@azure/arm-securityinsight 1.0.0-beta.3 → 1.0.0-beta.5

package/types/arm-securityinsight.d.ts

@@ -1,53 +1,65 @@
 import * as coreAuth from '@azure/core-auth';
 import * as coreClient from '@azure/core-client';
 import { PagedAsyncIterableIterator } from '@azure/core-paging';
+import { PollerLike } from '@azure/core-lro';
+import { PollOperationState } from '@azure/core-lro';
 
 /** Represents AAD (Azure Active Directory) requirements check request. */
-export declare type AADCheckRequirements = DataConnectorsCheckRequirements & {
+export declare interface AADCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "AzureActiveDirectory";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 
 /** AAD (Azure Active Directory) requirements check properties. */
-export declare type AADCheckRequirementsProperties = DataConnectorTenantId & {};
+export declare interface AADCheckRequirementsProperties extends DataConnectorTenantId {
+}
 
 /** Represents AAD (Azure Active Directory) data connector. */
-export declare type AADDataConnector = DataConnector & {
+export declare interface AADDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "AzureActiveDirectory";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: AlertsDataTypeOfDataConnector;
-};
+}
 
 /** AAD (Azure Active Directory) data connector properties. */
-export declare type AADDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {};
+export declare interface AADDataConnectorProperties extends DataConnectorTenantId, DataConnectorWithAlertsProperties {
+}
 
 /** Represents AATP (Azure Advanced Threat Protection) requirements check request. */
-export declare type AatpCheckRequirements = DataConnectorsCheckRequirements & {
+export declare interface AatpCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "AzureAdvancedThreatProtection";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 
 /** AATP (Azure Advanced Threat Protection) requirements check properties. */
-export declare type AatpCheckRequirementsProperties = DataConnectorTenantId & {};
+export declare interface AatpCheckRequirementsProperties extends DataConnectorTenantId {
+}
 
 /** Represents AATP (Azure Advanced Threat Protection) data connector. */
-export declare type AatpDataConnector = DataConnector & {
+export declare interface AatpDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "AzureAdvancedThreatProtection";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: AlertsDataTypeOfDataConnector;
-};
+}
 
 /** AATP (Azure Advanced Threat Protection) data connector properties. */
-export declare type AatpDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {};
+export declare interface AatpDataConnectorProperties extends DataConnectorTenantId, DataConnectorWithAlertsProperties {
+}
 
 /** Represents an account entity. */
-export declare type AccountEntity = Entity & {
+export declare interface AccountEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Account";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -120,10 +132,10 @@ export declare type AccountEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly dnsDomain?: string;
-};
+}
 
 /** Account entity property bag. */
-export declare type AccountEntityProperties = EntityCommonProperties & {
+export declare interface AccountEntityProperties extends EntityCommonProperties {
     /**
      * The Azure Active Directory tenant id.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -184,7 +196,7 @@ export declare type AccountEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly dnsDomain?: string;
-};
+}
 
 /** Action property bag base. */
 export declare interface ActionPropertiesBase {
@@ -193,32 +205,32 @@ export declare interface ActionPropertiesBase {
 }
 
 /** Action for alert rule. */
-export declare type ActionRequest = ResourceWithEtag & {
+export declare interface ActionRequest extends ResourceWithEtag {
     /** Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. */
     logicAppResourceId?: string;
     /** Logic App Callback URL for this specific workflow. */
     triggerUri?: string;
-};
+}
 
 /** Action property bag. */
-export declare type ActionRequestProperties = ActionPropertiesBase & {
+export declare interface ActionRequestProperties extends ActionPropertiesBase {
     /** Logic App Callback URL for this specific workflow. */
     triggerUri: string;
-};
+}
 
 /** Action for alert rule. */
-export declare type ActionResponse = ResourceWithEtag & {
+export declare interface ActionResponse extends ResourceWithEtag {
     /** Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. */
     logicAppResourceId?: string;
     /** The name of the logic app's workflow. */
     workflowId?: string;
-};
+}
 
 /** Action property bag. */
-export declare type ActionResponseProperties = ActionPropertiesBase & {
+export declare interface ActionResponseProperties extends ActionPropertiesBase {
     /** The name of the logic app's workflow. */
     workflowId?: string;
-};
+}
 
 /** Interface representing a Actions. */
 export declare interface Actions {
@@ -314,7 +326,9 @@ export declare type ActionsListByAlertRuleResponse = ActionsList;
 export declare type ActionType = string;
 
 /** Represents Activity entity query. */
-export declare type ActivityCustomEntityQuery = CustomEntityQuery & {
+export declare interface ActivityCustomEntityQuery extends CustomEntityQuery {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Activity";
     /** The entity query title */
     title?: string;
     /** The entity query content to display in timeline */
@@ -345,7 +359,7 @@ export declare type ActivityCustomEntityQuery = CustomEntityQuery & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly lastModifiedTimeUtc?: Date;
-};
+}
 
 /** The Activity query definitions */
 export declare interface ActivityEntityQueriesPropertiesQueryDefinitions {
@@ -354,7 +368,9 @@ export declare interface ActivityEntityQueriesPropertiesQueryDefinitions {
 }
 
 /** Represents Activity entity query. */
-export declare type ActivityEntityQuery = EntityQuery & {
+export declare interface ActivityEntityQuery extends EntityQuery {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Activity";
     /** The entity query title */
     title?: string;
     /** The entity query content to display in timeline */
@@ -385,10 +401,12 @@ export declare type ActivityEntityQuery = EntityQuery & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly lastModifiedTimeUtc?: Date;
-};
+}
 
 /** Represents Activity entity query. */
-export declare type ActivityEntityQueryTemplate = EntityQueryTemplate & {
+export declare interface ActivityEntityQueryTemplate extends EntityQueryTemplate {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Activity";
     /** The entity query title */
     title?: string;
     /** The entity query content to display in timeline */
@@ -407,7 +425,7 @@ export declare type ActivityEntityQueryTemplate = EntityQueryTemplate & {
     entitiesFilter?: {
         [propertyName: string]: string[];
     };
-};
+}
 
 /** The Activity query definitions */
 export declare interface ActivityEntityQueryTemplatePropertiesQueryDefinitions {
@@ -418,7 +436,7 @@ export declare interface ActivityEntityQueryTemplatePropertiesQueryDefinitions {
 }
 
 /** Represents Activity timeline item. */
-export declare type ActivityTimelineItem = EntityTimelineItem & {
+export declare interface ActivityTimelineItem extends EntityTimelineItem {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "Activity";
     /** The activity query id. */
@@ -435,7 +453,7 @@ export declare type ActivityTimelineItem = EntityTimelineItem & {
     content: string;
     /** The activity timeline title. */
     title: string;
-};
+}
 
 /**
  * Defines values for AlertDetail. \
@@ -460,10 +478,10 @@ export declare interface AlertDetailsOverride {
 }
 
 /** Alert rule. */
-export declare type AlertRule = ResourceWithEtag & {
+export declare interface AlertRule extends ResourceWithEtag {
     /** The kind of the alert rule */
     kind: AlertRuleKind;
-};
+}
 
 /**
  * Defines values for AlertRuleKind. \
@@ -559,10 +577,10 @@ export declare interface AlertRulesListOptionalParams extends coreClient.Operati
 export declare type AlertRulesListResponse = AlertRulesList;
 
 /** Alert rule template. */
-export declare type AlertRuleTemplate = Resource & {
+export declare interface AlertRuleTemplate extends Resource {
     /** The kind of the alert rule */
     kind: AlertRuleKind;
-};
+}
 
 /** alert rule template data sources */
 export declare interface AlertRuleTemplateDataSource {
@@ -650,12 +668,12 @@ export declare type AlertRuleTemplatesListResponse = AlertRuleTemplatesList;
 export declare type AlertRuleTemplateUnion = AlertRuleTemplate | MLBehaviorAnalyticsAlertRuleTemplate | FusionAlertRuleTemplate | ThreatIntelligenceAlertRuleTemplate | MicrosoftSecurityIncidentCreationAlertRuleTemplate | ScheduledAlertRuleTemplate | NrtAlertRuleTemplate;
 
 /** Alert rule template with MITRE property bag. */
-export declare type AlertRuleTemplateWithMitreProperties = AlertRuleTemplatePropertiesBase & {
+export declare interface AlertRuleTemplateWithMitreProperties extends AlertRuleTemplatePropertiesBase {
     /** The tactics of the alert rule */
     tactics?: AttackTactic[];
     /** The techniques of the alert rule */
     techniques?: string[];
-};
+}
 
 export declare type AlertRuleUnion = AlertRule | MLBehaviorAnalyticsAlertRule | FusionAlertRule | ThreatIntelligenceAlertRule | MicrosoftSecurityIncidentCreationAlertRule | ScheduledAlertRule | NrtAlertRule;
 
@@ -691,13 +709,80 @@ export declare type AlertSeverity = string;
 export declare type AlertStatus = string;
 
 /** Settings with single toggle. */
-export declare type Anomalies = Settings & {
+export declare interface Anomalies extends Settings {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Anomalies";
     /**
      * Determines whether the setting is enable or disabled.
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly isEnabled?: boolean;
-};
+}
+
+/** Represents Anomaly Security ML Analytics Settings */
+export declare interface AnomalySecurityMLAnalyticsSettings extends SecurityMLAnalyticsSetting {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Anomaly";
+    /** The description of the SecurityMLAnalyticsSettings. */
+    description?: string;
+    /** The display name for settings created by this SecurityMLAnalyticsSettings. */
+    displayName?: string;
+    /** Determines whether this settings is enabled or disabled. */
+    enabled?: boolean;
+    /**
+     * The last time that this SecurityMLAnalyticsSettings has been modified.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly lastModifiedUtc?: Date;
+    /** The required data sources for this SecurityMLAnalyticsSettings */
+    requiredDataConnectors?: SecurityMLAnalyticsSettingsDataSource[];
+    /** The tactics of the SecurityMLAnalyticsSettings */
+    tactics?: AttackTactic[];
+    /** The techniques of the SecurityMLAnalyticsSettings */
+    techniques?: string[];
+    /** The anomaly version of the AnomalySecurityMLAnalyticsSettings. */
+    anomalyVersion?: string;
+    /** The customizable observations of the AnomalySecurityMLAnalyticsSettings. */
+    customizableObservations?: Record<string, unknown>;
+    /** The frequency that this SecurityMLAnalyticsSettings will be run. */
+    frequency?: string;
+    /** The anomaly SecurityMLAnalyticsSettings status */
+    settingsStatus?: SettingsStatus;
+    /** Determines whether this anomaly security ml analytics settings is a default settings */
+    isDefaultSettings?: boolean;
+    /** The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not. */
+    anomalySettingsVersion?: number;
+    /** The anomaly settings definition Id */
+    settingsDefinitionId?: string;
+}
+
+/** Represents anomaly timeline item. */
+export declare interface AnomalyTimelineItem extends EntityTimelineItem {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Anomaly";
+    /** The anomaly azure resource id. */
+    azureResourceId: string;
+    /** The anomaly product name. */
+    productName?: string;
+    /** The anomaly description. */
+    description?: string;
+    /** The anomaly name. */
+    displayName: string;
+    /** The anomaly end time. */
+    endTimeUtc: Date;
+    /** The anomaly start time. */
+    startTimeUtc: Date;
+    /** The anomaly generated time. */
+    timeGenerated: Date;
+    /** The name of the anomaly vendor. */
+    vendor?: string;
+    /** The intent of the anomaly. */
+    intent?: string;
+    /** The techniques of the anomaly. */
+    techniques?: string[];
+    /** The reasons that cause the anomaly. */
+    reasons?: string[];
+}
 
 /**
  * Defines values for AntispamMailDirection. \
@@ -712,26 +797,28 @@ export declare type Anomalies = Settings & {
 export declare type AntispamMailDirection = string;
 
 /** Represents ASC (Azure Security Center) requirements check request. */
-export declare type ASCCheckRequirements = DataConnectorsCheckRequirements & {
+export declare interface ASCCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "AzureSecurityCenter";
     /** The subscription id to connect to, and get the data from. */
     subscriptionId?: string;
-};
+}
 
 /** Represents ASC (Azure Security Center) data connector. */
-export declare type ASCDataConnector = DataConnector & {
+export declare interface ASCDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "AzureSecurityCenter";
     /** The available data types for the connector. */
     dataTypes?: AlertsDataTypeOfDataConnector;
     /** The subscription id to connect to, and get the data from. */
     subscriptionId?: string;
-};
+}
 
 /** ASC (Azure Security Center) data connector properties. */
-export declare type ASCDataConnectorProperties = DataConnectorWithAlertsProperties & {
+export declare interface ASCDataConnectorProperties extends DataConnectorWithAlertsProperties {
     /** The subscription id to connect to, and get the data from. */
     subscriptionId?: string;
-};
+}
 
 /**
  * Defines values for AttackTactic. \
@@ -758,22 +845,22 @@ export declare type ASCDataConnectorProperties = DataConnectorWithAlertsProperti
  */
 export declare type AttackTactic = string;
 
-export declare type AutomationRule = ResourceWithEtag & {
-    /** The display name of the automation rule */
+export declare interface AutomationRule extends ResourceWithEtag {
+    /** The display name of the automation rule. */
     displayName: string;
-    /** The order of execution of the automation rule */
+    /** The order of execution of the automation rule. */
     order: number;
-    /** Describes automation rule triggering logic */
+    /** Describes automation rule triggering logic. */
     triggeringLogic: AutomationRuleTriggeringLogic;
-    /** The actions to execute when the automation rule is triggered */
+    /** The actions to execute when the automation rule is triggered. */
     actions: AutomationRuleActionUnion[];
     /**
-     * The last time the automation rule was updated
+     * The last time the automation rule was updated.
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly lastModifiedTimeUtc?: Date;
     /**
-     * The time the automation rule was created
+     * The time the automation rule was created.
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly createdTimeUtc?: Date;
@@ -787,9 +874,9 @@ export declare type AutomationRule = ResourceWithEtag & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly createdBy?: ClientInfo;
-};
+}
 
-/** Describes an automation rule action */
+/** Describes an automation rule action. */
 export declare interface AutomationRuleAction {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     actionType: "ModifyProperties" | "RunPlaybook";
@@ -798,20 +885,107 @@ export declare interface AutomationRuleAction {
 
 export declare type AutomationRuleActionUnion = AutomationRuleAction | AutomationRuleModifyPropertiesAction | AutomationRuleRunPlaybookAction;
 
-/** Describes an automation rule condition */
+export declare interface AutomationRuleBooleanCondition {
+    operator?: AutomationRuleBooleanConditionSupportedOperator;
+    innerConditions?: AutomationRuleConditionUnion[];
+}
+
+/**
+ * Defines values for AutomationRuleBooleanConditionSupportedOperator. \
+ * {@link KnownAutomationRuleBooleanConditionSupportedOperator} can be used interchangeably with AutomationRuleBooleanConditionSupportedOperator,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **And**: Evaluates as true if all the item conditions are evaluated as true \
+ * **Or**: Evaluates as true if at least one of the item conditions are evaluated as true
+ */
+export declare type AutomationRuleBooleanConditionSupportedOperator = string;
+
+/** Describes an automation rule condition. */
 export declare interface AutomationRuleCondition {
     /** Polymorphic discriminator, which specifies the different types this object can be */
-    conditionType: "Property";
+    conditionType: "Boolean" | "PropertyArrayChanged" | "PropertyArray" | "PropertyChanged" | "Property";
 }
 
-export declare type AutomationRuleConditionUnion = AutomationRuleCondition | PropertyConditionProperties;
+export declare type AutomationRuleConditionUnion = AutomationRuleCondition | BooleanConditionProperties | PropertyArrayChangedConditionProperties | PropertyArrayConditionProperties | PropertyChangedConditionProperties | PropertyConditionProperties;
 
 /** Describes an automation rule action to modify an object's properties */
-export declare type AutomationRuleModifyPropertiesAction = AutomationRuleAction & {
+export declare interface AutomationRuleModifyPropertiesAction extends AutomationRuleAction {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     actionType: "ModifyProperties";
     actionConfiguration?: IncidentPropertiesAction;
-};
+}
+
+/**
+ * Defines values for AutomationRulePropertyArrayChangedConditionSupportedArrayType. \
+ * {@link KnownAutomationRulePropertyArrayChangedConditionSupportedArrayType} can be used interchangeably with AutomationRulePropertyArrayChangedConditionSupportedArrayType,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Alerts**: Evaluate the condition on the alerts \
+ * **Labels**: Evaluate the condition on the labels \
+ * **Tactics**: Evaluate the condition on the tactics \
+ * **Comments**: Evaluate the condition on the comments
+ */
+export declare type AutomationRulePropertyArrayChangedConditionSupportedArrayType = string;
+
+/**
+ * Defines values for AutomationRulePropertyArrayChangedConditionSupportedChangeType. \
+ * {@link KnownAutomationRulePropertyArrayChangedConditionSupportedChangeType} can be used interchangeably with AutomationRulePropertyArrayChangedConditionSupportedChangeType,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Added**: Evaluate the condition on items added to the array
+ */
+export declare type AutomationRulePropertyArrayChangedConditionSupportedChangeType = string;
+
+export declare interface AutomationRulePropertyArrayChangedValuesCondition {
+    arrayType?: AutomationRulePropertyArrayChangedConditionSupportedArrayType;
+    changeType?: AutomationRulePropertyArrayChangedConditionSupportedChangeType;
+}
+
+/**
+ * Defines values for AutomationRulePropertyArrayConditionSupportedArrayConditionType. \
+ * {@link KnownAutomationRulePropertyArrayConditionSupportedArrayConditionType} can be used interchangeably with AutomationRulePropertyArrayConditionSupportedArrayConditionType,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **AnyItem**: Evaluate the condition as true if any item fulfills it
+ */
+export declare type AutomationRulePropertyArrayConditionSupportedArrayConditionType = string;
+
+/**
+ * Defines values for AutomationRulePropertyArrayConditionSupportedArrayType. \
+ * {@link KnownAutomationRulePropertyArrayConditionSupportedArrayType} can be used interchangeably with AutomationRulePropertyArrayConditionSupportedArrayType,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **CustomDetails**: Evaluate the condition on the custom detail keys \
+ * **CustomDetailValues**: Evaluate the condition on a custom detail's values
+ */
+export declare type AutomationRulePropertyArrayConditionSupportedArrayType = string;
+
+export declare interface AutomationRulePropertyArrayValuesCondition {
+    arrayType?: AutomationRulePropertyArrayConditionSupportedArrayType;
+    arrayConditionType?: AutomationRulePropertyArrayConditionSupportedArrayConditionType;
+    itemConditions?: AutomationRuleConditionUnion[];
+}
+
+/**
+ * Defines values for AutomationRulePropertyChangedConditionSupportedChangedType. \
+ * {@link KnownAutomationRulePropertyChangedConditionSupportedChangedType} can be used interchangeably with AutomationRulePropertyChangedConditionSupportedChangedType,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **ChangedFrom**: Evaluate the condition on the previous value of the property \
+ * **ChangedTo**: Evaluate the condition on the updated value of the property
+ */
+export declare type AutomationRulePropertyChangedConditionSupportedChangedType = string;
+
+/**
+ * Defines values for AutomationRulePropertyChangedConditionSupportedPropertyType. \
+ * {@link KnownAutomationRulePropertyChangedConditionSupportedPropertyType} can be used interchangeably with AutomationRulePropertyChangedConditionSupportedPropertyType,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **IncidentSeverity**: Evaluate the condition on the incident severity \
+ * **IncidentStatus**: Evaluate the condition on the incident status \
+ * **IncidentOwner**: Evaluate the condition on the incident owner
+ */
+export declare type AutomationRulePropertyChangedConditionSupportedPropertyType = string;
 
 /**
  * Defines values for AutomationRulePropertyConditionSupportedOperator. \
@@ -842,6 +1016,9 @@ export declare type AutomationRulePropertyConditionSupportedOperator = string;
  * **IncidentTactics**: The tactics of the incident \
  * **IncidentLabel**: The labels of the incident \
  * **IncidentProviderName**: The provider name of the incident \
+ * **IncidentUpdatedBySource**: The update source of the incident \
+ * **IncidentCustomDetailsKey**: The incident custom detail key \
+ * **IncidentCustomDetailsValue**: The incident custom detail value \
  * **AccountAadTenantId**: The account Azure Active Directory tenant id \
  * **AccountAadUserId**: The account Azure Active Directory user id \
  * **AccountName**: The account name \
@@ -851,6 +1028,7 @@ export declare type AutomationRulePropertyConditionSupportedOperator = string;
  * **AccountObjectGuid**: The account unique identifier \
  * **AccountUPNSuffix**: The account user principal name suffix \
  * **AlertProductNames**: The name of the product of the alert \
+ * **AlertAnalyticRuleIds**: The analytic rule ids of the alert \
  * **AzureResourceResourceId**: The Azure resource id \
  * **AzureResourceSubscriptionId**: The Azure resource subscription id \
  * **CloudApplicationAppId**: The cloud application identifier \
@@ -891,19 +1069,26 @@ export declare type AutomationRulePropertyConditionSupportedOperator = string;
  */
 export declare type AutomationRulePropertyConditionSupportedProperty = string;
 
+export declare interface AutomationRulePropertyValuesChangedCondition {
+    propertyName?: AutomationRulePropertyChangedConditionSupportedPropertyType;
+    changeType?: AutomationRulePropertyChangedConditionSupportedChangedType;
+    operator?: AutomationRulePropertyConditionSupportedOperator;
+    propertyValues?: string[];
+}
+
 export declare interface AutomationRulePropertyValuesCondition {
-    /** The property to evaluate in an automation rule property condition */
+    /** The property to evaluate in an automation rule property condition. */
     propertyName?: AutomationRulePropertyConditionSupportedProperty;
     operator?: AutomationRulePropertyConditionSupportedOperator;
     propertyValues?: string[];
 }
 
 /** Describes an automation rule action to run a playbook */
-export declare type AutomationRuleRunPlaybookAction = AutomationRuleAction & {
+export declare interface AutomationRuleRunPlaybookAction extends AutomationRuleAction {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     actionType: "RunPlaybook";
     actionConfiguration?: PlaybookActionProperties;
-};
+}
 
 /** Interface representing a AutomationRules. */
 export declare interface AutomationRules {
@@ -982,15 +1167,15 @@ export declare interface AutomationRulesListOptionalParams extends coreClient.Op
 /** Contains response data for the list operation. */
 export declare type AutomationRulesListResponse = AutomationRulesList;
 
-/** Describes automation rule triggering logic */
+/** Describes automation rule triggering logic. */
 export declare interface AutomationRuleTriggeringLogic {
-    /** Determines whether the automation rule is enabled or disabled */
+    /** Determines whether the automation rule is enabled or disabled. */
     isEnabled: boolean;
     /** Determines when the automation rule should automatically expire and be disabled. */
     expirationTimeUtc?: Date;
     triggersOn: TriggersOn;
     triggersWhen: TriggersWhen;
-    /** The conditions to evaluate to determine if the automation rule should be triggered on a given object */
+    /** The conditions to evaluate to determine if the automation rule should be triggered on a given object. */
     conditions?: AutomationRuleConditionUnion[];
 }
 
@@ -1003,18 +1188,20 @@ export declare interface Availability {
 }
 
 /** Amazon Web Services CloudTrail requirements check request. */
-export declare type AwsCloudTrailCheckRequirements = DataConnectorsCheckRequirements & {
+export declare interface AwsCloudTrailCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "AmazonWebServicesCloudTrail";
-};
+}
 
 /** Represents Amazon Web Services CloudTrail data connector. */
-export declare type AwsCloudTrailDataConnector = DataConnector & {
+export declare interface AwsCloudTrailDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "AmazonWebServicesCloudTrail";
     /** The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. */
     awsRoleArn?: string;
     /** The available data types for the connector. */
     dataTypes?: AwsCloudTrailDataConnectorDataTypes;
-};
+}
 
 /** The available data types for Amazon Web Services CloudTrail data connector. */
 export declare interface AwsCloudTrailDataConnectorDataTypes {
@@ -1023,16 +1210,19 @@ export declare interface AwsCloudTrailDataConnectorDataTypes {
 }
 
 /** Logs data type. */
-export declare type AwsCloudTrailDataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {};
+export declare interface AwsCloudTrailDataConnectorDataTypesLogs extends DataConnectorDataTypeCommon {
+}
 
 /** Amazon Web Services S3 requirements check request. */
-export declare type AwsS3CheckRequirements = DataConnectorsCheckRequirements & {
+export declare interface AwsS3CheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "AmazonWebServicesS3";
-};
+}
 
 /** Represents Amazon Web Services S3 data connector. */
-export declare type AwsS3DataConnector = DataConnector & {
+export declare interface AwsS3DataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "AmazonWebServicesS3";
     /** The logs destination table name in LogAnalytics. */
     destinationTable?: string;
     /** The AWS sqs urls for the connector. */
@@ -1041,7 +1231,7 @@ export declare type AwsS3DataConnector = DataConnector & {
     roleArn?: string;
     /** The available data types for the connector. */
     dataTypes?: AwsS3DataConnectorDataTypes;
-};
+}
 
 /** The available data types for Amazon Web Services S3 data connector. */
 export declare interface AwsS3DataConnectorDataTypes {
@@ -1050,7 +1240,8 @@ export declare interface AwsS3DataConnectorDataTypes {
 }
 
 /** Logs data type. */
-export declare type AwsS3DataConnectorDataTypesLogs = DataConnectorDataTypeCommon & {};
+export declare interface AwsS3DataConnectorDataTypesLogs extends DataConnectorDataTypeCommon {
+}
 
 /** Resources created in Azure DevOps repository. */
 export declare interface AzureDevOpsResourceInfo {
@@ -1061,7 +1252,9 @@ export declare interface AzureDevOpsResourceInfo {
 }
 
 /** Represents an azure resource entity. */
-export declare type AzureResourceEntity = Entity & {
+export declare interface AzureResourceEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "AzureResource";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -1084,10 +1277,10 @@ export declare type AzureResourceEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly subscriptionId?: string;
-};
+}
 
 /** AzureResource entity property bag. */
-export declare type AzureResourceEntityProperties = EntityCommonProperties & {
+export declare interface AzureResourceEntityProperties extends EntityCommonProperties {
     /**
      * The azure resource id of the resource
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -1098,10 +1291,10 @@ export declare type AzureResourceEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly subscriptionId?: string;
-};
+}
 
 /** Represents a bookmark in Azure Security Insights. */
-export declare type Bookmark = ResourceWithEtag & {
+export declare interface Bookmark extends ResourceWithEtag {
     /** The time the bookmark was created */
     created?: Date;
     /** Describes a user that created the bookmark */
@@ -1134,7 +1327,7 @@ export declare type Bookmark = ResourceWithEtag & {
     tactics?: AttackTactic[];
     /** A list of relevant mitre techniques */
     techniques?: string[];
-};
+}
 
 /** Describes the entity mappings of a single entity */
 export declare interface BookmarkEntityMappings {
@@ -1358,7 +1551,7 @@ export declare interface BookmarksListOptionalParams extends coreClient.Operatio
 export declare type BookmarksListResponse = BookmarkList;
 
 /** Represents bookmark timeline item. */
-export declare type BookmarkTimelineItem = EntityTimelineItem & {
+export declare interface BookmarkTimelineItem extends EntityTimelineItem {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "Bookmark";
     /** The bookmark azure resource id. */
@@ -1377,7 +1570,14 @@ export declare type BookmarkTimelineItem = EntityTimelineItem & {
     createdBy?: UserInfo;
     /** List of labels relevant to this bookmark */
     labels?: string[];
-};
+}
+
+/** Describes an automation rule condition that applies a boolean operator (e.g AND, OR) to conditions */
+export declare interface BooleanConditionProperties extends AutomationRuleCondition {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    conditionType: "Boolean";
+    conditionProperties?: AutomationRuleBooleanCondition;
+}
 
 /** Information on the client (user or application) that made some action */
 export declare interface ClientInfo {
@@ -1392,7 +1592,9 @@ export declare interface ClientInfo {
 }
 
 /** Represents a cloud application entity. */
-export declare type CloudApplicationEntity = Entity & {
+export declare interface CloudApplicationEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "CloudApplication";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -1420,10 +1622,10 @@ export declare type CloudApplicationEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly instanceName?: string;
-};
+}
 
 /** CloudApplication entity property bag. */
-export declare type CloudApplicationEntityProperties = EntityCommonProperties & {
+export declare interface CloudApplicationEntityProperties extends EntityCommonProperties {
     /**
      * The technical identifier of the application.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -1439,7 +1641,7 @@ export declare type CloudApplicationEntityProperties = EntityCommonProperties &
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly instanceName?: string;
-};
+}
 
 /** Error response structure. */
 export declare interface CloudError {
@@ -1462,12 +1664,14 @@ export declare interface CloudErrorBody {
 }
 
 /** Represents Codeless API Polling data connector. */
-export declare type CodelessApiPollingDataConnector = DataConnector & {
+export declare interface CodelessApiPollingDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "APIPolling";
     /** Config to describe the instructions blade */
     connectorUiConfig?: CodelessUiConnectorConfigProperties;
     /** Config to describe the polling instructions */
     pollingConfig?: CodelessConnectorPollingConfigProperties;
-};
+}
 
 /** Describe the authentication properties needed to successfully authenticate with the server */
 export declare interface CodelessConnectorPollingAuthProperties {
@@ -1603,28 +1807,39 @@ export declare interface CodelessUiConnectorConfigProperties {
     instructionSteps: CodelessUiConnectorConfigPropertiesInstructionStepsItem[];
 }
 
-export declare type CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem = ConnectivityCriteria & {};
+export declare interface CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem extends ConnectivityCriteria {
+}
 
-export declare type CodelessUiConnectorConfigPropertiesDataTypesItem = LastDataReceivedDataType & {};
+export declare interface CodelessUiConnectorConfigPropertiesDataTypesItem extends LastDataReceivedDataType {
+}
 
-export declare type CodelessUiConnectorConfigPropertiesGraphQueriesItem = GraphQueries & {};
+export declare interface CodelessUiConnectorConfigPropertiesGraphQueriesItem extends GraphQueries {
+}
 
-export declare type CodelessUiConnectorConfigPropertiesInstructionStepsItem = InstructionSteps & {};
+export declare interface CodelessUiConnectorConfigPropertiesInstructionStepsItem extends InstructionSteps {
+}
 
-export declare type CodelessUiConnectorConfigPropertiesSampleQueriesItem = SampleQueries & {};
+export declare interface CodelessUiConnectorConfigPropertiesSampleQueriesItem extends SampleQueries {
+}
 
 /** Represents Codeless UI data connector. */
-export declare type CodelessUiDataConnector = DataConnector & {
+export declare interface CodelessUiDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "GenericUI";
     /** Config to describe the instructions blade */
     connectorUiConfig?: CodelessUiConnectorConfigProperties;
-};
+}
 
 /**
  * Defines values for ConditionType. \
  * {@link KnownConditionType} can be used interchangeably with ConditionType,
  *  this enum contains the known values that the service supports.
  * ### Known values supported by the service
- * **Property**: Evaluate an object property value
+ * **Property**: Evaluate an object property value \
+ * **PropertyArray**: Evaluate an object array property value \
+ * **PropertyChanged**: Evaluate an object property changed value \
+ * **PropertyArrayChanged**: Evaluate an object array property changed value \
+ * **Boolean**: Apply a boolean operator (e.g AND, OR) to conditions
  */
 export declare type ConditionType = string;
 
@@ -1726,10 +1941,10 @@ export declare type ContentType = string;
 export declare type CreatedByType = string;
 
 /** Specific entity query that supports put requests. */
-export declare type CustomEntityQuery = ResourceWithEtag & {
+export declare interface CustomEntityQuery extends ResourceWithEtag {
     /** the entity query kind */
     kind: CustomEntityQueryKind;
-};
+}
 
 /**
  * Defines values for CustomEntityQueryKind. \
@@ -1743,7 +1958,8 @@ export declare type CustomEntityQueryKind = string;
 export declare type CustomEntityQueryUnion = CustomEntityQuery | ActivityCustomEntityQuery;
 
 /** Customs permissions required for the connector */
-export declare type Customs = CustomsPermission & {};
+export declare interface Customs extends CustomsPermission {
+}
 
 /** Customs permissions required for the connector */
 export declare interface CustomsPermission {
@@ -1754,10 +1970,10 @@ export declare interface CustomsPermission {
 }
 
 /** Data connector */
-export declare type DataConnector = ResourceWithEtag & {
+export declare interface DataConnector extends ResourceWithEtag {
     /** The data connector kind */
     kind: DataConnectorKind;
-};
+}
 
 /**
  * Defines values for DataConnectorAuthorizationState. \
@@ -1775,6 +1991,12 @@ export declare interface DataConnectorConnectBody {
     kind?: ConnectAuthKind;
     /** The API key of the audit server. */
     apiKey?: string;
+    /** Used in v2 logs connector. Represents the data collection ingestion endpoint in log analytics. */
+    dataCollectionEndpoint?: string;
+    /** Used in v2 logs connector. The data collection rule immutable id, the rule defines the transformation and data destination. */
+    dataCollectionRuleImmutableId?: string;
+    /** Used in v2 logs connector. The stream we are sending the data to, this is the name of the streamDeclarations defined in the DCR. */
+    outputStream?: string;
     /** The client secret of the OAuth 2.0 application. */
     clientSecret?: string;
     /** The client id of the OAuth 2.0 application. */
@@ -2002,6 +2224,17 @@ export declare interface DataTypeDefinitions {
  */
 export declare type DataTypeState = string;
 
+/**
+ * Defines values for DeleteStatus. \
+ * {@link KnownDeleteStatus} can be used interchangeably with DeleteStatus,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Deleted**: The file was deleted. \
+ * **NotDeleted**: The file was not deleted. \
+ * **Unspecified**: Unspecified
+ */
+export declare type DeleteStatus = string;
+
 /** Defines values for DeliveryAction. */
 export declare type DeliveryAction = "Unknown" | "DeliveredAsSpam" | "Delivered" | "Blocked" | "Replaced";
 
@@ -2066,8 +2299,22 @@ export declare type DeploymentResult = string;
  */
 export declare type DeploymentState = string;
 
+/**
+ * Defines values for DeviceImportance. \
+ * {@link KnownDeviceImportance} can be used interchangeably with DeviceImportance,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Unknown**: Unknown - Default value \
+ * **Low**: Low \
+ * **Normal**: Normal \
+ * **High**: High
+ */
+export declare type DeviceImportance = string;
+
 /** Represents a dns entity. */
-export declare type DnsEntity = Entity & {
+export declare interface DnsEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "DnsResolution";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2100,10 +2347,10 @@ export declare type DnsEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly ipAddressEntityIds?: string[];
-};
+}
 
 /** Dns entity property bag. */
-export declare type DnsEntityProperties = EntityCommonProperties & {
+export declare interface DnsEntityProperties extends EntityCommonProperties {
     /**
      * An ip entity id for the dns server resolving the request
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -2124,7 +2371,7 @@ export declare type DnsEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly ipAddressEntityIds?: string[];
-};
+}
 
 /** Interface representing a DomainWhois. */
 export declare interface DomainWhois {
@@ -2145,23 +2392,26 @@ export declare interface DomainWhoisGetOptionalParams extends coreClient.Operati
 export declare type DomainWhoisGetResponse = EnrichmentDomainWhois;
 
 /** Represents Dynamics365 requirements check request. */
-export declare type Dynamics365CheckRequirements = DataConnectorsCheckRequirements & {
+export declare interface Dynamics365CheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "Dynamics365";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 
 /** Dynamics365 requirements check properties. */
-export declare type Dynamics365CheckRequirementsProperties = DataConnectorTenantId & {};
+export declare interface Dynamics365CheckRequirementsProperties extends DataConnectorTenantId {
+}
 
 /** Represents Dynamics365 data connector. */
-export declare type Dynamics365DataConnector = DataConnector & {
+export declare interface Dynamics365DataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Dynamics365";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: Dynamics365DataConnectorDataTypes;
-};
+}
 
 /** The available data types for Dynamics365 data connector. */
 export declare interface Dynamics365DataConnectorDataTypes {
@@ -2170,13 +2420,14 @@ export declare interface Dynamics365DataConnectorDataTypes {
 }
 
 /** Common Data Service data type connection. */
-export declare type Dynamics365DataConnectorDataTypesDynamics365CdsActivities = DataConnectorDataTypeCommon & {};
+export declare interface Dynamics365DataConnectorDataTypesDynamics365CdsActivities extends DataConnectorDataTypeCommon {
+}
 
 /** Dynamics365 data connector properties. */
-export declare type Dynamics365DataConnectorProperties = DataConnectorTenantId & {
+export declare interface Dynamics365DataConnectorProperties extends DataConnectorTenantId {
     /** The available data types for the connector. */
     dataTypes: Dynamics365DataConnectorDataTypes;
-};
+}
 
 /** Defines values for ElevationToken. */
 export declare type ElevationToken = "Default" | "Full" | "Limited";
@@ -2450,19 +2701,18 @@ export declare interface EntitiesRelationsListOptionalParams extends coreClient.
 export declare type EntitiesRelationsListResponse = RelationList;
 
 /** Specific entity. */
-export declare type Entity = Resource & {
+export declare interface Entity extends Resource {
     /** The kind of the entity. */
     kind: EntityKind;
-};
+}
 
 /** Settings with single toggle. */
-export declare type EntityAnalytics = Settings & {
-    /**
-     * Determines whether the setting is enable or disabled.
-     * NOTE: This property will not be serialized. It can only be populated by the server.
-     */
-    readonly isEnabled?: boolean;
-};
+export declare interface EntityAnalytics extends Settings {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "EntityAnalytics";
+    /** The relevant entity providers that are synced */
+    entityProviders?: EntityProviders[];
+}
 
 /** Entity common property bag. */
 export declare interface EntityCommonProperties {
@@ -2598,7 +2848,8 @@ export declare type EntityItemQueryKind = string;
  * **MailCluster**: Entity represents mail cluster in the system. \
  * **MailMessage**: Entity represents mail message in the system. \
  * **Mailbox**: Entity represents mailbox in the system. \
- * **SubmissionMail**: Entity represents submission mail in the system.
+ * **SubmissionMail**: Entity represents submission mail in the system. \
+ * **Nic**: Entity represents network interface in the system.
  */
 export declare type EntityKind = string;
 
@@ -2647,6 +2898,16 @@ export declare interface EntityMapping {
  */
 export declare type EntityMappingType = string;
 
+/**
+ * Defines values for EntityProviders. \
+ * {@link KnownEntityProviders} can be used interchangeably with EntityProviders,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **ActiveDirectory** \
+ * **AzureActiveDirectory**
+ */
+export declare type EntityProviders = string;
+
 /** Interface representing a EntityQueries. */
 export declare interface EntityQueries {
     /**
@@ -2704,7 +2965,7 @@ export declare type EntityQueriesGetResponse = EntityQueryUnion;
 /** Optional parameters. */
 export declare interface EntityQueriesListNextOptionalParams extends coreClient.OperationOptions {
     /** The entity query kind we want to fetch */
-    kind?: Enum12;
+    kind?: Enum13;
 }
 
 /** Contains response data for the listNext operation. */
@@ -2713,17 +2974,17 @@ export declare type EntityQueriesListNextResponse = EntityQueryList;
 /** Optional parameters. */
 export declare interface EntityQueriesListOptionalParams extends coreClient.OperationOptions {
     /** The entity query kind we want to fetch */
-    kind?: Enum12;
+    kind?: Enum13;
 }
 
 /** Contains response data for the list operation. */
 export declare type EntityQueriesListResponse = EntityQueryList;
 
 /** Specific entity query. */
-export declare type EntityQuery = ResourceWithEtag & {
+export declare interface EntityQuery extends ResourceWithEtag {
     /** the entity query kind */
     kind: EntityQueryKind;
-};
+}
 
 /** An abstract Query item for entity */
 export declare interface EntityQueryItem {
@@ -2782,10 +3043,10 @@ export declare interface EntityQueryList {
 }
 
 /** Specific entity query template. */
-export declare type EntityQueryTemplate = Resource & {
+export declare interface EntityQueryTemplate extends Resource {
     /** the entity query template kind */
     kind: EntityQueryTemplateKind;
-};
+}
 
 /**
  * Defines values for EntityQueryTemplateKind. \
@@ -2874,10 +3135,10 @@ export declare type EntityRelationsGetRelationResponse = Relation;
 /** Entity timeline Item. */
 export declare interface EntityTimelineItem {
     /** Polymorphic discriminator, which specifies the different types this object can be */
-    kind: "Activity" | "Bookmark" | "SecurityAlert";
+    kind: "Activity" | "Bookmark" | "Anomaly" | "SecurityAlert";
 }
 
-export declare type EntityTimelineItemUnion = EntityTimelineItem | ActivityTimelineItem | BookmarkTimelineItem | SecurityAlertTimelineItem;
+export declare type EntityTimelineItemUnion = EntityTimelineItem | ActivityTimelineItem | BookmarkTimelineItem | AnomalyTimelineItem | SecurityAlertTimelineItem;
 
 /**
  * Defines values for EntityTimelineKind. \
@@ -2886,7 +3147,8 @@ export declare type EntityTimelineItemUnion = EntityTimelineItem | ActivityTimel
  * ### Known values supported by the service
  * **Activity**: activity \
  * **Bookmark**: bookmarks \
- * **SecurityAlert**: security alerts
+ * **SecurityAlert**: security alerts \
+ * **Anomaly**: anomaly
  */
 export declare type EntityTimelineKind = string;
 
@@ -2935,21 +3197,22 @@ export declare interface EntityTimelineResponse {
  * **MailCluster**: Entity represents mail cluster in the system. \
  * **MailMessage**: Entity represents mail message in the system. \
  * **Mailbox**: Entity represents mailbox in the system. \
- * **SubmissionMail**: Entity represents submission mail in the system.
+ * **SubmissionMail**: Entity represents submission mail in the system. \
+ * **Nic**: Entity represents network interface in the system.
  */
 export declare type EntityType = string;
 
-export declare type EntityUnion = Entity | SecurityAlert | HuntingBookmark | AccountEntity | AzureResourceEntity | CloudApplicationEntity | DnsEntity | FileEntity | FileHashEntity | HostEntity | IoTDeviceEntity | IpEntity | MailboxEntity | MailClusterEntity | MailMessageEntity | MalwareEntity | ProcessEntity | RegistryKeyEntity | RegistryValueEntity | SecurityGroupEntity | SubmissionMailEntity | UrlEntity;
+export declare type EntityUnion = Entity | SecurityAlert | HuntingBookmark | AccountEntity | AzureResourceEntity | CloudApplicationEntity | DnsEntity | FileEntity | FileHashEntity | HostEntity | IoTDeviceEntity | IpEntity | MailboxEntity | MailClusterEntity | MailMessageEntity | MalwareEntity | ProcessEntity | RegistryKeyEntity | RegistryValueEntity | SecurityGroupEntity | SubmissionMailEntity | UrlEntity | NicEntity;
 
 /**
- * Defines values for Enum12. \
- * {@link KnownEnum12} can be used interchangeably with Enum12,
+ * Defines values for Enum13. \
+ * {@link KnownEnum13} can be used interchangeably with Enum13,
  *  this enum contains the known values that the service supports.
  * ### Known values supported by the service
  * **Expansion** \
  * **Activity**
  */
-export declare type Enum12 = string;
+export declare type Enum13 = string;
 
 /**
  * Defines values for EventGroupingAggregationKind. \
@@ -2968,7 +3231,9 @@ export declare interface EventGroupingSettings {
 }
 
 /** Represents Expansion entity query. */
-export declare type ExpansionEntityQuery = EntityQuery & {
+export declare interface ExpansionEntityQuery extends EntityQuery {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Expansion";
     /** List of the data sources that are required to run the query */
     dataSources?: string[];
     /** The query display name */
@@ -2981,7 +3246,7 @@ export declare type ExpansionEntityQuery = EntityQuery & {
     outputEntityTypes?: EntityType[];
     /** The template query string to be parsed and formatted */
     queryTemplate?: string;
-};
+}
 
 /** Information of a specific aggregation in the expansion result. */
 export declare interface ExpansionResultAggregation {
@@ -3002,13 +3267,15 @@ export declare interface ExpansionResultsMetadata {
 }
 
 /** Settings with single toggle. */
-export declare type EyesOn = Settings & {
+export declare interface EyesOn extends Settings {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "EyesOn";
     /**
      * Determines whether the setting is enable or disabled.
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly isEnabled?: boolean;
-};
+}
 
 /** A single field mapping of the mapped entity */
 export declare interface FieldMapping {
@@ -3019,7 +3286,9 @@ export declare interface FieldMapping {
 }
 
 /** Represents a file entity. */
-export declare type FileEntity = Entity & {
+export declare interface FileEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "File";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -3052,10 +3321,10 @@ export declare type FileEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly hostEntityId?: string;
-};
+}
 
 /** File entity property bag. */
-export declare type FileEntityProperties = EntityCommonProperties & {
+export declare interface FileEntityProperties extends EntityCommonProperties {
     /**
      * The full path to the file.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -3076,7 +3345,18 @@ export declare type FileEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly hostEntityId?: string;
-};
+}
+
+/**
+ * Defines values for FileFormat. \
+ * {@link KnownFileFormat} can be used interchangeably with FileFormat,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **CSV**: A CSV file. \
+ * **JSON**: A JSON file. \
+ * **Unspecified**: A file of other format.
+ */
+export declare type FileFormat = string;
 
 /**
  * Defines values for FileHashAlgorithm. \
@@ -3092,7 +3372,9 @@ export declare type FileEntityProperties = EntityCommonProperties & {
 export declare type FileHashAlgorithm = string;
 
 /** Represents a file hash entity. */
-export declare type FileHashEntity = Entity & {
+export declare interface FileHashEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "FileHash";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -3115,10 +3397,10 @@ export declare type FileHashEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly hashValue?: string;
-};
+}
 
 /** FileHash entity property bag. */
-export declare type FileHashEntityProperties = EntityCommonProperties & {
+export declare interface FileHashEntityProperties extends EntityCommonProperties {
     /**
      * The hash algorithm type.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -3129,98 +3411,315 @@ export declare type FileHashEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly hashValue?: string;
-};
+}
 
-/** Represents Fusion alert rule. */
-export declare type FusionAlertRule = AlertRule & {
-    /** The Name of the alert rule template used to create this rule. */
-    alertRuleTemplateName?: string;
+/** Represents a file import in Azure Security Insights. */
+export declare interface FileImport extends Resource {
+    /** Describes how to ingest the records in the file. */
+    ingestionMode?: IngestionMode;
+    /** The content type of this file. */
+    contentType?: FileImportContentType;
     /**
-     * The description of the alert rule.
+     * The time the file was imported.
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
-    readonly description?: string;
+    readonly createdTimeUTC?: Date;
     /**
-     * The display name for alerts created by this alert rule.
+     * Represents the error file (if the import was ingested with errors or failed the validation).
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
-    readonly displayName?: string;
-    /** Determines whether this alert rule is enabled or disabled. */
-    enabled?: boolean;
-    /** Configuration for all supported source signals in fusion detection. */
-    sourceSettings?: FusionSourceSettings[];
-    /** Configuration to exclude scenarios in fusion detection. */
-    scenarioExclusionPatterns?: FusionScenarioExclusionPattern[];
+    readonly errorFile?: FileMetadata;
     /**
-     * The last time that this alert has been modified.
+     * An ordered list of some of the errors that were encountered during validation.
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
-    readonly lastModifiedUtc?: Date;
+    readonly errorsPreview?: ValidationError[];
+    /** Represents the imported file. */
+    importFile?: FileMetadata;
     /**
-     * The severity for alerts created by this alert rule.
+     * The number of records that have been successfully ingested.
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
-    readonly severity?: AlertSeverity;
+    readonly ingestedRecordCount?: number;
+    /** The source for the data in the file. */
+    source?: string;
     /**
-     * The tactics of the alert rule
+     * The state of the file import.
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
-    readonly tactics?: AttackTactic[];
+    readonly state?: FileImportState;
     /**
-     * The techniques of the alert rule
+     * The number of records in the file.
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
-    readonly techniques?: string[];
-};
-
-/** Represents Fusion alert rule template. */
-export declare type FusionAlertRuleTemplate = AlertRuleTemplate & {
-    /** the number of alert rules that were created by this template */
-    alertRulesCreatedByTemplateCount?: number;
+    readonly totalRecordCount?: number;
     /**
-     * The time that this alert rule template has been added.
+     * The number of records that have passed validation.
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
-    readonly createdDateUTC?: Date;
+    readonly validRecordCount?: number;
     /**
-     * The time that this alert rule template was last updated.
+     * The time the files associated with this import are deleted from the storage account.
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
-    readonly lastUpdatedDateUTC?: Date;
-    /** The description of the alert rule template. */
-    description?: string;
-    /** The display name for alert rule template. */
-    displayName?: string;
-    /** The required data connectors for this template */
-    requiredDataConnectors?: AlertRuleTemplateDataSource[];
-    /** The alert rule template status. */
-    status?: TemplateStatus;
-    /** The severity for alerts created by this alert rule. */
-    severity?: AlertSeverity;
-    /** The tactics of the alert rule template */
-    tactics?: AttackTactic[];
-    /** The techniques of the alert rule */
-    techniques?: string[];
-    /** All supported source signal configurations consumed in fusion detection. */
-    sourceSettings?: FusionTemplateSourceSetting[];
-};
-
-/** Represents a Fusion scenario exclusion patterns in Fusion detection. */
-export declare interface FusionScenarioExclusionPattern {
-    /** Scenario exclusion pattern. */
-    exclusionPattern: string;
-    /** DateTime when scenario exclusion pattern is added in UTC. */
-    dateAddedInUTC: string;
+    readonly filesValidUntilTimeUTC?: Date;
+    /**
+     * The time the file import record is soft deleted from the database and history.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly importValidUntilTimeUTC?: Date;
 }
 
-/** Represents a supported source signal configuration in Fusion detection. */
-export declare interface FusionSourceSettings {
-    /** Determines whether this source signal is enabled or disabled in Fusion detection. */
-    enabled: boolean;
-    /** Name of the Fusion source signal. Refer to Fusion alert rule template for supported values. */
-    sourceName: string;
-    /** Configuration for all source subtypes under this source signal consumed in fusion detection. */
-    sourceSubTypes?: FusionSourceSubTypeSetting[];
+/**
+ * Defines values for FileImportContentType. \
+ * {@link KnownFileImportContentType} can be used interchangeably with FileImportContentType,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **BasicIndicator**: File containing records with the core fields of an indicator, plus the observables to construct the STIX pattern. \
+ * **StixIndicator**: File containing STIX indicators. \
+ * **Unspecified**: File containing other records.
+ */
+export declare type FileImportContentType = string;
+
+/** List all the file imports. */
+export declare interface FileImportList {
+    /**
+     * URL to fetch the next set of file imports.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly nextLink?: string;
+    /** Array of file imports. */
+    value: FileImport[];
+}
+
+/** Interface representing a FileImports. */
+export declare interface FileImports {
+    /**
+     * Gets all file imports.
+     * @param resourceGroupName The name of the resource group. The name is case insensitive.
+     * @param workspaceName The name of the workspace.
+     * @param options The options parameters.
+     */
+    list(resourceGroupName: string, workspaceName: string, options?: FileImportsListOptionalParams): PagedAsyncIterableIterator<FileImport>;
+    /**
+     * Gets a file import.
+     * @param resourceGroupName The name of the resource group. The name is case insensitive.
+     * @param workspaceName The name of the workspace.
+     * @param fileImportId File import ID
+     * @param options The options parameters.
+     */
+    get(resourceGroupName: string, workspaceName: string, fileImportId: string, options?: FileImportsGetOptionalParams): Promise<FileImportsGetResponse>;
+    /**
+     * Creates the file import.
+     * @param resourceGroupName The name of the resource group. The name is case insensitive.
+     * @param workspaceName The name of the workspace.
+     * @param fileImportId File import ID
+     * @param fileImport The file import
+     * @param options The options parameters.
+     */
+    create(resourceGroupName: string, workspaceName: string, fileImportId: string, fileImport: FileImport, options?: FileImportsCreateOptionalParams): Promise<FileImportsCreateResponse>;
+    /**
+     * Delete the file import.
+     * @param resourceGroupName The name of the resource group. The name is case insensitive.
+     * @param workspaceName The name of the workspace.
+     * @param fileImportId File import ID
+     * @param options The options parameters.
+     */
+    beginDelete(resourceGroupName: string, workspaceName: string, fileImportId: string, options?: FileImportsDeleteOptionalParams): Promise<PollerLike<PollOperationState<FileImportsDeleteResponse>, FileImportsDeleteResponse>>;
+    /**
+     * Delete the file import.
+     * @param resourceGroupName The name of the resource group. The name is case insensitive.
+     * @param workspaceName The name of the workspace.
+     * @param fileImportId File import ID
+     * @param options The options parameters.
+     */
+    beginDeleteAndWait(resourceGroupName: string, workspaceName: string, fileImportId: string, options?: FileImportsDeleteOptionalParams): Promise<FileImportsDeleteResponse>;
+}
+
+/** Optional parameters. */
+export declare interface FileImportsCreateOptionalParams extends coreClient.OperationOptions {
+}
+
+/** Contains response data for the create operation. */
+export declare type FileImportsCreateResponse = FileImport;
+
+/** Optional parameters. */
+export declare interface FileImportsDeleteOptionalParams extends coreClient.OperationOptions {
+    /** Delay to wait until next poll, in milliseconds. */
+    updateIntervalInMs?: number;
+    /** A serialized poller which can be used to resume an existing paused Long-Running-Operation. */
+    resumeFrom?: string;
+}
+
+/** Contains response data for the delete operation. */
+export declare type FileImportsDeleteResponse = FileImport;
+
+/** Optional parameters. */
+export declare interface FileImportsGetOptionalParams extends coreClient.OperationOptions {
+}
+
+/** Contains response data for the get operation. */
+export declare type FileImportsGetResponse = FileImport;
+
+/** Optional parameters. */
+export declare interface FileImportsListNextOptionalParams extends coreClient.OperationOptions {
+    /** Filters the results, based on a Boolean condition. Optional. */
+    filter?: string;
+    /** Sorts the results. Optional. */
+    orderby?: string;
+    /** Returns only the first n results. Optional. */
+    top?: number;
+    /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */
+    skipToken?: string;
+}
+
+/** Contains response data for the listNext operation. */
+export declare type FileImportsListNextResponse = FileImportList;
+
+/** Optional parameters. */
+export declare interface FileImportsListOptionalParams extends coreClient.OperationOptions {
+    /** Filters the results, based on a Boolean condition. Optional. */
+    filter?: string;
+    /** Sorts the results. Optional. */
+    orderby?: string;
+    /** Returns only the first n results. Optional. */
+    top?: number;
+    /** Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. */
+    skipToken?: string;
+}
+
+/** Contains response data for the list operation. */
+export declare type FileImportsListResponse = FileImportList;
+
+/**
+ * Defines values for FileImportState. \
+ * {@link KnownFileImportState} can be used interchangeably with FileImportState,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **FatalError**: A fatal error has occurred while ingesting the file. \
+ * **Ingested**: The file has been ingested. \
+ * **IngestedWithErrors**: The file has been ingested with errors. \
+ * **InProgress**: The file ingestion is in progress. \
+ * **Invalid**: The file is invalid. \
+ * **WaitingForUpload**: Waiting for the file to be uploaded. \
+ * **Unspecified**: Unspecified state.
+ */
+export declare type FileImportState = string;
+
+/** Represents a file. */
+export declare interface FileMetadata {
+    /** The format of the file */
+    fileFormat?: FileFormat;
+    /** The name of the file. */
+    fileName?: string;
+    /** The size of the file. */
+    fileSize?: number;
+    /**
+     * A URI with a valid SAS token to allow uploading / downloading the file.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly fileContentUri?: string;
+    /**
+     * Indicates whether the file was deleted from the storage account.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly deleteStatus?: DeleteStatus;
+}
+
+/** Represents Fusion alert rule. */
+export declare interface FusionAlertRule extends AlertRule {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Fusion";
+    /** The Name of the alert rule template used to create this rule. */
+    alertRuleTemplateName?: string;
+    /**
+     * The description of the alert rule.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly description?: string;
+    /**
+     * The display name for alerts created by this alert rule.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly displayName?: string;
+    /** Determines whether this alert rule is enabled or disabled. */
+    enabled?: boolean;
+    /** Configuration for all supported source signals in fusion detection. */
+    sourceSettings?: FusionSourceSettings[];
+    /** Configuration to exclude scenarios in fusion detection. */
+    scenarioExclusionPatterns?: FusionScenarioExclusionPattern[];
+    /**
+     * The last time that this alert has been modified.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly lastModifiedUtc?: Date;
+    /**
+     * The severity for alerts created by this alert rule.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly severity?: AlertSeverity;
+    /**
+     * The tactics of the alert rule
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly tactics?: AttackTactic[];
+    /**
+     * The techniques of the alert rule
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly techniques?: string[];
+}
+
+/** Represents Fusion alert rule template. */
+export declare interface FusionAlertRuleTemplate extends AlertRuleTemplate {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Fusion";
+    /** the number of alert rules that were created by this template */
+    alertRulesCreatedByTemplateCount?: number;
+    /**
+     * The time that this alert rule template has been added.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly createdDateUTC?: Date;
+    /**
+     * The time that this alert rule template was last updated.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly lastUpdatedDateUTC?: Date;
+    /** The description of the alert rule template. */
+    description?: string;
+    /** The display name for alert rule template. */
+    displayName?: string;
+    /** The required data connectors for this template */
+    requiredDataConnectors?: AlertRuleTemplateDataSource[];
+    /** The alert rule template status. */
+    status?: TemplateStatus;
+    /** The severity for alerts created by this alert rule. */
+    severity?: AlertSeverity;
+    /** The tactics of the alert rule template */
+    tactics?: AttackTactic[];
+    /** The techniques of the alert rule */
+    techniques?: string[];
+    /** All supported source signal configurations consumed in fusion detection. */
+    sourceSettings?: FusionTemplateSourceSetting[];
+}
+
+/** Represents a Fusion scenario exclusion patterns in Fusion detection. */
+export declare interface FusionScenarioExclusionPattern {
+    /** Scenario exclusion pattern. */
+    exclusionPattern: string;
+    /** DateTime when scenario exclusion pattern is added in UTC. */
+    dateAddedInUTC: string;
+}
+
+/** Represents a supported source signal configuration in Fusion detection. */
+export declare interface FusionSourceSettings {
+    /** Determines whether this source signal is enabled or disabled in Fusion detection. */
+    enabled: boolean;
+    /** Name of the Fusion source signal. Refer to Fusion alert rule template for supported values. */
+    sourceName: string;
+    /** Configuration for all source subtypes under this source signal consumed in fusion detection. */
+    sourceSubTypes?: FusionSourceSubTypeSetting[];
 }
 
 /** Represents a supported source subtype configuration under a source signal in Fusion detection. */
@@ -3325,10 +3824,19 @@ export declare interface GeoLocation {
     readonly state?: string;
 }
 
+/**
+ * Defines values for GetInsightsError. \
+ * {@link KnownGetInsightsError} can be used interchangeably with GetInsightsError,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Insight**
+ */
+export declare type GetInsightsError = string;
+
 /** GetInsights Query Errors. */
-export declare interface GetInsightsError {
+export declare interface GetInsightsErrorKind {
     /** the query kind */
-    kind: "Insight";
+    kind: GetInsightsError;
     /** the query id */
     queryId?: string;
     /** the error message */
@@ -3340,7 +3848,7 @@ export declare interface GetInsightsResultsMetadata {
     /** the total items found for the insights request */
     totalCount: number;
     /** information about the failed queries */
-    errors?: GetInsightsError[];
+    errors?: GetInsightsErrorKind[];
 }
 
 /** Retrieve queries for entity result operation response. */
@@ -3384,7 +3892,9 @@ export declare interface GroupingConfiguration {
 }
 
 /** Represents a host entity. */
-export declare type HostEntity = Entity & {
+export declare interface HostEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Host";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -3439,10 +3949,10 @@ export declare type HostEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly osVersion?: string;
-};
+}
 
 /** Host entity property bag. */
-export declare type HostEntityProperties = EntityCommonProperties & {
+export declare interface HostEntityProperties extends EntityCommonProperties {
     /**
      * The azure resource id of the VM.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -3485,10 +3995,12 @@ export declare type HostEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly osVersion?: string;
-};
+}
 
 /** Represents a Hunting bookmark entity. */
-export declare type HuntingBookmark = Entity & {
+export declare interface HuntingBookmark extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Bookmark";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -3523,10 +4035,10 @@ export declare type HuntingBookmark = Entity & {
     updatedBy?: UserInfo;
     /** Describes an incident that relates to bookmark */
     incidentInfo?: IncidentInfo;
-};
+}
 
 /** Describes bookmark properties */
-export declare type HuntingBookmarkProperties = EntityCommonProperties & {
+export declare interface HuntingBookmarkProperties extends EntityCommonProperties {
     /** The time the bookmark was created */
     created?: Date;
     /** Describes a user that created the bookmark */
@@ -3549,10 +4061,10 @@ export declare type HuntingBookmarkProperties = EntityCommonProperties & {
     updatedBy?: UserInfo;
     /** Describes an incident that relates to bookmark */
     incidentInfo?: IncidentInfo;
-};
+}
 
 /** Represents an incident in Azure Security Insights. */
-export declare type Incident = ResourceWithEtag & {
+export declare interface Incident extends ResourceWithEtag {
     /**
      * Additional data on the incident
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -3611,7 +4123,7 @@ export declare type Incident = ResourceWithEtag & {
     teamInformation?: TeamInformation;
     /** The title of the incident */
     title?: string;
-};
+}
 
 /** Incident additional data property bag. */
 export declare interface IncidentAdditionalData {
@@ -3689,7 +4201,7 @@ export declare type IncidentClassification = string;
 export declare type IncidentClassificationReason = string;
 
 /** Represents an incident comment */
-export declare type IncidentComment = ResourceWithEtag & {
+export declare interface IncidentComment extends ResourceWithEtag {
     /**
      * The time the comment was created
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -3707,7 +4219,7 @@ export declare type IncidentComment = ResourceWithEtag & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly author?: ClientInfo;
-};
+}
 
 /** List of incident comments. */
 export declare interface IncidentCommentList {
@@ -3886,11 +4398,8 @@ export declare interface IncidentOwnerInfo {
     objectId?: string;
     /** The user principal name of the user the incident is assigned to. */
     userPrincipalName?: string;
-    /**
-     * The type of the owner the incident is assigned to.
-     * NOTE: This property will not be serialized. It can only be populated by the server.
-     */
-    readonly ownerType?: OwnerType;
+    /** The type of the owner the incident is assigned to. */
+    ownerType?: OwnerType;
 }
 
 export declare interface IncidentPropertiesAction {
@@ -3902,11 +4411,11 @@ export declare interface IncidentPropertiesAction {
     classification?: IncidentClassification;
     /** The classification reason the incident was closed with */
     classificationReason?: IncidentClassificationReason;
-    /** Describes the reason the incident was closed */
+    /** Describes the reason the incident was closed. */
     classificationComment?: string;
     /** Information on the user an incident is assigned to */
     owner?: IncidentOwnerInfo;
-    /** List of labels to add to the incident */
+    /** List of labels to add to the incident. */
     labels?: IncidentLabel[];
 }
 
@@ -4183,16 +4692,27 @@ export declare type IncidentsRunPlaybookResponse = Record<string, unknown>;
  */
 export declare type IncidentStatus = string;
 
+/**
+ * Defines values for IngestionMode. \
+ * {@link KnownIngestionMode} can be used interchangeably with IngestionMode,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **IngestOnlyIfAllAreValid**: No records should be ingested when invalid records are detected. \
+ * **IngestAnyValidRecords**: Valid records should still be ingested when invalid records are detected. \
+ * **Unspecified**: Unspecified
+ */
+export declare type IngestionMode = string;
+
 /** Represents Insight Query. */
-export declare type InsightQueryItem = EntityQueryItem & {
+export declare interface InsightQueryItem extends EntityQueryItem {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "Insight";
     /** Properties bag for InsightQueryItem */
     properties?: InsightQueryItemProperties;
-};
+}
 
 /** Represents Insight Query. */
-export declare type InsightQueryItemProperties = EntityQueryItemProperties & {
+export declare interface InsightQueryItemProperties extends EntityQueryItemProperties {
     /** The insight display name. */
     displayName?: string;
     /** The insight description. */
@@ -4209,7 +4729,7 @@ export declare type InsightQueryItemProperties = EntityQueryItemProperties & {
     defaultTimeRange?: InsightQueryItemPropertiesDefaultTimeRange;
     /** The insight chart query. */
     referenceTimeRange?: InsightQueryItemPropertiesReferenceTimeRange;
-};
+}
 
 /** The activity query definitions. */
 export declare interface InsightQueryItemPropertiesAdditionalQuery {
@@ -4293,32 +4813,37 @@ export declare interface InstructionSteps {
     instructions?: InstructionStepsInstructionsItem[];
 }
 
-export declare type InstructionStepsInstructionsItem = ConnectorInstructionModelBase & {};
+export declare interface InstructionStepsInstructionsItem extends ConnectorInstructionModelBase {
+}
 
 /** Represents IoT requirements check request. */
-export declare type IoTCheckRequirements = DataConnectorsCheckRequirements & {
+export declare interface IoTCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "IOT";
     /** The subscription id to connect to, and get the data from. */
     subscriptionId?: string;
-};
+}
 
 /** Represents IoT data connector. */
-export declare type IoTDataConnector = DataConnector & {
+export declare interface IoTDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "IOT";
     /** The available data types for the connector. */
     dataTypes?: AlertsDataTypeOfDataConnector;
     /** The subscription id to connect to, and get the data from. */
     subscriptionId?: string;
-};
+}
 
 /** IoT data connector properties. */
-export declare type IoTDataConnectorProperties = DataConnectorWithAlertsProperties & {
+export declare interface IoTDataConnectorProperties extends DataConnectorWithAlertsProperties {
     /** The subscription id to connect to, and get the data from. */
     subscriptionId?: string;
-};
+}
 
 /** Represents an IoT device entity. */
-export declare type IoTDeviceEntity = Entity & {
+export declare interface IoTDeviceEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "IoTDevice";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4416,10 +4941,62 @@ export declare type IoTDeviceEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly protocols?: string[];
-};
+    /**
+     * A list of owners of the IoTDevice entity.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly owners?: string[];
+    /**
+     * A list of Nic entity ids of the IoTDevice entity.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly nicEntityIds?: string[];
+    /**
+     * The site of the device
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly site?: string;
+    /**
+     * The zone location of the device within a site
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly zone?: string;
+    /**
+     * The sensor the device is monitored by
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly sensor?: string;
+    /**
+     * The subType of the device ('PLC', 'HMI', 'EWS', etc.)
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly deviceSubType?: string;
+    /** Device importance, determines if the device classified as 'crown jewel' */
+    importance?: DeviceImportance;
+    /**
+     * The Purdue Layer of the device
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly purdueLayer?: string;
+    /**
+     * Determines whether the device classified as authorized device
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly isAuthorized?: boolean;
+    /**
+     * Determines whether the device classified as programming device
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly isProgramming?: boolean;
+    /**
+     * Is the device classified as a scanner device
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly isScanner?: boolean;
+}
 
 /** IoTDevice entity property bag. */
-export declare type IoTDeviceEntityProperties = EntityCommonProperties & {
+export declare interface IoTDeviceEntityProperties extends EntityCommonProperties {
     /**
      * The ID of the IoT Device in the IoT Hub
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4505,10 +5082,64 @@ export declare type IoTDeviceEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly protocols?: string[];
-};
+    /**
+     * A list of owners of the IoTDevice entity.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly owners?: string[];
+    /**
+     * A list of Nic entity ids of the IoTDevice entity.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly nicEntityIds?: string[];
+    /**
+     * The site of the device
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly site?: string;
+    /**
+     * The zone location of the device within a site
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly zone?: string;
+    /**
+     * The sensor the device is monitored by
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly sensor?: string;
+    /**
+     * The subType of the device ('PLC', 'HMI', 'EWS', etc.)
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly deviceSubType?: string;
+    /** Device importance, determines if the device classified as 'crown jewel' */
+    importance?: DeviceImportance;
+    /**
+     * The Purdue Layer of the device
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly purdueLayer?: string;
+    /**
+     * Determines whether the device classified as authorized device
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly isAuthorized?: boolean;
+    /**
+     * Determines whether the device classified as programming device
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly isProgramming?: boolean;
+    /**
+     * Is the device classified as a scanner device
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly isScanner?: boolean;
+}
 
 /** Represents an ip entity. */
-export declare type IpEntity = Entity & {
+export declare interface IpEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Ip";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4536,10 +5167,10 @@ export declare type IpEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly threatIntelligence?: ThreatIntelligence[];
-};
+}
 
 /** Ip entity property bag. */
-export declare type IpEntityProperties = EntityCommonProperties & {
+export declare interface IpEntityProperties extends EntityCommonProperties {
     /**
      * The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -4555,7 +5186,7 @@ export declare type IpEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly threatIntelligence?: ThreatIntelligence[];
-};
+}
 
 /** Interface representing a IPGeodata. */
 export declare interface IPGeodata {
@@ -4640,11 +5271,17 @@ export declare enum KnownAlertDetail {
 
 /** Known values of {@link AlertRuleKind} that the service accepts. */
 export declare enum KnownAlertRuleKind {
+    /** Scheduled */
     Scheduled = "Scheduled",
+    /** MicrosoftSecurityIncidentCreation */
     MicrosoftSecurityIncidentCreation = "MicrosoftSecurityIncidentCreation",
+    /** Fusion */
     Fusion = "Fusion",
+    /** MLBehaviorAnalytics */
     MLBehaviorAnalytics = "MLBehaviorAnalytics",
+    /** ThreatIntelligence */
     ThreatIntelligence = "ThreatIntelligence",
+    /** NRT */
     NRT = "NRT"
 }
 
@@ -4688,25 +5325,100 @@ export declare enum KnownAntispamMailDirection {
 
 /** Known values of {@link AttackTactic} that the service accepts. */
 export declare enum KnownAttackTactic {
+    /** Reconnaissance */
     Reconnaissance = "Reconnaissance",
+    /** ResourceDevelopment */
     ResourceDevelopment = "ResourceDevelopment",
+    /** InitialAccess */
     InitialAccess = "InitialAccess",
+    /** Execution */
     Execution = "Execution",
+    /** Persistence */
     Persistence = "Persistence",
+    /** PrivilegeEscalation */
     PrivilegeEscalation = "PrivilegeEscalation",
+    /** DefenseEvasion */
     DefenseEvasion = "DefenseEvasion",
+    /** CredentialAccess */
     CredentialAccess = "CredentialAccess",
+    /** Discovery */
     Discovery = "Discovery",
+    /** LateralMovement */
     LateralMovement = "LateralMovement",
+    /** Collection */
     Collection = "Collection",
+    /** Exfiltration */
     Exfiltration = "Exfiltration",
+    /** CommandAndControl */
     CommandAndControl = "CommandAndControl",
+    /** Impact */
     Impact = "Impact",
+    /** PreAttack */
     PreAttack = "PreAttack",
+    /** ImpairProcessControl */
     ImpairProcessControl = "ImpairProcessControl",
+    /** InhibitResponseFunction */
     InhibitResponseFunction = "InhibitResponseFunction"
 }
 
+/** Known values of {@link AutomationRuleBooleanConditionSupportedOperator} that the service accepts. */
+export declare enum KnownAutomationRuleBooleanConditionSupportedOperator {
+    /** Evaluates as true if all the item conditions are evaluated as true */
+    And = "And",
+    /** Evaluates as true if at least one of the item conditions are evaluated as true */
+    Or = "Or"
+}
+
+/** Known values of {@link AutomationRulePropertyArrayChangedConditionSupportedArrayType} that the service accepts. */
+export declare enum KnownAutomationRulePropertyArrayChangedConditionSupportedArrayType {
+    /** Evaluate the condition on the alerts */
+    Alerts = "Alerts",
+    /** Evaluate the condition on the labels */
+    Labels = "Labels",
+    /** Evaluate the condition on the tactics */
+    Tactics = "Tactics",
+    /** Evaluate the condition on the comments */
+    Comments = "Comments"
+}
+
+/** Known values of {@link AutomationRulePropertyArrayChangedConditionSupportedChangeType} that the service accepts. */
+export declare enum KnownAutomationRulePropertyArrayChangedConditionSupportedChangeType {
+    /** Evaluate the condition on items added to the array */
+    Added = "Added"
+}
+
+/** Known values of {@link AutomationRulePropertyArrayConditionSupportedArrayConditionType} that the service accepts. */
+export declare enum KnownAutomationRulePropertyArrayConditionSupportedArrayConditionType {
+    /** Evaluate the condition as true if any item fulfills it */
+    AnyItem = "AnyItem"
+}
+
+/** Known values of {@link AutomationRulePropertyArrayConditionSupportedArrayType} that the service accepts. */
+export declare enum KnownAutomationRulePropertyArrayConditionSupportedArrayType {
+    /** Evaluate the condition on the custom detail keys */
+    CustomDetails = "CustomDetails",
+    /** Evaluate the condition on a custom detail's values */
+    CustomDetailValues = "CustomDetailValues"
+}
+
+/** Known values of {@link AutomationRulePropertyChangedConditionSupportedChangedType} that the service accepts. */
+export declare enum KnownAutomationRulePropertyChangedConditionSupportedChangedType {
+    /** Evaluate the condition on the previous value of the property */
+    ChangedFrom = "ChangedFrom",
+    /** Evaluate the condition on the updated value of the property */
+    ChangedTo = "ChangedTo"
+}
+
+/** Known values of {@link AutomationRulePropertyChangedConditionSupportedPropertyType} that the service accepts. */
+export declare enum KnownAutomationRulePropertyChangedConditionSupportedPropertyType {
+    /** Evaluate the condition on the incident severity */
+    IncidentSeverity = "IncidentSeverity",
+    /** Evaluate the condition on the incident status */
+    IncidentStatus = "IncidentStatus",
+    /** Evaluate the condition on the incident owner */
+    IncidentOwner = "IncidentOwner"
+}
+
 /** Known values of {@link AutomationRulePropertyConditionSupportedOperator} that the service accepts. */
 export declare enum KnownAutomationRulePropertyConditionSupportedOperator {
     /** Evaluates if the property equals at least one of the condition values */
@@ -4745,6 +5457,12 @@ export declare enum KnownAutomationRulePropertyConditionSupportedProperty {
     IncidentLabel = "IncidentLabel",
     /** The provider name of the incident */
     IncidentProviderName = "IncidentProviderName",
+    /** The update source of the incident */
+    IncidentUpdatedBySource = "IncidentUpdatedBySource",
+    /** The incident custom detail key */
+    IncidentCustomDetailsKey = "IncidentCustomDetailsKey",
+    /** The incident custom detail value */
+    IncidentCustomDetailsValue = "IncidentCustomDetailsValue",
     /** The account Azure Active Directory tenant id */
     AccountAadTenantId = "AccountAadTenantId",
     /** The account Azure Active Directory user id */
@@ -4763,6 +5481,8 @@ export declare enum KnownAutomationRulePropertyConditionSupportedProperty {
     AccountUPNSuffix = "AccountUPNSuffix",
     /** The name of the product of the alert */
     AlertProductNames = "AlertProductNames",
+    /** The analytic rule ids of the alert */
+    AlertAnalyticRuleIds = "AlertAnalyticRuleIds",
     /** The Azure resource id */
     AzureResourceResourceId = "AzureResourceResourceId",
     /** The Azure resource subscription id */
@@ -4842,7 +5562,15 @@ export declare enum KnownAutomationRulePropertyConditionSupportedProperty {
 /** Known values of {@link ConditionType} that the service accepts. */
 export declare enum KnownConditionType {
     /** Evaluate an object property value */
-    Property = "Property"
+    Property = "Property",
+    /** Evaluate an object array property value */
+    PropertyArray = "PropertyArray",
+    /** Evaluate an object property changed value */
+    PropertyChanged = "PropertyChanged",
+    /** Evaluate an object array property changed value */
+    PropertyArrayChanged = "PropertyArrayChanged",
+    /** Apply a boolean operator (e.g AND, OR) to conditions */
+    Boolean = "Boolean"
 }
 
 /** Known values of {@link ConfidenceLevel} that the service accepts. */
@@ -4869,100 +5597,170 @@ export declare enum KnownConfidenceScoreStatus {
 
 /** Known values of {@link ConnectAuthKind} that the service accepts. */
 export declare enum KnownConnectAuthKind {
+    /** Basic */
     Basic = "Basic",
+    /** OAuth2 */
     OAuth2 = "OAuth2",
+    /** APIKey */
     APIKey = "APIKey"
 }
 
 /** Known values of {@link ConnectivityType} that the service accepts. */
 export declare enum KnownConnectivityType {
+    /** IsConnectedQuery */
     IsConnectedQuery = "IsConnectedQuery"
 }
 
 /** Known values of {@link ContentType} that the service accepts. */
 export declare enum KnownContentType {
+    /** AnalyticRule */
     AnalyticRule = "AnalyticRule",
+    /** Workbook */
     Workbook = "Workbook"
 }
 
 /** Known values of {@link CreatedByType} that the service accepts. */
 export declare enum KnownCreatedByType {
+    /** User */
     User = "User",
+    /** Application */
     Application = "Application",
+    /** ManagedIdentity */
     ManagedIdentity = "ManagedIdentity",
+    /** Key */
     Key = "Key"
 }
 
 /** Known values of {@link CustomEntityQueryKind} that the service accepts. */
 export declare enum KnownCustomEntityQueryKind {
+    /** Activity */
     Activity = "Activity"
 }
 
 /** Known values of {@link DataConnectorAuthorizationState} that the service accepts. */
 export declare enum KnownDataConnectorAuthorizationState {
+    /** Valid */
     Valid = "Valid",
+    /** Invalid */
     Invalid = "Invalid"
 }
 
 /** Known values of {@link DataConnectorKind} that the service accepts. */
 export declare enum KnownDataConnectorKind {
+    /** AzureActiveDirectory */
     AzureActiveDirectory = "AzureActiveDirectory",
+    /** AzureSecurityCenter */
     AzureSecurityCenter = "AzureSecurityCenter",
+    /** MicrosoftCloudAppSecurity */
     MicrosoftCloudAppSecurity = "MicrosoftCloudAppSecurity",
+    /** ThreatIntelligence */
     ThreatIntelligence = "ThreatIntelligence",
+    /** ThreatIntelligenceTaxii */
     ThreatIntelligenceTaxii = "ThreatIntelligenceTaxii",
+    /** Office365 */
     Office365 = "Office365",
+    /** OfficeATP */
     OfficeATP = "OfficeATP",
+    /** OfficeIRM */
     OfficeIRM = "OfficeIRM",
+    /** Office365Project */
     Office365Project = "Office365Project",
+    /** OfficePowerBI */
     OfficePowerBI = "OfficePowerBI",
+    /** AmazonWebServicesCloudTrail */
     AmazonWebServicesCloudTrail = "AmazonWebServicesCloudTrail",
+    /** AmazonWebServicesS3 */
     AmazonWebServicesS3 = "AmazonWebServicesS3",
+    /** AzureAdvancedThreatProtection */
     AzureAdvancedThreatProtection = "AzureAdvancedThreatProtection",
+    /** MicrosoftDefenderAdvancedThreatProtection */
     MicrosoftDefenderAdvancedThreatProtection = "MicrosoftDefenderAdvancedThreatProtection",
+    /** Dynamics365 */
     Dynamics365 = "Dynamics365",
+    /** MicrosoftThreatProtection */
     MicrosoftThreatProtection = "MicrosoftThreatProtection",
+    /** MicrosoftThreatIntelligence */
     MicrosoftThreatIntelligence = "MicrosoftThreatIntelligence",
+    /** GenericUI */
     GenericUI = "GenericUI",
+    /** APIPolling */
     APIPolling = "APIPolling",
+    /** IOT */
     IOT = "IOT"
 }
 
 /** Known values of {@link DataConnectorLicenseState} that the service accepts. */
 export declare enum KnownDataConnectorLicenseState {
+    /** Valid */
     Valid = "Valid",
+    /** Invalid */
     Invalid = "Invalid",
+    /** Unknown */
     Unknown = "Unknown"
 }
 
 /** Known values of {@link DataTypeState} that the service accepts. */
 export declare enum KnownDataTypeState {
+    /** Enabled */
     Enabled = "Enabled",
+    /** Disabled */
     Disabled = "Disabled"
 }
 
+/** Known values of {@link DeleteStatus} that the service accepts. */
+export declare enum KnownDeleteStatus {
+    /** The file was deleted. */
+    Deleted = "Deleted",
+    /** The file was not deleted. */
+    NotDeleted = "NotDeleted",
+    /** Unspecified */
+    Unspecified = "Unspecified"
+}
+
 /** Known values of {@link DeploymentFetchStatus} that the service accepts. */
 export declare enum KnownDeploymentFetchStatus {
+    /** Success */
     Success = "Success",
+    /** Unauthorized */
     Unauthorized = "Unauthorized",
+    /** NotFound */
     NotFound = "NotFound"
 }
 
 /** Known values of {@link DeploymentResult} that the service accepts. */
 export declare enum KnownDeploymentResult {
+    /** Success */
     Success = "Success",
+    /** Canceled */
     Canceled = "Canceled",
+    /** Failed */
     Failed = "Failed"
 }
 
 /** Known values of {@link DeploymentState} that the service accepts. */
 export declare enum KnownDeploymentState {
+    /** InProgress */
     InProgress = "In_Progress",
+    /** Completed */
     Completed = "Completed",
+    /** Queued */
     Queued = "Queued",
+    /** Canceling */
     Canceling = "Canceling"
 }
 
+/** Known values of {@link DeviceImportance} that the service accepts. */
+export declare enum KnownDeviceImportance {
+    /** Unknown - Default value */
+    Unknown = "Unknown",
+    /** Low */
+    Low = "Low",
+    /** Normal */
+    Normal = "Normal",
+    /** High */
+    High = "High"
+}
+
 /** Known values of {@link EntityItemQueryKind} that the service accepts. */
 export declare enum KnownEntityItemQueryKind {
     /** insight */
@@ -5012,7 +5810,9 @@ export declare enum KnownEntityKind {
     /** Entity represents mailbox in the system. */
     Mailbox = "Mailbox",
     /** Entity represents submission mail in the system. */
-    SubmissionMail = "SubmissionMail"
+    SubmissionMail = "SubmissionMail",
+    /** Entity represents network interface in the system. */
+    Nic = "Nic"
 }
 
 /** Known values of {@link EntityMappingType} that the service accepts. */
@@ -5055,15 +5855,27 @@ export declare enum KnownEntityMappingType {
     SubmissionMail = "SubmissionMail"
 }
 
+/** Known values of {@link EntityProviders} that the service accepts. */
+export declare enum KnownEntityProviders {
+    /** ActiveDirectory */
+    ActiveDirectory = "ActiveDirectory",
+    /** AzureActiveDirectory */
+    AzureActiveDirectory = "AzureActiveDirectory"
+}
+
 /** Known values of {@link EntityQueryKind} that the service accepts. */
 export declare enum KnownEntityQueryKind {
+    /** Expansion */
     Expansion = "Expansion",
+    /** Insight */
     Insight = "Insight",
+    /** Activity */
     Activity = "Activity"
 }
 
 /** Known values of {@link EntityQueryTemplateKind} that the service accepts. */
 export declare enum KnownEntityQueryTemplateKind {
+    /** Activity */
     Activity = "Activity"
 }
 
@@ -5074,7 +5886,9 @@ export declare enum KnownEntityTimelineKind {
     /** bookmarks */
     Bookmark = "Bookmark",
     /** security alerts */
-    SecurityAlert = "SecurityAlert"
+    SecurityAlert = "SecurityAlert",
+    /** anomaly */
+    Anomaly = "Anomaly"
 }
 
 /** Known values of {@link EntityType} that the service accepts. */
@@ -5120,21 +5934,37 @@ export declare enum KnownEntityType {
     /** Entity represents mailbox in the system. */
     Mailbox = "Mailbox",
     /** Entity represents submission mail in the system. */
-    SubmissionMail = "SubmissionMail"
+    SubmissionMail = "SubmissionMail",
+    /** Entity represents network interface in the system. */
+    Nic = "Nic"
 }
 
-/** Known values of {@link Enum12} that the service accepts. */
-export declare enum KnownEnum12 {
+/** Known values of {@link Enum13} that the service accepts. */
+export declare enum KnownEnum13 {
+    /** Expansion */
     Expansion = "Expansion",
+    /** Activity */
     Activity = "Activity"
 }
 
 /** Known values of {@link EventGroupingAggregationKind} that the service accepts. */
 export declare enum KnownEventGroupingAggregationKind {
+    /** SingleAlert */
     SingleAlert = "SingleAlert",
+    /** AlertPerResult */
     AlertPerResult = "AlertPerResult"
 }
 
+/** Known values of {@link FileFormat} that the service accepts. */
+export declare enum KnownFileFormat {
+    /** A CSV file. */
+    CSV = "CSV",
+    /** A JSON file. */
+    Json = "JSON",
+    /** A file of other format. */
+    Unspecified = "Unspecified"
+}
+
 /** Known values of {@link FileHashAlgorithm} that the service accepts. */
 export declare enum KnownFileHashAlgorithm {
     /** Unknown hash algorithm */
@@ -5149,6 +5979,40 @@ export declare enum KnownFileHashAlgorithm {
     SHA256AC = "SHA256AC"
 }
 
+/** Known values of {@link FileImportContentType} that the service accepts. */
+export declare enum KnownFileImportContentType {
+    /** File containing records with the core fields of an indicator, plus the observables to construct the STIX pattern. */
+    BasicIndicator = "BasicIndicator",
+    /** File containing STIX indicators. */
+    StixIndicator = "StixIndicator",
+    /** File containing other records. */
+    Unspecified = "Unspecified"
+}
+
+/** Known values of {@link FileImportState} that the service accepts. */
+export declare enum KnownFileImportState {
+    /** A fatal error has occurred while ingesting the file. */
+    FatalError = "FatalError",
+    /** The file has been ingested. */
+    Ingested = "Ingested",
+    /** The file has been ingested with errors. */
+    IngestedWithErrors = "IngestedWithErrors",
+    /** The file ingestion is in progress. */
+    InProgress = "InProgress",
+    /** The file is invalid. */
+    Invalid = "Invalid",
+    /** Waiting for the file to be uploaded. */
+    WaitingForUpload = "WaitingForUpload",
+    /** Unspecified state. */
+    Unspecified = "Unspecified"
+}
+
+/** Known values of {@link GetInsightsError} that the service accepts. */
+export declare enum KnownGetInsightsError {
+    /** Insight */
+    Insight = "Insight"
+}
+
 /** Known values of {@link IncidentClassification} that the service accepts. */
 export declare enum KnownIncidentClassification {
     /** Incident classification was undetermined */
@@ -5203,6 +6067,16 @@ export declare enum KnownIncidentStatus {
     Closed = "Closed"
 }
 
+/** Known values of {@link IngestionMode} that the service accepts. */
+export declare enum KnownIngestionMode {
+    /** No records should be ingested when invalid records are detected. */
+    IngestOnlyIfAllAreValid = "IngestOnlyIfAllAreValid",
+    /** Valid records should still be ingested when invalid records are detected. */
+    IngestAnyValidRecords = "IngestAnyValidRecords",
+    /** Unspecified */
+    Unspecified = "Unspecified"
+}
+
 /** Known values of {@link KillChainIntent} that the service accepts. */
 export declare enum KnownKillChainIntent {
     /** The default value. */
@@ -5237,22 +6111,39 @@ export declare enum KnownKillChainIntent {
 
 /** Known values of {@link Kind} that the service accepts. */
 export declare enum KnownKind {
+    /** DataConnector */
     DataConnector = "DataConnector",
+    /** DataType */
     DataType = "DataType",
+    /** Workbook */
     Workbook = "Workbook",
+    /** WorkbookTemplate */
     WorkbookTemplate = "WorkbookTemplate",
+    /** Playbook */
     Playbook = "Playbook",
+    /** PlaybookTemplate */
     PlaybookTemplate = "PlaybookTemplate",
+    /** AnalyticsRuleTemplate */
     AnalyticsRuleTemplate = "AnalyticsRuleTemplate",
+    /** AnalyticsRule */
     AnalyticsRule = "AnalyticsRule",
+    /** HuntingQuery */
     HuntingQuery = "HuntingQuery",
+    /** InvestigationQuery */
     InvestigationQuery = "InvestigationQuery",
+    /** Parser */
     Parser = "Parser",
+    /** Watchlist */
     Watchlist = "Watchlist",
+    /** WatchlistTemplate */
     WatchlistTemplate = "WatchlistTemplate",
+    /** Solution */
     Solution = "Solution",
+    /** AzureFunction */
     AzureFunction = "AzureFunction",
+    /** LogicAppsCustomConnector */
     LogicAppsCustomConnector = "LogicAppsCustomConnector",
+    /** AutomationRule */
     AutomationRule = "AutomationRule"
 }
 
@@ -5268,26 +6159,39 @@ export declare enum KnownMatchingMethod {
 
 /** Known values of {@link MicrosoftSecurityProductName} that the service accepts. */
 export declare enum KnownMicrosoftSecurityProductName {
+    /** MicrosoftCloudAppSecurity */
     MicrosoftCloudAppSecurity = "Microsoft Cloud App Security",
+    /** AzureSecurityCenter */
     AzureSecurityCenter = "Azure Security Center",
+    /** AzureAdvancedThreatProtection */
     AzureAdvancedThreatProtection = "Azure Advanced Threat Protection",
+    /** AzureActiveDirectoryIdentityProtection */
     AzureActiveDirectoryIdentityProtection = "Azure Active Directory Identity Protection",
+    /** AzureSecurityCenterForIoT */
     AzureSecurityCenterForIoT = "Azure Security Center for IoT",
+    /** Office365AdvancedThreatProtection */
     Office365AdvancedThreatProtection = "Office 365 Advanced Threat Protection",
+    /** MicrosoftDefenderAdvancedThreatProtection */
     MicrosoftDefenderAdvancedThreatProtection = "Microsoft Defender Advanced Threat Protection"
 }
 
 /** Known values of {@link Operator} that the service accepts. */
 export declare enum KnownOperator {
+    /** AND */
     AND = "AND",
+    /** OR */
     OR = "OR"
 }
 
 /** Known values of {@link OutputType} that the service accepts. */
 export declare enum KnownOutputType {
+    /** Number */
     Number = "Number",
+    /** String */
     String = "String",
+    /** Date */
     Date = "Date",
+    /** Entity */
     Entity = "Entity"
 }
 
@@ -5303,8 +6207,11 @@ export declare enum KnownOwnerType {
 
 /** Known values of {@link PermissionProviderScope} that the service accepts. */
 export declare enum KnownPermissionProviderScope {
+    /** ResourceGroup */
     ResourceGroup = "ResourceGroup",
+    /** Subscription */
     Subscription = "Subscription",
+    /** Workspace */
     Workspace = "Workspace"
 }
 
@@ -5320,22 +6227,20 @@ export declare enum KnownPollingFrequency {
 
 /** Known values of {@link ProviderName} that the service accepts. */
 export declare enum KnownProviderName {
+    /** MicrosoftOperationalInsightsSolutions */
     MicrosoftOperationalInsightsSolutions = "Microsoft.OperationalInsights/solutions",
+    /** MicrosoftOperationalInsightsWorkspaces */
     MicrosoftOperationalInsightsWorkspaces = "Microsoft.OperationalInsights/workspaces",
+    /** MicrosoftOperationalInsightsWorkspacesDatasources */
     MicrosoftOperationalInsightsWorkspacesDatasources = "Microsoft.OperationalInsights/workspaces/datasources",
+    /** MicrosoftAadiamDiagnosticSettings */
     MicrosoftAadiamDiagnosticSettings = "microsoft.aadiam/diagnosticSettings",
+    /** MicrosoftOperationalInsightsWorkspacesSharedKeys */
     MicrosoftOperationalInsightsWorkspacesSharedKeys = "Microsoft.OperationalInsights/workspaces/sharedKeys",
+    /** MicrosoftAuthorizationPolicyAssignments */
     MicrosoftAuthorizationPolicyAssignments = "Microsoft.Authorization/policyAssignments"
 }
 
-/** Known values of {@link ProvisioningState} that the service accepts. */
-export declare enum KnownProvisioningState {
-    Succeeded = "Succeeded",
-    Failed = "Failed",
-    Canceled = "Canceled",
-    InProgress = "InProgress"
-}
-
 /** Known values of {@link RegistryHive} that the service accepts. */
 export declare enum KnownRegistryHive {
     /** HKEY_LOCAL_MACHINE */
@@ -5382,49 +6287,75 @@ export declare enum KnownRegistryValueKind {
 
 /** Known values of {@link RepoType} that the service accepts. */
 export declare enum KnownRepoType {
+    /** Github */
     Github = "Github",
+    /** DevOps */
     DevOps = "DevOps"
 }
 
+/** Known values of {@link SecurityMLAnalyticsSettingsKind} that the service accepts. */
+export declare enum KnownSecurityMLAnalyticsSettingsKind {
+    /** Anomaly */
+    Anomaly = "Anomaly"
+}
+
 /** Known values of {@link SettingKind} that the service accepts. */
 export declare enum KnownSettingKind {
+    /** Anomalies */
     Anomalies = "Anomalies",
+    /** EyesOn */
     EyesOn = "EyesOn",
+    /** EntityAnalytics */
     EntityAnalytics = "EntityAnalytics",
+    /** Ueba */
     Ueba = "Ueba"
 }
 
+/** Known values of {@link SettingsStatus} that the service accepts. */
+export declare enum KnownSettingsStatus {
+    /** Anomaly settings status in Production mode */
+    Production = "Production",
+    /** Anomaly settings status in Flighting mode */
+    Flighting = "Flighting"
+}
+
 /** Known values of {@link SettingType} that the service accepts. */
 export declare enum KnownSettingType {
+    /** CopyableLabel */
     CopyableLabel = "CopyableLabel",
+    /** InstructionStepsGroup */
     InstructionStepsGroup = "InstructionStepsGroup",
+    /** InfoMessage */
     InfoMessage = "InfoMessage"
 }
 
-/** Known values of {@link SkuKind} that the service accepts. */
-export declare enum KnownSkuKind {
-    PerGB = "PerGB",
-    CapacityReservation = "CapacityReservation"
-}
-
 /** Known values of {@link SourceKind} that the service accepts. */
 export declare enum KnownSourceKind {
+    /** LocalWorkspace */
     LocalWorkspace = "LocalWorkspace",
+    /** Community */
     Community = "Community",
+    /** Solution */
     Solution = "Solution",
+    /** SourceRepository */
     SourceRepository = "SourceRepository"
 }
 
 /** Known values of {@link SourceType} that the service accepts. */
 export declare enum KnownSourceType {
+    /** LocalFile */
     LocalFile = "Local file",
+    /** RemoteStorage */
     RemoteStorage = "Remote storage"
 }
 
 /** Known values of {@link SupportTier} that the service accepts. */
 export declare enum KnownSupportTier {
+    /** Microsoft */
     Microsoft = "Microsoft",
+    /** Partner */
     Partner = "Partner",
+    /** Community */
     Community = "Community"
 }
 
@@ -5446,34 +6377,47 @@ export declare enum KnownThreatIntelligenceResourceKindEnum {
 
 /** Known values of {@link ThreatIntelligenceSortingCriteriaEnum} that the service accepts. */
 export declare enum KnownThreatIntelligenceSortingCriteriaEnum {
+    /** Unsorted */
     Unsorted = "unsorted",
+    /** Ascending */
     Ascending = "ascending",
+    /** Descending */
     Descending = "descending"
 }
 
 /** Known values of {@link TriggersOn} that the service accepts. */
 export declare enum KnownTriggersOn {
     /** Trigger on Incidents */
-    Incidents = "Incidents"
+    Incidents = "Incidents",
+    /** Trigger on Alerts */
+    Alerts = "Alerts"
 }
 
 /** Known values of {@link TriggersWhen} that the service accepts. */
 export declare enum KnownTriggersWhen {
     /** Trigger on created objects */
-    Created = "Created"
+    Created = "Created",
+    /** Trigger on updated objects */
+    Updated = "Updated"
 }
 
 /** Known values of {@link UebaDataSources} that the service accepts. */
 export declare enum KnownUebaDataSources {
+    /** AuditLogs */
     AuditLogs = "AuditLogs",
+    /** AzureActivity */
     AzureActivity = "AzureActivity",
+    /** SecurityEvent */
     SecurityEvent = "SecurityEvent",
+    /** SigninLogs */
     SigninLogs = "SigninLogs"
 }
 
 /** Known values of {@link Version} that the service accepts. */
 export declare enum KnownVersion {
+    /** V1 */
     V1 = "V1",
+    /** V2 */
     V2 = "V2"
 }
 
@@ -5486,7 +6430,9 @@ export declare interface LastDataReceivedDataType {
 }
 
 /** Represents a mailbox entity. */
-export declare type MailboxEntity = Entity & {
+export declare interface MailboxEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Mailbox";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -5519,10 +6465,10 @@ export declare type MailboxEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly externalDirectoryObjectId?: string;
-};
+}
 
 /** Mailbox entity property bag. */
-export declare type MailboxEntityProperties = EntityCommonProperties & {
+export declare interface MailboxEntityProperties extends EntityCommonProperties {
     /**
      * The mailbox's primary address
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -5543,10 +6489,12 @@ export declare type MailboxEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly externalDirectoryObjectId?: string;
-};
+}
 
 /** Represents a mail cluster entity. */
-export declare type MailClusterEntity = Entity & {
+export declare interface MailClusterEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "MailCluster";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -5634,10 +6582,10 @@ export declare type MailClusterEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly clusterGroup?: string;
-};
+}
 
 /** Mail cluster entity property bag. */
-export declare type MailClusterEntityProperties = EntityCommonProperties & {
+export declare interface MailClusterEntityProperties extends EntityCommonProperties {
     /**
      * The mail message IDs that are part of the mail cluster
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -5713,10 +6661,12 @@ export declare type MailClusterEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly clusterGroup?: string;
-};
+}
 
 /** Represents a mail message entity. */
-export declare type MailMessageEntity = Entity & {
+export declare interface MailMessageEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "MailMessage";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -5830,10 +6780,10 @@ export declare type MailMessageEntity = Entity & {
     deliveryAction?: DeliveryAction;
     /** The delivery location of this mail message like Inbox, JunkFolder etc */
     deliveryLocation?: DeliveryLocation;
-};
+}
 
 /** Mail message entity property bag. */
-export declare type MailMessageEntityProperties = EntityCommonProperties & {
+export declare interface MailMessageEntityProperties extends EntityCommonProperties {
     /**
      * The File entity ids of this mail message's attachments
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -5935,10 +6885,12 @@ export declare type MailMessageEntityProperties = EntityCommonProperties & {
     deliveryAction?: DeliveryAction;
     /** The delivery location of this mail message like Inbox, JunkFolder etc */
     deliveryLocation?: DeliveryLocation;
-};
+}
 
 /** Represents a malware entity. */
-export declare type MalwareEntity = Entity & {
+export declare interface MalwareEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Malware";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -5971,10 +6923,10 @@ export declare type MalwareEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly processEntityIds?: string[];
-};
+}
 
 /** Malware entity property bag. */
-export declare type MalwareEntityProperties = EntityCommonProperties & {
+export declare interface MalwareEntityProperties extends EntityCommonProperties {
     /**
      * The malware category by the vendor, e.g. Trojan
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -5995,11 +6947,11 @@ export declare type MalwareEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly processEntityIds?: string[];
-};
+}
 
 export declare interface ManualTriggerRequestBody {
     tenantId?: string;
-    logicAppsResourceId?: string;
+    logicAppsResourceId: string;
 }
 
 /**
@@ -6014,57 +6966,64 @@ export declare interface ManualTriggerRequestBody {
 export declare type MatchingMethod = string;
 
 /** Represents MCAS (Microsoft Cloud App Security) requirements check request. */
-export declare type McasCheckRequirements = DataConnectorsCheckRequirements & {
+export declare interface McasCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "MicrosoftCloudAppSecurity";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 
 /** MCAS (Microsoft Cloud App Security) requirements check properties. */
-export declare type McasCheckRequirementsProperties = DataConnectorTenantId & {};
+export declare interface McasCheckRequirementsProperties extends DataConnectorTenantId {
+}
 
 /** Represents MCAS (Microsoft Cloud App Security) data connector. */
-export declare type McasDataConnector = DataConnector & {
+export declare interface McasDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "MicrosoftCloudAppSecurity";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: McasDataConnectorDataTypes;
-};
+}
 
 /** The available data types for MCAS (Microsoft Cloud App Security) data connector. */
-export declare type McasDataConnectorDataTypes = AlertsDataTypeOfDataConnector & {
+export declare interface McasDataConnectorDataTypes extends AlertsDataTypeOfDataConnector {
     /** Discovery log data type connection. */
     discoveryLogs?: DataConnectorDataTypeCommon;
-};
+}
 
 /** MCAS (Microsoft Cloud App Security) data connector properties. */
-export declare type McasDataConnectorProperties = DataConnectorTenantId & {
+export declare interface McasDataConnectorProperties extends DataConnectorTenantId {
     /** The available data types for the connector. */
     dataTypes: McasDataConnectorDataTypes;
-};
+}
 
 /** Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request. */
-export declare type MdatpCheckRequirements = DataConnectorsCheckRequirements & {
+export declare interface MdatpCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "MicrosoftDefenderAdvancedThreatProtection";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 
 /** MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. */
-export declare type MdatpCheckRequirementsProperties = DataConnectorTenantId & {};
+export declare interface MdatpCheckRequirementsProperties extends DataConnectorTenantId {
+}
 
 /** Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. */
-export declare type MdatpDataConnector = DataConnector & {
+export declare interface MdatpDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "MicrosoftDefenderAdvancedThreatProtection";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: AlertsDataTypeOfDataConnector;
-};
+}
 
 /** MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. */
-export declare type MdatpDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {};
+export declare interface MdatpDataConnectorProperties extends DataConnectorTenantId, DataConnectorWithAlertsProperties {
+}
 
 /** Interface representing a Metadata. */
 export declare interface Metadata {
@@ -6205,7 +7164,7 @@ export declare interface MetadataListOptionalParams extends coreClient.Operation
 export declare type MetadataListResponse = MetadataList;
 
 /** Metadata resource definition. */
-export declare type MetadataModel = ResourceWithEtag & {
+export declare interface MetadataModel extends ResourceWithEtag {
     /** Static ID for the content.  Used to identify dependencies and content from solutions or community.  Hard-coded/static for out of the box content and solutions. Dynamic for user-created.  This is the resource name */
     contentId?: string;
     /** Full parent resource ID of the content item the metadata is for.  This is the full resource ID including the scope (subscription and resource group) */
@@ -6244,10 +7203,10 @@ export declare type MetadataModel = ResourceWithEtag & {
     previewImages?: string[];
     /** preview image file names. These will be taken from the solution artifacts. used for dark theme support */
     previewImagesDark?: string[];
-};
+}
 
 /** Metadata patch request body. */
-export declare type MetadataPatch = ResourceWithEtag & {
+export declare interface MetadataPatch extends ResourceWithEtag {
     /** Static ID for the content.  Used to identify dependencies and content from solutions or community.  Hard-coded/static for out of the box content and solutions. Dynamic for user-created.  This is the resource name */
     contentId?: string;
     /** Full parent resource ID of the content item the metadata is for.  This is the full resource ID including the scope (subscription and resource group) */
@@ -6286,7 +7245,7 @@ export declare type MetadataPatch = ResourceWithEtag & {
     previewImages?: string[];
     /** preview image file names. These will be taken from the solution artifacts. used for dark theme support */
     previewImagesDark?: string[];
-};
+}
 
 /** The original source of the content item, where it comes from. */
 export declare interface MetadataSource {
@@ -6318,7 +7277,9 @@ export declare interface MetadataUpdateOptionalParams extends coreClient.Operati
 export declare type MetadataUpdateResponse = MetadataModel;
 
 /** Represents MicrosoftSecurityIncidentCreation rule. */
-export declare type MicrosoftSecurityIncidentCreationAlertRule = AlertRule & {
+export declare interface MicrosoftSecurityIncidentCreationAlertRule extends AlertRule {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "MicrosoftSecurityIncidentCreation";
     /** the alerts' displayNames on which the cases will be generated */
     displayNamesFilter?: string[];
     /** the alerts' displayNames on which the cases will not be generated */
@@ -6340,7 +7301,7 @@ export declare type MicrosoftSecurityIncidentCreationAlertRule = AlertRule & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly lastModifiedUtc?: Date;
-};
+}
 
 /** MicrosoftSecurityIncidentCreation rule common property bag. */
 export declare interface MicrosoftSecurityIncidentCreationAlertRuleCommonProperties {
@@ -6355,7 +7316,7 @@ export declare interface MicrosoftSecurityIncidentCreationAlertRuleCommonPropert
 }
 
 /** MicrosoftSecurityIncidentCreation rule property bag. */
-export declare type MicrosoftSecurityIncidentCreationAlertRuleProperties = MicrosoftSecurityIncidentCreationAlertRuleCommonProperties & {
+export declare interface MicrosoftSecurityIncidentCreationAlertRuleProperties extends MicrosoftSecurityIncidentCreationAlertRuleCommonProperties {
     /** The Name of the alert rule template used to create this rule. */
     alertRuleTemplateName?: string;
     /** The description of the alert rule. */
@@ -6369,10 +7330,12 @@ export declare type MicrosoftSecurityIncidentCreationAlertRuleProperties = Micro
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly lastModifiedUtc?: Date;
-};
+}
 
 /** Represents MicrosoftSecurityIncidentCreation rule template. */
-export declare type MicrosoftSecurityIncidentCreationAlertRuleTemplate = AlertRuleTemplate & {
+export declare interface MicrosoftSecurityIncidentCreationAlertRuleTemplate extends AlertRuleTemplate {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "MicrosoftSecurityIncidentCreation";
     /** the number of alert rules that were created by this template */
     alertRulesCreatedByTemplateCount?: number;
     /**
@@ -6401,10 +7364,10 @@ export declare type MicrosoftSecurityIncidentCreationAlertRuleTemplate = AlertRu
     productFilter?: MicrosoftSecurityProductName;
     /** the alerts' severities on which the cases will be generated */
     severitiesFilter?: AlertSeverity[];
-};
+}
 
 /** MicrosoftSecurityIncidentCreation rule template properties */
-export declare type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = AlertRuleTemplatePropertiesBase & {
+export declare interface MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties extends AlertRuleTemplatePropertiesBase {
     /** the alerts' displayNames on which the cases will be generated */
     displayNamesFilter?: string[];
     /** the alerts' displayNames on which the cases will not be generated */
@@ -6413,7 +7376,7 @@ export declare type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties
     productFilter?: MicrosoftSecurityProductName;
     /** the alerts' severities on which the cases will be generated */
     severitiesFilter?: AlertSeverity[];
-};
+}
 
 /**
  * Defines values for MicrosoftSecurityProductName. \
@@ -6431,7 +7394,9 @@ export declare type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties
 export declare type MicrosoftSecurityProductName = string;
 
 /** Represents MLBehaviorAnalytics alert rule. */
-export declare type MLBehaviorAnalyticsAlertRule = AlertRule & {
+export declare interface MLBehaviorAnalyticsAlertRule extends AlertRule {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "MLBehaviorAnalytics";
     /** The Name of the alert rule template used to create this rule. */
     alertRuleTemplateName?: string;
     /**
@@ -6466,10 +7431,12 @@ export declare type MLBehaviorAnalyticsAlertRule = AlertRule & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly techniques?: string[];
-};
+}
 
 /** Represents MLBehaviorAnalytics alert rule template. */
-export declare type MLBehaviorAnalyticsAlertRuleTemplate = AlertRuleTemplate & {
+export declare interface MLBehaviorAnalyticsAlertRuleTemplate extends AlertRuleTemplate {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "MLBehaviorAnalytics";
     /** the number of alert rules that were created by this template */
     alertRulesCreatedByTemplateCount?: number;
     /**
@@ -6496,32 +7463,35 @@ export declare type MLBehaviorAnalyticsAlertRuleTemplate = AlertRuleTemplate & {
     techniques?: string[];
     /** The severity for alerts created by this alert rule. */
     severity?: AlertSeverity;
-};
+}
 
 /** MLBehaviorAnalytics alert rule template properties. */
-export declare type MLBehaviorAnalyticsAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & {
+export declare interface MLBehaviorAnalyticsAlertRuleTemplateProperties extends AlertRuleTemplateWithMitreProperties {
     /** The severity for alerts created by this alert rule. */
     severity: AlertSeverity;
-};
+}
 
 /** Represents Microsoft Threat Intelligence requirements check request. */
-export declare type MstiCheckRequirements = DataConnectorsCheckRequirements & {
+export declare interface MstiCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "MicrosoftThreatIntelligence";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 
 /** Microsoft Threat Intelligence requirements check properties. */
-export declare type MstiCheckRequirementsProperties = DataConnectorTenantId & {};
+export declare interface MstiCheckRequirementsProperties extends DataConnectorTenantId {
+}
 
 /** Represents Microsoft Threat Intelligence data connector. */
-export declare type MstiDataConnector = DataConnector & {
+export declare interface MstiDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "MicrosoftThreatIntelligence";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: MstiDataConnectorDataTypes;
-};
+}
 
 /** The available data types for Microsoft Threat Intelligence Platforms data connector. */
 export declare interface MstiDataConnectorDataTypes {
@@ -6532,41 +7502,44 @@ export declare interface MstiDataConnectorDataTypes {
 }
 
 /** Data type for Microsoft Threat Intelligence Platforms data connector. */
-export declare type MstiDataConnectorDataTypesBingSafetyPhishingURL = DataConnectorDataTypeCommon & {
+export declare interface MstiDataConnectorDataTypesBingSafetyPhishingURL extends DataConnectorDataTypeCommon {
     /** lookback period */
     lookbackPeriod: string;
-};
+}
 
 /** Data type for Microsoft Threat Intelligence Platforms data connector. */
-export declare type MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed = DataConnectorDataTypeCommon & {
+export declare interface MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed extends DataConnectorDataTypeCommon {
     /** lookback period */
     lookbackPeriod: string;
-};
+}
 
 /** Microsoft Threat Intelligence data connector properties. */
-export declare type MstiDataConnectorProperties = DataConnectorTenantId & {
+export declare interface MstiDataConnectorProperties extends DataConnectorTenantId {
     /** The available data types for the connector. */
     dataTypes: MstiDataConnectorDataTypes;
-};
+}
 
 /** Represents MTP (Microsoft Threat Protection) requirements check request. */
-export declare type MtpCheckRequirements = DataConnectorsCheckRequirements & {
+export declare interface MtpCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "MicrosoftThreatProtection";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 
 /** MTP (Microsoft Threat Protection) requirements check properties. */
-export declare type MTPCheckRequirementsProperties = DataConnectorTenantId & {};
+export declare interface MTPCheckRequirementsProperties extends DataConnectorTenantId {
+}
 
 /** Represents MTP (Microsoft Threat Protection) data connector. */
-export declare type MTPDataConnector = DataConnector & {
+export declare interface MTPDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "MicrosoftThreatProtection";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: MTPDataConnectorDataTypes;
-};
+}
 
 /** The available data types for Microsoft Threat Protection Platforms data connector. */
 export declare interface MTPDataConnectorDataTypes {
@@ -6575,16 +7548,71 @@ export declare interface MTPDataConnectorDataTypes {
 }
 
 /** Data type for Microsoft Threat Protection Platforms data connector. */
-export declare type MTPDataConnectorDataTypesIncidents = DataConnectorDataTypeCommon & {};
+export declare interface MTPDataConnectorDataTypesIncidents extends DataConnectorDataTypeCommon {
+}
 
 /** MTP (Microsoft Threat Protection) data connector properties. */
-export declare type MTPDataConnectorProperties = DataConnectorTenantId & {
+export declare interface MTPDataConnectorProperties extends DataConnectorTenantId {
     /** The available data types for the connector. */
     dataTypes: MTPDataConnectorDataTypes;
-};
+}
+
+/** Represents an network interface entity. */
+export declare interface NicEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Nic";
+    /**
+     * A bag of custom fields that should be part of the entity and will be presented to the user.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly additionalData?: {
+        [propertyName: string]: Record<string, unknown>;
+    };
+    /**
+     * The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly friendlyName?: string;
+    /**
+     * The MAC address of this network interface
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly macAddress?: string;
+    /**
+     * The IP entity id of this network interface
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly ipAddressEntityId?: string;
+    /**
+     * A list of VLANs of the network interface entity.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly vlans?: string[];
+}
+
+/** Nic entity property bag. */
+export declare interface NicEntityProperties extends EntityCommonProperties {
+    /**
+     * The MAC address of this network interface
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly macAddress?: string;
+    /**
+     * The IP entity id of this network interface
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly ipAddressEntityId?: string;
+    /**
+     * A list of VLANs of the network interface entity.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly vlans?: string[];
+}
 
 /** Represents NRT alert rule. */
-export declare type NrtAlertRule = AlertRule & {
+export declare interface NrtAlertRule extends AlertRule {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "NRT";
     /** The Name of the alert rule template used to create this rule. */
     alertRuleTemplateName?: string;
     /** The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2> */
@@ -6622,10 +7650,14 @@ export declare type NrtAlertRule = AlertRule & {
     entityMappings?: EntityMapping[];
     /** The alert details override settings */
     alertDetailsOverride?: AlertDetailsOverride;
-};
+    /** The event grouping settings. */
+    eventGroupingSettings?: EventGroupingSettings;
+}
 
 /** Represents NRT alert rule template. */
-export declare type NrtAlertRuleTemplate = AlertRuleTemplate & {
+export declare interface NrtAlertRuleTemplate extends AlertRuleTemplate {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "NRT";
     /** the number of alert rules that were created by this template */
     alertRulesCreatedByTemplateCount?: number;
     /**
@@ -6664,21 +7696,25 @@ export declare type NrtAlertRuleTemplate = AlertRuleTemplate & {
     entityMappings?: EntityMapping[];
     /** The alert details override settings */
     alertDetailsOverride?: AlertDetailsOverride;
-};
+    /** The event grouping settings. */
+    eventGroupingSettings?: EventGroupingSettings;
+}
 
 /** NRT alert rule template properties */
-export declare type NrtAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & QueryBasedAlertRuleTemplateProperties & {};
+export declare interface NrtAlertRuleTemplateProperties extends AlertRuleTemplateWithMitreProperties, QueryBasedAlertRuleTemplateProperties {
+}
 
 /** Represents Office365 Project requirements check request. */
-export declare type Office365ProjectCheckRequirements = DataConnectorsCheckRequirements & {
+export declare interface Office365ProjectCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "Office365Project";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 
 /** Office365 Project requirements check properties. */
-export declare type Office365ProjectCheckRequirementsProperties = DataConnectorTenantId & {};
+export declare interface Office365ProjectCheckRequirementsProperties extends DataConnectorTenantId {
+}
 
 /** The available data types for Office Microsoft Project data connector. */
 export declare interface Office365ProjectConnectorDataTypes {
@@ -6687,51 +7723,58 @@ export declare interface Office365ProjectConnectorDataTypes {
 }
 
 /** Logs data type. */
-export declare type Office365ProjectConnectorDataTypesLogs = DataConnectorDataTypeCommon & {};
+export declare interface Office365ProjectConnectorDataTypesLogs extends DataConnectorDataTypeCommon {
+}
 
 /** Represents Office Microsoft Project data connector. */
-export declare type Office365ProjectDataConnector = DataConnector & {
+export declare interface Office365ProjectDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Office365Project";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: Office365ProjectConnectorDataTypes;
-};
+}
 
 /** Office Microsoft Project data connector properties. */
-export declare type Office365ProjectDataConnectorProperties = DataConnectorTenantId & {
+export declare interface Office365ProjectDataConnectorProperties extends DataConnectorTenantId {
     /** The available data types for the connector. */
     dataTypes: Office365ProjectConnectorDataTypes;
-};
+}
 
 /** Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request. */
-export declare type OfficeATPCheckRequirements = DataConnectorsCheckRequirements & {
+export declare interface OfficeATPCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "OfficeATP";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 
 /** OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. */
-export declare type OfficeATPCheckRequirementsProperties = DataConnectorTenantId & {};
+export declare interface OfficeATPCheckRequirementsProperties extends DataConnectorTenantId {
+}
 
 /** Represents OfficeATP (Office 365 Advanced Threat Protection) data connector. */
-export declare type OfficeATPDataConnector = DataConnector & {
+export declare interface OfficeATPDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "OfficeATP";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: AlertsDataTypeOfDataConnector;
-};
+}
 
 /** OfficeATP (Office 365 Advanced Threat Protection) data connector properties. */
-export declare type OfficeATPDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {};
+export declare interface OfficeATPDataConnectorProperties extends DataConnectorTenantId, DataConnectorWithAlertsProperties {
+}
 
 /** Consent for Office365 tenant that already made. */
-export declare type OfficeConsent = Resource & {
+export declare interface OfficeConsent extends Resource {
     /** The tenantId of the Office365 with the consent. */
     tenantId?: string;
     /** Help to easily cascade among the data layers. */
     consentId?: string;
-};
+}
 
 /** List of all the office365 consents. */
 export declare interface OfficeConsentList {
@@ -6797,12 +7840,14 @@ export declare interface OfficeConsentsListOptionalParams extends coreClient.Ope
 export declare type OfficeConsentsListResponse = OfficeConsentList;
 
 /** Represents office data connector. */
-export declare type OfficeDataConnector = DataConnector & {
+export declare interface OfficeDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Office365";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: OfficeDataConnectorDataTypes;
-};
+}
 
 /** The available data types for office data connector. */
 export declare interface OfficeDataConnectorDataTypes {
@@ -6815,52 +7860,60 @@ export declare interface OfficeDataConnectorDataTypes {
 }
 
 /** Exchange data type connection. */
-export declare type OfficeDataConnectorDataTypesExchange = DataConnectorDataTypeCommon & {};
+export declare interface OfficeDataConnectorDataTypesExchange extends DataConnectorDataTypeCommon {
+}
 
 /** SharePoint data type connection. */
-export declare type OfficeDataConnectorDataTypesSharePoint = DataConnectorDataTypeCommon & {};
+export declare interface OfficeDataConnectorDataTypesSharePoint extends DataConnectorDataTypeCommon {
+}
 
 /** Teams data type connection. */
-export declare type OfficeDataConnectorDataTypesTeams = DataConnectorDataTypeCommon & {};
+export declare interface OfficeDataConnectorDataTypesTeams extends DataConnectorDataTypeCommon {
+}
 
 /** Office data connector properties. */
-export declare type OfficeDataConnectorProperties = DataConnectorTenantId & {
+export declare interface OfficeDataConnectorProperties extends DataConnectorTenantId {
     /** The available data types for the connector. */
     dataTypes: OfficeDataConnectorDataTypes;
-};
+}
 
 /** Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request. */
-export declare type OfficeIRMCheckRequirements = DataConnectorsCheckRequirements & {
+export declare interface OfficeIRMCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "OfficeIRM";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 
 /** OfficeIRM (Microsoft Insider Risk Management) requirements check properties. */
-export declare type OfficeIRMCheckRequirementsProperties = DataConnectorTenantId & {};
+export declare interface OfficeIRMCheckRequirementsProperties extends DataConnectorTenantId {
+}
 
 /** Represents OfficeIRM (Microsoft Insider Risk Management) data connector. */
-export declare type OfficeIRMDataConnector = DataConnector & {
+export declare interface OfficeIRMDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "OfficeIRM";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: AlertsDataTypeOfDataConnector;
-};
+}
 
 /** OfficeIRM (Microsoft Insider Risk Management) data connector properties. */
-export declare type OfficeIRMDataConnectorProperties = DataConnectorTenantId & DataConnectorWithAlertsProperties & {};
+export declare interface OfficeIRMDataConnectorProperties extends DataConnectorTenantId, DataConnectorWithAlertsProperties {
+}
 
 /** Represents Office PowerBI requirements check request. */
-export declare type OfficePowerBICheckRequirements = DataConnectorsCheckRequirements & {
+export declare interface OfficePowerBICheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "OfficePowerBI";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 
 /** Office PowerBI requirements check properties. */
-export declare type OfficePowerBICheckRequirementsProperties = DataConnectorTenantId & {};
+export declare interface OfficePowerBICheckRequirementsProperties extends DataConnectorTenantId {
+}
 
 /** The available data types for Office Microsoft PowerBI data connector. */
 export declare interface OfficePowerBIConnectorDataTypes {
@@ -6869,21 +7922,24 @@ export declare interface OfficePowerBIConnectorDataTypes {
 }
 
 /** Logs data type. */
-export declare type OfficePowerBIConnectorDataTypesLogs = DataConnectorDataTypeCommon & {};
+export declare interface OfficePowerBIConnectorDataTypesLogs extends DataConnectorDataTypeCommon {
+}
 
 /** Represents Office Microsoft PowerBI data connector. */
-export declare type OfficePowerBIDataConnector = DataConnector & {
+export declare interface OfficePowerBIDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "OfficePowerBI";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The available data types for the connector. */
     dataTypes?: OfficePowerBIConnectorDataTypes;
-};
+}
 
 /** Office Microsoft PowerBI data connector properties. */
-export declare type OfficePowerBIDataConnectorProperties = DataConnectorTenantId & {
+export declare interface OfficePowerBIDataConnectorProperties extends DataConnectorTenantId {
     /** The available data types for the connector. */
     dataTypes: OfficePowerBIConnectorDataTypes;
-};
+}
 
 /** Operation provided by provider */
 export declare interface Operation {
@@ -6999,14 +8055,16 @@ declare interface Permissions_2 {
 }
 export { Permissions_2 as Permissions }
 
-export declare type PermissionsCustomsItem = Customs & {};
+export declare interface PermissionsCustomsItem extends Customs {
+}
 
-export declare type PermissionsResourceProviderItem = ResourceProvider & {};
+export declare interface PermissionsResourceProviderItem extends ResourceProvider {
+}
 
 export declare interface PlaybookActionProperties {
-    /** The resource id of the playbook resource */
+    /** The resource id of the playbook resource. */
     logicAppResourceId?: string;
-    /** The tenant id of the playbook resource */
+    /** The tenant id of the playbook resource. */
     tenantId?: string;
 }
 
@@ -7022,7 +8080,9 @@ export declare interface PlaybookActionProperties {
 export declare type PollingFrequency = string;
 
 /** Represents a process entity. */
-export declare type ProcessEntity = Entity & {
+export declare interface ProcessEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Process";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -7077,10 +8137,10 @@ export declare type ProcessEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly processId?: string;
-};
+}
 
 /** Process entity property bag. */
-export declare type ProcessEntityProperties = EntityCommonProperties & {
+export declare interface ProcessEntityProperties extends EntityCommonProperties {
     /**
      * The account entity id running the processes.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -7123,7 +8183,7 @@ export declare type ProcessEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly processId?: string;
-};
+}
 
 /** Interface representing a ProductSettings. */
 export declare interface ProductSettings {
@@ -7186,12 +8246,33 @@ export declare interface ProductSettingsUpdateOptionalParams extends coreClient.
 /** Contains response data for the update operation. */
 export declare type ProductSettingsUpdateResponse = SettingsUnion;
 
+/** Describes an automation rule condition that evaluates an array property's value change */
+export declare interface PropertyArrayChangedConditionProperties extends AutomationRuleCondition {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    conditionType: "PropertyArrayChanged";
+    conditionProperties?: AutomationRulePropertyArrayChangedValuesCondition;
+}
+
+/** Describes an automation rule condition that evaluates an array property's value */
+export declare interface PropertyArrayConditionProperties extends AutomationRuleCondition {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    conditionType: "PropertyArray";
+    conditionProperties?: AutomationRulePropertyArrayValuesCondition;
+}
+
+/** Describes an automation rule condition that evaluates a property's value change */
+export declare interface PropertyChangedConditionProperties extends AutomationRuleCondition {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    conditionType: "PropertyChanged";
+    conditionProperties?: AutomationRulePropertyValuesChangedCondition;
+}
+
 /** Describes an automation rule condition that evaluates a property's value */
-export declare type PropertyConditionProperties = AutomationRuleCondition & {
+export declare interface PropertyConditionProperties extends AutomationRuleCondition {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     conditionType: "Property";
     conditionProperties?: AutomationRulePropertyValuesCondition;
-};
+}
 
 /**
  * Defines values for ProviderName. \
@@ -7207,18 +8288,6 @@ export declare type PropertyConditionProperties = AutomationRuleCondition & {
  */
 export declare type ProviderName = string;
 
-/**
- * Defines values for ProvisioningState. \
- * {@link KnownProvisioningState} can be used interchangeably with ProvisioningState,
- *  this enum contains the known values that the service supports.
- * ### Known values supported by the service
- * **Succeeded** \
- * **Failed** \
- * **Canceled** \
- * **InProgress**
- */
-export declare type ProvisioningState = string;
-
 /** Query based alert rule template base property bag. */
 export declare interface QueryBasedAlertRuleTemplateProperties {
     /** The query that creates alerts for this rule. */
@@ -7235,6 +8304,8 @@ export declare interface QueryBasedAlertRuleTemplateProperties {
     entityMappings?: EntityMapping[];
     /** The alert details override settings */
     alertDetailsOverride?: AlertDetailsOverride;
+    /** The event grouping settings. */
+    eventGroupingSettings?: EventGroupingSettings;
 }
 
 /**
@@ -7256,7 +8327,9 @@ export declare interface QueryBasedAlertRuleTemplateProperties {
 export declare type RegistryHive = string;
 
 /** Represents a registry key entity. */
-export declare type RegistryKeyEntity = Entity & {
+export declare interface RegistryKeyEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "RegistryKey";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -7279,10 +8352,10 @@ export declare type RegistryKeyEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly key?: string;
-};
+}
 
 /** RegistryKey entity property bag. */
-export declare type RegistryKeyEntityProperties = EntityCommonProperties & {
+export declare interface RegistryKeyEntityProperties extends EntityCommonProperties {
     /**
      * the hive that holds the registry key.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -7293,10 +8366,12 @@ export declare type RegistryKeyEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly key?: string;
-};
+}
 
 /** Represents a registry value entity. */
-export declare type RegistryValueEntity = Entity & {
+export declare interface RegistryValueEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "RegistryValue";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -7329,10 +8404,10 @@ export declare type RegistryValueEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly valueType?: RegistryValueKind;
-};
+}
 
 /** RegistryValue entity property bag. */
-export declare type RegistryValueEntityProperties = EntityCommonProperties & {
+export declare interface RegistryValueEntityProperties extends EntityCommonProperties {
     /**
      * The registry key entity id.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -7353,7 +8428,7 @@ export declare type RegistryValueEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly valueType?: RegistryValueKind;
-};
+}
 
 /**
  * Defines values for RegistryValueKind. \
@@ -7372,7 +8447,7 @@ export declare type RegistryValueEntityProperties = EntityCommonProperties & {
 export declare type RegistryValueKind = string;
 
 /** Represents a relation between two resources */
-export declare type Relation = ResourceWithEtag & {
+export declare interface Relation extends ResourceWithEtag {
     /** The resource ID of the related resource */
     relatedResourceId?: string;
     /**
@@ -7390,7 +8465,7 @@ export declare type Relation = ResourceWithEtag & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly relatedResourceKind?: string;
-};
+}
 
 /** List of relations. */
 export declare interface RelationList {
@@ -7509,10 +8584,10 @@ export declare interface ResourceProvider {
 }
 
 /** An azure resource object with an Etag property */
-export declare type ResourceWithEtag = Resource & {
+export declare interface ResourceWithEtag extends Resource {
     /** Etag of the azure resource */
     etag?: string;
-};
+}
 
 /** The sample queries for the connector */
 export declare interface SampleQueries {
@@ -7523,7 +8598,9 @@ export declare interface SampleQueries {
 }
 
 /** Represents scheduled alert rule. */
-export declare type ScheduledAlertRule = AlertRule & {
+export declare interface ScheduledAlertRule extends AlertRule {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Scheduled";
     /** The query that creates alerts for this rule. */
     query?: string;
     /** The frequency (in ISO 8601 duration format) for this alert rule to run. */
@@ -7571,7 +8648,7 @@ export declare type ScheduledAlertRule = AlertRule & {
     techniques?: string[];
     /** The settings of the incidents that created from alerts triggered by this analytics rule */
     incidentConfiguration?: IncidentConfiguration;
-};
+}
 
 /** Scheduled alert rule template property bag. */
 export declare interface ScheduledAlertRuleCommonProperties {
@@ -7600,7 +8677,7 @@ export declare interface ScheduledAlertRuleCommonProperties {
 }
 
 /** Scheduled alert rule base property bag. */
-export declare type ScheduledAlertRuleProperties = ScheduledAlertRuleCommonProperties & {
+export declare interface ScheduledAlertRuleProperties extends ScheduledAlertRuleCommonProperties {
     /** The Name of the alert rule template used to create this rule. */
     alertRuleTemplateName?: string;
     /** The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2> */
@@ -7626,10 +8703,12 @@ export declare type ScheduledAlertRuleProperties = ScheduledAlertRuleCommonPrope
     techniques?: string[];
     /** The settings of the incidents that created from alerts triggered by this analytics rule */
     incidentConfiguration?: IncidentConfiguration;
-};
+}
 
 /** Represents scheduled alert rule template. */
-export declare type ScheduledAlertRuleTemplate = AlertRuleTemplate & {
+export declare interface ScheduledAlertRuleTemplate extends AlertRuleTemplate {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Scheduled";
     /** the number of alert rules that were created by this template */
     alertRulesCreatedByTemplateCount?: number;
     /**
@@ -7678,10 +8757,12 @@ export declare type ScheduledAlertRuleTemplate = AlertRuleTemplate & {
     entityMappings?: EntityMapping[];
     /** The alert details override settings */
     alertDetailsOverride?: AlertDetailsOverride;
-};
+}
 
 /** Represents a security alert entity. */
-export declare type SecurityAlert = Entity & {
+export declare interface SecurityAlert extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "SecurityAlert";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -7816,10 +8897,10 @@ export declare type SecurityAlert = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly resourceIdentifiers?: Record<string, unknown>[];
-};
+}
 
 /** SecurityAlert entity property bag. */
-export declare type SecurityAlertProperties = EntityCommonProperties & {
+export declare interface SecurityAlertProperties extends EntityCommonProperties {
     /**
      * The display name of the alert.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -7942,7 +9023,7 @@ export declare type SecurityAlertProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly resourceIdentifiers?: Record<string, unknown>[];
-};
+}
 
 /** confidence reason item */
 export declare interface SecurityAlertPropertiesConfidenceReasonsItem {
@@ -7959,7 +9040,7 @@ export declare interface SecurityAlertPropertiesConfidenceReasonsItem {
 }
 
 /** Represents security alert timeline item. */
-export declare type SecurityAlertTimelineItem = EntityTimelineItem & {
+export declare interface SecurityAlertTimelineItem extends EntityTimelineItem {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "SecurityAlert";
     /** The alert azure resource id. */
@@ -7980,10 +9061,12 @@ export declare type SecurityAlertTimelineItem = EntityTimelineItem & {
     timeGenerated: Date;
     /** The name of the alert type. */
     alertType: string;
-};
+}
 
 /** Represents a security group entity. */
-export declare type SecurityGroupEntity = Entity & {
+export declare interface SecurityGroupEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "SecurityGroup";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -8011,10 +9094,10 @@ export declare type SecurityGroupEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly sid?: string;
-};
+}
 
 /** SecurityGroup entity property bag. */
-export declare type SecurityGroupEntityProperties = EntityCommonProperties & {
+export declare interface SecurityGroupEntityProperties extends EntityCommonProperties {
     /**
      * The group distinguished name
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -8030,7 +9113,7 @@ export declare type SecurityGroupEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly sid?: string;
-};
+}
 
 export declare class SecurityInsights extends coreClient.ServiceClient {
     $host: string;
@@ -8043,6 +9126,8 @@ export declare class SecurityInsights extends coreClient.ServiceClient {
      * @param options The parameter options
      */
     constructor(credentials: coreAuth.TokenCredential, subscriptionId: string, options?: SecurityInsightsOptionalParams);
+    /** A function that adds a policy that sets the api-version (or equivalent) to reflect the library version. */
+    private addCustomApiVersionPolicy;
     alertRules: AlertRules;
     actions: Actions;
     alertRuleTemplates: AlertRuleTemplates;
@@ -8059,11 +9144,13 @@ export declare class SecurityInsights extends coreClient.ServiceClient {
     entityRelations: EntityRelations;
     entityQueries: EntityQueries;
     entityQueryTemplates: EntityQueryTemplates;
+    fileImports: FileImports;
     incidentComments: IncidentComments;
     incidentRelations: IncidentRelations;
     metadata: Metadata;
     officeConsents: OfficeConsents;
     sentinelOnboardingStates: SentinelOnboardingStates;
+    securityMLAnalyticsSettings: SecurityMLAnalyticsSettings;
     productSettings: ProductSettings;
     sourceControlOperations: SourceControlOperations;
     sourceControls: SourceControls;
@@ -8087,11 +9174,115 @@ export declare interface SecurityInsightsOptionalParams extends coreClient.Servi
     endpoint?: string;
 }
 
+/** Security ML Analytics Setting */
+export declare interface SecurityMLAnalyticsSetting extends ResourceWithEtag {
+    /** The kind of security ML Analytics Settings */
+    kind: SecurityMLAnalyticsSettingsKind;
+}
+
+/** Interface representing a SecurityMLAnalyticsSettings. */
+export declare interface SecurityMLAnalyticsSettings {
+    /**
+     * Gets all Security ML Analytics Settings.
+     * @param resourceGroupName The name of the resource group. The name is case insensitive.
+     * @param workspaceName The name of the workspace.
+     * @param options The options parameters.
+     */
+    list(resourceGroupName: string, workspaceName: string, options?: SecurityMLAnalyticsSettingsListOptionalParams): PagedAsyncIterableIterator<SecurityMLAnalyticsSettingUnion>;
+    /**
+     * Gets the Security ML Analytics Settings.
+     * @param resourceGroupName The name of the resource group. The name is case insensitive.
+     * @param workspaceName The name of the workspace.
+     * @param settingsResourceName Security ML Analytics Settings resource name
+     * @param options The options parameters.
+     */
+    get(resourceGroupName: string, workspaceName: string, settingsResourceName: string, options?: SecurityMLAnalyticsSettingsGetOptionalParams): Promise<SecurityMLAnalyticsSettingsGetResponse>;
+    /**
+     * Creates or updates the Security ML Analytics Settings.
+     * @param resourceGroupName The name of the resource group. The name is case insensitive.
+     * @param workspaceName The name of the workspace.
+     * @param settingsResourceName Security ML Analytics Settings resource name
+     * @param securityMLAnalyticsSetting The security ML Analytics setting
+     * @param options The options parameters.
+     */
+    createOrUpdate(resourceGroupName: string, workspaceName: string, settingsResourceName: string, securityMLAnalyticsSetting: SecurityMLAnalyticsSettingUnion, options?: SecurityMLAnalyticsSettingsCreateOrUpdateOptionalParams): Promise<SecurityMLAnalyticsSettingsCreateOrUpdateResponse>;
+    /**
+     * Delete the Security ML Analytics Settings.
+     * @param resourceGroupName The name of the resource group. The name is case insensitive.
+     * @param workspaceName The name of the workspace.
+     * @param settingsResourceName Security ML Analytics Settings resource name
+     * @param options The options parameters.
+     */
+    delete(resourceGroupName: string, workspaceName: string, settingsResourceName: string, options?: SecurityMLAnalyticsSettingsDeleteOptionalParams): Promise<void>;
+}
+
+/** Optional parameters. */
+export declare interface SecurityMLAnalyticsSettingsCreateOrUpdateOptionalParams extends coreClient.OperationOptions {
+}
+
+/** Contains response data for the createOrUpdate operation. */
+export declare type SecurityMLAnalyticsSettingsCreateOrUpdateResponse = SecurityMLAnalyticsSettingUnion;
+
+/** security ml analytics settings data sources */
+export declare interface SecurityMLAnalyticsSettingsDataSource {
+    /** The connector id that provides the following data types */
+    connectorId?: string;
+    /** The data types used by the security ml analytics settings */
+    dataTypes?: string[];
+}
+
+/** Optional parameters. */
+export declare interface SecurityMLAnalyticsSettingsDeleteOptionalParams extends coreClient.OperationOptions {
+}
+
+/** Optional parameters. */
+export declare interface SecurityMLAnalyticsSettingsGetOptionalParams extends coreClient.OperationOptions {
+}
+
+/** Contains response data for the get operation. */
+export declare type SecurityMLAnalyticsSettingsGetResponse = SecurityMLAnalyticsSettingUnion;
+
+/**
+ * Defines values for SecurityMLAnalyticsSettingsKind. \
+ * {@link KnownSecurityMLAnalyticsSettingsKind} can be used interchangeably with SecurityMLAnalyticsSettingsKind,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Anomaly**
+ */
+export declare type SecurityMLAnalyticsSettingsKind = string;
+
+/** List all the SecurityMLAnalyticsSettings */
+export declare interface SecurityMLAnalyticsSettingsList {
+    /**
+     * URL to fetch the next set of SecurityMLAnalyticsSettings.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly nextLink?: string;
+    /** Array of SecurityMLAnalyticsSettings */
+    value: SecurityMLAnalyticsSettingUnion[];
+}
+
+/** Optional parameters. */
+export declare interface SecurityMLAnalyticsSettingsListNextOptionalParams extends coreClient.OperationOptions {
+}
+
+/** Contains response data for the listNext operation. */
+export declare type SecurityMLAnalyticsSettingsListNextResponse = SecurityMLAnalyticsSettingsList;
+
+/** Optional parameters. */
+export declare interface SecurityMLAnalyticsSettingsListOptionalParams extends coreClient.OperationOptions {
+}
+
+/** Contains response data for the list operation. */
+export declare type SecurityMLAnalyticsSettingsListResponse = SecurityMLAnalyticsSettingsList;
+
+export declare type SecurityMLAnalyticsSettingUnion = SecurityMLAnalyticsSetting | AnomalySecurityMLAnalyticsSettings;
+
 /** Sentinel onboarding state */
-export declare type SentinelOnboardingState = ResourceWithEtag & {
+export declare interface SentinelOnboardingState extends ResourceWithEtag {
     /** Flag that indicates the status of the CMK setting */
     customerManagedKey?: boolean;
-};
+}
 
 /** Interface representing a SentinelOnboardingStates. */
 export declare interface SentinelOnboardingStates {
@@ -8180,10 +9371,20 @@ export declare interface SettingList {
 }
 
 /** The Setting. */
-export declare type Settings = ResourceWithEtag & {
+export declare interface Settings extends ResourceWithEtag {
     /** The kind of the setting */
     kind: SettingKind;
-};
+}
+
+/**
+ * Defines values for SettingsStatus. \
+ * {@link KnownSettingsStatus} can be used interchangeably with SettingsStatus,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Production**: Anomaly settings status in Production mode \
+ * **Flighting**: Anomaly settings status in Flighting mode
+ */
+export declare type SettingsStatus = string;
 
 export declare type SettingsUnion = Settings | Anomalies | EyesOn | EntityAnalytics | Ueba;
 
@@ -8198,26 +9399,8 @@ export declare type SettingsUnion = Settings | Anomalies | EyesOn | EntityAnalyt
  */
 export declare type SettingType = string;
 
-/** The pricing tier of the solution */
-export declare interface Sku {
-    /** The kind of the tier */
-    name?: SkuKind;
-    /** The amount of reservation level */
-    capacityReservationLevel?: number;
-}
-
-/**
- * Defines values for SkuKind. \
- * {@link KnownSkuKind} can be used interchangeably with SkuKind,
- *  this enum contains the known values that the service supports.
- * ### Known values supported by the service
- * **PerGB** \
- * **CapacityReservation**
- */
-export declare type SkuKind = string;
-
 /** Represents a SourceControl in Azure Security Insights. */
-export declare type SourceControl = ResourceWithEtag & {
+export declare interface SourceControl extends ResourceWithEtag {
     /** The id (a Guid) of the source control */
     idPropertiesId?: string;
     /** The version number associated with the source control */
@@ -8236,7 +9419,7 @@ export declare type SourceControl = ResourceWithEtag & {
     repositoryResourceInfo?: RepositoryResourceInfo;
     /** Information regarding the latest deployment for the source control. */
     lastDeploymentInfo?: DeploymentInfo;
-};
+}
 
 /** List all the source controls. */
 export declare interface SourceControlList {
@@ -8366,7 +9549,9 @@ export declare type SourceKind = string;
 export declare type SourceType = string;
 
 /** Represents a submission mail entity. */
-export declare type SubmissionMailEntity = Entity & {
+export declare interface SubmissionMailEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "SubmissionMail";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -8429,10 +9614,10 @@ export declare type SubmissionMailEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly reportType?: string;
-};
+}
 
 /** Submission mail entity property bag. */
-export declare type SubmissionMailEntityProperties = EntityCommonProperties & {
+export declare interface SubmissionMailEntityProperties extends EntityCommonProperties {
     /**
      * The network message id of email to which submission belongs
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -8483,7 +9668,7 @@ export declare type SubmissionMailEntityProperties = EntityCommonProperties & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly reportType?: string;
-};
+}
 
 /**
  * Defines values for SupportTier. \
@@ -8599,7 +9784,9 @@ export declare interface ThreatIntelligence {
 }
 
 /** Represents Threat Intelligence alert rule. */
-export declare type ThreatIntelligenceAlertRule = AlertRule & {
+export declare interface ThreatIntelligenceAlertRule extends AlertRule {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "ThreatIntelligence";
     /** The Name of the alert rule template used to create this rule. */
     alertRuleTemplateName?: string;
     /**
@@ -8634,10 +9821,12 @@ export declare type ThreatIntelligenceAlertRule = AlertRule & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly techniques?: string[];
-};
+}
 
 /** Represents Threat Intelligence alert rule template. */
-export declare type ThreatIntelligenceAlertRuleTemplate = AlertRuleTemplate & {
+export declare interface ThreatIntelligenceAlertRuleTemplate extends AlertRuleTemplate {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "ThreatIntelligence";
     /** the number of alert rules that were created by this template */
     alertRulesCreatedByTemplateCount?: number;
     /**
@@ -8664,13 +9853,13 @@ export declare type ThreatIntelligenceAlertRuleTemplate = AlertRuleTemplate & {
     techniques?: string[];
     /** The severity for alerts created by this alert rule. */
     severity?: AlertSeverity;
-};
+}
 
 /** Threat Intelligence alert rule template properties */
-export declare type ThreatIntelligenceAlertRuleTemplateProperties = AlertRuleTemplateWithMitreProperties & {
+export declare interface ThreatIntelligenceAlertRuleTemplateProperties extends AlertRuleTemplateWithMitreProperties {
     /** The severity for alerts created by this alert rule. */
     severity: AlertSeverity;
-};
+}
 
 /** Array of tags to be appended to the threat intelligence indicator. */
 export declare interface ThreatIntelligenceAppendTags {
@@ -8848,7 +10037,9 @@ export declare interface ThreatIntelligenceIndicatorMetricsListOptionalParams ex
 export declare type ThreatIntelligenceIndicatorMetricsListResponse = ThreatIntelligenceMetricsList;
 
 /** Threat intelligence indicator entity. */
-export declare type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInformation & {
+export declare interface ThreatIntelligenceIndicatorModel extends ThreatIntelligenceInformation {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "indicator";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -8919,10 +10110,10 @@ export declare type ThreatIntelligenceIndicatorModel = ThreatIntelligenceInforma
     extensions?: {
         [propertyName: string]: any;
     };
-};
+}
 
 /** Describes threat intelligence entity properties */
-export declare type ThreatIntelligenceIndicatorProperties = EntityCommonProperties & {
+export declare interface ThreatIntelligenceIndicatorProperties extends EntityCommonProperties {
     /** List of tags */
     threatIntelligenceTags?: string[];
     /** Last updated time in UTC */
@@ -8981,7 +10172,7 @@ export declare type ThreatIntelligenceIndicatorProperties = EntityCommonProperti
     extensions?: {
         [propertyName: string]: any;
     };
-};
+}
 
 /** Optional parameters. */
 export declare interface ThreatIntelligenceIndicatorQueryIndicatorsNextOptionalParams extends coreClient.OperationOptions {
@@ -9046,10 +10237,10 @@ export declare interface ThreatIntelligenceIndicatorsListOptionalParams extends
 export declare type ThreatIntelligenceIndicatorsListResponse = ThreatIntelligenceInformationList;
 
 /** Threat intelligence information object. */
-export declare type ThreatIntelligenceInformation = ResourceWithEtag & {
+export declare interface ThreatIntelligenceInformation extends ResourceWithEtag {
     /** The kind of the entity. */
     kind: ThreatIntelligenceResourceKindEnum;
-};
+}
 
 /** List of all the threat intelligence information objects. */
 export declare interface ThreatIntelligenceInformationList {
@@ -9149,25 +10340,28 @@ export declare interface ThreatIntelligenceSortingCriteria {
 export declare type ThreatIntelligenceSortingCriteriaEnum = string;
 
 /** Threat Intelligence Platforms data connector check requirements */
-export declare type TICheckRequirements = DataConnectorsCheckRequirements & {
+export declare interface TICheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "ThreatIntelligence";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 
 /** Threat Intelligence Platforms data connector required properties. */
-export declare type TICheckRequirementsProperties = DataConnectorTenantId & {};
+export declare interface TICheckRequirementsProperties extends DataConnectorTenantId {
+}
 
 /** Represents threat intelligence data connector. */
-export declare type TIDataConnector = DataConnector & {
+export declare interface TIDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "ThreatIntelligence";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The lookback period for the feed to be imported. */
     tipLookbackPeriod?: Date;
     /** The available data types for the connector. */
     dataTypes?: TIDataConnectorDataTypes;
-};
+}
 
 /** The available data types for TI (Threat Intelligence) data connector. */
 export declare interface TIDataConnectorDataTypes {
@@ -9176,15 +10370,16 @@ export declare interface TIDataConnectorDataTypes {
 }
 
 /** Data type for indicators connection. */
-export declare type TIDataConnectorDataTypesIndicators = DataConnectorDataTypeCommon & {};
+export declare interface TIDataConnectorDataTypesIndicators extends DataConnectorDataTypeCommon {
+}
 
 /** TI (Threat Intelligence) data connector properties. */
-export declare type TIDataConnectorProperties = DataConnectorTenantId & {
+export declare interface TIDataConnectorProperties extends DataConnectorTenantId {
     /** The lookback period for the feed to be imported. */
     tipLookbackPeriod?: Date;
     /** The available data types for the connector. */
     dataTypes: TIDataConnectorDataTypes;
-};
+}
 
 /** timeline aggregation information per kind */
 export declare interface TimelineAggregation {
@@ -9215,18 +10410,21 @@ export declare interface TimelineResultsMetadata {
 }
 
 /** Threat Intelligence TAXII data connector check requirements */
-export declare type TiTaxiiCheckRequirements = DataConnectorsCheckRequirements & {
+export declare interface TiTaxiiCheckRequirements extends DataConnectorsCheckRequirements {
     /** Polymorphic discriminator, which specifies the different types this object can be */
     kind: "ThreatIntelligenceTaxii";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
-};
+}
 
 /** Threat Intelligence TAXII data connector required properties. */
-export declare type TiTaxiiCheckRequirementsProperties = DataConnectorTenantId & {};
+export declare interface TiTaxiiCheckRequirementsProperties extends DataConnectorTenantId {
+}
 
 /** Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server */
-export declare type TiTaxiiDataConnector = DataConnector & {
+export declare interface TiTaxiiDataConnector extends DataConnector {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "ThreatIntelligenceTaxii";
     /** The tenant id to connect to, and get the data from. */
     tenantId?: string;
     /** The workspace id. */
@@ -9247,7 +10445,7 @@ export declare type TiTaxiiDataConnector = DataConnector & {
     pollingFrequency?: PollingFrequency;
     /** The available data types for Threat Intelligence TAXII data connector. */
     dataTypes?: TiTaxiiDataConnectorDataTypes;
-};
+}
 
 /** The available data types for Threat Intelligence TAXII data connector. */
 export declare interface TiTaxiiDataConnectorDataTypes {
@@ -9256,10 +10454,11 @@ export declare interface TiTaxiiDataConnectorDataTypes {
 }
 
 /** Data type for TAXII connector. */
-export declare type TiTaxiiDataConnectorDataTypesTaxiiClient = DataConnectorDataTypeCommon & {};
+export declare interface TiTaxiiDataConnectorDataTypesTaxiiClient extends DataConnectorDataTypeCommon {
+}
 
 /** Threat Intelligence TAXII data connector properties. */
-export declare type TiTaxiiDataConnectorProperties = DataConnectorTenantId & {
+export declare interface TiTaxiiDataConnectorProperties extends DataConnectorTenantId {
     /** The workspace id. */
     workspaceId?: string;
     /** The friendly name for the TAXII server. */
@@ -9278,7 +10477,7 @@ export declare type TiTaxiiDataConnectorProperties = DataConnectorTenantId & {
     pollingFrequency: PollingFrequency | null;
     /** The available data types for Threat Intelligence TAXII data connector. */
     dataTypes: TiTaxiiDataConnectorDataTypes;
-};
+}
 
 /** Defines values for TriggerOperator. */
 export declare type TriggerOperator = "GreaterThan" | "LessThan" | "Equal" | "NotEqual";
@@ -9288,7 +10487,8 @@ export declare type TriggerOperator = "GreaterThan" | "LessThan" | "Equal" | "No
  * {@link KnownTriggersOn} can be used interchangeably with TriggersOn,
  *  this enum contains the known values that the service supports.
  * ### Known values supported by the service
- * **Incidents**: Trigger on Incidents
+ * **Incidents**: Trigger on Incidents \
+ * **Alerts**: Trigger on Alerts
  */
 export declare type TriggersOn = string;
 
@@ -9297,15 +10497,18 @@ export declare type TriggersOn = string;
  * {@link KnownTriggersWhen} can be used interchangeably with TriggersWhen,
  *  this enum contains the known values that the service supports.
  * ### Known values supported by the service
- * **Created**: Trigger on created objects
+ * **Created**: Trigger on created objects \
+ * **Updated**: Trigger on updated objects
  */
 export declare type TriggersWhen = string;
 
 /** Settings with single toggle. */
-export declare type Ueba = Settings & {
+export declare interface Ueba extends Settings {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Ueba";
     /** The relevant data sources that enriched by ueba */
     dataSources?: UebaDataSources[];
-};
+}
 
 /**
  * Defines values for UebaDataSources. \
@@ -9320,7 +10523,9 @@ export declare type Ueba = Settings & {
 export declare type UebaDataSources = string;
 
 /** Represents a url entity. */
-export declare type UrlEntity = Entity & {
+export declare interface UrlEntity extends Entity {
+    /** Polymorphic discriminator, which specifies the different types this object can be */
+    kind: "Url";
     /**
      * A bag of custom fields that should be part of the entity and will be presented to the user.
      * NOTE: This property will not be serialized. It can only be populated by the server.
@@ -9338,16 +10543,16 @@ export declare type UrlEntity = Entity & {
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly url?: string;
-};
+}
 
 /** Url entity property bag. */
-export declare type UrlEntityProperties = EntityCommonProperties & {
+export declare interface UrlEntityProperties extends EntityCommonProperties {
     /**
      * A full URL the entity points to
      * NOTE: This property will not be serialized. It can only be populated by the server.
      */
     readonly url?: string;
-};
+}
 
 /** User information that made some action */
 export declare interface UserInfo {
@@ -9365,6 +10570,17 @@ export declare interface UserInfo {
     objectId?: string;
 }
 
+/** Describes an error encountered in the file during validation. */
+export declare interface ValidationError {
+    /** The number of the record that has the error. */
+    recordIndex?: number;
+    /**
+     * A list of descriptions of the error.
+     * NOTE: This property will not be serialized. It can only be populated by the server.
+     */
+    readonly errorMessages?: string[];
+}
+
 /**
  * Defines values for Version. \
  * {@link KnownVersion} can be used interchangeably with Version,
@@ -9376,7 +10592,7 @@ export declare interface UserInfo {
 export declare type Version = string;
 
 /** Represents a Watchlist in Azure Security Insights. */
-export declare type Watchlist = ResourceWithEtag & {
+export declare interface Watchlist extends ResourceWithEtag {
     /** The id (a Guid) of the watchlist */
     watchlistId?: string;
     /** The display name of the watchlist */
@@ -9413,23 +10629,16 @@ export declare type Watchlist = ResourceWithEtag & {
     numberOfLinesToSkip?: number;
     /** The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint */
     rawContent?: string;
-    /** The Shared Access Signature (SAS) URI under which the large csv watchlist file is located and from which the watchlist and its items will be created */
-    sasUri?: string;
     /** The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address. */
     itemsSearchKey?: string;
     /** The content type of the raw content. Example : text/csv or text/tsv */
     contentType?: string;
     /** The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted */
     uploadStatus?: string;
-    /**
-     * The provisioning state of the watchlist resource.
-     * NOTE: This property will not be serialized. It can only be populated by the server.
-     */
-    readonly provisioningState?: ProvisioningState;
-};
+}
 
 /** Represents a Watchlist item in Azure Security Insights. */
-export declare type WatchlistItem = ResourceWithEtag & {
+export declare interface WatchlistItem extends ResourceWithEtag {
     /** The type of the watchlist item */
     watchlistItemType?: string;
     /** The id (a Guid) of the watchlist item */
@@ -9454,7 +10663,7 @@ export declare type WatchlistItem = ResourceWithEtag & {
     entityMapping?: {
         [propertyName: string]: any;
     };
-};
+}
 
 /** List all the watchlist items. */
 export declare interface WatchlistItemList {