@azure/arm-securityinsight 1.0.0-beta.4 → 1.0.0-beta.5

package/review/arm-securityinsight.api.md

@@ -7,6 +7,8 @@
 import * as coreAuth from '@azure/core-auth';
 import * as coreClient from '@azure/core-client';
 import { PagedAsyncIterableIterator } from '@azure/core-paging';
+import { PollerLike } from '@azure/core-lro';
+import { PollOperationState } from '@azure/core-lro';
 
 // @public
 export interface AADCheckRequirements extends DataConnectorsCheckRequirements {
@@ -21,6 +23,7 @@ export interface AADCheckRequirementsProperties extends DataConnectorTenantId {
 // @public
 export interface AADDataConnector extends DataConnector {
     dataTypes?: AlertsDataTypeOfDataConnector;
+    kind: "AzureActiveDirectory";
     tenantId?: string;
 }
 
@@ -41,6 +44,7 @@ export interface AatpCheckRequirementsProperties extends DataConnectorTenantId {
 // @public
 export interface AatpDataConnector extends DataConnector {
     dataTypes?: AlertsDataTypeOfDataConnector;
+    kind: "AzureAdvancedThreatProtection";
     tenantId?: string;
 }
 
@@ -61,6 +65,7 @@ export interface AccountEntity extends Entity {
     readonly friendlyName?: string;
     readonly hostEntityId?: string;
     readonly isDomainJoined?: boolean;
+    kind: "Account";
     readonly ntDomain?: string;
     readonly objectGuid?: string;
     readonly puid?: string;
@@ -170,6 +175,7 @@ export interface ActivityCustomEntityQuery extends CustomEntityQuery {
         [propertyName: string]: string[];
     };
     inputEntityType?: EntityType;
+    kind: "Activity";
     readonly lastModifiedTimeUtc?: Date;
     queryDefinitions?: ActivityEntityQueriesPropertiesQueryDefinitions;
     requiredInputFieldsSets?: string[][];
@@ -192,6 +198,7 @@ export interface ActivityEntityQuery extends EntityQuery {
         [propertyName: string]: string[];
     };
     inputEntityType?: EntityType;
+    kind: "Activity";
     readonly lastModifiedTimeUtc?: Date;
     queryDefinitions?: ActivityEntityQueriesPropertiesQueryDefinitions;
     requiredInputFieldsSets?: string[][];
@@ -208,6 +215,7 @@ export interface ActivityEntityQueryTemplate extends EntityQueryTemplate {
         [propertyName: string]: string[];
     };
     inputEntityType?: EntityType;
+    kind: "Activity";
     queryDefinitions?: ActivityEntityQueryTemplatePropertiesQueryDefinitions;
     requiredInputFieldsSets?: string[][];
     title?: string;
@@ -377,6 +385,7 @@ export type AlertStatus = string;
 // @public
 export interface Anomalies extends Settings {
     readonly isEnabled?: boolean;
+    kind: "Anomalies";
 }
 
 // @public
@@ -389,6 +398,7 @@ export interface AnomalySecurityMLAnalyticsSettings extends SecurityMLAnalyticsS
     enabled?: boolean;
     frequency?: string;
     isDefaultSettings?: boolean;
+    kind: "Anomaly";
     readonly lastModifiedUtc?: Date;
     requiredDataConnectors?: SecurityMLAnalyticsSettingsDataSource[];
     settingsDefinitionId?: string;
@@ -425,6 +435,7 @@ export interface ASCCheckRequirements extends DataConnectorsCheckRequirements {
 // @public
 export interface ASCDataConnector extends DataConnector {
     dataTypes?: AlertsDataTypeOfDataConnector;
+    kind: "AzureSecurityCenter";
     subscriptionId?: string;
 }
 
@@ -458,13 +469,24 @@ export interface AutomationRuleAction {
 // @public (undocumented)
 export type AutomationRuleActionUnion = AutomationRuleAction | AutomationRuleModifyPropertiesAction | AutomationRuleRunPlaybookAction;
 
+// @public (undocumented)
+export interface AutomationRuleBooleanCondition {
+    // (undocumented)
+    innerConditions?: AutomationRuleConditionUnion[];
+    // (undocumented)
+    operator?: AutomationRuleBooleanConditionSupportedOperator;
+}
+
+// @public
+export type AutomationRuleBooleanConditionSupportedOperator = string;
+
 // @public
 export interface AutomationRuleCondition {
-    conditionType: "PropertyArrayChanged" | "PropertyChanged" | "Property";
+    conditionType: "Boolean" | "PropertyArrayChanged" | "PropertyArray" | "PropertyChanged" | "Property";
 }
 
 // @public (undocumented)
-export type AutomationRuleConditionUnion = AutomationRuleCondition | PropertyArrayChangedConditionProperties | PropertyChangedConditionProperties | PropertyConditionProperties;
+export type AutomationRuleConditionUnion = AutomationRuleCondition | BooleanConditionProperties | PropertyArrayChangedConditionProperties | PropertyArrayConditionProperties | PropertyChangedConditionProperties | PropertyConditionProperties;
 
 // @public
 export interface AutomationRuleModifyPropertiesAction extends AutomationRuleAction {
@@ -487,6 +509,22 @@ export interface AutomationRulePropertyArrayChangedValuesCondition {
     changeType?: AutomationRulePropertyArrayChangedConditionSupportedChangeType;
 }
 
+// @public
+export type AutomationRulePropertyArrayConditionSupportedArrayConditionType = string;
+
+// @public
+export type AutomationRulePropertyArrayConditionSupportedArrayType = string;
+
+// @public (undocumented)
+export interface AutomationRulePropertyArrayValuesCondition {
+    // (undocumented)
+    arrayConditionType?: AutomationRulePropertyArrayConditionSupportedArrayConditionType;
+    // (undocumented)
+    arrayType?: AutomationRulePropertyArrayConditionSupportedArrayType;
+    // (undocumented)
+    itemConditions?: AutomationRuleConditionUnion[];
+}
+
 // @public
 export type AutomationRulePropertyChangedConditionSupportedChangedType = string;
 
@@ -605,6 +643,7 @@ export interface AwsCloudTrailCheckRequirements extends DataConnectorsCheckRequi
 export interface AwsCloudTrailDataConnector extends DataConnector {
     awsRoleArn?: string;
     dataTypes?: AwsCloudTrailDataConnectorDataTypes;
+    kind: "AmazonWebServicesCloudTrail";
 }
 
 // @public
@@ -625,6 +664,7 @@ export interface AwsS3CheckRequirements extends DataConnectorsCheckRequirements
 export interface AwsS3DataConnector extends DataConnector {
     dataTypes?: AwsS3DataConnectorDataTypes;
     destinationTable?: string;
+    kind: "AmazonWebServicesS3";
     roleArn?: string;
     sqsUrls?: string[];
 }
@@ -650,6 +690,7 @@ export interface AzureResourceEntity extends Entity {
         [propertyName: string]: Record<string, unknown>;
     };
     readonly friendlyName?: string;
+    kind: "AzureResource";
     readonly resourceId?: string;
     readonly subscriptionId?: string;
 }
@@ -824,6 +865,13 @@ export interface BookmarkTimelineItem extends EntityTimelineItem {
     startTimeUtc?: Date;
 }
 
+// @public
+export interface BooleanConditionProperties extends AutomationRuleCondition {
+    // (undocumented)
+    conditionProperties?: AutomationRuleBooleanCondition;
+    conditionType: "Boolean";
+}
+
 // @public
 export interface ClientInfo {
     email?: string;
@@ -841,6 +889,7 @@ export interface CloudApplicationEntity extends Entity {
     readonly appName?: string;
     readonly friendlyName?: string;
     readonly instanceName?: string;
+    kind: "CloudApplication";
 }
 
 // @public
@@ -864,6 +913,7 @@ export interface CloudErrorBody {
 // @public
 export interface CodelessApiPollingDataConnector extends DataConnector {
     connectorUiConfig?: CodelessUiConnectorConfigProperties;
+    kind: "APIPolling";
     pollingConfig?: CodelessConnectorPollingConfigProperties;
 }
 
@@ -969,6 +1019,7 @@ export interface CodelessUiConnectorConfigPropertiesSampleQueriesItem extends Sa
 // @public
 export interface CodelessUiDataConnector extends DataConnector {
     connectorUiConfig?: CodelessUiConnectorConfigProperties;
+    kind: "GenericUI";
 }
 
 // @public
@@ -1175,6 +1226,9 @@ export interface DataTypeDefinitions {
 // @public
 export type DataTypeState = string;
 
+// @public
+export type DeleteStatus = string;
+
 // @public
 export type DeliveryAction = "Unknown" | "DeliveredAsSpam" | "Delivered" | "Blocked" | "Replaced";
 
@@ -1219,6 +1273,7 @@ export interface DnsEntity extends Entity {
     readonly friendlyName?: string;
     readonly hostIpAddressEntityId?: string;
     readonly ipAddressEntityIds?: string[];
+    kind: "DnsResolution";
 }
 
 // @public
@@ -1254,6 +1309,7 @@ export interface Dynamics365CheckRequirementsProperties extends DataConnectorTen
 // @public
 export interface Dynamics365DataConnector extends DataConnector {
     dataTypes?: Dynamics365DataConnectorDataTypes;
+    kind: "Dynamics365";
     tenantId?: string;
 }
 
@@ -1443,6 +1499,7 @@ export interface Entity extends Resource {
 // @public
 export interface EntityAnalytics extends Settings {
     entityProviders?: EntityProviders[];
+    kind: "EntityAnalytics";
 }
 
 // @public
@@ -1725,6 +1782,7 @@ export interface ExpansionEntityQuery extends EntityQuery {
     displayName?: string;
     inputEntityType?: EntityType;
     inputFields?: string[];
+    kind: "Expansion";
     outputEntityTypes?: EntityType[];
     queryTemplate?: string;
 }
@@ -1745,6 +1803,7 @@ export interface ExpansionResultsMetadata {
 // @public
 export interface EyesOn extends Settings {
     readonly isEnabled?: boolean;
+    kind: "EyesOn";
 }
 
 // @public
@@ -1763,6 +1822,7 @@ export interface FileEntity extends Entity {
     readonly fileName?: string;
     readonly friendlyName?: string;
     readonly hostEntityId?: string;
+    kind: "File";
 }
 
 // @public
@@ -1773,6 +1833,9 @@ export interface FileEntityProperties extends EntityCommonProperties {
     readonly hostEntityId?: string;
 }
 
+// @public
+export type FileFormat = string;
+
 // @public
 export type FileHashAlgorithm = string;
 
@@ -1784,6 +1847,7 @@ export interface FileHashEntity extends Entity {
     readonly algorithm?: FileHashAlgorithm;
     readonly friendlyName?: string;
     readonly hashValue?: string;
+    kind: "FileHash";
 }
 
 // @public
@@ -1792,12 +1856,105 @@ export interface FileHashEntityProperties extends EntityCommonProperties {
     readonly hashValue?: string;
 }
 
+// @public
+export interface FileImport extends Resource {
+    contentType?: FileImportContentType;
+    readonly createdTimeUTC?: Date;
+    readonly errorFile?: FileMetadata;
+    readonly errorsPreview?: ValidationError[];
+    readonly filesValidUntilTimeUTC?: Date;
+    importFile?: FileMetadata;
+    readonly importValidUntilTimeUTC?: Date;
+    readonly ingestedRecordCount?: number;
+    ingestionMode?: IngestionMode;
+    source?: string;
+    readonly state?: FileImportState;
+    readonly totalRecordCount?: number;
+    readonly validRecordCount?: number;
+}
+
+// @public
+export type FileImportContentType = string;
+
+// @public
+export interface FileImportList {
+    readonly nextLink?: string;
+    value: FileImport[];
+}
+
+// @public
+export interface FileImports {
+    beginDelete(resourceGroupName: string, workspaceName: string, fileImportId: string, options?: FileImportsDeleteOptionalParams): Promise<PollerLike<PollOperationState<FileImportsDeleteResponse>, FileImportsDeleteResponse>>;
+    beginDeleteAndWait(resourceGroupName: string, workspaceName: string, fileImportId: string, options?: FileImportsDeleteOptionalParams): Promise<FileImportsDeleteResponse>;
+    create(resourceGroupName: string, workspaceName: string, fileImportId: string, fileImport: FileImport, options?: FileImportsCreateOptionalParams): Promise<FileImportsCreateResponse>;
+    get(resourceGroupName: string, workspaceName: string, fileImportId: string, options?: FileImportsGetOptionalParams): Promise<FileImportsGetResponse>;
+    list(resourceGroupName: string, workspaceName: string, options?: FileImportsListOptionalParams): PagedAsyncIterableIterator<FileImport>;
+}
+
+// @public
+export interface FileImportsCreateOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type FileImportsCreateResponse = FileImport;
+
+// @public
+export interface FileImportsDeleteOptionalParams extends coreClient.OperationOptions {
+    resumeFrom?: string;
+    updateIntervalInMs?: number;
+}
+
+// @public
+export type FileImportsDeleteResponse = FileImport;
+
+// @public
+export interface FileImportsGetOptionalParams extends coreClient.OperationOptions {
+}
+
+// @public
+export type FileImportsGetResponse = FileImport;
+
+// @public
+export interface FileImportsListNextOptionalParams extends coreClient.OperationOptions {
+    filter?: string;
+    orderby?: string;
+    skipToken?: string;
+    top?: number;
+}
+
+// @public
+export type FileImportsListNextResponse = FileImportList;
+
+// @public
+export interface FileImportsListOptionalParams extends coreClient.OperationOptions {
+    filter?: string;
+    orderby?: string;
+    skipToken?: string;
+    top?: number;
+}
+
+// @public
+export type FileImportsListResponse = FileImportList;
+
+// @public
+export type FileImportState = string;
+
+// @public
+export interface FileMetadata {
+    readonly deleteStatus?: DeleteStatus;
+    readonly fileContentUri?: string;
+    fileFormat?: FileFormat;
+    fileName?: string;
+    fileSize?: number;
+}
+
 // @public
 export interface FusionAlertRule extends AlertRule {
     alertRuleTemplateName?: string;
     readonly description?: string;
     readonly displayName?: string;
     enabled?: boolean;
+    kind: "Fusion";
     readonly lastModifiedUtc?: Date;
     scenarioExclusionPatterns?: FusionScenarioExclusionPattern[];
     readonly severity?: AlertSeverity;
@@ -1812,6 +1969,7 @@ export interface FusionAlertRuleTemplate extends AlertRuleTemplate {
     readonly createdDateUTC?: Date;
     description?: string;
     displayName?: string;
+    kind: "Fusion";
     readonly lastUpdatedDateUTC?: Date;
     requiredDataConnectors?: AlertRuleTemplateDataSource[];
     severity?: AlertSeverity;
@@ -1938,6 +2096,7 @@ export interface HostEntity extends Entity {
     readonly friendlyName?: string;
     readonly hostName?: string;
     readonly isDomainJoined?: boolean;
+    kind: "Host";
     readonly netBiosName?: string;
     readonly ntDomain?: string;
     readonly omsAgentID?: string;
@@ -1969,6 +2128,7 @@ export interface HuntingBookmark extends Entity {
     eventTime?: Date;
     readonly friendlyName?: string;
     incidentInfo?: IncidentInfo;
+    kind: "Bookmark";
     labels?: string[];
     notes?: string;
     query?: string;
@@ -2310,6 +2470,9 @@ export type IncidentsRunPlaybookResponse = Record<string, unknown>;
 // @public
 export type IncidentStatus = string;
 
+// @public
+export type IngestionMode = string;
+
 // @public
 export interface InsightQueryItem extends EntityQueryItem {
     kind: "Insight";
@@ -2404,6 +2567,7 @@ export interface IoTCheckRequirements extends DataConnectorsCheckRequirements {
 // @public
 export interface IoTDataConnector extends DataConnector {
     dataTypes?: AlertsDataTypeOfDataConnector;
+    kind: "IOT";
     subscriptionId?: string;
 }
 
@@ -2432,6 +2596,7 @@ export interface IoTDeviceEntity extends Entity {
     readonly isAuthorized?: boolean;
     readonly isProgramming?: boolean;
     readonly isScanner?: boolean;
+    kind: "IoTDevice";
     readonly macAddress?: string;
     readonly model?: string;
     readonly nicEntityIds?: string[];
@@ -2487,6 +2652,7 @@ export interface IpEntity extends Entity {
     };
     readonly address?: string;
     readonly friendlyName?: string;
+    kind: "Ip";
     readonly location?: GeoLocation;
     readonly threatIntelligence?: ThreatIntelligence[];
 }
@@ -2584,6 +2750,12 @@ export enum KnownAttackTactic {
     ResourceDevelopment = "ResourceDevelopment"
 }
 
+// @public
+export enum KnownAutomationRuleBooleanConditionSupportedOperator {
+    And = "And",
+    Or = "Or"
+}
+
 // @public
 export enum KnownAutomationRulePropertyArrayChangedConditionSupportedArrayType {
     Alerts = "Alerts",
@@ -2597,6 +2769,17 @@ export enum KnownAutomationRulePropertyArrayChangedConditionSupportedChangeType
     Added = "Added"
 }
 
+// @public
+export enum KnownAutomationRulePropertyArrayConditionSupportedArrayConditionType {
+    AnyItem = "AnyItem"
+}
+
+// @public
+export enum KnownAutomationRulePropertyArrayConditionSupportedArrayType {
+    CustomDetails = "CustomDetails",
+    CustomDetailValues = "CustomDetailValues"
+}
+
 // @public
 export enum KnownAutomationRulePropertyChangedConditionSupportedChangedType {
     ChangedFrom = "ChangedFrom",
@@ -2647,6 +2830,8 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty {
     HostNetBiosName = "HostNetBiosName",
     HostNTDomain = "HostNTDomain",
     HostOSVersion = "HostOSVersion",
+    IncidentCustomDetailsKey = "IncidentCustomDetailsKey",
+    IncidentCustomDetailsValue = "IncidentCustomDetailsValue",
     IncidentDescription = "IncidentDescription",
     IncidentLabel = "IncidentLabel",
     IncidentProviderName = "IncidentProviderName",
@@ -2655,6 +2840,7 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty {
     IncidentStatus = "IncidentStatus",
     IncidentTactics = "IncidentTactics",
     IncidentTitle = "IncidentTitle",
+    IncidentUpdatedBySource = "IncidentUpdatedBySource",
     IoTDeviceId = "IoTDeviceId",
     IoTDeviceModel = "IoTDeviceModel",
     IoTDeviceName = "IoTDeviceName",
@@ -2683,7 +2869,9 @@ export enum KnownAutomationRulePropertyConditionSupportedProperty {
 
 // @public
 export enum KnownConditionType {
+    Boolean = "Boolean",
     Property = "Property",
+    PropertyArray = "PropertyArray",
     PropertyArrayChanged = "PropertyArrayChanged",
     PropertyChanged = "PropertyChanged"
 }
@@ -2777,6 +2965,13 @@ export enum KnownDataTypeState {
     Enabled = "Enabled"
 }
 
+// @public
+export enum KnownDeleteStatus {
+    Deleted = "Deleted",
+    NotDeleted = "NotDeleted",
+    Unspecified = "Unspecified"
+}
+
 // @public
 export enum KnownDeploymentFetchStatus {
     NotFound = "NotFound",
@@ -2924,6 +3119,13 @@ export enum KnownEventGroupingAggregationKind {
     SingleAlert = "SingleAlert"
 }
 
+// @public
+export enum KnownFileFormat {
+    CSV = "CSV",
+    Json = "JSON",
+    Unspecified = "Unspecified"
+}
+
 // @public
 export enum KnownFileHashAlgorithm {
     MD5 = "MD5",
@@ -2933,6 +3135,24 @@ export enum KnownFileHashAlgorithm {
     Unknown = "Unknown"
 }
 
+// @public
+export enum KnownFileImportContentType {
+    BasicIndicator = "BasicIndicator",
+    StixIndicator = "StixIndicator",
+    Unspecified = "Unspecified"
+}
+
+// @public
+export enum KnownFileImportState {
+    FatalError = "FatalError",
+    Ingested = "Ingested",
+    IngestedWithErrors = "IngestedWithErrors",
+    InProgress = "InProgress",
+    Invalid = "Invalid",
+    Unspecified = "Unspecified",
+    WaitingForUpload = "WaitingForUpload"
+}
+
 // @public
 export enum KnownGetInsightsError {
     Insight = "Insight"
@@ -2975,6 +3195,13 @@ export enum KnownIncidentStatus {
     New = "New"
 }
 
+// @public
+export enum KnownIngestionMode {
+    IngestAnyValidRecords = "IngestAnyValidRecords",
+    IngestOnlyIfAllAreValid = "IngestOnlyIfAllAreValid",
+    Unspecified = "Unspecified"
+}
+
 // @public
 export enum KnownKillChainIntent {
     Collection = "Collection",
@@ -3215,6 +3442,7 @@ export interface MailboxEntity extends Entity {
     readonly displayName?: string;
     readonly externalDirectoryObjectId?: string;
     readonly friendlyName?: string;
+    kind: "Mailbox";
     readonly mailboxPrimaryAddress?: string;
     readonly upn?: string;
 }
@@ -3242,6 +3470,7 @@ export interface MailClusterEntity extends Entity {
     readonly countByThreatType?: Record<string, unknown>;
     readonly friendlyName?: string;
     readonly isVolumeAnomaly?: boolean;
+    kind: "MailCluster";
     readonly mailCount?: number;
     readonly networkMessageIds?: string[];
     readonly query?: string;
@@ -3285,6 +3514,7 @@ export interface MailMessageEntity extends Entity {
     readonly fileEntityIds?: string[];
     readonly friendlyName?: string;
     readonly internetMessageId?: string;
+    kind: "MailMessage";
     readonly language?: string;
     readonly networkMessageId?: string;
     readonly p1Sender?: string;
@@ -3339,6 +3569,7 @@ export interface MalwareEntity extends Entity {
     readonly category?: string;
     readonly fileEntityIds?: string[];
     readonly friendlyName?: string;
+    kind: "Malware";
     readonly malwareName?: string;
     readonly processEntityIds?: string[];
 }
@@ -3354,7 +3585,7 @@ export interface MalwareEntityProperties extends EntityCommonProperties {
 // @public (undocumented)
 export interface ManualTriggerRequestBody {
     // (undocumented)
-    logicAppsResourceId?: string;
+    logicAppsResourceId: string;
     // (undocumented)
     tenantId?: string;
 }
@@ -3375,6 +3606,7 @@ export interface McasCheckRequirementsProperties extends DataConnectorTenantId {
 // @public
 export interface McasDataConnector extends DataConnector {
     dataTypes?: McasDataConnectorDataTypes;
+    kind: "MicrosoftCloudAppSecurity";
     tenantId?: string;
 }
 
@@ -3401,6 +3633,7 @@ export interface MdatpCheckRequirementsProperties extends DataConnectorTenantId
 // @public
 export interface MdatpDataConnector extends DataConnector {
     dataTypes?: AlertsDataTypeOfDataConnector;
+    kind: "MicrosoftDefenderAdvancedThreatProtection";
     tenantId?: string;
 }
 
@@ -3562,6 +3795,7 @@ export interface MicrosoftSecurityIncidentCreationAlertRule extends AlertRule {
     displayNamesExcludeFilter?: string[];
     displayNamesFilter?: string[];
     enabled?: boolean;
+    kind: "MicrosoftSecurityIncidentCreation";
     readonly lastModifiedUtc?: Date;
     productFilter?: MicrosoftSecurityProductName;
     severitiesFilter?: AlertSeverity[];
@@ -3592,6 +3826,7 @@ export interface MicrosoftSecurityIncidentCreationAlertRuleTemplate extends Aler
     displayName?: string;
     displayNamesExcludeFilter?: string[];
     displayNamesFilter?: string[];
+    kind: "MicrosoftSecurityIncidentCreation";
     readonly lastUpdatedDateUTC?: Date;
     productFilter?: MicrosoftSecurityProductName;
     requiredDataConnectors?: AlertRuleTemplateDataSource[];
@@ -3616,6 +3851,7 @@ export interface MLBehaviorAnalyticsAlertRule extends AlertRule {
     readonly description?: string;
     readonly displayName?: string;
     enabled?: boolean;
+    kind: "MLBehaviorAnalytics";
     readonly lastModifiedUtc?: Date;
     readonly severity?: AlertSeverity;
     readonly tactics?: AttackTactic[];
@@ -3628,6 +3864,7 @@ export interface MLBehaviorAnalyticsAlertRuleTemplate extends AlertRuleTemplate
     readonly createdDateUTC?: Date;
     description?: string;
     displayName?: string;
+    kind: "MLBehaviorAnalytics";
     readonly lastUpdatedDateUTC?: Date;
     requiredDataConnectors?: AlertRuleTemplateDataSource[];
     severity?: AlertSeverity;
@@ -3654,6 +3891,7 @@ export interface MstiCheckRequirementsProperties extends DataConnectorTenantId {
 // @public
 export interface MstiDataConnector extends DataConnector {
     dataTypes?: MstiDataConnectorDataTypes;
+    kind: "MicrosoftThreatIntelligence";
     tenantId?: string;
 }
 
@@ -3691,6 +3929,7 @@ export interface MTPCheckRequirementsProperties extends DataConnectorTenantId {
 // @public
 export interface MTPDataConnector extends DataConnector {
     dataTypes?: MTPDataConnectorDataTypes;
+    kind: "MicrosoftThreatProtection";
     tenantId?: string;
 }
 
@@ -3715,6 +3954,7 @@ export interface NicEntity extends Entity {
     };
     readonly friendlyName?: string;
     readonly ipAddressEntityId?: string;
+    kind: "Nic";
     readonly macAddress?: string;
     readonly vlans?: string[];
 }
@@ -3737,7 +3977,9 @@ export interface NrtAlertRule extends AlertRule {
     displayName?: string;
     enabled?: boolean;
     entityMappings?: EntityMapping[];
+    eventGroupingSettings?: EventGroupingSettings;
     incidentConfiguration?: IncidentConfiguration;
+    kind: "NRT";
     readonly lastModifiedUtc?: Date;
     query?: string;
     severity?: AlertSeverity;
@@ -3759,6 +4001,8 @@ export interface NrtAlertRuleTemplate extends AlertRuleTemplate {
     description?: string;
     displayName?: string;
     entityMappings?: EntityMapping[];
+    eventGroupingSettings?: EventGroupingSettings;
+    kind: "NRT";
     readonly lastUpdatedDateUTC?: Date;
     query?: string;
     requiredDataConnectors?: AlertRuleTemplateDataSource[];
@@ -3795,6 +4039,7 @@ export interface Office365ProjectConnectorDataTypesLogs extends DataConnectorDat
 // @public
 export interface Office365ProjectDataConnector extends DataConnector {
     dataTypes?: Office365ProjectConnectorDataTypes;
+    kind: "Office365Project";
     tenantId?: string;
 }
 
@@ -3816,6 +4061,7 @@ export interface OfficeATPCheckRequirementsProperties extends DataConnectorTenan
 // @public
 export interface OfficeATPDataConnector extends DataConnector {
     dataTypes?: AlertsDataTypeOfDataConnector;
+    kind: "OfficeATP";
     tenantId?: string;
 }
 
@@ -3870,6 +4116,7 @@ export type OfficeConsentsListResponse = OfficeConsentList;
 // @public
 export interface OfficeDataConnector extends DataConnector {
     dataTypes?: OfficeDataConnectorDataTypes;
+    kind: "Office365";
     tenantId?: string;
 }
 
@@ -3910,6 +4157,7 @@ export interface OfficeIRMCheckRequirementsProperties extends DataConnectorTenan
 // @public
 export interface OfficeIRMDataConnector extends DataConnector {
     dataTypes?: AlertsDataTypeOfDataConnector;
+    kind: "OfficeIRM";
     tenantId?: string;
 }
 
@@ -3939,6 +4187,7 @@ export interface OfficePowerBIConnectorDataTypesLogs extends DataConnectorDataTy
 // @public
 export interface OfficePowerBIDataConnector extends DataConnector {
     dataTypes?: OfficePowerBIConnectorDataTypes;
+    kind: "OfficePowerBI";
     tenantId?: string;
 }
 
@@ -4040,6 +4289,7 @@ export interface ProcessEntity extends Entity {
     readonly hostEntityId?: string;
     readonly hostLogonSessionEntityId?: string;
     readonly imageFileEntityId?: string;
+    kind: "Process";
     readonly parentProcessEntityId?: string;
     readonly processId?: string;
 }
@@ -4097,6 +4347,13 @@ export interface PropertyArrayChangedConditionProperties extends AutomationRuleC
     conditionType: "PropertyArrayChanged";
 }
 
+// @public
+export interface PropertyArrayConditionProperties extends AutomationRuleCondition {
+    // (undocumented)
+    conditionProperties?: AutomationRulePropertyArrayValuesCondition;
+    conditionType: "PropertyArray";
+}
+
 // @public
 export interface PropertyChangedConditionProperties extends AutomationRuleCondition {
     // (undocumented)
@@ -4121,6 +4378,7 @@ export interface QueryBasedAlertRuleTemplateProperties {
         [propertyName: string]: string;
     };
     entityMappings?: EntityMapping[];
+    eventGroupingSettings?: EventGroupingSettings;
     query?: string;
     severity?: AlertSeverity;
     version?: string;
@@ -4137,6 +4395,7 @@ export interface RegistryKeyEntity extends Entity {
     readonly friendlyName?: string;
     readonly hive?: RegistryHive;
     readonly key?: string;
+    kind: "RegistryKey";
 }
 
 // @public
@@ -4152,6 +4411,7 @@ export interface RegistryValueEntity extends Entity {
     };
     readonly friendlyName?: string;
     readonly keyEntityId?: string;
+    kind: "RegistryValue";
     readonly valueData?: string;
     readonly valueName?: string;
     readonly valueType?: RegistryValueKind;
@@ -4263,6 +4523,7 @@ export interface ScheduledAlertRule extends AlertRule {
     entityMappings?: EntityMapping[];
     eventGroupingSettings?: EventGroupingSettings;
     incidentConfiguration?: IncidentConfiguration;
+    kind: "Scheduled";
     readonly lastModifiedUtc?: Date;
     query?: string;
     queryFrequency?: string;
@@ -4320,6 +4581,7 @@ export interface ScheduledAlertRuleTemplate extends AlertRuleTemplate {
     displayName?: string;
     entityMappings?: EntityMapping[];
     eventGroupingSettings?: EventGroupingSettings;
+    kind: "Scheduled";
     readonly lastUpdatedDateUTC?: Date;
     query?: string;
     queryFrequency?: string;
@@ -4351,6 +4613,7 @@ export interface SecurityAlert extends Entity {
     readonly endTimeUtc?: Date;
     readonly friendlyName?: string;
     readonly intent?: KillChainIntent;
+    kind: "SecurityAlert";
     readonly processingEndTime?: Date;
     readonly productComponentName?: string;
     readonly productName?: string;
@@ -4423,6 +4686,7 @@ export interface SecurityGroupEntity extends Entity {
     };
     readonly distinguishedName?: string;
     readonly friendlyName?: string;
+    kind: "SecurityGroup";
     readonly objectGuid?: string;
     readonly sid?: string;
 }
@@ -4474,6 +4738,8 @@ export class SecurityInsights extends coreClient.ServiceClient {
     // (undocumented)
     entityRelations: EntityRelations;
     // (undocumented)
+    fileImports: FileImports;
+    // (undocumented)
     incidentComments: IncidentComments;
     // (undocumented)
     incidentRelations: IncidentRelations;
@@ -4737,6 +5003,7 @@ export interface SubmissionMailEntity extends Entity {
         [propertyName: string]: Record<string, unknown>;
     };
     readonly friendlyName?: string;
+    kind: "SubmissionMail";
     readonly networkMessageId?: string;
     readonly recipient?: string;
     readonly reportType?: string;
@@ -4812,6 +5079,7 @@ export interface ThreatIntelligenceAlertRule extends AlertRule {
     readonly description?: string;
     readonly displayName?: string;
     enabled?: boolean;
+    kind: "ThreatIntelligence";
     readonly lastModifiedUtc?: Date;
     readonly severity?: AlertSeverity;
     readonly tactics?: AttackTactic[];
@@ -4824,6 +5092,7 @@ export interface ThreatIntelligenceAlertRuleTemplate extends AlertRuleTemplate {
     readonly createdDateUTC?: Date;
     description?: string;
     displayName?: string;
+    kind: "ThreatIntelligence";
     readonly lastUpdatedDateUTC?: Date;
     requiredDataConnectors?: AlertRuleTemplateDataSource[];
     severity?: AlertSeverity;
@@ -4950,6 +5219,7 @@ export interface ThreatIntelligenceIndicatorModel extends ThreatIntelligenceInfo
     granularMarkings?: ThreatIntelligenceGranularMarkingModel[];
     indicatorTypes?: string[];
     killChainPhases?: ThreatIntelligenceKillChainPhase[];
+    kind: "indicator";
     labels?: string[];
     language?: string;
     lastUpdatedTimeUtc?: string;
@@ -5130,6 +5400,7 @@ export interface TICheckRequirementsProperties extends DataConnectorTenantId {
 // @public
 export interface TIDataConnector extends DataConnector {
     dataTypes?: TIDataConnectorDataTypes;
+    kind: "ThreatIntelligence";
     tenantId?: string;
     tipLookbackPeriod?: Date;
 }
@@ -5184,6 +5455,7 @@ export interface TiTaxiiDataConnector extends DataConnector {
     collectionId?: string;
     dataTypes?: TiTaxiiDataConnectorDataTypes;
     friendlyName?: string;
+    kind: "ThreatIntelligenceTaxii";
     password?: string;
     pollingFrequency?: PollingFrequency;
     taxiiLookbackPeriod?: Date;
@@ -5227,6 +5499,7 @@ export type TriggersWhen = string;
 // @public
 export interface Ueba extends Settings {
     dataSources?: UebaDataSources[];
+    kind: "Ueba";
 }
 
 // @public
@@ -5238,6 +5511,7 @@ export interface UrlEntity extends Entity {
         [propertyName: string]: Record<string, unknown>;
     };
     readonly friendlyName?: string;
+    kind: "Url";
     readonly url?: string;
 }
 
@@ -5253,6 +5527,12 @@ export interface UserInfo {
     objectId?: string;
 }
 
+// @public
+export interface ValidationError {
+    readonly errorMessages?: string[];
+    recordIndex?: number;
+}
+
 // @public
 export type Version = string;