cribl-control-plane 0.0.13__py3-none-any.whl

cribl_control_plane/models/inputnetflow.py

@@ -0,0 +1,224 @@
+"""Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT."""
+
+from __future__ import annotations
+from cribl_control_plane import utils
+from cribl_control_plane.types import BaseModel
+from cribl_control_plane.utils import validate_open_enum
+from enum import Enum
+import pydantic
+from pydantic.functional_validators import PlainValidator
+from typing import List, Optional
+from typing_extensions import Annotated, NotRequired, TypedDict
+
+
+class InputNetflowType(str, Enum, metaclass=utils.OpenEnumMeta):
+    NETFLOW = "netflow"
+
+
+class InputNetflowConnectionTypedDict(TypedDict):
+    output: str
+    pipeline: NotRequired[str]
+
+
+class InputNetflowConnection(BaseModel):
+    output: str
+
+    pipeline: Optional[str] = None
+
+
+class InputNetflowMode(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""With Smart mode, PQ will write events to the filesystem only when it detects backpressure from the processing engine. With Always On mode, PQ will always write events directly to the queue before forwarding them to the processing engine."""
+
+    SMART = "smart"
+    ALWAYS = "always"
+
+
+class InputNetflowCompression(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""Codec to use to compress the persisted data"""
+
+    NONE = "none"
+    GZIP = "gzip"
+
+
+class InputNetflowPqTypedDict(TypedDict):
+    mode: NotRequired[InputNetflowMode]
+    r"""With Smart mode, PQ will write events to the filesystem only when it detects backpressure from the processing engine. With Always On mode, PQ will always write events directly to the queue before forwarding them to the processing engine."""
+    max_buffer_size: NotRequired[float]
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+    commit_frequency: NotRequired[float]
+    r"""The number of events to send downstream before committing that Stream has read them"""
+    max_file_size: NotRequired[str]
+    r"""The maximum size to store in each queue file before closing and optionally compressing. Enter a numeral with units of KB, MB, etc."""
+    max_size: NotRequired[str]
+    r"""The maximum disk space that the queue can consume (as an average per Worker Process) before queueing stops. Enter a numeral with units of KB, MB, etc."""
+    path: NotRequired[str]
+    r"""The location for the persistent queue files. To this field's value, the system will append: /<worker-id>/inputs/<input-id>"""
+    compress: NotRequired[InputNetflowCompression]
+    r"""Codec to use to compress the persisted data"""
+
+
+class InputNetflowPq(BaseModel):
+    mode: Annotated[
+        Optional[InputNetflowMode], PlainValidator(validate_open_enum(False))
+    ] = InputNetflowMode.ALWAYS
+    r"""With Smart mode, PQ will write events to the filesystem only when it detects backpressure from the processing engine. With Always On mode, PQ will always write events directly to the queue before forwarding them to the processing engine."""
+
+    max_buffer_size: Annotated[
+        Optional[float], pydantic.Field(alias="maxBufferSize")
+    ] = 1000
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+
+    commit_frequency: Annotated[
+        Optional[float], pydantic.Field(alias="commitFrequency")
+    ] = 42
+    r"""The number of events to send downstream before committing that Stream has read them"""
+
+    max_file_size: Annotated[Optional[str], pydantic.Field(alias="maxFileSize")] = (
+        "1 MB"
+    )
+    r"""The maximum size to store in each queue file before closing and optionally compressing. Enter a numeral with units of KB, MB, etc."""
+
+    max_size: Annotated[Optional[str], pydantic.Field(alias="maxSize")] = "5GB"
+    r"""The maximum disk space that the queue can consume (as an average per Worker Process) before queueing stops. Enter a numeral with units of KB, MB, etc."""
+
+    path: Optional[str] = "$CRIBL_HOME/state/queues"
+    r"""The location for the persistent queue files. To this field's value, the system will append: /<worker-id>/inputs/<input-id>"""
+
+    compress: Annotated[
+        Optional[InputNetflowCompression], PlainValidator(validate_open_enum(False))
+    ] = InputNetflowCompression.NONE
+    r"""Codec to use to compress the persisted data"""
+
+
+class InputNetflowMetadatumTypedDict(TypedDict):
+    name: str
+    value: str
+    r"""JavaScript expression to compute field's value, enclosed in quotes or backticks. (Can evaluate to a constant.)"""
+
+
+class InputNetflowMetadatum(BaseModel):
+    name: str
+
+    value: str
+    r"""JavaScript expression to compute field's value, enclosed in quotes or backticks. (Can evaluate to a constant.)"""
+
+
+class InputNetflowTypedDict(TypedDict):
+    type: InputNetflowType
+    id: NotRequired[str]
+    r"""Unique ID for this input"""
+    disabled: NotRequired[bool]
+    pipeline: NotRequired[str]
+    r"""Pipeline to process data from this Source before sending it through the Routes"""
+    send_to_routes: NotRequired[bool]
+    r"""Select whether to send data to Routes, or directly to Destinations."""
+    environment: NotRequired[str]
+    r"""Optionally, enable this config only on a specified Git branch. If empty, will be enabled everywhere."""
+    pq_enabled: NotRequired[bool]
+    r"""Use a disk queue to minimize data loss when connected services block. See [Cribl Docs](https://docs.cribl.io/stream/persistent-queues) for PQ defaults (Cribl-managed Cloud Workers) and configuration options (on-prem and hybrid Workers)."""
+    streamtags: NotRequired[List[str]]
+    r"""Tags for filtering and grouping in @{product}"""
+    connections: NotRequired[List[InputNetflowConnectionTypedDict]]
+    r"""Direct connections to Destinations, and optionally via a Pipeline or a Pack"""
+    pq: NotRequired[InputNetflowPqTypedDict]
+    host: NotRequired[str]
+    r"""Address to bind on. For IPv4 (all addresses), use the default '0.0.0.0'. For IPv6, enter '::' (all addresses) or specify an IP address."""
+    port: NotRequired[float]
+    r"""Port to listen on"""
+    enable_pass_through: NotRequired[bool]
+    r"""Allow forwarding of events to a NetFlow destination. Enabling this feature will generate an extra event containing __netflowRaw which can be routed to a NetFlow destination. Note that these events will not count against ingest quota."""
+    ip_allowlist_regex: NotRequired[str]
+    r"""Messages from matched IP addresses will be processed, unless also matched by the denylist."""
+    ip_denylist_regex: NotRequired[str]
+    r"""Messages from matched IP addresses will be ignored. This takes precedence over the allowlist."""
+    udp_socket_rx_buf_size: NotRequired[float]
+    r"""Optionally, set the SO_RCVBUF socket option for the UDP socket. This value tells the operating system how many bytes can be buffered in the kernel before events are dropped. Leave blank to use the OS default. Caution: Increasing this value will affect OS memory utilization."""
+    template_cache_minutes: NotRequired[float]
+    r"""Specifies how many minutes NetFlow v9 templates are cached before being discarded if not refreshed. Adjust based on your network's template update frequency to optimize performance and memory usage."""
+    v5_enabled: NotRequired[bool]
+    r"""Accept messages in Netflow V5 format."""
+    v9_enabled: NotRequired[bool]
+    r"""Accept messages in Netflow V9 format."""
+    ipfix_enabled: NotRequired[bool]
+    r"""Accept messages in IPFIX format."""
+    metadata: NotRequired[List[InputNetflowMetadatumTypedDict]]
+    r"""Fields to add to events from this input"""
+    description: NotRequired[str]
+
+
+class InputNetflow(BaseModel):
+    type: Annotated[InputNetflowType, PlainValidator(validate_open_enum(False))]
+
+    id: Optional[str] = None
+    r"""Unique ID for this input"""
+
+    disabled: Optional[bool] = False
+
+    pipeline: Optional[str] = None
+    r"""Pipeline to process data from this Source before sending it through the Routes"""
+
+    send_to_routes: Annotated[Optional[bool], pydantic.Field(alias="sendToRoutes")] = (
+        True
+    )
+    r"""Select whether to send data to Routes, or directly to Destinations."""
+
+    environment: Optional[str] = None
+    r"""Optionally, enable this config only on a specified Git branch. If empty, will be enabled everywhere."""
+
+    pq_enabled: Annotated[Optional[bool], pydantic.Field(alias="pqEnabled")] = False
+    r"""Use a disk queue to minimize data loss when connected services block. See [Cribl Docs](https://docs.cribl.io/stream/persistent-queues) for PQ defaults (Cribl-managed Cloud Workers) and configuration options (on-prem and hybrid Workers)."""
+
+    streamtags: Optional[List[str]] = None
+    r"""Tags for filtering and grouping in @{product}"""
+
+    connections: Optional[List[InputNetflowConnection]] = None
+    r"""Direct connections to Destinations, and optionally via a Pipeline or a Pack"""
+
+    pq: Optional[InputNetflowPq] = None
+
+    host: Optional[str] = "0.0.0.0"
+    r"""Address to bind on. For IPv4 (all addresses), use the default '0.0.0.0'. For IPv6, enter '::' (all addresses) or specify an IP address."""
+
+    port: Optional[float] = 2055
+    r"""Port to listen on"""
+
+    enable_pass_through: Annotated[
+        Optional[bool], pydantic.Field(alias="enablePassThrough")
+    ] = False
+    r"""Allow forwarding of events to a NetFlow destination. Enabling this feature will generate an extra event containing __netflowRaw which can be routed to a NetFlow destination. Note that these events will not count against ingest quota."""
+
+    ip_allowlist_regex: Annotated[
+        Optional[str], pydantic.Field(alias="ipAllowlistRegex")
+    ] = "/.*/"
+    r"""Messages from matched IP addresses will be processed, unless also matched by the denylist."""
+
+    ip_denylist_regex: Annotated[
+        Optional[str], pydantic.Field(alias="ipDenylistRegex")
+    ] = "/^$/"
+    r"""Messages from matched IP addresses will be ignored. This takes precedence over the allowlist."""
+
+    udp_socket_rx_buf_size: Annotated[
+        Optional[float], pydantic.Field(alias="udpSocketRxBufSize")
+    ] = None
+    r"""Optionally, set the SO_RCVBUF socket option for the UDP socket. This value tells the operating system how many bytes can be buffered in the kernel before events are dropped. Leave blank to use the OS default. Caution: Increasing this value will affect OS memory utilization."""
+
+    template_cache_minutes: Annotated[
+        Optional[float], pydantic.Field(alias="templateCacheMinutes")
+    ] = 30
+    r"""Specifies how many minutes NetFlow v9 templates are cached before being discarded if not refreshed. Adjust based on your network's template update frequency to optimize performance and memory usage."""
+
+    v5_enabled: Annotated[Optional[bool], pydantic.Field(alias="v5Enabled")] = True
+    r"""Accept messages in Netflow V5 format."""
+
+    v9_enabled: Annotated[Optional[bool], pydantic.Field(alias="v9Enabled")] = True
+    r"""Accept messages in Netflow V9 format."""
+
+    ipfix_enabled: Annotated[Optional[bool], pydantic.Field(alias="ipfixEnabled")] = (
+        False
+    )
+    r"""Accept messages in IPFIX format."""
+
+    metadata: Optional[List[InputNetflowMetadatum]] = None
+    r"""Fields to add to events from this input"""
+
+    description: Optional[str] = None

cribl_control_plane/models/inputoffice365mgmt.py

@@ -0,0 +1,384 @@
+"""Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT."""
+
+from __future__ import annotations
+from cribl_control_plane import utils
+from cribl_control_plane.types import BaseModel
+from cribl_control_plane.utils import validate_open_enum
+from enum import Enum
+import pydantic
+from pydantic.functional_validators import PlainValidator
+from typing import List, Optional
+from typing_extensions import Annotated, NotRequired, TypedDict
+
+
+class InputOffice365MgmtType(str, Enum, metaclass=utils.OpenEnumMeta):
+    OFFICE365_MGMT = "office365_mgmt"
+
+
+class InputOffice365MgmtConnectionTypedDict(TypedDict):
+    output: str
+    pipeline: NotRequired[str]
+
+
+class InputOffice365MgmtConnection(BaseModel):
+    output: str
+
+    pipeline: Optional[str] = None
+
+
+class InputOffice365MgmtMode(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""With Smart mode, PQ will write events to the filesystem only when it detects backpressure from the processing engine. With Always On mode, PQ will always write events directly to the queue before forwarding them to the processing engine."""
+
+    SMART = "smart"
+    ALWAYS = "always"
+
+
+class InputOffice365MgmtCompression(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""Codec to use to compress the persisted data"""
+
+    NONE = "none"
+    GZIP = "gzip"
+
+
+class InputOffice365MgmtPqTypedDict(TypedDict):
+    mode: NotRequired[InputOffice365MgmtMode]
+    r"""With Smart mode, PQ will write events to the filesystem only when it detects backpressure from the processing engine. With Always On mode, PQ will always write events directly to the queue before forwarding them to the processing engine."""
+    max_buffer_size: NotRequired[float]
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+    commit_frequency: NotRequired[float]
+    r"""The number of events to send downstream before committing that Stream has read them"""
+    max_file_size: NotRequired[str]
+    r"""The maximum size to store in each queue file before closing and optionally compressing. Enter a numeral with units of KB, MB, etc."""
+    max_size: NotRequired[str]
+    r"""The maximum disk space that the queue can consume (as an average per Worker Process) before queueing stops. Enter a numeral with units of KB, MB, etc."""
+    path: NotRequired[str]
+    r"""The location for the persistent queue files. To this field's value, the system will append: /<worker-id>/inputs/<input-id>"""
+    compress: NotRequired[InputOffice365MgmtCompression]
+    r"""Codec to use to compress the persisted data"""
+
+
+class InputOffice365MgmtPq(BaseModel):
+    mode: Annotated[
+        Optional[InputOffice365MgmtMode], PlainValidator(validate_open_enum(False))
+    ] = InputOffice365MgmtMode.ALWAYS
+    r"""With Smart mode, PQ will write events to the filesystem only when it detects backpressure from the processing engine. With Always On mode, PQ will always write events directly to the queue before forwarding them to the processing engine."""
+
+    max_buffer_size: Annotated[
+        Optional[float], pydantic.Field(alias="maxBufferSize")
+    ] = 1000
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+
+    commit_frequency: Annotated[
+        Optional[float], pydantic.Field(alias="commitFrequency")
+    ] = 42
+    r"""The number of events to send downstream before committing that Stream has read them"""
+
+    max_file_size: Annotated[Optional[str], pydantic.Field(alias="maxFileSize")] = (
+        "1 MB"
+    )
+    r"""The maximum size to store in each queue file before closing and optionally compressing. Enter a numeral with units of KB, MB, etc."""
+
+    max_size: Annotated[Optional[str], pydantic.Field(alias="maxSize")] = "5GB"
+    r"""The maximum disk space that the queue can consume (as an average per Worker Process) before queueing stops. Enter a numeral with units of KB, MB, etc."""
+
+    path: Optional[str] = "$CRIBL_HOME/state/queues"
+    r"""The location for the persistent queue files. To this field's value, the system will append: /<worker-id>/inputs/<input-id>"""
+
+    compress: Annotated[
+        Optional[InputOffice365MgmtCompression],
+        PlainValidator(validate_open_enum(False)),
+    ] = InputOffice365MgmtCompression.NONE
+    r"""Codec to use to compress the persisted data"""
+
+
+class InputOffice365MgmtSubscriptionPlan(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""Office 365 subscription plan for your organization, typically Office 365 Enterprise"""
+
+    ENTERPRISE_GCC = "enterprise_gcc"
+    GCC = "gcc"
+    GCC_HIGH = "gcc_high"
+    DOD = "dod"
+
+
+class InputOffice365MgmtMetadatumTypedDict(TypedDict):
+    name: str
+    value: str
+    r"""JavaScript expression to compute field's value, enclosed in quotes or backticks. (Can evaluate to a constant.)"""
+
+
+class InputOffice365MgmtMetadatum(BaseModel):
+    name: str
+
+    value: str
+    r"""JavaScript expression to compute field's value, enclosed in quotes or backticks. (Can evaluate to a constant.)"""
+
+
+class InputOffice365MgmtLogLevel(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""Collector runtime Log Level"""
+
+    ERROR = "error"
+    WARN = "warn"
+    INFO = "info"
+    DEBUG = "debug"
+
+
+class InputOffice365MgmtContentConfigTypedDict(TypedDict):
+    content_type: NotRequired[str]
+    r"""Office 365 Management Activity API Content Type"""
+    description: NotRequired[str]
+    r"""If interval type is minutes the value entered must evenly divisible by 60 or save will fail"""
+    interval: NotRequired[float]
+    log_level: NotRequired[InputOffice365MgmtLogLevel]
+    r"""Collector runtime Log Level"""
+    enabled: NotRequired[bool]
+
+
+class InputOffice365MgmtContentConfig(BaseModel):
+    content_type: Annotated[Optional[str], pydantic.Field(alias="contentType")] = None
+    r"""Office 365 Management Activity API Content Type"""
+
+    description: Optional[str] = None
+    r"""If interval type is minutes the value entered must evenly divisible by 60 or save will fail"""
+
+    interval: Optional[float] = None
+
+    log_level: Annotated[
+        Annotated[
+            Optional[InputOffice365MgmtLogLevel],
+            PlainValidator(validate_open_enum(False)),
+        ],
+        pydantic.Field(alias="logLevel"),
+    ] = None
+    r"""Collector runtime Log Level"""
+
+    enabled: Optional[bool] = None
+
+
+class InputOffice365MgmtRetryType(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""The algorithm to use when performing HTTP retries"""
+
+    NONE = "none"
+    BACKOFF = "backoff"
+    STATIC = "static"
+
+
+class InputOffice365MgmtRetryRulesTypedDict(TypedDict):
+    type: NotRequired[InputOffice365MgmtRetryType]
+    r"""The algorithm to use when performing HTTP retries"""
+    interval: NotRequired[float]
+    r"""Time interval between failed request and first retry (kickoff). Maximum allowed value is 20,000 ms (1/3 minute)."""
+    limit: NotRequired[float]
+    r"""The maximum number of times to retry a failed HTTP request"""
+    multiplier: NotRequired[float]
+    r"""Base for exponential backoff, e.g., base 2 means that retries will occur after 2, then 4, then 8 seconds, and so on"""
+    codes: NotRequired[List[float]]
+    r"""List of http codes that trigger a retry. Leave empty to use the default list of 429, 500, and 503."""
+    enable_header: NotRequired[bool]
+    r"""Honor any Retry-After header that specifies a delay (in seconds) or a timestamp after which to retry the request. The delay is limited to 20 seconds, even if the Retry-After header specifies a longer delay. When disabled, all Retry-After headers are ignored."""
+    retry_connect_timeout: NotRequired[bool]
+    r"""Make a single retry attempt when a connection timeout (ETIMEDOUT) error occurs"""
+    retry_connect_reset: NotRequired[bool]
+    r"""Retry request when a connection reset (ECONNRESET) error occurs"""
+
+
+class InputOffice365MgmtRetryRules(BaseModel):
+    type: Annotated[
+        Optional[InputOffice365MgmtRetryType], PlainValidator(validate_open_enum(False))
+    ] = InputOffice365MgmtRetryType.BACKOFF
+    r"""The algorithm to use when performing HTTP retries"""
+
+    interval: Optional[float] = 1000
+    r"""Time interval between failed request and first retry (kickoff). Maximum allowed value is 20,000 ms (1/3 minute)."""
+
+    limit: Optional[float] = 5
+    r"""The maximum number of times to retry a failed HTTP request"""
+
+    multiplier: Optional[float] = 2
+    r"""Base for exponential backoff, e.g., base 2 means that retries will occur after 2, then 4, then 8 seconds, and so on"""
+
+    codes: Optional[List[float]] = None
+    r"""List of http codes that trigger a retry. Leave empty to use the default list of 429, 500, and 503."""
+
+    enable_header: Annotated[Optional[bool], pydantic.Field(alias="enableHeader")] = (
+        True
+    )
+    r"""Honor any Retry-After header that specifies a delay (in seconds) or a timestamp after which to retry the request. The delay is limited to 20 seconds, even if the Retry-After header specifies a longer delay. When disabled, all Retry-After headers are ignored."""
+
+    retry_connect_timeout: Annotated[
+        Optional[bool], pydantic.Field(alias="retryConnectTimeout")
+    ] = False
+    r"""Make a single retry attempt when a connection timeout (ETIMEDOUT) error occurs"""
+
+    retry_connect_reset: Annotated[
+        Optional[bool], pydantic.Field(alias="retryConnectReset")
+    ] = False
+    r"""Retry request when a connection reset (ECONNRESET) error occurs"""
+
+
+class InputOffice365MgmtAuthenticationMethod(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""Enter client secret directly, or select a stored secret"""
+
+    MANUAL = "manual"
+    SECRET = "secret"
+
+
+class InputOffice365MgmtTypedDict(TypedDict):
+    type: InputOffice365MgmtType
+    tenant_id: str
+    r"""Office 365 Azure Tenant ID"""
+    app_id: str
+    r"""Office 365 Azure Application ID"""
+    id: NotRequired[str]
+    r"""Unique ID for this input"""
+    disabled: NotRequired[bool]
+    pipeline: NotRequired[str]
+    r"""Pipeline to process data from this Source before sending it through the Routes"""
+    send_to_routes: NotRequired[bool]
+    r"""Select whether to send data to Routes, or directly to Destinations."""
+    environment: NotRequired[str]
+    r"""Optionally, enable this config only on a specified Git branch. If empty, will be enabled everywhere."""
+    pq_enabled: NotRequired[bool]
+    r"""Use a disk queue to minimize data loss when connected services block. See [Cribl Docs](https://docs.cribl.io/stream/persistent-queues) for PQ defaults (Cribl-managed Cloud Workers) and configuration options (on-prem and hybrid Workers)."""
+    streamtags: NotRequired[List[str]]
+    r"""Tags for filtering and grouping in @{product}"""
+    connections: NotRequired[List[InputOffice365MgmtConnectionTypedDict]]
+    r"""Direct connections to Destinations, and optionally via a Pipeline or a Pack"""
+    pq: NotRequired[InputOffice365MgmtPqTypedDict]
+    plan_type: NotRequired[InputOffice365MgmtSubscriptionPlan]
+    r"""Office 365 subscription plan for your organization, typically Office 365 Enterprise"""
+    timeout: NotRequired[float]
+    r"""HTTP request inactivity timeout, use 0 to disable"""
+    keep_alive_time: NotRequired[float]
+    r"""How often workers should check in with the scheduler to keep job subscription alive"""
+    job_timeout: NotRequired[str]
+    r"""Maximum time the job is allowed to run (e.g., 30, 45s or 15m). Units are seconds, if not specified. Enter 0 for unlimited time."""
+    max_missed_keep_alives: NotRequired[float]
+    r"""The number of Keep Alive Time periods before an inactive worker will have its job subscription revoked."""
+    ttl: NotRequired[str]
+    r"""Time to keep the job's artifacts on disk after job completion. This also affects how long a job is listed in the Job Inspector."""
+    ignore_group_jobs_limit: NotRequired[bool]
+    r"""When enabled, this job's artifacts are not counted toward the Worker Group's finished job artifacts limit. Artifacts will be removed only after the Collector's configured time to live."""
+    metadata: NotRequired[List[InputOffice365MgmtMetadatumTypedDict]]
+    r"""Fields to add to events from this input"""
+    publisher_identifier: NotRequired[str]
+    r"""Optional Publisher Identifier to use in API requests, defaults to tenant id if not defined. For more information see [here](https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference#start-a-subscription)"""
+    content_config: NotRequired[List[InputOffice365MgmtContentConfigTypedDict]]
+    r"""Enable Office 365 Management Activity API content types and polling intervals. Polling intervals are used to set up search date range and cron schedule, e.g.: */${interval} * * * *. Because of this, intervals entered must be evenly divisible by 60 to give a predictable schedule."""
+    ingestion_lag: NotRequired[float]
+    r"""Use this setting to account for ingestion lag. This is necessary because there can be a lag of 60 - 90 minutes (or longer) before Office 365 events are available for retrieval."""
+    retry_rules: NotRequired[InputOffice365MgmtRetryRulesTypedDict]
+    auth_type: NotRequired[InputOffice365MgmtAuthenticationMethod]
+    r"""Enter client secret directly, or select a stored secret"""
+    description: NotRequired[str]
+    client_secret: NotRequired[str]
+    r"""Office 365 Azure client secret"""
+    text_secret: NotRequired[str]
+    r"""Select or create a stored text secret"""
+
+
+class InputOffice365Mgmt(BaseModel):
+    type: Annotated[InputOffice365MgmtType, PlainValidator(validate_open_enum(False))]
+
+    tenant_id: Annotated[str, pydantic.Field(alias="tenantId")]
+    r"""Office 365 Azure Tenant ID"""
+
+    app_id: Annotated[str, pydantic.Field(alias="appId")]
+    r"""Office 365 Azure Application ID"""
+
+    id: Optional[str] = None
+    r"""Unique ID for this input"""
+
+    disabled: Optional[bool] = False
+
+    pipeline: Optional[str] = None
+    r"""Pipeline to process data from this Source before sending it through the Routes"""
+
+    send_to_routes: Annotated[Optional[bool], pydantic.Field(alias="sendToRoutes")] = (
+        True
+    )
+    r"""Select whether to send data to Routes, or directly to Destinations."""
+
+    environment: Optional[str] = None
+    r"""Optionally, enable this config only on a specified Git branch. If empty, will be enabled everywhere."""
+
+    pq_enabled: Annotated[Optional[bool], pydantic.Field(alias="pqEnabled")] = False
+    r"""Use a disk queue to minimize data loss when connected services block. See [Cribl Docs](https://docs.cribl.io/stream/persistent-queues) for PQ defaults (Cribl-managed Cloud Workers) and configuration options (on-prem and hybrid Workers)."""
+
+    streamtags: Optional[List[str]] = None
+    r"""Tags for filtering and grouping in @{product}"""
+
+    connections: Optional[List[InputOffice365MgmtConnection]] = None
+    r"""Direct connections to Destinations, and optionally via a Pipeline or a Pack"""
+
+    pq: Optional[InputOffice365MgmtPq] = None
+
+    plan_type: Annotated[
+        Annotated[
+            Optional[InputOffice365MgmtSubscriptionPlan],
+            PlainValidator(validate_open_enum(False)),
+        ],
+        pydantic.Field(alias="planType"),
+    ] = InputOffice365MgmtSubscriptionPlan.ENTERPRISE_GCC
+    r"""Office 365 subscription plan for your organization, typically Office 365 Enterprise"""
+
+    timeout: Optional[float] = 300
+    r"""HTTP request inactivity timeout, use 0 to disable"""
+
+    keep_alive_time: Annotated[
+        Optional[float], pydantic.Field(alias="keepAliveTime")
+    ] = 30
+    r"""How often workers should check in with the scheduler to keep job subscription alive"""
+
+    job_timeout: Annotated[Optional[str], pydantic.Field(alias="jobTimeout")] = "0"
+    r"""Maximum time the job is allowed to run (e.g., 30, 45s or 15m). Units are seconds, if not specified. Enter 0 for unlimited time."""
+
+    max_missed_keep_alives: Annotated[
+        Optional[float], pydantic.Field(alias="maxMissedKeepAlives")
+    ] = 3
+    r"""The number of Keep Alive Time periods before an inactive worker will have its job subscription revoked."""
+
+    ttl: Optional[str] = "4h"
+    r"""Time to keep the job's artifacts on disk after job completion. This also affects how long a job is listed in the Job Inspector."""
+
+    ignore_group_jobs_limit: Annotated[
+        Optional[bool], pydantic.Field(alias="ignoreGroupJobsLimit")
+    ] = False
+    r"""When enabled, this job's artifacts are not counted toward the Worker Group's finished job artifacts limit. Artifacts will be removed only after the Collector's configured time to live."""
+
+    metadata: Optional[List[InputOffice365MgmtMetadatum]] = None
+    r"""Fields to add to events from this input"""
+
+    publisher_identifier: Annotated[
+        Optional[str], pydantic.Field(alias="publisherIdentifier")
+    ] = None
+    r"""Optional Publisher Identifier to use in API requests, defaults to tenant id if not defined. For more information see [here](https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference#start-a-subscription)"""
+
+    content_config: Annotated[
+        Optional[List[InputOffice365MgmtContentConfig]],
+        pydantic.Field(alias="contentConfig"),
+    ] = None
+    r"""Enable Office 365 Management Activity API content types and polling intervals. Polling intervals are used to set up search date range and cron schedule, e.g.: */${interval} * * * *. Because of this, intervals entered must be evenly divisible by 60 to give a predictable schedule."""
+
+    ingestion_lag: Annotated[Optional[float], pydantic.Field(alias="ingestionLag")] = 0
+    r"""Use this setting to account for ingestion lag. This is necessary because there can be a lag of 60 - 90 minutes (or longer) before Office 365 events are available for retrieval."""
+
+    retry_rules: Annotated[
+        Optional[InputOffice365MgmtRetryRules], pydantic.Field(alias="retryRules")
+    ] = None
+
+    auth_type: Annotated[
+        Annotated[
+            Optional[InputOffice365MgmtAuthenticationMethod],
+            PlainValidator(validate_open_enum(False)),
+        ],
+        pydantic.Field(alias="authType"),
+    ] = InputOffice365MgmtAuthenticationMethod.MANUAL
+    r"""Enter client secret directly, or select a stored secret"""
+
+    description: Optional[str] = None
+
+    client_secret: Annotated[Optional[str], pydantic.Field(alias="clientSecret")] = None
+    r"""Office 365 Azure client secret"""
+
+    text_secret: Annotated[Optional[str], pydantic.Field(alias="textSecret")] = None
+    r"""Select or create a stored text secret"""