
+    enabled?: boolean;
     /**
-     * Determines whether the setting is enable or disabled.
+     * The last time that this SecurityMLAnalyticsSettings has been modified.
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
-    readonly isEnabled?: boolean;
-};
+    readonly lastModifiedUtc?: Date;
+    /** The required data sources for this SecurityMLAnalyticsSettings */
+    requiredDataConnectors?: SecurityMLAnalyticsSettingsDataSource[];
+    /** The tactics of the SecurityMLAnalyticsSettings */
+    tactics?: AttackTactic[];
+    /** The techniques of the SecurityMLAnalyticsSettings */
+    techniques?: string[];
+    /** The anomaly version of the AnomalySecurityMLAnalyticsSettings. */
+    anomalyVersion?: string;
+    /** The customizable observations of the AnomalySecurityMLAnalyticsSettings. */
+    customizableObservations?: Record<string, unknown>;
+    /** The frequency that this SecurityMLAnalyticsSettings will be run. */
+    frequency?: string;
+    /** The anomaly SecurityMLAnalyticsSettings status */
+    settingsStatus?: SettingsStatus;
+    /** Determines whether this anomaly security ml analytics settings is a default settings */
+    isDefaultSettings?: boolean;
+    /** The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not. */
+    anomalySettingsVersion?: number;
+    /** The anomaly settings definition Id */
+    settingsDefinitionId?: string;
+}
 /** Settings with single toggle. */
-export declare type EyesOn = Settings & {
+export interface Anomalies extends Settings {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Anomalies";
     /**
      * Determines whether the setting is enable or disabled.
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly isEnabled?: boolean;
-};
+}
 /** Settings with single toggle. */
-export declare type EntityAnalytics = Settings & {
+export interface EyesOn extends Settings {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "EyesOn";
     /**
      * Determines whether the setting is enable or disabled.
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly isEnabled?: boolean;
-};
+}
+/** Settings with single toggle. */
+export interface EntityAnalytics extends Settings {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "EntityAnalytics";
+    /** The relevant entity providers that are synced */
+    entityProviders?: EntityProviders[];
+}
 /** Settings with single toggle. */
-export declare type Ueba = Settings & {
+export interface Ueba extends Settings {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Ueba";
     /** The relevant data sources that enriched by ueba */
     dataSources?: UebaDataSources[];
-};
+}
 /** Threat intelligence indicator entity. */
-export declare type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & {
+export interface ThreatIntelligenceIndicatorModel extends ThreatIntelligenceInformation {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "indicator";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -5352,51 +5845,65 @@ export declare type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInforma
     extensions?: {
         [propertyName: string]: any;
     };
-};
+}
 /** Represents AAD (Azure Active Directory) data connector. */
-export declare type AADDataConnector = DataConnector & {
+export interface AADDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "AzureActiveDirectory";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: AlertsDataTypeOfDataConnector;
-};
+}
 /** Represents Microsoft Threat Intelligence data connector. */
-export declare type MstiDataConnector = DataConnector & {
+export interface MstiDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "MicrosoftThreatIntelligence";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: MstiDataConnectorDataTypes;
-};
+}
 /** Represents MTP (Microsoft Threat Protection) data connector. */
-export declare type MTPDataConnector = DataConnector & {
+export interface MTPDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "MicrosoftThreatProtection";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: MTPDataConnectorDataTypes;
-};
+}
 /** Represents AATP (Azure Advanced Threat Protection) data connector. */
-export declare type AatpDataConnector = DataConnector & {
+export interface AatpDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "AzureAdvancedThreatProtection";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: AlertsDataTypeOfDataConnector;
-};
+}
 /** Represents ASC (Azure Security Center) data connector. */
-export declare type ASCDataConnector = DataConnector & {
+export interface ASCDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "AzureSecurityCenter";
     /** The available data types for the connector. */
     dataTypes?: AlertsDataTypeOfDataConnector;
     /** The subscription id to connect to, and get the data from. */
     subscriptionId?: string;
-};
+}
 /** Represents Amazon Web Services CloudTrail data connector. */
-export declare type AwsCloudTrailDataConnector = DataConnector & {
+export interface AwsCloudTrailDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "AmazonWebServicesCloudTrail";
     /** The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. */
     awsRoleArn?: string;
     /** The available data types for the connector. */
     dataTypes?: AwsCloudTrailDataConnectorDataTypes;
-};
+}
 /** Represents Amazon Web Services S3 data connector. */
-export declare type AwsS3DataConnector = DataConnector & {
+export interface AwsS3DataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "AmazonWebServicesS3";
     /** The logs destination table name in LogAnalytics. */
     destinationTable?: string;
     /** The AWS sqs urls for the connector. */
@@ -5405,74 +5912,94 @@ export declare type AwsS3DataConnector = DataConnector & {
     roleArn?: string;
     /** The available data types for the connector. */
     dataTypes?: AwsS3DataConnectorDataTypes;
-};
+}
 /** Represents MCAS (Microsoft Cloud App Security) data connector. */
-export declare type McasDataConnector = DataConnector & {
+export interface McasDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "MicrosoftCloudAppSecurity";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: McasDataConnectorDataTypes;
-};
+}
 /** Represents Dynamics365 data connector. */
-export declare type Dynamics365DataConnector = DataConnector & {
+export interface Dynamics365DataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Dynamics365";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: Dynamics365DataConnectorDataTypes;
-};
+}
 /** Represents OfficeATP (Office 365 Advanced Threat Protection) data connector. */
-export declare type OfficeATPDataConnector = DataConnector & {
+export interface OfficeATPDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "OfficeATP";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: AlertsDataTypeOfDataConnector;
-};
+}
 /** Represents Office Microsoft Project data connector. */
-export declare type Office365ProjectDataConnector = DataConnector & {
+export interface Office365ProjectDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Office365Project";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: Office365ProjectConnectorDataTypes;
-};
+}
 /** Represents Office Microsoft PowerBI data connector. */
-export declare type OfficePowerBIDataConnector = DataConnector & {
+export interface OfficePowerBIDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "OfficePowerBI";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: OfficePowerBIConnectorDataTypes;
-};
+}
 /** Represents OfficeIRM (Microsoft Insider Risk Management) data connector. */
-export declare type OfficeIRMDataConnector = DataConnector & {
+export interface OfficeIRMDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "OfficeIRM";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: AlertsDataTypeOfDataConnector;
-};
+}
 /** Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. */
-export declare type MdatpDataConnector = DataConnector & {
+export interface MdatpDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "MicrosoftDefenderAdvancedThreatProtection";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: AlertsDataTypeOfDataConnector;
-};
+}
 /** Represents office data connector. */
-export declare type OfficeDataConnector = DataConnector & {
+export interface OfficeDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Office365";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: OfficeDataConnectorDataTypes;
-};
+}
 /** Represents threat intelligence data connector. */
-export declare type TIDataConnector = DataConnector & {
+export interface TIDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "ThreatIntelligence";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The lookback period for the feed to be imported. */
     tipLookbackPeriod?: Date;
     /** The available data types for the connector. */
     dataTypes?: TIDataConnectorDataTypes;
-};
+}
 /** Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server */
-export declare type TiTaxiiDataConnector = DataConnector & {
+export interface TiTaxiiDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "ThreatIntelligenceTaxii";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The workspace id. */
@@ -5493,26 +6020,32 @@ export declare type TiTaxiiDataConnector = DataConnector & {
     pollingFrequency?: PollingFrequency;
     /** The available data types for Threat Intelligence TAXII data connector. */
     dataTypes?: TiTaxiiDataConnectorDataTypes;
-};
+}
 /** Represents IoT data connector. */
-export declare type IoTDataConnector = DataConnector & {
+export interface IoTDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "IOT";
     /** The available data types for the connector. */
     dataTypes?: AlertsDataTypeOfDataConnector;
     /** The subscription id to connect to, and get the data from. */
     subscriptionId?: string;
-};
+}
 /** Represents Codeless UI data connector. */
-export declare type CodelessUiDataConnector = DataConnector & {
+export interface CodelessUiDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "GenericUI";
     /** Config to describe the instructions blade */
     connectorUiConfig?: CodelessUiConnectorConfigProperties;
-};
+}
 /** Represents Codeless API Polling data connector. */
-export declare type CodelessApiPollingDataConnector = DataConnector & {
+export interface CodelessApiPollingDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "APIPolling";
     /** Config to describe the instructions blade */
     connectorUiConfig?: CodelessUiConnectorConfigProperties;
     /** Config to describe the polling instructions */
     pollingConfig?: CodelessConnectorPollingConfigProperties;
-};
+}
 /** Defines headers for Watchlists_delete operation. */
 export interface WatchlistsDeleteHeaders {
     /** Contains the status URL on which clients are expected to poll the status of the delete operation. */
@@ -5525,11 +6058,17 @@ export interface WatchlistsCreateOrUpdateHeaders {
 }
 /** Known values of {@link AlertRuleKind} that the service accepts. */
 export declare enum KnownAlertRuleKind {
+    /** Scheduled */
     Scheduled = "Scheduled",
+    /** MicrosoftSecurityIncidentCreation */
     MicrosoftSecurityIncidentCreation = "MicrosoftSecurityIncidentCreation",
+    /** Fusion */
     Fusion = "Fusion",
+    /** MLBehaviorAnalytics */
     MLBehaviorAnalytics = "MLBehaviorAnalytics",
+    /** ThreatIntelligence */
     ThreatIntelligence = "ThreatIntelligence",
+    /** NRT */
     NRT = "NRT"
 }
 /**
@@ -5547,9 +6086,13 @@ export declare enum KnownAlertRuleKind {
 export declare type AlertRuleKind = string;
 /** Known values of {@link CreatedByType} that the service accepts. */
 export declare enum KnownCreatedByType {
+    /** User */
     User = "User",
+    /** Application */
     Application = "Application",
+    /** ManagedIdentity */
     ManagedIdentity = "ManagedIdentity",
+    /** Key */
     Key = "Key"
 }
 /**
@@ -5566,40 +6109,58 @@ export declare type CreatedByType = string;
 /** Known values of {@link TriggersOn} that the service accepts. */
 export declare enum KnownTriggersOn {
     /** Trigger on Incidents */
-    Incidents = "Incidents"
+    Incidents = "Incidents",
+    /** Trigger on Alerts */
+    Alerts = "Alerts"
 }
 /**
  * Defines values for TriggersOn. \
  * {@link KnownTriggersOn} can be used interchangeably with TriggersOn,
  *  this enum contains the known values that the service supports.
  * ### Known values supported by the service
- * **Incidents**: Trigger on Incidents
+ * **Incidents**: Trigger on Incidents \
+ * **Alerts**: Trigger on Alerts
  */
 export declare type TriggersOn = string;
 /** Known values of {@link TriggersWhen} that the service accepts. */
 export declare enum KnownTriggersWhen {
     /** Trigger on created objects */
-    Created = "Created"
+    Created = "Created",
+    /** Trigger on updated objects */
+    Updated = "Updated"
 }
 /**
  * Defines values for TriggersWhen. \
  * {@link KnownTriggersWhen} can be used interchangeably with TriggersWhen,
  *  this enum contains the known values that the service supports.
  * ### Known values supported by the service
- * **Created**: Trigger on created objects
+ * **Created**: Trigger on created objects \
+ * **Updated**: Trigger on updated objects
  */
 export declare type TriggersWhen = string;
 /** Known values of {@link ConditionType} that the service accepts. */
 export declare enum KnownConditionType {
     /** Evaluate an object property value */
-    Property = "Property"
+    Property = "Property",
+    /** Evaluate an object array property value */
+    PropertyArray = "PropertyArray",
+    /** Evaluate an object property changed value */
+    PropertyChanged = "PropertyChanged",
+    /** Evaluate an object array property changed value */
+    PropertyArrayChanged = "PropertyArrayChanged",
+    /** Apply a boolean operator (e.g AND, OR) to conditions */
+    Boolean = "Boolean"
 }
 /**
  * Defines values for ConditionType. \
  * {@link KnownConditionType} can be used interchangeably with ConditionType,
  *  this enum contains the known values that the service supports.
  * ### Known values supported by the service
- * **Property**: Evaluate an object property value
+ * **Property**: Evaluate an object property value \
+ * **PropertyArray**: Evaluate an object array property value \
+ * **PropertyChanged**: Evaluate an object property changed value \
+ * **PropertyArrayChanged**: Evaluate an object array property changed value \
+ * **Boolean**: Apply a boolean operator (e.g AND, OR) to conditions
  */
 export declare type ConditionType = string;
 /** Known values of {@link ActionType} that the service accepts. */
@@ -5642,22 +6203,39 @@ export declare enum KnownIncidentSeverity {
 export declare type IncidentSeverity = string;
 /** Known values of {@link AttackTactic} that the service accepts. */
 export declare enum KnownAttackTactic {
+    /** Reconnaissance */
     Reconnaissance = "Reconnaissance",
+    /** ResourceDevelopment */
     ResourceDevelopment = "ResourceDevelopment",
+    /** InitialAccess */
     InitialAccess = "InitialAccess",
+    /** Execution */
     Execution = "Execution",
+    /** Persistence */
     Persistence = "Persistence",
+    /** PrivilegeEscalation */
     PrivilegeEscalation = "PrivilegeEscalation",
+    /** DefenseEvasion */
     DefenseEvasion = "DefenseEvasion",
+    /** CredentialAccess */
     CredentialAccess = "CredentialAccess",
+    /** Discovery */
     Discovery = "Discovery",
+    /** LateralMovement */
     LateralMovement = "LateralMovement",
+    /** Collection */
     Collection = "Collection",
+    /** Exfiltration */
     Exfiltration = "Exfiltration",
+    /** CommandAndControl */
     CommandAndControl = "CommandAndControl",
+    /** Impact */
     Impact = "Impact",
+    /** PreAttack */
     PreAttack = "PreAttack",
+    /** ImpairProcessControl */
     ImpairProcessControl = "ImpairProcessControl",
+    /** InhibitResponseFunction */
     InhibitResponseFunction = "InhibitResponseFunction"
 }
 /**
@@ -5727,7 +6305,9 @@ export declare enum KnownEntityKind {
     /** Entity represents mailbox in the system. */
     Mailbox = "Mailbox",
     /** Entity represents submission mail in the system. */
-    SubmissionMail = "SubmissionMail"
+    SubmissionMail = "SubmissionMail",
+    /** Entity represents network interface in the system. */
+    Nic = "Nic"
 }
 /**
  * Defines values for EntityKind. \
@@ -5754,7 +6334,8 @@ export declare enum KnownEntityKind {
  * **MailCluster**: Entity represents mail cluster in the system. \
  * **MailMessage**: Entity represents mail message in the system. \
  * **Mailbox**: Entity represents mailbox in the system. \
- * **SubmissionMail**: Entity represents submission mail in the system.
+ * **SubmissionMail**: Entity represents submission mail in the system. \
+ * **Nic**: Entity represents network interface in the system.
  */
 export declare type EntityKind = string;
 /** Known values of {@link EntityTimelineKind} that the service accepts. */
@@ -5764,7 +6345,9 @@ export declare enum KnownEntityTimelineKind {
     /** bookmarks */
     Bookmark = "Bookmark",
     /** security alerts */
-    SecurityAlert = "SecurityAlert"
+    SecurityAlert = "SecurityAlert",
+    /** anomaly */
+    Anomaly = "Anomaly"
 }
 /**
  * Defines values for EntityTimelineKind. \
@@ -5773,7 +6356,8 @@ export declare enum KnownEntityTimelineKind {
  * ### Known values supported by the service
  * **Activity**: activity \
  * **Bookmark**: bookmarks \
- * **SecurityAlert**: security alerts
+ * **SecurityAlert**: security alerts \
+ * **Anomaly**: anomaly
  */
 export declare type EntityTimelineKind = string;
 /** Known values of {@link EntityItemQueryKind} that the service accepts. */
@@ -5791,8 +6375,11 @@ export declare enum KnownEntityItemQueryKind {
 export declare type EntityItemQueryKind = string;
 /** Known values of {@link EntityQueryKind} that the service accepts. */
 export declare enum KnownEntityQueryKind {
+    /** Expansion */
     Expansion = "Expansion",
+    /** Insight */
     Insight = "Insight",
+    /** Activity */
     Activity = "Activity"
 }
 /**
@@ -5805,22 +6392,38 @@ export declare enum KnownEntityQueryKind {
  * **Activity**
  */
 export declare type EntityQueryKind = string;
-/** Known values of {@link Enum12} that the service accepts. */
-export declare enum KnownEnum12 {
+/** Known values of {@link GetInsightsError} that the service accepts. */
+export declare enum KnownGetInsightsError {
+    /** Insight */
+    Insight = "Insight"
+}
+/**
+ * Defines values for GetInsightsError. \
+ * {@link KnownGetInsightsError} can be used interchangeably with GetInsightsError,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Insight**
+ */
+export declare type GetInsightsError = string;
+/** Known values of {@link Enum13} that the service accepts. */
+export declare enum KnownEnum13 {
+    /** Expansion */
     Expansion = "Expansion",
+    /** Activity */
     Activity = "Activity"
 }
 /**
- * Defines values for Enum12. \
- * {@link KnownEnum12} can be used interchangeably with Enum12,
+ * Defines values for Enum13. \
+ * {@link KnownEnum13} can be used interchangeably with Enum13,
  *  this enum contains the known values that the service supports.
  * ### Known values supported by the service
  * **Expansion** \
  * **Activity**
  */
-export declare type Enum12 = string;
+export declare type Enum13 = string;
 /** Known values of {@link CustomEntityQueryKind} that the service accepts. */
 export declare enum KnownCustomEntityQueryKind {
+    /** Activity */
     Activity = "Activity"
 }
 /**
@@ -5833,6 +6436,7 @@ export declare enum KnownCustomEntityQueryKind {
 export declare type CustomEntityQueryKind = string;
 /** Known values of {@link EntityQueryTemplateKind} that the service accepts. */
 export declare enum KnownEntityQueryTemplateKind {
+    /** Activity */
     Activity = "Activity"
 }
 /**
@@ -5843,6 +6447,113 @@ export declare enum KnownEntityQueryTemplateKind {
  * **Activity**
  */
 export declare type EntityQueryTemplateKind = string;
+/** Known values of {@link IngestionMode} that the service accepts. */
+export declare enum KnownIngestionMode {
+    /** No records should be ingested when invalid records are detected. */
+    IngestOnlyIfAllAreValid = "IngestOnlyIfAllAreValid",
+    /** Valid records should still be ingested when invalid records are detected. */
+    IngestAnyValidRecords = "IngestAnyValidRecords",
+    /** Unspecified */
+    Unspecified = "Unspecified"
+}
+/**
+ * Defines values for IngestionMode. \
+ * {@link KnownIngestionMode} can be used interchangeably with IngestionMode,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **IngestOnlyIfAllAreValid**: No records should be ingested when invalid records are detected. \
+ * **IngestAnyValidRecords**: Valid records should still be ingested when invalid records are detected. \
+ * **Unspecified**: Unspecified
+ */
+export declare type IngestionMode = string;
+/** Known values of {@link FileImportContentType} that the service accepts. */
+export declare enum KnownFileImportContentType {
+    /** File containing records with the core fields of an indicator, plus the observables to construct the STIX pattern. */
+    BasicIndicator = "BasicIndicator",
+    /** File containing STIX indicators. */
+    StixIndicator = "StixIndicator",
+    /** File containing other records. */
+    Unspecified = "Unspecified"
+}
+/**
+ * Defines values for FileImportContentType. \
+ * {@link KnownFileImportContentType} can be used interchangeably with FileImportContentType,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **BasicIndicator**: File containing records with the core fields of an indicator, plus the observables to construct the STIX pattern. \
+ * **StixIndicator**: File containing STIX indicators. \
+ * **Unspecified**: File containing other records.
+ */
+export declare type FileImportContentType = string;
+/** Known values of {@link FileFormat} that the service accepts. */
+export declare enum KnownFileFormat {
+    /** A CSV file. */
+    CSV = "CSV",
+    /** A JSON file. */
+    Json = "JSON",
+    /** A file of other format. */
+    Unspecified = "Unspecified"
+}
+/**
+ * Defines values for FileFormat. \
+ * {@link KnownFileFormat} can be used interchangeably with FileFormat,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **CSV**: A CSV file. \
+ * **JSON**: A JSON file. \
+ * **Unspecified**: A file of other format.
+ */
+export declare type FileFormat = string;
+/** Known values of {@link DeleteStatus} that the service accepts. */
+export declare enum KnownDeleteStatus {
+    /** The file was deleted. */
+    Deleted = "Deleted",
+    /** The file was not deleted. */
+    NotDeleted = "NotDeleted",
+    /** Unspecified */
+    Unspecified = "Unspecified"
+}
+/**
+ * Defines values for DeleteStatus. \
+ * {@link KnownDeleteStatus} can be used interchangeably with DeleteStatus,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Deleted**: The file was deleted. \
+ * **NotDeleted**: The file was not deleted. \
+ * **Unspecified**: Unspecified
+ */
+export declare type DeleteStatus = string;
+/** Known values of {@link FileImportState} that the service accepts. */
+export declare enum KnownFileImportState {
+    /** A fatal error has occurred while ingesting the file. */
+    FatalError = "FatalError",
+    /** The file has been ingested. */
+    Ingested = "Ingested",
+    /** The file has been ingested with errors. */
+    IngestedWithErrors = "IngestedWithErrors",
+    /** The file ingestion is in progress. */
+    InProgress = "InProgress",
+    /** The file is invalid. */
+    Invalid = "Invalid",
+    /** Waiting for the file to be uploaded. */
+    WaitingForUpload = "WaitingForUpload",
+    /** Unspecified state. */
+    Unspecified = "Unspecified"
+}
+/**
+ * Defines values for FileImportState. \
+ * {@link KnownFileImportState} can be used interchangeably with FileImportState,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **FatalError**: A fatal error has occurred while ingesting the file. \
+ * **Ingested**: The file has been ingested. \
+ * **IngestedWithErrors**: The file has been ingested with errors. \
+ * **InProgress**: The file ingestion is in progress. \
+ * **Invalid**: The file is invalid. \
+ * **WaitingForUpload**: Waiting for the file to be uploaded. \
+ * **Unspecified**: Unspecified state.
+ */
+export declare type FileImportState = string;
 /** Known values of {@link IncidentClassification} that the service accepts. */
 export declare enum KnownIncidentClassification {
     /** Incident classification was undetermined */
@@ -6083,22 +6794,39 @@ export declare enum KnownAlertStatus {
 export declare type AlertStatus = string;
 /** Known values of {@link Kind} that the service accepts. */
 export declare enum KnownKind {
+    /** DataConnector */
     DataConnector = "DataConnector",
+    /** DataType */
     DataType = "DataType",
+    /** Workbook */
     Workbook = "Workbook",
+    /** WorkbookTemplate */
     WorkbookTemplate = "WorkbookTemplate",
+    /** Playbook */
     Playbook = "Playbook",
+    /** PlaybookTemplate */
     PlaybookTemplate = "PlaybookTemplate",
+    /** AnalyticsRuleTemplate */
     AnalyticsRuleTemplate = "AnalyticsRuleTemplate",
+    /** AnalyticsRule */
     AnalyticsRule = "AnalyticsRule",
+    /** HuntingQuery */
     HuntingQuery = "HuntingQuery",
+    /** InvestigationQuery */
     InvestigationQuery = "InvestigationQuery",
+    /** Parser */
     Parser = "Parser",
+    /** Watchlist */
     Watchlist = "Watchlist",
+    /** WatchlistTemplate */
     WatchlistTemplate = "WatchlistTemplate",
+    /** Solution */
     Solution = "Solution",
+    /** AzureFunction */
     AzureFunction = "AzureFunction",
+    /** LogicAppsCustomConnector */
     LogicAppsCustomConnector = "LogicAppsCustomConnector",
+    /** AutomationRule */
     AutomationRule = "AutomationRule"
 }
 /**
@@ -6127,9 +6855,13 @@ export declare enum KnownKind {
 export declare type Kind = string;
 /** Known values of {@link SourceKind} that the service accepts. */
 export declare enum KnownSourceKind {
+    /** LocalWorkspace */
     LocalWorkspace = "LocalWorkspace",
+    /** Community */
     Community = "Community",
+    /** Solution */
     Solution = "Solution",
+    /** SourceRepository */
     SourceRepository = "SourceRepository"
 }
 /**
@@ -6145,8 +6877,11 @@ export declare enum KnownSourceKind {
 export declare type SourceKind = string;
 /** Known values of {@link SupportTier} that the service accepts. */
 export declare enum KnownSupportTier {
+    /** Microsoft */
     Microsoft = "Microsoft",
+    /** Partner */
     Partner = "Partner",
+    /** Community */
     Community = "Community"
 }
 /**
@@ -6161,7 +6896,9 @@ export declare enum KnownSupportTier {
 export declare type SupportTier = string;
 /** Known values of {@link Operator} that the service accepts. */
 export declare enum KnownOperator {
+    /** AND */
     AND = "AND",
+    /** OR */
     OR = "OR"
 }
 /**
@@ -6173,11 +6910,28 @@ export declare enum KnownOperator {
  * **OR**
  */
 export declare type Operator = string;
+/** Known values of {@link SecurityMLAnalyticsSettingsKind} that the service accepts. */
+export declare enum KnownSecurityMLAnalyticsSettingsKind {
+    /** Anomaly */
+    Anomaly = "Anomaly"
+}
+/**
+ * Defines values for SecurityMLAnalyticsSettingsKind. \
+ * {@link KnownSecurityMLAnalyticsSettingsKind} can be used interchangeably with SecurityMLAnalyticsSettingsKind,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Anomaly**
+ */
+export declare type SecurityMLAnalyticsSettingsKind = string;
 /** Known values of {@link SettingKind} that the service accepts. */
 export declare enum KnownSettingKind {
+    /** Anomalies */
     Anomalies = "Anomalies",
+    /** EyesOn */
     EyesOn = "EyesOn",
+    /** EntityAnalytics */
     EntityAnalytics = "EntityAnalytics",
+    /** Ueba */
     Ueba = "Ueba"
 }
 /**
@@ -6193,7 +6947,9 @@ export declare enum KnownSettingKind {
 export declare type SettingKind = string;
 /** Known values of {@link RepoType} that the service accepts. */
 export declare enum KnownRepoType {
+    /** Github */
     Github = "Github",
+    /** DevOps */
     DevOps = "DevOps"
 }
 /**
@@ -6207,7 +6963,9 @@ export declare enum KnownRepoType {
 export declare type RepoType = string;
 /** Known values of {@link Version} that the service accepts. */
 export declare enum KnownVersion {
+    /** V1 */
     V1 = "V1",
+    /** V2 */
     V2 = "V2"
 }
 /**
@@ -6221,7 +6979,9 @@ export declare enum KnownVersion {
 export declare type Version = string;
 /** Known values of {@link ContentType} that the service accepts. */
 export declare enum KnownContentType {
+    /** AnalyticRule */
     AnalyticRule = "AnalyticRule",
+    /** Workbook */
     Workbook = "Workbook"
 }
 /**
@@ -6235,8 +6995,11 @@ export declare enum KnownContentType {
 export declare type ContentType = string;
 /** Known values of {@link DeploymentFetchStatus} that the service accepts. */
 export declare enum KnownDeploymentFetchStatus {
+    /** Success */
     Success = "Success",
+    /** Unauthorized */
     Unauthorized = "Unauthorized",
+    /** NotFound */
     NotFound = "NotFound"
 }
 /**
@@ -6251,9 +7014,13 @@ export declare enum KnownDeploymentFetchStatus {
 export declare type DeploymentFetchStatus = string;
 /** Known values of {@link DeploymentState} that the service accepts. */
 export declare enum KnownDeploymentState {
+    /** InProgress */
     InProgress = "In_Progress",
+    /** Completed */
     Completed = "Completed",
+    /** Queued */
     Queued = "Queued",
+    /** Canceling */
     Canceling = "Canceling"
 }
 /**
@@ -6269,8 +7036,11 @@ export declare enum KnownDeploymentState {
 export declare type DeploymentState = string;
 /** Known values of {@link DeploymentResult} that the service accepts. */
 export declare enum KnownDeploymentResult {
+    /** Success */
     Success = "Success",
+    /** Canceled */
     Canceled = "Canceled",
+    /** Failed */
     Failed = "Failed"
 }
 /**
@@ -6298,8 +7068,11 @@ export declare enum KnownThreatIntelligenceResourceKindEnum {
 export declare type ThreatIntelligenceResourceKindEnum = string;
 /** Known values of {@link ThreatIntelligenceSortingCriteriaEnum} that the service accepts. */
 export declare enum KnownThreatIntelligenceSortingCriteriaEnum {
+    /** Unsorted */
     Unsorted = "unsorted",
+    /** Ascending */
     Ascending = "ascending",
+    /** Descending */
     Descending = "descending"
 }
 /**
@@ -6314,7 +7087,9 @@ export declare enum KnownThreatIntelligenceSortingCriteriaEnum {
 export declare type ThreatIntelligenceSortingCriteriaEnum = string;
 /** Known values of {@link SourceType} that the service accepts. */
 export declare enum KnownSourceType {
+    /** LocalFile */
     LocalFile = "Local file",
+    /** RemoteStorage */
     RemoteStorage = "Remote storage"
 }
 /**
@@ -6326,45 +7101,47 @@ export declare enum KnownSourceType {
  * **Remote storage**
  */
 export declare type SourceType = string;
-/** Known values of {@link ProvisioningState} that the service accepts. */
-export declare enum KnownProvisioningState {
-    Succeeded = "Succeeded",
-    Failed = "Failed",
-    Canceled = "Canceled",
-    InProgress = "InProgress"
-}
-/**
- * Defines values for ProvisioningState. \
- * {@link KnownProvisioningState} can be used interchangeably with ProvisioningState,
- *  this enum contains the known values that the service supports.
- * ### Known values supported by the service
- * **Succeeded** \
- * **Failed** \
- * **Canceled** \
- * **InProgress**
- */
-export declare type ProvisioningState = string;
 /** Known values of {@link DataConnectorKind} that the service accepts. */
 export declare enum KnownDataConnectorKind {
+    /** AzureActiveDirectory */
     AzureActiveDirectory = "AzureActiveDirectory",
+    /** AzureSecurityCenter */
     AzureSecurityCenter = "AzureSecurityCenter",
+    /** MicrosoftCloudAppSecurity */
     MicrosoftCloudAppSecurity = "MicrosoftCloudAppSecurity",
+    /** ThreatIntelligence */
     ThreatIntelligence = "ThreatIntelligence",
+    /** ThreatIntelligenceTaxii */
     ThreatIntelligenceTaxii = "ThreatIntelligenceTaxii",
+    /** Office365 */
     Office365 = "Office365",
+    /** OfficeATP */
     OfficeATP = "OfficeATP",
+    /** OfficeIRM */
     OfficeIRM = "OfficeIRM",
+    /** Office365Project */
     Office365Project = "Office365Project",
+    /** OfficePowerBI */
     OfficePowerBI = "OfficePowerBI",
+    /** AmazonWebServicesCloudTrail */
     AmazonWebServicesCloudTrail = "AmazonWebServicesCloudTrail",
+    /** AmazonWebServicesS3 */
     AmazonWebServicesS3 = "AmazonWebServicesS3",
+    /** AzureAdvancedThreatProtection */
     AzureAdvancedThreatProtection = "AzureAdvancedThreatProtection",
+    /** MicrosoftDefenderAdvancedThreatProtection */
     MicrosoftDefenderAdvancedThreatProtection = "MicrosoftDefenderAdvancedThreatProtection",
+    /** Dynamics365 */
     Dynamics365 = "Dynamics365",
+    /** MicrosoftThreatProtection */
     MicrosoftThreatProtection = "MicrosoftThreatProtection",
+    /** MicrosoftThreatIntelligence */
     MicrosoftThreatIntelligence = "MicrosoftThreatIntelligence",
+    /** GenericUI */
     GenericUI = "GenericUI",
+    /** APIPolling */
     APIPolling = "APIPolling",
+    /** IOT */
     IOT = "IOT"
 }
 /**
@@ -6396,8 +7173,11 @@ export declare enum KnownDataConnectorKind {
 export declare type DataConnectorKind = string;
 /** Known values of {@link ConnectAuthKind} that the service accepts. */
 export declare enum KnownConnectAuthKind {
+    /** Basic */
     Basic = "Basic",
+    /** OAuth2 */
     OAuth2 = "OAuth2",
+    /** APIKey */
     APIKey = "APIKey"
 }
 /**
@@ -6412,7 +7192,9 @@ export declare enum KnownConnectAuthKind {
 export declare type ConnectAuthKind = string;
 /** Known values of {@link DataConnectorAuthorizationState} that the service accepts. */
 export declare enum KnownDataConnectorAuthorizationState {
+    /** Valid */
     Valid = "Valid",
+    /** Invalid */
     Invalid = "Invalid"
 }
 /**
@@ -6426,8 +7208,11 @@ export declare enum KnownDataConnectorAuthorizationState {
 export declare type DataConnectorAuthorizationState = string;
 /** Known values of {@link DataConnectorLicenseState} that the service accepts. */
 export declare enum KnownDataConnectorLicenseState {
+    /** Valid */
     Valid = "Valid",
+    /** Invalid */
     Invalid = "Invalid",
+    /** Unknown */
     Unknown = "Unknown"
 }
 /**
@@ -6523,14 +7308,37 @@ export declare enum KnownEntityMappingType {
  * **SubmissionMail**: Submission mail entity type
  */
 export declare type EntityMappingType = string;
+/** Known values of {@link EventGroupingAggregationKind} that the service accepts. */
+export declare enum KnownEventGroupingAggregationKind {
+    /** SingleAlert */
+    SingleAlert = "SingleAlert",
+    /** AlertPerResult */
+    AlertPerResult = "AlertPerResult"
+}
+/**
+ * Defines values for EventGroupingAggregationKind. \
+ * {@link KnownEventGroupingAggregationKind} can be used interchangeably with EventGroupingAggregationKind,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **SingleAlert** \
+ * **AlertPerResult**
+ */
+export declare type EventGroupingAggregationKind = string;
 /** Known values of {@link MicrosoftSecurityProductName} that the service accepts. */
 export declare enum KnownMicrosoftSecurityProductName {
+    /** MicrosoftCloudAppSecurity */
     MicrosoftCloudAppSecurity = "Microsoft Cloud App Security",
+    /** AzureSecurityCenter */
     AzureSecurityCenter = "Azure Security Center",
+    /** AzureAdvancedThreatProtection */
     AzureAdvancedThreatProtection = "Azure Advanced Threat Protection",
+    /** AzureActiveDirectoryIdentityProtection */
     AzureActiveDirectoryIdentityProtection = "Azure Active Directory Identity Protection",
+    /** AzureSecurityCenterForIoT */
     AzureSecurityCenterForIoT = "Azure Security Center for IoT",
+    /** Office365AdvancedThreatProtection */
     Office365AdvancedThreatProtection = "Office 365 Advanced Threat Protection",
+    /** MicrosoftDefenderAdvancedThreatProtection */
     MicrosoftDefenderAdvancedThreatProtection = "Microsoft Defender Advanced Threat Protection"
 }
 /**
@@ -6582,20 +7390,155 @@ export declare enum KnownAlertDetail {
  * **Severity**: Alert severity
  */
 export declare type AlertDetail = string;
-/** Known values of {@link EventGroupingAggregationKind} that the service accepts. */
-export declare enum KnownEventGroupingAggregationKind {
-    SingleAlert = "SingleAlert",
-    AlertPerResult = "AlertPerResult"
+/** Known values of {@link AutomationRuleBooleanConditionSupportedOperator} that the service accepts. */
+export declare enum KnownAutomationRuleBooleanConditionSupportedOperator {
+    /** Evaluates as true if all the item conditions are evaluated as true */
+    And = "And",
+    /** Evaluates as true if at least one of the item conditions are evaluated as true */
+    Or = "Or"
 }
 /**
- * Defines values for EventGroupingAggregationKind. \
- * {@link KnownEventGroupingAggregationKind} can be used interchangeably with EventGroupingAggregationKind,
+ * Defines values for AutomationRuleBooleanConditionSupportedOperator. \
+ * {@link KnownAutomationRuleBooleanConditionSupportedOperator} can be used interchangeably with AutomationRuleBooleanConditionSupportedOperator,
  *  this enum contains the known values that the service supports.
  * ### Known values supported by the service
- * **SingleAlert** \
- * **AlertPerResult**
+ * **And**: Evaluates as true if all the item conditions are evaluated as true \
+ * **Or**: Evaluates as true if at least one of the item conditions are evaluated as true
  */
-export declare type EventGroupingAggregationKind = string;
+export declare type AutomationRuleBooleanConditionSupportedOperator = string;
+/** Known values of {@link AutomationRulePropertyArrayChangedConditionSupportedArrayType} that the service accepts. */
+export declare enum KnownAutomationRulePropertyArrayChangedConditionSupportedArrayType {
+    /** Evaluate the condition on the alerts */
+    Alerts = "Alerts",
+    /** Evaluate the condition on the labels */
+    Labels = "Labels",
+    /** Evaluate the condition on the tactics */
+    Tactics = "Tactics",
+    /** Evaluate the condition on the comments */
+    Comments = "Comments"
+}
+/**
+ * Defines values for AutomationRulePropertyArrayChangedConditionSupportedArrayType. \
+ * {@link KnownAutomationRulePropertyArrayChangedConditionSupportedArrayType} can be used interchangeably with AutomationRulePropertyArrayChangedConditionSupportedArrayType,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Alerts**: Evaluate the condition on the alerts \
+ * **Labels**: Evaluate the condition on the labels \
+ * **Tactics**: Evaluate the condition on the tactics \
+ * **Comments**: Evaluate the condition on the comments
+ */
+export declare type AutomationRulePropertyArrayChangedConditionSupportedArrayType = string;
+/** Known values of {@link AutomationRulePropertyArrayChangedConditionSupportedChangeType} that the service accepts. */
+export declare enum KnownAutomationRulePropertyArrayChangedConditionSupportedChangeType {
+    /** Evaluate the condition on items added to the array */
+    Added = "Added"
+}
+/**
+ * Defines values for AutomationRulePropertyArrayChangedConditionSupportedChangeType. \
+ * {@link KnownAutomationRulePropertyArrayChangedConditionSupportedChangeType} can be used interchangeably with AutomationRulePropertyArrayChangedConditionSupportedChangeType,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Added**: Evaluate the condition on items added to the array
+ */
+export declare type AutomationRulePropertyArrayChangedConditionSupportedChangeType = string;
+/** Known values of {@link AutomationRulePropertyArrayConditionSupportedArrayType} that the service accepts. */
+export declare enum KnownAutomationRulePropertyArrayConditionSupportedArrayType {
+    /** Evaluate the condition on the custom detail keys */
+    CustomDetails = "CustomDetails",
+    /** Evaluate the condition on a custom detail's values */
+    CustomDetailValues = "CustomDetailValues"
+}
+/**
+ * Defines values for AutomationRulePropertyArrayConditionSupportedArrayType. \
+ * {@link KnownAutomationRulePropertyArrayConditionSupportedArrayType} can be used interchangeably with AutomationRulePropertyArrayConditionSupportedArrayType,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **CustomDetails**: Evaluate the condition on the custom detail keys \
+ * **CustomDetailValues**: Evaluate the condition on a custom detail's values
+ */
+export declare type AutomationRulePropertyArrayConditionSupportedArrayType = string;
+/** Known values of {@link AutomationRulePropertyArrayConditionSupportedArrayConditionType} that the service accepts. */
+export declare enum KnownAutomationRulePropertyArrayConditionSupportedArrayConditionType {
+    /** Evaluate the condition as true if any item fulfills it */
+    AnyItem = "AnyItem"
+}
+/**
+ * Defines values for AutomationRulePropertyArrayConditionSupportedArrayConditionType. \
+ * {@link KnownAutomationRulePropertyArrayConditionSupportedArrayConditionType} can be used interchangeably with AutomationRulePropertyArrayConditionSupportedArrayConditionType,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **AnyItem**: Evaluate the condition as true if any item fulfills it
+ */
+export declare type AutomationRulePropertyArrayConditionSupportedArrayConditionType = string;
+/** Known values of {@link AutomationRulePropertyChangedConditionSupportedPropertyType} that the service accepts. */
+export declare enum KnownAutomationRulePropertyChangedConditionSupportedPropertyType {
+    /** Evaluate the condition on the incident severity */
+    IncidentSeverity = "IncidentSeverity",
+    /** Evaluate the condition on the incident status */
+    IncidentStatus = "IncidentStatus",
+    /** Evaluate the condition on the incident owner */
+    IncidentOwner = "IncidentOwner"
+}
+/**
+ * Defines values for AutomationRulePropertyChangedConditionSupportedPropertyType. \
+ * {@link KnownAutomationRulePropertyChangedConditionSupportedPropertyType} can be used interchangeably with AutomationRulePropertyChangedConditionSupportedPropertyType,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **IncidentSeverity**: Evaluate the condition on the incident severity \
+ * **IncidentStatus**: Evaluate the condition on the incident status \
+ * **IncidentOwner**: Evaluate the condition on the incident owner
+ */
+export declare type AutomationRulePropertyChangedConditionSupportedPropertyType = string;
+/** Known values of {@link AutomationRulePropertyChangedConditionSupportedChangedType} that the service accepts. */
+export declare enum KnownAutomationRulePropertyChangedConditionSupportedChangedType {
+    /** Evaluate the condition on the previous value of the property */
+    ChangedFrom = "ChangedFrom",
+    /** Evaluate the condition on the updated value of the property */
+    ChangedTo = "ChangedTo"
+}
+/**
+ * Defines values for AutomationRulePropertyChangedConditionSupportedChangedType. \
+ * {@link KnownAutomationRulePropertyChangedConditionSupportedChangedType} can be used interchangeably with AutomationRulePropertyChangedConditionSupportedChangedType,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **ChangedFrom**: Evaluate the condition on the previous value of the property \
+ * **ChangedTo**: Evaluate the condition on the updated value of the property
+ */
+export declare type AutomationRulePropertyChangedConditionSupportedChangedType = string;
+/** Known values of {@link AutomationRulePropertyConditionSupportedOperator} that the service accepts. */
+export declare enum KnownAutomationRulePropertyConditionSupportedOperator {
+    /** Evaluates if the property equals at least one of the condition values */
+    Equals = "Equals",
+    /** Evaluates if the property does not equal any of the condition values */
+    NotEquals = "NotEquals",
+    /** Evaluates if the property contains at least one of the condition values */
+    Contains = "Contains",
+    /** Evaluates if the property does not contain any of the condition values */
+    NotContains = "NotContains",
+    /** Evaluates if the property starts with any of the condition values */
+    StartsWith = "StartsWith",
+    /** Evaluates if the property does not start with any of the condition values */
+    NotStartsWith = "NotStartsWith",
+    /** Evaluates if the property ends with any of the condition values */
+    EndsWith = "EndsWith",
+    /** Evaluates if the property does not end with any of the condition values */
+    NotEndsWith = "NotEndsWith"
+}
+/**
+ * Defines values for AutomationRulePropertyConditionSupportedOperator. \
+ * {@link KnownAutomationRulePropertyConditionSupportedOperator} can be used interchangeably with AutomationRulePropertyConditionSupportedOperator,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Equals**: Evaluates if the property equals at least one of the condition values \
+ * **NotEquals**: Evaluates if the property does not equal any of the condition values \
+ * **Contains**: Evaluates if the property contains at least one of the condition values \
+ * **NotContains**: Evaluates if the property does not contain any of the condition values \
+ * **StartsWith**: Evaluates if the property starts with any of the condition values \
+ * **NotStartsWith**: Evaluates if the property does not start with any of the condition values \
+ * **EndsWith**: Evaluates if the property ends with any of the condition values \
+ * **NotEndsWith**: Evaluates if the property does not end with any of the condition values
+ */
+export declare type AutomationRulePropertyConditionSupportedOperator = string;
 /** Known values of {@link AutomationRulePropertyConditionSupportedProperty} that the service accepts. */
 export declare enum KnownAutomationRulePropertyConditionSupportedProperty {
     /** The title of the incident */
@@ -6614,6 +7557,12 @@ export declare enum KnownAutomationRulePropertyConditionSupportedProperty {
     IncidentLabel = "IncidentLabel",
     /** The provider name of the incident */
     IncidentProviderName = "IncidentProviderName",
+    /** The update source of the incident */
+    IncidentUpdatedBySource = "IncidentUpdatedBySource",
+    /** The incident custom detail key */
+    IncidentCustomDetailsKey = "IncidentCustomDetailsKey",
+    /** The incident custom detail value */
+    IncidentCustomDetailsValue = "IncidentCustomDetailsValue",
     /** The account Azure Active Directory tenant id */
     AccountAadTenantId = "AccountAadTenantId",
     /** The account Azure Active Directory user id */
@@ -6632,6 +7581,8 @@ export declare enum KnownAutomationRulePropertyConditionSupportedProperty {
     AccountUPNSuffix = "AccountUPNSuffix",
     /** The name of the product of the alert */
     AlertProductNames = "AlertProductNames",
+    /** The analytic rule ids of the alert */
+    AlertAnalyticRuleIds = "AlertAnalyticRuleIds",
     /** The Azure resource id */
     AzureResourceResourceId = "AzureResourceResourceId",
     /** The Azure resource subscription id */
@@ -6720,6 +7671,9 @@ export declare enum KnownAutomationRulePropertyConditionSupportedProperty {
  * **IncidentTactics**: The tactics of the incident \
  * **IncidentLabel**: The labels of the incident \
  * **IncidentProviderName**: The provider name of the incident \
+ * **IncidentUpdatedBySource**: The update source of the incident \
+ * **IncidentCustomDetailsKey**: The incident custom detail key \
+ * **IncidentCustomDetailsValue**: The incident custom detail value \
  * **AccountAadTenantId**: The account Azure Active Directory tenant id \
  * **AccountAadUserId**: The account Azure Active Directory user id \
  * **AccountName**: The account name \
@@ -6729,6 +7683,7 @@ export declare enum KnownAutomationRulePropertyConditionSupportedProperty {
  * **AccountObjectGuid**: The account unique identifier \
  * **AccountUPNSuffix**: The account user principal name suffix \
  * **AlertProductNames**: The name of the product of the alert \
+ * **AlertAnalyticRuleIds**: The analytic rule ids of the alert \
  * **AzureResourceResourceId**: The Azure resource id \
  * **AzureResourceSubscriptionId**: The Azure resource subscription id \
  * **CloudApplicationAppId**: The cloud application identifier \
@@ -6768,40 +7723,6 @@ export declare enum KnownAutomationRulePropertyConditionSupportedProperty {
  * **Url**: The url
  */
 export declare type AutomationRulePropertyConditionSupportedProperty = string;
-/** Known values of {@link AutomationRulePropertyConditionSupportedOperator} that the service accepts. */
-export declare enum KnownAutomationRulePropertyConditionSupportedOperator {
-    /** Evaluates if the property equals at least one of the condition values */
-    Equals = "Equals",
-    /** Evaluates if the property does not equal any of the condition values */
-    NotEquals = "NotEquals",
-    /** Evaluates if the property contains at least one of the condition values */
-    Contains = "Contains",
-    /** Evaluates if the property does not contain any of the condition values */
-    NotContains = "NotContains",
-    /** Evaluates if the property starts with any of the condition values */
-    StartsWith = "StartsWith",
-    /** Evaluates if the property does not start with any of the condition values */
-    NotStartsWith = "NotStartsWith",
-    /** Evaluates if the property ends with any of the condition values */
-    EndsWith = "EndsWith",
-    /** Evaluates if the property does not end with any of the condition values */
-    NotEndsWith = "NotEndsWith"
-}
-/**
- * Defines values for AutomationRulePropertyConditionSupportedOperator. \
- * {@link KnownAutomationRulePropertyConditionSupportedOperator} can be used interchangeably with AutomationRulePropertyConditionSupportedOperator,
- *  this enum contains the known values that the service supports.
- * ### Known values supported by the service
- * **Equals**: Evaluates if the property equals at least one of the condition values \
- * **NotEquals**: Evaluates if the property does not equal any of the condition values \
- * **Contains**: Evaluates if the property contains at least one of the condition values \
- * **NotContains**: Evaluates if the property does not contain any of the condition values \
- * **StartsWith**: Evaluates if the property starts with any of the condition values \
- * **NotStartsWith**: Evaluates if the property does not start with any of the condition values \
- * **EndsWith**: Evaluates if the property ends with any of the condition values \
- * **NotEndsWith**: Evaluates if the property does not end with any of the condition values
- */
-export declare type AutomationRulePropertyConditionSupportedOperator = string;
 /** Known values of {@link EntityType} that the service accepts. */
 export declare enum KnownEntityType {
     /** Entity represents account in the system. */
@@ -6845,7 +7766,9 @@ export declare enum KnownEntityType {
     /** Entity represents mailbox in the system. */
     Mailbox = "Mailbox",
     /** Entity represents submission mail in the system. */
-    SubmissionMail = "SubmissionMail"
+    SubmissionMail = "SubmissionMail",
+    /** Entity represents network interface in the system. */
+    Nic = "Nic"
 }
 /**
  * Defines values for EntityType. \
@@ -6872,14 +7795,19 @@ export declare enum KnownEntityType {
  * **MailCluster**: Entity represents mail cluster in the system. \
  * **MailMessage**: Entity represents mail message in the system. \
  * **Mailbox**: Entity represents mailbox in the system. \
- * **SubmissionMail**: Entity represents submission mail in the system.
+ * **SubmissionMail**: Entity represents submission mail in the system. \
+ * **Nic**: Entity represents network interface in the system.
  */
 export declare type EntityType = string;
 /** Known values of {@link OutputType} that the service accepts. */
 export declare enum KnownOutputType {
+    /** Number */
     Number = "Number",
+    /** String */
     String = "String",
+    /** Date */
     Date = "Date",
+    /** Entity */
     Entity = "Entity"
 }
 /**
@@ -6893,11 +7821,47 @@ export declare enum KnownOutputType {
  * **Entity**
  */
 export declare type OutputType = string;
+/** Known values of {@link SettingsStatus} that the service accepts. */
+export declare enum KnownSettingsStatus {
+    /** Anomaly settings status in Production mode */
+    Production = "Production",
+    /** Anomaly settings status in Flighting mode */
+    Flighting = "Flighting"
+}
+/**
+ * Defines values for SettingsStatus. \
+ * {@link KnownSettingsStatus} can be used interchangeably with SettingsStatus,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Production**: Anomaly settings status in Production mode \
+ * **Flighting**: Anomaly settings status in Flighting mode
+ */
+export declare type SettingsStatus = string;
+/** Known values of {@link EntityProviders} that the service accepts. */
+export declare enum KnownEntityProviders {
+    /** ActiveDirectory */
+    ActiveDirectory = "ActiveDirectory",
+    /** AzureActiveDirectory */
+    AzureActiveDirectory = "AzureActiveDirectory"
+}
+/**
+ * Defines values for EntityProviders. \
+ * {@link KnownEntityProviders} can be used interchangeably with EntityProviders,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **ActiveDirectory** \
+ * **AzureActiveDirectory**
+ */
+export declare type EntityProviders = string;
 /** Known values of {@link UebaDataSources} that the service accepts. */
 export declare enum KnownUebaDataSources {
+    /** AuditLogs */
     AuditLogs = "AuditLogs",
+    /** AzureActivity */
     AzureActivity = "AzureActivity",
+    /** SecurityEvent */
     SecurityEvent = "SecurityEvent",
+    /** SigninLogs */
     SigninLogs = "SigninLogs"
 }
 /**
@@ -6911,23 +7875,11 @@ export declare enum KnownUebaDataSources {
  * **SigninLogs**
  */
 export declare type UebaDataSources = string;
-/** Known values of {@link SkuKind} that the service accepts. */
-export declare enum KnownSkuKind {
-    PerGB = "PerGB",
-    CapacityReservation = "CapacityReservation"
-}
-/**
- * Defines values for SkuKind. \
- * {@link KnownSkuKind} can be used interchangeably with SkuKind,
- *  this enum contains the known values that the service supports.
- * ### Known values supported by the service
- * **PerGB** \
- * **CapacityReservation**
- */
-export declare type SkuKind = string;
 /** Known values of {@link DataTypeState} that the service accepts. */
 export declare enum KnownDataTypeState {
+    /** Enabled */
     Enabled = "Enabled",
+    /** Disabled */
     Disabled = "Disabled"
 }
 /**
@@ -6960,6 +7912,7 @@ export declare enum KnownPollingFrequency {
 export declare type PollingFrequency = string;
 /** Known values of {@link ConnectivityType} that the service accepts. */
 export declare enum KnownConnectivityType {
+    /** IsConnectedQuery */
     IsConnectedQuery = "IsConnectedQuery"
 }
 /**
@@ -6972,11 +7925,17 @@ export declare enum KnownConnectivityType {
 export declare type ConnectivityType = string;
 /** Known values of {@link ProviderName} that the service accepts. */
 export declare enum KnownProviderName {
+    /** MicrosoftOperationalInsightsSolutions */
     MicrosoftOperationalInsightsSolutions = "Microsoft.OperationalInsights/solutions",
+    /** MicrosoftOperationalInsightsWorkspaces */
     MicrosoftOperationalInsightsWorkspaces = "Microsoft.OperationalInsights/workspaces",
+    /** MicrosoftOperationalInsightsWorkspacesDatasources */
     MicrosoftOperationalInsightsWorkspacesDatasources = "Microsoft.OperationalInsights/workspaces/datasources",
+    /** MicrosoftAadiamDiagnosticSettings */
     MicrosoftAadiamDiagnosticSettings = "microsoft.aadiam/diagnosticSettings",
+    /** MicrosoftOperationalInsightsWorkspacesSharedKeys */
     MicrosoftOperationalInsightsWorkspacesSharedKeys = "Microsoft.OperationalInsights/workspaces/sharedKeys",
+    /** MicrosoftAuthorizationPolicyAssignments */
     MicrosoftAuthorizationPolicyAssignments = "Microsoft.Authorization/policyAssignments"
 }
 /**
@@ -6994,8 +7953,11 @@ export declare enum KnownProviderName {
 export declare type ProviderName = string;
 /** Known values of {@link PermissionProviderScope} that the service accepts. */
 export declare enum KnownPermissionProviderScope {
+    /** ResourceGroup */
     ResourceGroup = "ResourceGroup",
+    /** Subscription */
     Subscription = "Subscription",
+    /** Workspace */
     Workspace = "Workspace"
 }
 /**
@@ -7010,8 +7972,11 @@ export declare enum KnownPermissionProviderScope {
 export declare type PermissionProviderScope = string;
 /** Known values of {@link SettingType} that the service accepts. */
 export declare enum KnownSettingType {
+    /** CopyableLabel */
     CopyableLabel = "CopyableLabel",
+    /** InstructionStepsGroup */
     InstructionStepsGroup = "InstructionStepsGroup",
+    /** InfoMessage */
     InfoMessage = "InfoMessage"
 }
 /**
@@ -7049,6 +8014,28 @@ export declare enum KnownFileHashAlgorithm {
  * **SHA256AC**: SHA256 Authenticode hash type
  */
 export declare type FileHashAlgorithm = string;
+/** Known values of {@link DeviceImportance} that the service accepts. */
+export declare enum KnownDeviceImportance {
+    /** Unknown - Default value */
+    Unknown = "Unknown",
+    /** Low */
+    Low = "Low",
+    /** Normal */
+    Normal = "Normal",
+    /** High */
+    High = "High"
+}
+/**
+ * Defines values for DeviceImportance. \
+ * {@link KnownDeviceImportance} can be used interchangeably with DeviceImportance,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Unknown**: Unknown - Default value \
+ * **Low**: Low \
+ * **Normal**: Normal \
+ * **High**: High
+ */
+export declare type DeviceImportance = string;
 /** Known values of {@link AntispamMailDirection} that the service accepts. */
 export declare enum KnownAntispamMailDirection {
     /** Unknown */
@@ -7454,7 +8441,7 @@ export declare type EntityRelationsGetRelationResponse = Relation;
 /** Optional parameters. */
 export interface EntityQueriesListOptionalParams extends coreClient.OperationOptions {
     /** The entity query kind we want to fetch */
-    kind?: Enum12;
+    kind?: Enum13;
 }
 /** Contains response data for the list operation. */
 export declare type EntityQueriesListResponse = EntityQueryList;
@@ -7474,7 +8461,7 @@ export interface EntityQueriesDeleteOptionalParams extends coreClient.OperationO
 /** Optional parameters. */
 export interface EntityQueriesListNextOptionalParams extends coreClient.OperationOptions {
     /** The entity query kind we want to fetch */
-    kind?: Enum12;
+    kind?: Enum13;
 }
 /** Contains response data for the listNext operation. */
 export declare type EntityQueriesListNextResponse = EntityQueryList;
@@ -7494,6 +8481,51 @@ export interface EntityQueryTemplatesListNextOptionalParams extends coreClient.O
 /** Contains response data for the listNext operation. */
 export declare type EntityQueryTemplatesListNextResponse = EntityQueryTemplateList;
 /** Optional parameters. */
+export interface FileImportsListOptionalParams extends coreClient.OperationOptions {
+    /** Filters the results, based on a Boolean condition. Optional. */
+    filter?: string;
+    /** Sorts the results. Optional. */
+    orderby?: string;
+    /** Returns only the first n results. Optional. */
+    top?: number;
+    /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */
+    skipToken?: string;
+}
+/** Contains response data for the list operation. */
+export declare type FileImportsListResponse = FileImportList;
+/** Optional parameters. */
+export interface FileImportsGetOptionalParams extends coreClient.OperationOptions {
+}
+/** Contains response data for the get operation. */
+export declare type FileImportsGetResponse = FileImport;
+/** Optional parameters. */
+export interface FileImportsCreateOptionalParams extends coreClient.OperationOptions {
+}
+/** Contains response data for the create operation. */
+export declare type FileImportsCreateResponse = FileImport;
+/** Optional parameters. */
+export interface FileImportsDeleteOptionalParams extends coreClient.OperationOptions {
+    /** Delay to wait until next poll, in milliseconds. */
+    updateIntervalInMs?: number;
+    /** A serialized poller which can be used to resume an existing paused Long-Running-Operation. */
+    resumeFrom?: string;
+}
+/** Contains response data for the delete operation. */
+export declare type FileImportsDeleteResponse = FileImport;
+/** Optional parameters. */
+export interface FileImportsListNextOptionalParams extends coreClient.OperationOptions {
+    /** Filters the results, based on a Boolean condition. Optional. */
+    filter?: string;
+    /** Sorts the results. Optional. */
+    orderby?: string;
+    /** Returns only the first n results. Optional. */
+    top?: number;
+    /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */
+    skipToken?: string;
+}
+/** Contains response data for the listNext operation. */
+export declare type FileImportsListNextResponse = FileImportList;
+/** Optional parameters. */
 export interface IncidentCommentsListOptionalParams extends coreClient.OperationOptions {
     /** Filters the results, based on a Boolean condition. Optional. */
     filter?: string;
@@ -7654,6 +8686,29 @@ export interface SentinelOnboardingStatesListOptionalParams extends coreClient.O
 /** Contains response data for the list operation. */
 export declare type SentinelOnboardingStatesListResponse = SentinelOnboardingStatesList;
 /** Optional parameters. */
+export interface SecurityMLAnalyticsSettingsListOptionalParams extends coreClient.OperationOptions {
+}
+/** Contains response data for the list operation. */
+export declare type SecurityMLAnalyticsSettingsListResponse = SecurityMLAnalyticsSettingsList;
+/** Optional parameters. */
+export interface SecurityMLAnalyticsSettingsGetOptionalParams extends coreClient.OperationOptions {
+}
+/** Contains response data for the get operation. */
+export declare type SecurityMLAnalyticsSettingsGetResponse = SecurityMLAnalyticsSettingUnion;
+/** Optional parameters. */
+export interface SecurityMLAnalyticsSettingsCreateOrUpdateOptionalParams extends coreClient.OperationOptions {
+}
+/** Contains response data for the createOrUpdate operation. */
+export declare type SecurityMLAnalyticsSettingsCreateOrUpdateResponse = SecurityMLAnalyticsSettingUnion;
+/** Optional parameters. */
+export interface SecurityMLAnalyticsSettingsDeleteOptionalParams extends coreClient.OperationOptions {
+}
+/** Optional parameters. */
+export interface SecurityMLAnalyticsSettingsListNextOptionalParams extends coreClient.OperationOptions {
+}
+/** Contains response data for the listNext operation. */
+export declare type SecurityMLAnalyticsSettingsListNextResponse = SecurityMLAnalyticsSettingsList;
+/** Optional parameters. */
 export interface ProductSettingsListOptionalParams extends coreClient.OperationOptions {
 }
 /** Contains response data for the list operation. */